The robotics air gap is a network security measure employed wherein the robot is assumed to be physically isolated from insecure networks.
According to [1], air gap, air wall or air gapping is a network security measure employed on one or more devices to ensure that a "secure" network is physically isolated from unsecured networks. Air-gap networks are networks that are physically and logically isolated from other networks where communication between these networks is not physically or logically possible.
Inhering the myth from ICS
The air gap in robotics is inherited from Industrial and Control Systems (ICS). Under the false assumption that these devices are "not connected", several vendors ignore cyber security. This goes to the point that many of these robots are so insecure, that their connection to any network (regardless of its security protections) presents relevant threats for the network itself. In other words, these insecure and correspondingly, unsafe robots (refer to a previous essay on safety and security), are not only easily compromised across a variety of network configurations but also present a relevant threat to any professional network.
many of these robots are so insecure, that their connection to any network presents relevant threats for the network itself.
Some opt for creating dedicated networks for these robots, often with certain security measures however this "desired network isolation" is easily broken. Either via exposed physical ports, through evil twin access point attacks, WiFi SSID spoofing or radio jammers, the so called isolated robot networks are easily compromised. Unsurprisingly these attacks, though extremely simple from a technical perspective are among the most effective ones against current robots. Robots are networks of devices by definition. Networks of networks. The air gap is a dead myth in robotics.
Robots are networks of devices by definition. Networks of networks. The air gap is a dead myth in robotics.
For the skepticals and non-responsible manufacturers, here are a few good reasons presented in [2] before and adapted for robots:
- Modern robots are highly complex interconnected (implying different networks) systems.
- Threats should be considered at the inter and intra networking levels.
- Assuming a complete air gap between a robotic system and its enterprise/corporate/industrial network of operation is simply unrealistic.
- Focusing security efforts on protecting a few obvious pathways (e.g. the network infrastructure authentication and authorization processes) but not its members is a flawed defense.
The myth of the air gap in robotics is dead. A security-first approach is required in robots and robot components.
Air gap (networking) (14:32, 16 March 2020). In Wikipedia. Retrieved from https://en.wikipedia.org/wiki/Air_gap_(networking) ↩︎
Hauet, J. P. (2012). ISA99/IEC 62443: A solution to cybersecurity issues. In ISA Automation Conference. ↩︎