Safety requires security in robotics
As robots start populating our lives, safety and security are topics gaining more and more traction. Safety cares about the robot not harming the environment (or humans) whereas security deals with the opposite, aims to ensure the environment does not conflict with the robot's programmed behavior. There's an intrinsic connection between safety and security. Functional safety standards reflect this aspect.
Robots have their own networks, technologies, safety requirements and business priorities, all of which must be uniquely addressed. Simply put, you can't secure robots the same way you secure other IT or OT environments. Existing industrial solutions for monitoring networking traffic and detecting threats do not include robots and are generally left beyond the area of protection, assumed as air gapped. From a technical angle robots demand for their own specialized cybersecurity measures and safety requirements for robots should consider this. Moreover:
given the safety implications, cybersecurity in robotics will be more important than in any other area.
This article discusses briefly the connection between safety and security in robotics, while reasons about how security must be implemented at the robot endpoint to fullfil safety requirements.
Safety standards "require" security
IEC 61508
“Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems” is a meta-standard for safety and from where most functional safety norms grow. This is the case for ISO 26262
(automotive), IEC 61511
(industrial processes), IEC 61513
(nuclear) or EN 50126/8/9
(railways), among others.
IEC 61508
indicates the following in section 7.4.2.3:
"If the hazard analysis identifies that malevolent or unauthorised action, constituting a security threat, as being reasonably foreseeable, then a security threats analysis should be carried out."
Moreover, section 7.5.2.2 from IEC 61508 also states:
"If security threats have been identified, then a vulnerability analysis should be undertaken in order to specify security requirements."
which translates to security requirements. Note these requirements are complementary to other security requirements specified in other standards like IEC 62443
, and specific to the robotic setup in order to comply with the safety requirements of IEC 61508
. In other words, safety requirements spawn from security flaws, which are specific to the robot and influenced by security research. Periodic security assessments should be performed and as new vulnerabilities are identified, they should be translated into new security requirements.
Periodic security assessments should be performed and as new vulnerabilities are identified, they should be translated into new security requirements.
More importantly, the fulfillment of these security requirements to maintain the robot protected (and thereby safe) will demand pushing the measures to the robot endpoint. Network-based monitoring solutions [1] will simply not be enough to prevent safety hazards from happening. Safety standards demand thereby for a security mechanism that protects the robot endpoints and fulfill all the security requirements, a Robot Endpoint Protection Platform (REPP).
These solutions don't block traffic since the consequences of package loss in control systems could be catastrophic. While they don't directly prevent safety hazards, their detection and monitoring capabilities are crutial for an active security posture and maintenance. Robot-specific solutions are thereby required that co-exist with industrial network monitoring solutions, expanding the overall security posture and further implementing a defense-in-depth strategy. ↩︎
Cybersecurity measures at the endpoint
At Alias Robotics we've been researching the landscape of robot cybersecurity for a few years already while working with some of the top manufacturers of robot parts. Altogether, we have discovered, identified and catalogued more than 1000 robot vulnerabilities throughout various offensive exercises. Our products build on top of this reseach and aim to help guarantee the security of robots by directly embedding security measures at the robot endpoint. We develop software and hardware that adapts to the robot and fits directly inside, without compromising its behavior and adding additional layers of cybersecurity protection.
Our Robot Immune System (RIS) secures robots and robot components by delivering an integrated suite of endpoint protection technologies. It complements existing industrial network monitoring solutions by implementing security measures directly into the robot.
More importantly, we remain active as security researchers and through periodic security assessments, we guarantee that new vulnerabilities are identified, turned into security requirements and mitigated in a timely manner into RIS, contributing to guarantee the safety of RIS' supported robot platforms.
we guarantee that new vulnerabilities are identified, turned into security requirements and mitigated in a timely manner into RIS, contributing to guarantee the safety of RIS' supported robot platforms.
RIS is currently available for several robots such as those from Universal Robots (UR) or Mobile Industrial Robots (MiR). It can also secure robot components including several of the distros of ROS or ROS 2. Most exciting fact is that RIS is fulfilling all the requirements of IEC 62443
cybersecurity standard rapidly!
We are in the process of turning RIS into a security certified product for robots so stay tuned if you're intested in a security upgrade for your robots ;).