Cybersecurity has become a strain of digital attacks for robots. A system failure neglected by the industry for decades. It does not matter if they help in an operating room, coordinate the electrical network or care for a dependent person. Their mission is not usually to protect themselves from a cyber attack, no matter how committed their role is. The rise of automation and connectivity has further exposed a rapidly expanding technology. Spain, located among the 10 countries in the world with the most automata, has 16 robots for every 1,000 workers, according to figures from the International Federation of Robotics. “Almost no company publishes security updates for these products,” says Alfredo Reino, an expert in cybersecurity.
One of the weakest links appears in the Robotic Operating System, known as ROS. Large producers have adopted it almost as a standard, but it emerged simply as research from Stanford University in 2007 to improve communication protocols. As Óscar Lage, a cybersecurity expert at Tecnalia, explained, he was born without any cybersecurity because it was not the purpose of the project. It was not until four years ago, with the evolution to ROS2, when they begin to develop it; although almost no machine has it installed. “They are very poorly protected critical systems. As in other industries, those who design, create, and sell them have focused on the functional side. Until there have been no major scares, nobody has worried. ”
Some entrepreneur has already tried to reverse the trend. This is the case of Víctor Mayoral, technical director and co-founder of Alias Robotics. The solution he proposes has baptized it as the Immune System of Robots (RIS). This software exposes machines to different virtual threats and prepares their systems to avoid possible contagion from computer viruses. With the help of artificial intelligence, learn to better prevent these threats, as well as to identify them even before they occur. “Robotics is at the same point that computing was 20 years ago. It is of total insecurity and total alarm. Manufacturers are not ready to fight cyber attacks, “he says.
The absence of an international standard does not help. At the factory, the most we aspire to is having the option of configuring security once we receive the robots. The reason given by the brands is the interoperability with older prototypes. Avoid languages being so disparate that they do not communicate with each other. However, in massive production lines and in smart grids – called smart grids – they prefer not to risk it. They are strategic sectors. “We are talking about personal risks and industrial operation. With ransomware they can knock down all the electricity in a country or condition the physical security of employees. This is more dangerous, “says Lage.
The European Union, increasingly involved with digitization, has begun to take the matter seriously. Different story are the deadlines. The Commission itself, in a recommendation published on February 19, called for Brussels to start legislating to provide better protection for users and greater legal certainty. National governments also have too many loopholes. The United Kingdom, France and Germany have taken some steps, although insufficient, far from correcting the precariousness installed in robotics. “Ethics should prevail, but it is problematic when manufacturers disregard security and people are unaware that robots are out of control,” Mayoral reasons.
Queen Maxima of the Netherlands talks to a robot during a visit to a plant in Apeldoorn. .
Part of the weaknesses that bad guys exploit is due to the common elements that robotic devices share. The internet of things has caused them to be very present in multiple environments. According to the forecasts of the consulting firm Gartner, this year there will be around 6,000 million connected elements. The same are essential in the design of autonomous cars as in a drone. In Kingdom’s words, in an attempt to mass-produce, these tools employ both the same level of software and microprocessors. If someone attacks a robotic arm in one way, they will almost certainly be able to replicate it in another that plays with a child. “They have the same open ports and a Linux based operating system. The vulnerabilities of this technology are practically identical. The company does not matter or what it is used for ”, ditch.
A possible solution to so much insecurity, apart from improving legislation, must come from training. Robotics demands different talents. It is insufficient to graduate as an industrial engineer or cybersecurity architect. Mayoral himself says that companies do not even know who to turn to – “and that can cause terrible accidents,” he says. Without falling into catastrophism or the automaton dystopias described by Isaac Asimov, scientific collaboration is part of the answer. “It is a problem of silos. In robotics, engineers don’t know about systems or security. Nor are programmers aware of how security works. They live apart from each other ”, reasons Kingdom.
Alias Robotics offer free RIS licenses to the innovation and development sector. It is their bet to improve the cybersecurity deficit with which they live. “There are technologies, like ours, that are ready to protect users. There are already ways to prevent unwanted actions, “says Mayoral. The coronavirus crisis has accentuated digitization, as has the exposure of systems. The robots starting point seems quite compromised beforehand; and it will cost to see a change. “Companies have no social or governmental pressure to change their behavior. There are no rules, “he concludes.