Advertisement

Security of controlled manufacturing systems in the connected factory: the case of industrial robots

  • Marcello PoglianiEmail author
  • Davide Quarta
  • Mario Polino
  • Martino Vittone
  • Federico Maggi
  • Stefano Zanero
Original Paper

Abstract

In modern factories, “controlled” manufacturing systems, such as industrial robots, CNC machines, or 3D printers, are often connected in a control network, together with a plethora of heterogeneous control devices. Despite the obvious advantages in terms of production and ease of maintenance, this trend raises non-trivial cybersecurity concerns. Often, the devices employed are not designed for an interconnected world, but cannot be promptly replaced: In fact, they have essentially become legacy systems, embodying design patterns where components and networks are accounted as trusted elements. In this paper, we take a holistic view of the security issues (and challenges) that arise in designing and securely deploying controlled manufacturing systems, using industrial robots as a case study—indeed, robots are the most representative instance of a complex automatically controlled industrial device. Following up to our previous experimental analysis, we take a broad look at the deployment of industrial robots in a typical factory network and at the security challenges that arise from the interaction between operators and machines; then, we propose actionable points to secure industrial cyber-physical systems, and we discuss the limitations of the current standards in industrial robotics to account for active attackers.

Keywords

Industrial robots Cyberphysical systems Industry 4.0 Cybersecurity Industrial internet of things 

Notes

Acknowledgements

Politecnico di Milano received funding for this project from the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement nr. 690972, and has been partially supported by CINI Cybersecurity National Laboratory within the project FilieraSicura: Securing the Supply Chain of Domestic Critical Infrastructures from Cyber Attacks (www.filierasicura.it), funded by CISCO Systems Inc. and Leonardo SpA.

