Cybersecurity RoboticsLeading robot cybersecurity lab

Hardening a robot: the controls that hold

Research Note · 2026

AuthorsVíctor Mayoral-Vilches
AffiliationCybersecurity Robotics
Published2026
1The other half of the story2Harden the graph: SROS2 and DDS-Security3Shrink and segment the network4Sign it, boot it, patch it5Validate what the robot is told to do6Measure it — don't guess7The gap is deployment, not capability8References

Abstract. This lab spends most of its time showing how robots break. This briefing is the counterweight: the concrete, mostly-free controls that actually hold a robot — SROS2 and DDS-Security on the graph, segmentation and a host firewall on the network, signed updates and secure boot on the supply chain, runtime input and plan validation, and systematic assessment with the Robot Security Framework and the CIS ROS Benchmark. The uncomfortable finding of 2026 is that almost none of this is missing or expensive; it is simply not switched on. The robot you cannot secure is usually an unshipped configuration, not an unsolved problem.

A Cybersecurity Robotics field briefing — a cited synthesis of the external research listed below, not an original paper.

1The other half of the story

Most of this lab is spent showing how robots break. This note is the counterweight — the concrete controls that hold. The uncomfortable finding of 2026 is that almost none of them are missing or expensive: the building blocks ship with ROS 2 or are free, mature and documented. The robot you cannot secure is usually not an unsolved problem; it is an unshipped configuration.

Each way a robot is attacked, and the concrete control that already exists to hold it — the failure mode of 2026 is deployment, not capability.
THE ATTACK PATHTHE CONTROL THAT ALREADY EXISTSSniff or spoof the ROS 2 graphSROS2 · DDS-SecurityX.509 auth · AES-GCM · topic access controlReach an exposed port or serviceSegment & shrinkisolated VLAN · host firewall · minimal portsTampered firmware or updateSign & verifysigned updates · secure boot · key managementOut-of-range or spoofed inputsValidate at runtimevalue ranges · plan & safety checksUnpatched, unassessed stackAssess & maintainRSF · CIS ROS Benchmark · patch cadenceEvery control here ships with ROS 2 or is free — yet 73% of roboticists say they under-invest in it. The gap is configuration, not capability.

2Harden the graph: SROS2 and DDS-Security

ROS 2 inherits both the flexibility and the insecure defaults of DDS: out of the box, any participant can join any domain and read every topic in the clear. SROS2 closes that by switching on the three pillars the DDS-Security specification already provides — authentication (per-node X.509 identities), encryption (AES-GCM on the wire) and access control (signed, topic-level permissions, so a node discovers and talks to only what it is authorised to). Policy is grouped into enclaves and generated through a six-step DevSecOps loop: model the computational graph, define authentication and authorisation, generate the artifacts, deploy them, and monitor — remodelling as the graph changes.

Enabling security is not the same as being secure. The 2022 analysis On the (In)Security of Secure ROS2 showed that even a correctly-configured graph can leak: permissions are not always revoked when a node is compromised, namespaces isolate imperfectly, and the discovery phase still exposes the network topology — participant identities and reachable topics — to a passive listener. Some fixes have landed; the residual gaps are exactly why hardening the graph is necessary but not sufficient, and has to be wrapped in the layers below.

3Shrink and segment the network

The cheapest robot attacks simply reach a port that should never have been exposed. Put every robot on an isolated, trusted network — never a shared or public one — behind firewall rules and segmentation, with only the strictly necessary ports open. Industrial deployments formalise this with the multi-level segmentation of NIST SP 800-82 and the IEC 62443 family; the lab's study of robots in an OT line shows why the controller endpoint itself, not just the perimeter, has to be watched.

Robots add a twist a server never faces: they are mobile and autonomous, so they must carry their security with them, and they often run on resource-constrained hardware with no hardened defaults. That makes host-based controls essential rather than optional — a local firewall on the robot, and increasingly a lightweight network intrusion detector watching the DDS traffic for anomalies as a step toward zero-trust operation.

4Sign it, boot it, patch it

A control plane is only as trustworthy as the code beneath it. Ship signed updates over an authenticated channel, verify the boot chain with secure boot, and treat keys as first-class secrets — the keystore that anchors SROS2 is itself a target. And patch: middleware and dependencies age, ROS 1 reached end-of-life in 2025, and much of a robot's real security lives in work outside the ROS graph — the operating system, the network stack, the update mechanism.

5Validate what the robot is told to do

Between message and motion, check both ends. Enforce strict value ranges on incoming messages so an out-of-band or spoofed field fails safely instead of becoming a command, and verify the emitted plan against physical and safety constraints at runtime before it reaches an actuator. This is where the model-in-the-loop threats from foundation-model robots are caught: a manipulated perception or a jailbroken instruction is only dangerous if the resulting action executes unchecked.

6Measure it — don't guess

Hardening without assessment is faith. Three free, standardised references turn it into engineering: the Robot Security Framework — the lab's own layer-by-layer methodology — the community CIS ROS Benchmark of secure-configuration checks, and the official ROS 2 threat model. The trap is to run them once and file the report; a robot's configuration drifts, so the assessment has to be continuous.

7The gap is deployment, not capability

Every control above already exists, is documented, and is largely free. Yet in community surveys 73% of roboticists say they have not invested enough to secure their machines, security ranks low among the features practitioners prize, and time-to-market pressure keeps it switched off. That is the real 2026 finding: robot insecurity is now overwhelmingly a deployment problem, not a research one — and it is no longer optional, as ISO 10218:2025, the EU Machinery Regulation and the CRA turn “we didn't get to it” into a safety non-conformance. Closing the gap is not a one-time checkbox; it is continuous, budgeted systems engineering — the same discipline a robot's safety already demands. See the status of robot cybersecurity and the milestones for how far the field still has to go.

8References

  1. SROS2: Usable Cyber Security Tools for ROS 2, 2022.
  2. On the (In)Security of Secure ROS2, ACM CCS 2022.
  3. ROS 2 Robotic Systems Threat Model.
  4. ROS 2 DDS-Security integration.
  5. CIS Robot Operating System (ROS) Benchmark.
  6. The Robot Security Framework (RSF).
  7. NIST SP 800-82, Guide to Operational Technology Security; ISA/IEC 62443 family.
  8. Cyber security of robots: a comprehensive survey, 2023.

Citation

@misc{mayoralvilches2026hardeninga,
  title        = {Hardening a robot: the controls that hold},
  author       = {Víctor Mayoral-Vilches},
  howpublished = {Cybersecurity Robotics — Field briefing},
  year         = {2026},
  url          = {https://cybersecurityrobotics.com/research/hardening-a-robot/},
}