Industry not ready for robot hack threat

Uploaded 16 Mar @ 15:08pm

Users of industrial robots from manufacturing to healthcare are unprepared for the real risk of a hacking attack, warns a leading cyber security expert. With the worldwide number of robots in smart factories now topping a million, Ross Thomson, Principal Consultant at Amethyst Risk Management, which advises Government and industry on cyber security, cites a lack of awareness as the reason most operators have not tackled the threat.

“Many firms believe hackers only want personal or financial data, but there is a credible risk to industrial robots,” says Ross Thomson. Robots, like other devices, are increasingly connected to wider networks and the internet. That gives hackers more ways in, and the consequences are potentially disastrous. In one example, attackers locked up a robotic assembly plant in Mexico and demanded a ransom from the operators. There is, of course, the safety risk for human factory operatives if a robot were hacked.

Lack of awareness and preparedness for a cyber-attack extends to robot makers. Ross Thomson points to an experiment where researchers hacked a robotic arm and forced it to mis-perform, compelling its manufacturer to plug the security hole.

Nightmare scenarios
The threat might come from disgruntled employees, criminals, recreational hackers or nation states. One kind of attack might inject faults or defects in the production process, or lock it down completely as in the Mexican incident, leading to loss of production and revenue. If defective products make it to market, they can cause reputational damage, a potential advantage that could motivate an attack by unscrupulous competitors.

By manipulating safety protocols, hackers could cause the robot to injure human operators, or to damage itself or the factory environment. Alternatively, attackers might attempt to steal sensitive data from the machines themselves or the wider company network through remote access.

How easy is it to hack a robot? Ease of access to the software varies, making an inside job more likely in some scenarios. Firmware may be freely available online or retrievable from used robot CPUs, and some manufacturers allow programmers to access code in a simulation environment, creating a potential practice ground for would-be robot hackers.
Hackers have other ways to infiltrate, other than via the internet. They may attack from within the factory, for example connecting to the robot directly through a USB port, or physically accessing its computer controller directly or via remote service.

Once they have penetrated the system, they can potentially alter the controller’s parameters, tamper with calibration programs or production logic and alter the robot’s perceived state, for example to show it is idle when it is not, or its actual state causing loss of control.

The scale of the threat could be enormous. It’s estimated there will be 1.3 million robots in factories worldwide by next year (2018) and that 12 per cent of jobs will have been taken over by automated systems within the next 15 years.

The UK’s National Cyber Security Centre has highlighted hacking of robotic, unmanned and autonomous systems as a subject for attention, both by itself and by the intelligence organisation GCHQ.

Operators of industrial robots need to conduct a professional review of cybersecurity risks, have an incident response plan in place in case of a security breach and ensure that software is regularly updated, especially with security patches. The security review should look at what data robots hold and how they are potentially connected to sensitive data elsewhere on the network.

“Considering the risk to production, people and facilities, it must be taken seriously from board level to operational level,” he says. “An internet-connected robot should be treated with the same security precautions as any computer on the network, including setting long, complex passwords rather than relying on manufacturers’ default. There is a temptation to neglect updates because they may cause production downtime, but it needs to be given a higher priority.”

He advises operators to make security a key factor when sourcing new industrial robots, selecting a manufacturer that shows commitment to the issue and provides frequent software updates with security patches.

Further reading: www.amethystrisk.com

 

Reaching a combined audience of 35,000 decision makers/influencers, across the entire lightweight materials supply chain and into the large OEMs, through both printed and digital copies.

Our latest edition...

Sign up to receive our newsletter.

View our Media Pack!

Contact Us

M&MT Online
Editorial: Simon Simmons
Email: news@mmt-online.co.uk

Sales: Phil Sloan
Email: sales@mmt-online.co.uk
Phone: 07989 552530

Production: Denise Simmons
Email: production@mmt-online.co.uk

Testimonials

There is so much noise in the market that it is refreshing to find a magazine that cuts straight to the core of what’s important.

Ben Hayes – Sales Manager, CWST

M&MT Magazine is a well-rounded publication that delivers content on all the materials and manufacturing topics and industries. It touches a vast audience so we know that our content will be able to reach the right people.

Harriet Barnes - Marketing Communications Co-ordinator, Instron

About Us

Materials & Manufacturing Technologies is a brand new magazine looking at lightweight materials and the techniques available when manufacturing lighter and stronger parts.

By targeting the materials tier supply chain and the top end users M&MT will provide solutions to key professionals across the ‘lightweighting’ sector in all leading industries such as Aerospace, Automotive and so on.

Read more...