Industry 4.0 represents a major cybersecurity challenge for companies. In a study conducted by Trend Micro and the Polytechnic University of Milan, a team of researchers and students in the field of cybersecurity successfully demonstrated the vulnerability of industrial robots. This weakness is coupled with the era of artificial intelligence and the IIoT! The security flaws of connected industrial robots can compromise the security of companies and the continuity of industrial processes.
Functions and characteristics of industrial robots
Industrial robots are ever-present in the smart factories of Industry 4.0. A connected industrial robot is comprised of 3 elements:
- A set of parts constitute its mechanical architecture.
- Electronic components make up the control system which is in charge of supervising motors and receiving information from sensors.
- An IT network allows the robot to ‘learn’ automation by establishing a relationship between the operator and the environment.
As outlined by the Alliance for the Industry of the Future, industrial robots are key elements to Industry 4.0 and are specifically designed to perform repetitive, precise and dangerous tasks.
The security flaws and vulnerabilities of industrial robots
Although industrial robots provide high operational performance, they are far from being foolproof. Initially designed as isolated devices, industrial robots are now connected to the company’s network and the internet which makes them particularly vulnerable to cyberattacks.
The Trend Micro / Polytechnic University of Milan joint experiment
During this experiment conducted in 2017, researchers and students were able to hack into a robotic arm which was designed to act as a drone rotor. By remotely modifying a very simple factory parameter, the robot configuration file, the research team provoked a defect in the dimensions of the rotor of several millimeters. This scenario of new-generation industrial sabotage, albeit invisible to the naked eye, caused a drone to fall from the sky while in flight!
This experiment revealed the many vulnerabilities of connected industrial robots. Various security flaws could have been updated:
- The disclosure of sensitive information in technical documents on suppliers’ websites
- Outdated software components detected at the level of the application, compiler, kernel and cryptography libraries
- The use of default credentials or poor authentication methods
- Poor data encryption based on outdated cryptography libraries and web interfaces that do not use the https protocol
- Inadequate software protection.
What is at risk during a cyberattack?
The flaws identified by the cybersecurity researchers weaken all industrial networks and expose them to a series of risks capable of compromising the security of industrial processes, their continuity and even human safety.
5 types of typical threats were identified in the event of a cyberattack:
- Modification of production or sabotage: By taking control of a robot, attackers can cause defects in the production of parts (a drone rotor) thus compromising the final use of this part and generating significant financial losses for the company.
- System blockage: Connected industrial robots are vulnerable to ransomware attacks which can block access to data and the entire production system.
- Physical damage: An attacker who is capable of controlling a robot can harm operators by using it, for example, to interfere with security mechanisms.
- Disruption of the industrial process: Production can be compromised in the long term and this can jeopardize company operations.
- Exfiltration of sensitive data: Like with all industrial objects connected to the company’s internal network (the entire IIoT network), a security flaw in an industrial robot represents an access point for attackers allowing them to infiltrate and steal confidential information.
The vulnerabilities of connected industrial robots once again reveal the need to secure industrial systems and all equipment connected to the network. Although robot manufacturers are particularly concerned with these security flaws, industrial heads must also be aware of the vulnerability of robots to cyberattacks. Plan ahead with a tailored cybersecurity solution capable of mapping all your industrial networks and detecting possible intrusion attempts before attacks have a chance to wreak major consequences on your industrial process and the environment.
Credits: Macrovector – Freepik