The Internet of Robotic Things: Secure, harmless helpers or vulnerable, vicious foes?

blue robots
randychiu (CC BY 2.0)

Experts say robots will be commonplace in 10 years. “Many respondents see advances in [artificial intelligence] and robotics pervading nearly every aspect of daily life by the year 2025—from distant manufacturing processes to the most mundane household activities,” says Aaron Smith, senior researcher, The Pew Research Center's Internet Project, speaking of the several experts quoted in his “Predictions for the State of AI and Robotics in 2025”.

People are increasingly connecting the broadening array of robots to the Internet and IoT devices, including sensors, to add functionality. “A new generation of robots uses wireless networking, big data, machine learning, open-source, and the Internet of Things to improve how they assist us in tasks from driving to housekeeping to surgery,” says Ken Goldberg, Professor, UC Berkeley. IoT such as sensors produce useful data, anything from temperature readings to measurements of vibrations, for decision-making by control systems that manage robots.

[ How Dangerous Could a Hacked Robot Possibly Be? ]

But there are security issues with Internet-based control of robots, which will grow as the number of robots and connections grow. “Security is a critical issue that prevents the widespread adoption of IoT technologies and applications. For this reason, this paper remarks that a full re-discussion about the major security challenges is required to make IoT a viable paradigm, especially in robotics applications,” says L.A. Grieco, Associate Professor, Politecnico di Bari, Italy, in “IoT-aided robotics applications: technological implications, target domains, and open issues” (2014).

CSO explores the Internet of Robotic Things and the information security challenges it presents for the enterprise.

The Internet of Robotic Things

The Internet of Robotic Things will encompass more than robots working in factories. “We see IoT creating autonomous control loops where components that aren’t considered traditional robots are automated, delivering close-looped intelligence on the floor, generally through a connection with the Internet,” says Sarah Cooper, head of engineering, M2Mi.

[ 5 ways to prepare for Internet of Things security threats ]

Robots and close-looped autonomous control systems use sensors to provide real-time data about the environment and status of these robotic IoT devices. Remote control systems respond to changes in sensor data, making changes in robot behavior based on changes in IoT tasks in progress and in environmental factors.

High functioning robots rely on distributed sensor networks to provide decision-making input. Robots and IoT control devices relying on distributed systems require greater interoperability, more distributed processing, and much more secure communications.    

“As IoT matures, we see the industry adding more robotic and AI functions to traditional industrial and consumer robots,” says Cooper. Beyond simply automation, these functions include predictive analysis, learning capabilities [such as machine learning], autonomous decision making, and complex programmable responses, explains Cooper. “The autonomous nature of these systems and their often critical function in the larger system make them of particular concern when it comes to security,” says Cooper.

The Internet of Robotic Things challenges security

The Internet of Robotic Things challenges security with loss of control, says James Ryan, Digital Leadership Fellow, Minnesota Innovation Lab. IoT creates an attack vector where someone can now gain control of industrial robots using cyberattacks. And when hackers attack IoT, the consequences are immediate and apparent, instilling a sense of loss of control in the enterprise, vendors, and users. Once IoT is deployed, it is harder and harder to update and patch it. “The 'patch and pray' mentality that we see inside many organizations won't work here,” says Ryan.

James Ryan, Digital Leadership Fellow, Minnesota Innovation Lab

The evidence is piling up that existing security practices are not effective. If the industry stays on course, following the same ineffective enterprise security strategies with robots that it does with other technologies, the consequences of losing control of robotic assets will multiply. “We cannot protect laptops today. What makes us think we can protect robots?” asks Ryan.  

“An Internet-connected robot is still a secure control environment,” says Cooper. But the temperature sensors on the plant floor—part of those distributed sensor networks—that the robot interacts with to make decisions are a lot simpler, dumber, and easier to hack. This provides an indirect avenue for disrupting the function of the robot without hacking the robot itself. A hacker could spoof a sensor and provide bogus temperature data to the control plane for a welding robot, which would direct the robot to change the duration of the weld, leading to a faulty weld.

1 2 Page 1
Page 1 of 2
7 hot cybersecurity trends (and 2 going cold)