Sleeping with the Robot: Cyber Security for home and collaborative industrial robots

Earlier this week I saw on YouTube this amazing video from Nigel John Stanford. I was truly thrilled and amazed by the various artistic and technological aspects of this video.

BUT - one scene did bother me and made me repeatedly watch those few seconds, wondering about the possible risks and implications.

At 2:08 Mr. Stanford stood up and walked between the three, carefully orchestrated, KUKA robotic arms.

Two days later I got a phone call. On the other side was a friend who is currently working on the development of an autonomous machine.

"Tell me something" - he asked - "How would you go about making a cyber security risk assessment for an autonomous machine ?"

I pondered for few minutes and came up with what in my opinion are the two most equally important concerns to address:

1. Privacy : Information collected by any machine. It can be stored ("at rest") or transmitted ("in transit") to the operator or for storing in the cloud.Think about images collected by the machine "eyes", sound collected by a telepresence robot or any other sensory input.
2. Safety: Just like the "simple case" of an industrial robot, referring back to Asimov's laws of Robotics. A risk assessment should call out any case in which an attack can disrupt the "good" programming of the machine.

Thinking further about the vulnerabilities and possible attack vectors I came to the conclusion that, to begin with, we can start with the very same items we need to address in the well known IT world:

1. Operating Systems vulnerabilities: In this case we will have to deal with ROS for example , the open source robot framework.
2. Authentication and authorization
3. Encryption in the cases of Data-at-Rest and Data-in-Transit
4. Access Control

The YouTube video and the phone call were all that was needed to incentivize me to do some quick research and come up with a short reading list for myself and anyone who would like to delve more into this topic: 

1. Cybersecurity in Robotic Systems: https://ercim-news.ercim.eu/en106/special/cybersecurity-in-robotic-systems
2. To Make a Robot Secure: An Experimental Analysis of Cyber Security Threats Against Teleoperated Surgical Robotics: https://brl.ee.washington.edu/wp-content/uploads/2014/05/arXiv_April_2015.pdf
3. Risk Assessment for ‘Safe’ Collaborative Robots Still Needed : https://www.brinknews.com/risk-assessment-for-safe-collaborative-robots-still-needed/
4. The Importance of Cyber Security in Industrial Robotics: https://www.robotics.org/blog-article.cfm/The-Importance-of-Cyber-Security-in-Industrial-Robotics/44
5. [Book] Detecting and Mitigating Robotic Cyber Security Risks: https://www.safaribooksonline.com/library/view/detecting-and-mitigating/9781522521549/
6. Hacking Robots Before Skynet: https://blog.ioactive.com/2017/02/hacking-robots-before-skynet.html
7. [Whitepaper] Industrial Robotics and Cyber Security https://www.openskycorp.com/resource-center/blog/industrial-robotics-cyber-security/
8.  Robotics and the internet of things – implications for insurers https://www.munichre.com/topics-online/en/2017/04/robotics-internet-of-things
9. Warning to CISOs: Industrial cobots need to be watched https://www.itworldcanada.com/article/warning-to-cisos-industrial-cobots-need-to-be-watched/395917
10. Home and industrial robots have the same flaws as smart things https://www.cso.com.au/article/615166/home-industrial-robots-same-flaws-smart-things/
11.  Robots are just as plagued by security vulnerabilities as IoT deviceshttps://www.cio.com/article/3175753/security/robots-are-just-as-plagued-by-security-vulnerabilities-as-iot-devices.html
12. Robot Problems: Research Reveals Cybersecurity Woes https://securityledger.com/2017/03/robot-problems-research-reveals-cybersecurity-woes/
13. Telepresence Robots? Hackable https://securityledger.com/2017/03/telepresence-robots-hackable/
14. Report warns of Robot Hacks, Tampering https://securityledger.com/2017/05/report-warns-of-robot-hacks-tampering/
15. Fear the Hacker! Robot Security is a Growing Threathttps://www.machinedesign.com/motion-control/fear-hacker-robot-security-growing-threat
16. Researchers:Robot Makers Slow to Address Cyber Risk https://www.usnews.com/news/news/articles/2017-08-22/robot-makers-slow-to-address-danger-risk-researchers
17. An experimental security analysis of an industrial robot controller https://blog.acolyer.org/2017/06/28/an-experimental-security-analysis-of-an-industrial-robot-controller/
18. New technology, same bugs: the rise and fall of the robot revolution https://www.scmagazineuk.com/new-technology-same-bugs-the-rise-and-fall-of-the-robot-revolution/article/641518/
19. Robotic safety: What you don't know: https://www.plantengineering.com/single-article/robotic-safety-what-you-don-t-know/18c6ab2470fc37537ea036756491180c.html
20.  Kpmg:risk or reward ? What lurks within your IoT https://assets.kpmg.com/content/dam/kpmg/xx/pdf/2017/04/risk-or-reward-what-lurks-within-your-IoT.pdf
21. Thoughts on the EU’s draft report on Robotics https://robohub.org/thoughts-on-the-eus-draft-report-on-robotics/