Manoj Rajashekaraiah, Principal Engineer at Analog Devices, explores security risks and effective security measures in robotic control systems. He looks at the industrial security standards currently in place in the sector and analyses the essential requirements to meet these standards.
Security risks in robotic control systems
Factory automation is at the centre of Industry 4.0 and industrial robots, autonomous mobile robots (AMR), and collaborative robots play a crucial role in enabling the implementation of modern Industry 4.0.
Robots are becoming smarter, more collaborative, and better positioned to handle complex tasks with and without human intervention.
Higher levels of automation and higher use of robots also drive the demand for higher safety and security of robotic control systems [1].
Robots were initially mostly used on factory floors but now robots are used in different domains like medical, military, logistics, and agriculture.
The need for safety and security is of much more importance than it was a decade back.
Accidents are bound to occur, but the ones caused by malicious attacks are critical. Malicious hijacking and control of robots can cause serious economic and financial losses.
Regulations and acts for the industrial and robotics sectors promote cyber resilience and safeguarding operations
The cybersecurity landscape is rapidly evolving, and there are a growing number of regulations as well as acts that target the industrial and robotics sector.
Among the many, some of the acts that target cybersecurity are the EU Cybersecurity Act, the EU Cyber Resilience Act, and the US Cyber Incident Reporting for Critical Infrastructures Act. There are regulations and acts evolving in China and India as well.
The NIST Guide to Operation Technology (OT) Security and Standards like IEC 62443 provide us with guidance, enable us to take the secure-by-design approach and design, and develop our control systems to be resilient against cybersecurity attacks.
IEC 62443 requirements for industrial automation and control systems security (IACS)
IEC 62443 is security for industrial automation and control systems security. It is a widely adopted [2] standard for developing industrial automation control systems, and most regulations recommend it and recognise its importance.
It enables us to be compliant with relevant regulations, mitigate potential cybersecurity risks in control systems, address security gaps in control systems, protect critical assets, and many others.
While some parts of the standard focus on processes and procedures, IEC 62443-4-1 and IEC 62443-4-2 specifically address component security.
According to IEC 62443-4-2, component types include software applications, host devices, embedded devices, and network devices.
The standard defines the capability security level (SL) for each component type based on the component requirement (CR) and requirement enhancement (RE) they meet.
It defines four security levels (SL) SL0 to SL3. The SL2 and SL3 levels specifically require hardware-based security.
What capabilities and technologies are necessary when developing robotic security system solutions?
To build secure robotic control systems, we need to address the risks highlighted in the Security Risks in Robotic Control Systems section.
Key technical capabilities and technologies needed include:
• Secure authentication: integration of secure authenticators to verify device/component identity
• Secure coprocessors: utilisation of dedicated hardware for secure storage and cryptographic operations
• Secure communication: implementation of encrypted protocols for protected data exchange
• Access control: enforcement of granular permissions to restrict unauthorised system access
• Physical security measures: incorporation of measures to protect against physical tampering
Turnkey security ICs, such as secure authenticators and coprocessors, are purpose-built to meet these requirements, offering ease of implementation and cost efficiency.
These fixed-function ICs are complemented by comprehensive software stacks designed for host processors.
Note: using a discrete secure element enhances system resilience by preventing a compromised application processor from accessing credentials stored in a separate IC (isolation).
In addition to these aspects, system developers must adopt a structured approach to secure development that encompasses requirements gathering, threat modelling, secure design, implementation, testing, certification, and maintenance.
Following a secure development life cycle (SDL) ensures security is built into the development process from the beginning.
A sample use case in a robot joint controller
A potential system design of a robotic joint control system within a robotic joint is illustrated in Figure 3.
In this design, the potential application of the MAXQ1065 becomes apparent as it enables the implementation of secure boot functionality, thereby enhancing the overall security of the system.
The MAXQ1065 also encompasses an array of additional features, such as secure key storage, secure communication protocols, and cryptographic operations.
Subsequent articles will delve deeper into these use cases and explore their practical applications.
Analog Devices
ADI goes beyond being a mere vendor of turnkey security ICs like the MAXQ1065 and DS28S60 – we empower customers to fulfil diverse security requirements in the robotics industry.
By integrating extensive expertise in security and robotics, ADI emerges as a solution provider capable of tackling the distinctive challenges involved in securing robotic systems.
Profoundly acquainted with these domains, we enable customers to construct solutions that encompass hardware, software, and system-level considerations.
Recognising that security in robotic systems requires a comprehensive approach, ADI goes beyond component-level offerings and adopts a system-level perspective.
We consider factors such as hardware, software, communication, and integration, ensuring all critical components are seamlessly integrated.
ADI’s collaboration with the automotive industry is exemplified by its wireless battery management system (wBMS), showcasing its capabilities in implementing robust security measures.
Through close collaboration with customers, ADI has developed a fully safe and secure ISO 21434-certified wBMS system.
Encouraging similar collaborative efforts within the robotics industry would leverage ADI’s expertise in security implementation.
By partnering closely with stakeholders, ADI can contribute to the development of safe and secure robotics systems, drawing from its experience and success in the automotive sector.
With its capabilities and dedication to security, ADI emerges as the preferred partner for system design, offering unparalleled expertise and support in all cybersecurity-related endeavours.
To learn more:
• Engage with the embedded security community by joining discussions on security related blogs at EngineerZone. Search for “security” to find valuable articles and resources dedicated to the topic. Contribute to the ongoing dialogue by sharing insights, asking questions, and participating actively.
• Explore our range of security products and gain valuable insights at Embedded Security and 1-Wire. Access recent technical articles, application notes, and videos to enhance your understanding of the subject. Stay up to date with the latest advancements in the field and discover more about our security offerings.
• Look at how security takes the spotlight in the ADI wBMS system in the Analog Dialogue article ‘In the New Era of Wireless Battery Management Systems (wBMS), Security Takes the Spotlight’.
Conclusion
In securing the future of robotics, cybersecurity is paramount. Robust measures, such as secure authentication, encrypted communication, and supply chain security are crucial to protect against threats.
By prioritising cybersecurity and leveraging ADI’s expertise, we can unlock the full potential of robotics while safeguarding against emerging risks in an interconnected world.
References
- Jean-Paul A. Yaacoub, Hassan N. Noura, Ola Salman, and Ali Chehab. “Robotics Cyber Security: Vulnerabilities, Attacks, Countermeasures, and Recommendations.” International Journal of Information Security, March 2021.
- Christophe Tremlet. “The IEC 62443 Series of Standards: How to Defend Against Infrastructure Cyberattacks.” Analog Devices, April 2023.
