Cybersecurity

Improving cybersecurity in robotic automation

Cybersecurity in the robotics field is still immature, but manufacturers are starting to realize the vulnerability that connected robots and automation equipment creates in their operations.
By Robotic Industries Association (RIA) May 8, 2019
Image courtesy: Chris Vavra, CFE Media

Cybersecurity poses a serious threat to the Industrial Internet of Things (IIoT) enabled devices and robotic automation equipment. Attackers who gain access to industrial networks have a number of devastating options available to them, from changing production data to causing harmful production errors.

Cybersecurity in the robotics field is still immature, but manufacturers are starting to realize the vulnerability that connected robots and automation equipment creates in their operations. For those seeking to beef up their cybersecurity and protect their business, there are a number of options available to them.

When it comes to cybersecurity, there’s no single “fence” that can be placed around all systems for full protection. Over the years, attackers have found ways to get around these barriers and will continue to do so. A hallmark of cybersecurity best practice lies in creating depth in IIoT architecture to discourage attacks.

Essentially, creating multilayered and multidimensional IIoT architectures means that attackers would have to break through many different levels in order to access anything of value. The time and difficulty of doing so is the primary deterrent – breaking into a deeply layered system is incredibly complex.

Companies also should be building cybersecurity protocols into each layer of the IIoT architecture for greater protection. For example, there are many components to a robotic system that could be protected for a defense-in-depth strategy. There’s the embedded operating system within the robot, as well as the application code that runs on the robot. There’s a wealth of communications code that processes commands to the robot. The robot will likely be connected to various PC-based systems, which may or may not have databases on them, including cloud servers or software that communicates to the robots and users over a web interface.

IIoT architectures, such as the one described above, may already be complex in nature, but still in need of protection at every layer of the system.

Cybersecurity standards for automation

There are a number of standards, recently developed by the International Electrotechnical Commission (IEC) and the International Society of Automation (ISA), that govern security for Industrial Automation and Control Systems (IACS).

In particular, the ISA/IEC 62443 standards contains seven foundational requirements for cybersecurity in modern production environments. These seven tenants cover:

  • Identification and authentication control
  • Use control
  • System integrity
  • Data confidentiality
  • Restricted data flow
  • Timely response to events
  • Resource availability

Cybersecurity is a real threat today. The potential impact of a successful attack can be devastating. Robot suppliers and manufacturers alike have to be vigilant and prepared. All IIoT and automation equipment must take cybersecurity into account.

This article originally appeared on the Robotics Online BlogRobotic Industries Association (RIA) is a part of the Association for Advancing Automation (A3), a CFE Media content partner. Edited by Chris Vavra, production editor, Control Engineering, CFE Media, cvavra@cfemedia.com.


Robotic Industries Association (RIA)