Robot cybersecurity — research note
Abstract. What's the status of cybersecurity in robotics? how can we improve cyber-resillience of robots? This article reviews the status of the robot cybersecurity.
Robots are often shipped insecure and in some cases fully unprotected. The rationale behind is threefold: first, defensive security mechanisms for robots are still on their early stages, not covering the complete threat landscape. Second, the inherent complexity of robotic systems makes their protection costly, both technically and economically. Third, vendors do not generally take responsibility in a timely manner, extending the zero-days exposure window (time until mitigation of a zero-day) to several years on average. Worse, several manufacturers keep forwarding the problem to the end-users of these machines or discarding it.
what's the status of cybersecurity in robotics? and, how can we best improve cyber-resillience in robotics?
In this article, the status of the robot cybersecurity is reviewed considering three sources of data: 1) recent literature, 2) questionnaires performed in top robotics forums and 3) recent research results in robot cybersecurity. Building upon a decade of experiences in robotics, this article reviews the current status of cybersecurity in robotics and argues about the current challenges to secure robotic systems. Ultimately, based on the empirical results collected over a period of three years performing security assessments in robots, the present text advocates for a complementary offensive approach methodology to protect robots in a feasible and timely manner.
Using these different sources of information, we draw the following observations:
Complexity difficulties security in robotics. The inherent complexity of robotic systems leads to wide attack surfaces and a variety of potential attack vectors which manufacturers are failing to mitigate in reasonable time periods. As research advances in the field and the first commercial solutions to protect robots appear, to meet the security expectations of most immediate industries, a reverse defensive approach (an offensive one) is recommended. Periodic security assessments in collaboration with security experts will be the most effective security mechanism in the short term.
For a postprint version of the full text, read the complete article. This is a postprint-produced PDF of an article submitted to the International Journal of Cyber Forensics and Advanced Threat Investigations (CFATI). Some rights reserved. The definitive publisher-authenticated version will be available online from https://conceptechint.net/index.php
Originally published on the Cybersecurity Robotics blog (cybersecurityrobotics.net), Jul 24, 2021; preserved and reformatted here as a research note.