References

  1. 1.
  2. 2.
  3. 3.
    Apa, L.: Exploiting industrial collaborative robots. http://blog.ioactive.com/2017/08/Exploiting-Industrial-Collaborative-Robots.html (2017)
  4. 4.
    Belikovetsky, S., Yampolskiy, M., Toh, J., Gatlin, J., Elovici, Y.: dr0wned—cyber-physical attack with additive manufacturing. In: 11th USENIX Workshop on Offensive Technologies (WOOT 17). USENIX Association, Vancouver, BC. https://www.usenix.org/conference/woot17/workshop-program/presentation/belikovetsky (2017)
  5. 5.
    Bloem, J., Van Doorn, M., Duivestein, S., Excoffier, D., Maas, R., Van Ommeren, E.: The fourth industrial revolution—things to tighten the link between it and ot. Tech. Rep., SOGETI. https://www.fr.sogeti.com/globalassets/global/downloads/reports/vint-research-3-the-fourth-industrial-revolution (2014)
  6. 6.
    Bonaci, T., Herron, J., Yusuf, T., Yan, J., Kohno, T., Chizeck, H.J.: To make a robot secure: an experimental analysis of cyber security threats against teleoperated surgical robots (2015). arXiv preprint arXiv:1504.04339
  7. 7.
    Bonev, I.: Should we fence the arms of universal robots? http://coro.etsmtl.ca/blog/?p=299 (2014)
  8. 8.
    Brunner, M., Hofinger, H., Krauß, C., Roblee, C., Schoo, P., Todt, S.: Infiltrating critical infrastructures with next-generation attacks. Tech. rep, Fraunhofer Institute for Secure Information Technology (SIT), Munich (2010)Google Scholar
  9. 9.
    Calcagno, R., Bonivento, A.: Wireless teach pendant for robotics technological rationale for comau witp. IFAC Proc. Vol. 39(15), 494–497 (2006).  https://doi.org/10.3182/20060906-3-IT-2910.00083. 8th IFAC Symposium on Robot ControlCrossRefGoogle Scholar
  10. 10.
    Cerrudo, C., Apa, L.: Hacking robots before skynet. https://ioactive.com/pdfs/Hacking-Robots-Before-Skynet.pdf (2017)
  11. 11.
    Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T.: Comprehensive experimental analyses of automotive attack surfaces. In: Proceedings of the 20th USENIX Security Symposium (2011)Google Scholar
  12. 12.
    Comau Robotics: PDL2 Programming Language Manual—System Software Rel. 3.3x. Comau Robotics (2009)Google Scholar
  13. 13.
    Cruz, L.: Digitization and iot reduce production downtime. https://newsroom.cisco.com/feature-content?type=webcontent&articleId=1764957 (2016)
  14. 14.
    DeMarinis, N., Tellex, S., Kemerlis, V., Konidaris, G., Fonseca, R.: Scanning the internet for ros: A view of security in robotics research. arXiv preprint arXiv:1808.03322 (2018)
  15. 15.
    Fachkha, C., Bou-Harb, E., Keliris, A., Memon, N., Ahamad, M.: Internet-scale probing of CPS: inference, characterization and orchestration analysis. In: Proceedings of the 24th Annual Network and Distributed System Security Symposium, NDSS (2017).  https://doi.org/10.14722/ndss.2017.23149
  16. 16.
    Formby, D., Durbha, S., Beyah, R.: Out of control: Ransomware for industrial control systems. Tech. Rep., RSA Conference. http://cap.ece.gatech.edu/plcransomware.pdf (2017)
  17. 17.
    Fryman, J., Matthias, B.: Safety of industrial robots: from conventional to collaborative applications. In: Proceedings of the ROBOTIK 2012; 7th German Conference on Robotics, pp. 1–5 (2012)Google Scholar
  18. 18.
    Howard, M., Lipner, S.: The Security Development Lifecycle, vol. 8. Microsoft Press, Redmond (2006)Google Scholar
  19. 19.
    International Federation of Robotics: Executive Summary: World Robotics 2017 Industrial Robots. https://ifr.org/downloads/press/Executive_Summary_WR_2017_Industrial_Robots.pdf (2017)
  20. 20.
    Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., et al.: Experimental security analysis of a modern automobile. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy, pp. 447–462 (2010).  https://doi.org/10.1109/SP.2010.34
  21. 21.
    Maggi, F., Quarta, D., Pogliani, M., Polino, M., Zanchettin, A.M., Zanero, S.: Rogue robots: Testing the limits of an industrial robots security. Tech. Rep., Technical report, Trend Micro, Politecnico di Milano. https://documents.trendmicro.com/assets/wp/wp-industrial-robot-security.pdf (2017)
  22. 22.
    McLaughlin, S., Konstantinou, C., Wang, X., Davi, L., Sadeghi, A.R., Maniatakos, M., Karri, R.: The cybersecurity landscape in industrial control systems. Proc. IEEE 104(5), 1039–1057 (2016).  https://doi.org/10.1109/JPROC.2015.2512235 CrossRefGoogle Scholar
  23. 23.
    Nohl, K., Lell, J.: Badusb-On Accessories that Turn Evil. Black Hat USA (2014)Google Scholar
  24. 24.
    Object Managemenet Group: The DDS security specification version 1.1. https://www.omg.org/spec/DDS-SECURITY/1.1/ (2018)
  25. 25.
    Pinto, A.D., Dragoni, Y., Carcano, A.: TRITON: The first ICS cyber attack on safety instrument systems. Tech. Rep., Nozomi Networks. https://www.nozominetworks.com/downloads/US/Nozomi-Networks-TRITON-The-First-SIS-Cyberattack.pdf (2018)
  26. 26.
    Quarta, D., Pogliani, M., Polino, M., Maggi, F., Zanchettin, A.M., Zanero, S.: An experimental security analysis of an industrial robot controller. In: Proceedings of the 38th IEEE Symposium on Security and Privacy, pp. 268–286 (2017).  https://doi.org/10.1109/SP.2017.20
  27. 27.
    Quigley, M., Gerkey, B., Conley, K., Faust, J., Foote, T., Leibs, J., Berger, E., Wheeler, R., Ng, A.: Ros: an open-source robot operating system. In: Proceedings of the ICRA Workshop on Open Source Software (2009)Google Scholar
  28. 28.
    Ramaswamy, A., Bratus, S., Smith, S.W., Locasto, M.E.: Katana: A hot patching framework for elf executables. In: Proceedings of the 2010 International Conference on Availability, Reliability and Security ARES, pp. 507–512. IEEE (2010).  https://doi.org/10.1109/ARES.2010.112
  29. 29.
    Sametinger, J., Rozenblit, J., Lysecky, R., Ott, P.: Security challenges for medical devices. Commun. ACM 58(4), 74–82 (2015).  https://doi.org/10.1145/2667218 CrossRefGoogle Scholar
  30. 30.
    Tischer, M., Durumeric, Z., Foster, S., Duan, S., Mori, A., Bursztein, E., Bailey, M.: Users really do plug in usb drives they find. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 306–319 (2016).  https://doi.org/10.1109/SP.2016.26
  31. 31.
    Universal Robots: Service manual—revision ur10\_en\_3.1.3 (2016)Google Scholar
  32. 32.
    U.S. DHS ICS-CERT: Advisory (ICSA-18-191-01). https://ics-cert.us-cert.gov/advisories/ICSA-18-191-01
  33. 33.
    Zanchettin, A.M., Ceriani, N.M., Rocco, P., Ding, H., Matthias, B.: Safety in human-robot collaborative manufacturing environments: metrics and control. IEEE Trans. Autom. Sci. Eng. 13(2), 882–893 (2016).  https://doi.org/10.1109/TASE.2015.2412256 CrossRefGoogle Scholar

Copyright information

© Springer-Verlag France SAS, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Politecnico di MilanoMilanItaly
  2. 2.EURECOMBiotFrance
  3. 3.Trend Micro Inc.MilanItaly

Personalised recommendations