Modern manufacturing relies on interconnected robots to make industry 4.0 a reality. Here Neil Ballinger, head of EMEA sales at automation equipment supplier EU Automation, explains how industrial robots could be hacked and what can be done to mitigate the threat of cybercrime.
In recent years, manufacturing companies have invested heavily in industrial automation. McKinsey, a consultancy firm, estimates that the market for industrial robots has been expanding at approximately 19 per cent since 2012 and is now worth 16.2 billion dollars. As robots become more ubiquitous, their vulnerability to cyberattacks becomes a more pressing concern.
The threat is real
Every year, hackers and IT professionals meet at the Black Hat cyber security conference. This year, Federico Maggi, a researcher at Trend Micro, and Marcello Pogliani, an information security researcher at Politecnico di Milano, presented a report entitled “rogue automation” in which they presented new vulnerabilities in the software of industrial robots to cyberattacks.
The research reveals previously unknown ways of how an advanced hacker can perform targeted attacks on robots. What makes this possible is a lack of layered user authorisations in software. Once a perpetrator has gained access to the peripheral layers of the software, the entire operating system of the robot could potentially be hacked.
The two researchers believe that existing security mechanisms are not sufficient to protect robots because they have not been embedded in the programming language of the operating system.
Affected are industrial automation robots in sectors as diverse as automotive, avionics, military, pharmaceuticals, food and beverage. The authors of the report argue that if such robots were hacked, the consequences could range from downtime of factory lines to physical or environmental harm.
One of the challenges in mitigating these newly discovered software vulnerabilities is integrating different software from new machines with legacy technology. The programming language of industrial robots is often vendor specific. On the factory floor, machines from different vendors, bought over a long timeframe are required to interact seamlessly with each other. However, some legacy equipment contains code that was written before the time of code checkers, which nowadays spot loopholes automatically.
What can be done to make industrial robots more secure? To reduce vulnerabilities, process engineers should segment networks and isolate machines that process data from outside. Moreover, networks and their endpoints should be protected. Changes to the software should be reviewed regularly and documented scrupulously.
Tackling the problem of cybercrime in industrial automation requires the close collaboration of installation engineers, maintenance technicians, IT service providers and parts suppliers. Industry 4.0 can only be made a reality if manufacturers are able to trust that their industrial automation equipment is safe from cyberattacks.