3 Ways That Hackers Can Hijack Your Industrial Robots
What comes to mind when you think about your business’s cybersecurity needs? If you’re troubled by the headlines of recent years, you’re likely motivated to make sure your email system is private and your internal communications are not susceptible to theft. You’re also probably concerned about protecting sensitive data, like your customers’ credit card credentials and your workers’ Social Security numbers.
It’s become clear, however, that in the era of the Internet of Things (IoT), manufacturers and logistics companies also need to protect their industrial robots as well as other connected equipment. As industrial robots are further integrated into external and internal networks, their attack surfaces grow; the number of access points for cyberattacks increases.
A recent report by cybersecurity firm Trend Micro and respected Italian technical university Politecnico di Milano (POLIMI) outlined three ways in which industrial robots can be manipulated by malicious hackers once they’re compromised.
Here are three ways that your industrial robots could be hijacked.
1) Theft of Information
Depending on the specifics of your situation, critical information could be stored inside your industrial robots. While the information that resides inside these machines might not always be a prime target for exploitation, some industries could attract more hacking attempts than others. And while robots might not have been specifically targeted yet, hackers have extracted closely held information from private companies in the past.
In 2016, German steel producer and industrial conglomerate ThyssenKrupp was hit by a massive cyberattack in which trade secrets were stolen.
The Trend Micro report notes that sophisticated robots are used in the production of goods for critical industries such as aerospace, automotive, energy and defense. If these robots contain valuable trade secrets for manufacturing, they may attract extra attention from ill-intentioned sources.
2) Infliction of Physical Harm
Industrial robots could be hacked in order to introduce safety threats to the workplace. This could happen in at least one of two ways.
First, robots are no exception to the rules that apply to Lockout/Tagout (LOTO) precautions. But hackers can throw a wrench into the process. They can alter the reporting status of the robot so that operators think it’s powered down when in fact it’s still on. Alternatively, they can turn the robot on or off regardless of the information reported by the robot. Since robots contain potentially hazardous energy, this can be very dangerous for operators and maintenance workers.
Additionally, hackers could alter the robot’s movements remotely in order to create unsafe workplaces, damage expensive equipment or hurt human co-workers.
What motivation would hackers have to inflict this kind of damage? Competitors could attempt to sabotage the reputation, production capability or profitability of their rivals, as has been attempted with conventional cyberattacks. Rogue actors could jeopardize workplace operations in order to extract ransom payments. A recent global ransomware attack has made it clear that criminals will go as far as impeding the National Health Service of the U.K. for petty financial gain. Even though this ransomware virus, known as WannaCry, has infected hundreds of thousands of computers across the globe, its operators have received less than $150,000 from impacted users to date, and ransom payments had largely flatlined by May 19.
Make sure your staff, and your machinery, are secure from ransomware attacks that could put worker welfare in jeopardy.
3) Insertion of Microdefects
Perhaps one of the subtlest, most insidious and potentially destructive ways in which industrial robots can be compromised is by altering their programming to insert barely noticeable “microdefects” into the assembly process.
Trend Micro and POLIMI draw on previous research about a manufacturing process that includes 3D printing. In this research, the authors document how a microdefect, or an error that is practically undetectable by most traditional quality control practices, can completely sabotage the mass production of complicated machines.
Watch them demonstrate the implications of this sabotage below. Researchers are shown hacking an industrial robot arm and changing its control parameters to draw a crooked line instead of a straight one. The researchers then demonstrate how a minuscule variation can be inserted unnoticed into the assembly process of a 3D-printed drone part. The video shows how this microdefect causes the drone to fall out of the sky, and we are asked to contemplate how mass production amplifies the harm such microdefects can cause.
Protect Your Robots, Protect Your Business
The use of industrial robots is on the rise across many sectors of the U.S. economy. From factories to coffee stands, robots are doing more work than ever before. And as IoT capabilities become further integrated into manufacturing centers and across supply chains, the potential ability of hackers to access networked machines increases. The Trend Micro study illustrates that industrial robots can be hacked to steal trade secrets, damage equipment, cause bodily harm and insert potentially catastrophic microdefects into the assembly process.
Increasingly, a secure factory will depend on secure robots. To keep those robots protected you have to take a holistic approach. It’s not just about patching software or securing networks. What’s needed now is a secure robot ecosystem. That means you need skilled operators who know how to look for, identify and respond to problems, as well as cybersecurity professionals, network architects and maintenance workers who prioritize your robots’ defenses.
Humans and robots will work together more frequently in the coming years. It’s essential that your workers know how to interact safely with heavy machinery. For additional pointers that will keep your workers safe on the job, take a look at our ebook Best Practices for a Comprehensive Safety Program >