How to Tackle the Security Risks of Robotics Technology
According to the International Federation of Robotics (IFR), the number of industrial robots deployed worldwide will reach around 2.6 million units by 2019, which amounts to around one million more than in 2015. The use of robotics technology is most prevalent in the automotive, electrical and machinery sectors. Outside these spheres, robots are also used by businesses in customer-facing roles, as well as in the health care industry, where they perform functions ranging from taking blood samples to disinfecting facilities.
Robotics Technology and Economic Growth
Some fear the use of automation will lead to widespread job losses across industries. However, research suggests robotics technology is making a positive impact on economic growth. By enabling humans to focus on higher-value tasks, robots can complement rather than directly substitute labor. IFR also affirms that robots also have created new job opportunities, caused wages to increase and resulted in higher-quality work.
Potential Security Risks
However, robotics also brings potential security risks. According to a recent report from IOActive, security concerns include vulnerable communication channels that have weak or nonexistent encryption, insufficient authentication, authorization issues and weak default configurations. Privacy issues have also arisen as robots have sent out private information without consent, which can enable surveillance and tracking.
The IOActive report also found the use of robots comes with a wide range of potential attack surfaces, such as unsecured operating systems, interaction with external services and applications that can be remotely controlled.
Creating a Secure Environment
CSO Online outlines recommendations from a number of security experts on how organizations can enhance security while using robotics. Information security attorney Michael Overly recommends having a third-party auditor with the relevant expertise in manufacturing and automation conduct a thorough audit. The outcome will help the organization understand its security risks and plan how to remediate them.
Organizations should also change default configurations like passwords before devices are connected and ensure all devices are patched as soon as updates become available. Unpatched vulnerabilities are a key risk within industrial control systems and could enable access to critical and confidential information. Access controls should also be tight in order to ensure employees have the necessary permissions to carry out their jobs — no more, no less.
Given the potential security vulnerabilities, human oversight of robotics protocols and operating procedures is essential. Senior security executives should oversee the security policies related to robots and inform the board and senior management of any issues encountered, as well as the measures being taken to address those problems. Organizations should also enact the appropriate preventive and corrective control through policies, standards, procedures, technology functions and monitoring mechanisms.
Robotics technology has a key part to play in the future of many sectors, but as with many devices that form the Internet of Things, security features and functions are often lacking. Until manufacturers develop and adhere to set standards, security must be top-priority.