Industrial Robots: A Perfect Target for Hackers
For German version, please visit our o2 business page.
IT Security is a top priority for many companies. Due to the increasing digitization of production and logistics, the protection of industrial robots must also be considered. Florian Bogenschütz, successful founder and CEO of the Telefónica Open Innovation Hub Wayra, knows about the urgency and presents a new product that benefits O2 Business customers. An interview about cybersecurity for robots.
German companies are among the largest buyers of industrial robots worldwide. How many industrial robots should we estimate here in Germany?
The International Federation of Robotics publishes a year book annually. According to this, more than 220,000 industrial robots were in use in Germany at the end of 2019. More than 20,000 new ones were added in2019 alone.
Many companies now emphasize how important IT security is to them. But what about the potential for attacks on industrial robots?
First of all, robotic systems are complex. As a result, they offer a number of attack surfaces for potential hackers - especially since robots are generally not protected against cyberattacks.
Which attack scenarios are plausible?
Attackers are able to capture data and intellectual property from robots as well. If they also manipulate the status information of a robot, it can pretend to the operating personnel - for example on a display -that it is performing the tasks as specified, even if it is not doing anything at all. And be it that he sets welding seams minimally differently. Which brings us to the fact that the control and calibration of the robots are a potential target for attack. Especially in high-precision work, it is fatal if robots move inaccurately. Defective or altered components would be the consequence and thus high costs. And if, for example, welding robots move unexpectedly, this poses a danger, not least for employees.
How can this be prevented?
By showing a robot exactly what it has to do. Let's say a hacker wants a robot to perform a certain movement: Then security software can warn the robot and prevent it from performing that movement because it never learned it.
Does such safety software for industrial robots already exist?
Yes, it does exist. It was developed by the Spanish start-up Alias Robotics. Telefónica recently started working with the company, which has quickly become a pioneer in robot cybersecurity. Since September, the start-up has established the world's first cyber security lab for robots at our Wayra TechLab in Munich. Here, we are jointly researching the development of further cybersecurity solutions.
What exactly is Alias Robotics' cooperation with Telefónica?
Telefónica invests in Alias Robotics. This is sensible because Telefónica, and thus the o2 Business brand, is a driver of the digitalization of companies and society. One example is the establishment of 5G campus networks. They can be used to network robots in a company's production and warehouse. With the solution from Alias Robotics, o2 Business is now complementing its offering for business customers and effectively protecting industrial robots from cyberattacks. After all, many companies appreciate receiving multiple services from a single source.
How exactly should a company envision the services ofAlias Robotics?
o2 Business customers can add the cyber security service to their existing contract. Before concrete measures are taken, AliasRobotics first analyzes the existing cyber security level of the robots. This involves recording threat models, performing penetration tests on them and simulating targeted attacks. At the end, there is a report that lists all the threats to which the company's robots are potentially exposed.
And what does the concrete solution look like?
Alias Robotics protects robots and their components with the Robot Immune System (RIS). The safety-certified software solution is installed directly in the robot system. An integrated suite provides a range of protection technologies. It detects many different types of threats and fends them off. This is achieved through next-generation antivirus programs, closing known vulnerabilities, data encryption, and preventing data loss.
Can RIS also address individual threat scenarios?
Yes. After the system is installed on the robot, it performs the actions that it will do later for several hours. RIS then knows that the robot is only doing these tasks and nothing else. If it tries to behave differently due to a cyberattack or even internal manipulation, RIS prevents that, and the robot continues as intended. It also alerts the supervisor responsible for it in the company by e-mail.
And what kind of investment should a company expect to make for the cyber security service?
The costs for the analysis and RIS implementation ultimately depend on the scope and thus of course vary. The damage, on the other hand, can be precisely specified: In the automotive industry, manufacturers estimate the shutdown of a robot at around 15,000 euros per minute! Current figures from the USA indicate that cyberattacks cost companies an average of 200,000 US dollars.
Why do you think small and medium-sized enterprises should also focus on cyber security?
Because SMEs are just as big a target for hackers as large companies. And when a successful hacker attack has occurred, it has negative consequences. Such as economic ones due to production downtimes. In addition, the reputation or even the safety of the employees suffer. For sensitive industrial robotics, Alias Robotics and o2 Business use RIS, an efficient tool that prevents and fends off hacker attacks.
.svg){kind=icon}
.svg){kind=icon}
.svg){kind=icon}