Dr. Susanne Bieller

CYBERSECURITY IN THE INDUSTRIAL INTERNET OF THINGSSusanne Bieller, EUnited RoboticsEC Workshop in the area of autonomous systems / robots / IoTBrussels, 13 July 2017

EUnited Robotics

Dr. Susanne Bieller

Different needs according to classification

Robots

Industrial robots

Profess. servicerobots

Entertain-ment

robots

Domesticrobots

EUnited Robotics

householdapplicances

Toys / CE products

Professional operatorConsumerTypically large quantities Small numbers

Separate regulation:

Dr. Susanne Bieller

Robots in the production environmentEUnited Robotics

Services

Components

Plant Connected

manufacturingsystem

Robots are components / tools as any other machine

Dr. Susanne Bieller

Different players in that context

Componentmanufacturer(s) System Integrator Operator /

End user

EUnited Robotics

Each player having its share in the implementation

Dr. Susanne Bieller

Security measures must be kept up-to date over the complete product lifecycle

Product levelsecurity

System levelsecurity

State-of-the-art at the time ofhand-over

Adaption of securitylevel over productlifetime (20-30years)

EUnited Robotics

Development IntegrationOperation

within warranty

Remaining lifetime

operation

Dr. Susanne Bieller

Industrial Robots in the contect of IIoTEUnited Robotics

Robot controller(embedded PC)

External sensors

Gripper

ERP

NetworkRobotPLC

controller

Warehouse…

…

Cloud services

HMI

Dr. Susanne Bieller

Common threatsHow do intruders „get in“?

Social engineering and phishing Infiltration of Malware via removable media and external hardware Malware infection via Internet and Intranet Intrusion via remote access Human error and sabotage Control components connected to the Internet Technical malfunctions and force majeure Compromising of extranet and Cloud components (D)DoS Attacks Compromising smartphones in the production environment

EUnited Robotics

Dr. Susanne Bieller

Typical weak points

Outdated software Control systems directly accessible over the internet Network bridge from control systems to unsafe networks (office LAN, wireless network) Uncontrolled plug-in of mobile devices and external storage devices Unsecure remote maintenance Remote access: use of VPN or RDP with unsafe or even without password

allow for easy access via HMI / GUI Indirect access via add-on components like cameras

EUnited Robotics

Dr. Susanne Bieller

Potential associated damage in case of a cyber attack

Leakage of (personal) data

Leakage of sensitive business data / know-how / IP (own / customer)

Loss of availability of the facility (loss of production)

„Telecontrol“ / manipulation of operation

Causing physical damage to facilities

Potential harm to humans or environment

Triggering of safety procedures / interfering with safety systems

Deterioration of product quality

EUnited Robotics

Dr. Susanne Bieller

Risk assessment

Performed individually for each use, over complete product lifecycle Criteria:

Prevalence: How prevalent is the potential vulnerability in the enterprise? Exposure: How easily can the vulnerability be located and reached? Exploitability: How easy is it to exploit (technical expertise & required effort) Detection: How easily can a compromise be detected?

EUnited Robotics

Threats

Identify individual threats Rate probability of

occurance

Countermeasures

Feasibility Efficiency Cost estimation Alternatives

Business impact

Economicconsequences Total possible

damage

Risk = total damage x probability of occurance

Dr. Susanne Bieller

Countermeasures during product development, integrationand operation

During development and integration: Network segmentation Proper management of user accounts, credentials, authentication and autorization Use of secure protocols & encryption Safeguarding wireless technology Secure remote services & maintenance Limit hardware functionality, use of hardend components

During operation Monitoring and recognizing attacks Regular backups for recovery, documentation of security measures Training and awareness measures Monitoring of vulnerabilities and threats & respond to it (patch management) Update policies

EUnited Robotics

Dr. Susanne Bieller

What can the robot manufacturer do?

Security by design

Implementation of special safety features:

Unintended access should lead to a shutdown / safety stop

Change of configuration not during normal operation

Decoupling of normal control and safety relevant function (separate software)

Isolation of safety critical systems

Limit remote accessibility of functions

E.g. allow for monitoring, data recording, but not for change of modifications

Consider special situation in human-robot collaboration

EUnited Robotics

Dr. Susanne Bieller

Standards dealing with security of communication

Security standards IEC 62443 - Industrial communication networks – Network and system security IEC 62351 - Power systems management and associated information exchange - Data and

communications security

OPC Unified Architecture (OPC UA) Communication protocol for industrial internet Manufacturer-independent link between nets (process control / company level) Includes integrated security features Regular security analyses are conducted to verify inherent security of the protocol

Analysis of the specification revealed high level of security Analysis of reference implementation revealed certain deficiencies In an interative process, this will lead to further improvements of the standard

EUnited Robotics

Dr. Susanne Bieller

Challenges for industry

Manufacturers are responsible for updates But responsibility for applying them is with users!

Transfer of ownership Manufacturer has no access / responsibility Intended use vs. real usage

Long lifetime of manufacturing equipment vs. short lifetime of IT High variety of versions / piece production requiring individual measures Fear of know-how leakage: manufacturers do not get access to facilities Loss of operating licenses after significant modifications (software update)

Continous operation (several years until next patch can be installed)

Dependence in production processes The whole process needs to be adapted, not just a single plant

EUnited Robotics

Dr. Susanne Bieller

Conclusion

Standardisation is important

Potential regulation should be based on standards

Harmonised regulation on EU level welcome

Necessary measures should be applicable globally

Take a holistic approach over the whole product lifecycle

Consider shared responsibility between manufacturer, integrator and operator

Distinguish between B2B and B2C applications

We need technology-friendliness

Regulation should not discourage the use of new technologies

EUnited Robotics

Dr. Susanne Bieller

Who We Are

Independent network of robotics industry leaders in Europe Collective voice of the European robotics industry Cooperation platform among industry decision-makers, research

institutes, national associations, end-users, and policymakers Our members include robot manufacturers, component suppliers and

system integrators

Contacts: Susanne Bieller

EUnited RoboticsBoulevard A. Reyers 80 - 1030 Brussels, BelgiumPhone +32 2706-8222susanne.bieller@eu-nited.net

EUnited Robotics