In the groundbreaking white paper Rogue Robots: Testing the Limits of an Industrial Robot’s Security, Trend Micro’s Forward-Looking Threat Research team collaborated with Politecnico di Milano to show the extent to which robots can be compromised and what the results would look like. This paper was released in 2017, but its results have only become even more relevant over time as the digital transformation and the COVID-19 pandemic are pushing robots into more mission- and life-critical uses. This higher level of responsibility and ability placed on robotic assets creates the potential for cyber attacks which will misdirect their strengths to catastrophic effect.
For the purposes of operational integrity, industrial robots must follow three ‘laws’:
- Sense the physical world through sensors to perform actions through motors and tools
- Refuse to execute self-damaging control logic
- Never harm humans
Attacks, in turn, will attempt to cause robotic assets to violate these three laws using the following five tactics:
- Production outcome alteration or sabotage
- Ransomware-type schemes
- Physical damage
- Production line process interference
- Sensitive data exfiltration
Rogue Robots revealed that the team frequently discovered that robotic devices were running outdated and vulnerable OSes and libraries with weak authentication. Robotic assets were originally designed to operate without connection to the network, but for modern highly-automated operations an increasing level of IIoT connectivity is necessary. Currently-available practical examples of incidents with robotic assets are just examples of misoperation, however it’s highly likely that in the near future we will begin seeing a wave of cyber attacks on robotic systems.
For many industrial assets, it’s not feasible to update them to the latest patches. This can be either because of extended maintenance times or because it’s a legacy asset and the vendor no longer provides updates. This is what creates one of the most serious holes in security for robotic assets. TXOne Networks’ next-generation firewall EdgeFire and next-generation IPS EdgeIPS are two ways to cover these vulnerabilities without interfering with productivity. They come ready to segment the network and apply virtual patching, both of which make it significantly easier to protect those assets that are hard or impossible to update.