Security of controlled manufacturing systems in the connected factory: the case of industrial robots | Journal of Computer Virology and Hacking Techniques Skip to main content

Advertisement

Log in

Security of controlled manufacturing systems in the connected factory: the case of industrial robots

  • Original Paper
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

Abstract

In modern factories, “controlled” manufacturing systems, such as industrial robots, CNC machines, or 3D printers, are often connected in a control network, together with a plethora of heterogeneous control devices. Despite the obvious advantages in terms of production and ease of maintenance, this trend raises non-trivial cybersecurity concerns. Often, the devices employed are not designed for an interconnected world, but cannot be promptly replaced: In fact, they have essentially become legacy systems, embodying design patterns where components and networks are accounted as trusted elements. In this paper, we take a holistic view of the security issues (and challenges) that arise in designing and securely deploying controlled manufacturing systems, using industrial robots as a case study—indeed, robots are the most representative instance of a complex automatically controlled industrial device. Following up to our previous experimental analysis, we take a broad look at the deployment of industrial robots in a typical factory network and at the security challenges that arise from the interaction between operators and machines; then, we propose actionable points to secure industrial cyber-physical systems, and we discuss the limitations of the current standards in industrial robotics to account for active attackers.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Japan)

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

Notes

  1. https://www.universal-robots.com/plus/.

  2. ISO 10218-1:2001 and ISO 13849-1:2008 for “caged” robots, and ISO/TS 15066:2016 for collaborative ones.

  3. https://ics-radar.shodan.io/.

  4. http://rosindustrial.org.

  5. https://github.com/robotics/open_abb.

  6. https://felix.apache.org/documentation/subprojects/apache-felix-remote-shell.html.

  7. SHA256 hash: 78d9b449e64b4b2bb40ad30b2033420599b5923 af5ae1c00b7eb5f4447acc772.

  8. http://tools.alumotion.eu/it/youring/.

  9. http://www.robotappstore.com/.

  10. https://robotapps.robotstudio.com.

  11. https://www.universal-robots.com/plus.

References

  1. ABB: Cyber Security Advisory, SI20107. https://library.e.abb.com/public/a6b4cd9bf68c4f2f917365d3b4e32275/SI20107%20-%20Advisory%20for%20Multiple%20Vulnerabilities%20in%20ABB%20RobotWare.pdf (2016)

  2. ABB Robotics: Robot web services. http://developercenter.robotstudio.com/webservice/api_reference

  3. Apa, L.: Exploiting industrial collaborative robots. http://blog.ioactive.com/2017/08/Exploiting-Industrial-Collaborative-Robots.html (2017)

  4. Belikovetsky, S., Yampolskiy, M., Toh, J., Gatlin, J., Elovici, Y.: dr0wned—cyber-physical attack with additive manufacturing. In: 11th USENIX Workshop on Offensive Technologies (WOOT 17). USENIX Association, Vancouver, BC. https://www.usenix.org/conference/woot17/workshop-program/presentation/belikovetsky (2017)

  5. Bloem, J., Van Doorn, M., Duivestein, S., Excoffier, D., Maas, R., Van Ommeren, E.: The fourth industrial revolution—things to tighten the link between it and ot. Tech. Rep., SOGETI. https://www.fr.sogeti.com/globalassets/global/downloads/reports/vint-research-3-the-fourth-industrial-revolution (2014)

  6. Bonaci, T., Herron, J., Yusuf, T., Yan, J., Kohno, T., Chizeck, H.J.: To make a robot secure: an experimental analysis of cyber security threats against teleoperated surgical robots (2015). arXiv preprint arXiv:1504.04339

  7. Bonev, I.: Should we fence the arms of universal robots? http://coro.etsmtl.ca/blog/?p=299 (2014)

  8. Brunner, M., Hofinger, H., Krauß, C., Roblee, C., Schoo, P., Todt, S.: Infiltrating critical infrastructures with next-generation attacks. Tech. rep, Fraunhofer Institute for Secure Information Technology (SIT), Munich (2010)

  9. Calcagno, R., Bonivento, A.: Wireless teach pendant for robotics technological rationale for comau witp. IFAC Proc. Vol. 39(15), 494–497 (2006). https://doi.org/10.3182/20060906-3-IT-2910.00083. 8th IFAC Symposium on Robot Control

    Article  Google Scholar 

  10. Cerrudo, C., Apa, L.: Hacking robots before skynet. https://ioactive.com/pdfs/Hacking-Robots-Before-Skynet.pdf (2017)

  11. Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T.: Comprehensive experimental analyses of automotive attack surfaces. In: Proceedings of the 20th USENIX Security Symposium (2011)

  12. Comau Robotics: PDL2 Programming Language Manual—System Software Rel. 3.3x. Comau Robotics (2009)

  13. Cruz, L.: Digitization and iot reduce production downtime. https://newsroom.cisco.com/feature-content?type=webcontent&articleId=1764957 (2016)

  14. DeMarinis, N., Tellex, S., Kemerlis, V., Konidaris, G., Fonseca, R.: Scanning the internet for ros: A view of security in robotics research. arXiv preprint arXiv:1808.03322 (2018)

  15. Fachkha, C., Bou-Harb, E., Keliris, A., Memon, N., Ahamad, M.: Internet-scale probing of CPS: inference, characterization and orchestration analysis. In: Proceedings of the 24th Annual Network and Distributed System Security Symposium, NDSS (2017). https://doi.org/10.14722/ndss.2017.23149

  16. Formby, D., Durbha, S., Beyah, R.: Out of control: Ransomware for industrial control systems. Tech. Rep., RSA Conference. http://cap.ece.gatech.edu/plcransomware.pdf (2017)

  17. Fryman, J., Matthias, B.: Safety of industrial robots: from conventional to collaborative applications. In: Proceedings of the ROBOTIK 2012; 7th German Conference on Robotics, pp. 1–5 (2012)

  18. Howard, M., Lipner, S.: The Security Development Lifecycle, vol. 8. Microsoft Press, Redmond (2006)

    Google Scholar 

  19. International Federation of Robotics: Executive Summary: World Robotics 2017 Industrial Robots. https://ifr.org/downloads/press/Executive_Summary_WR_2017_Industrial_Robots.pdf (2017)

  20. Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., et al.: Experimental security analysis of a modern automobile. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy, pp. 447–462 (2010). https://doi.org/10.1109/SP.2010.34

  21. Maggi, F., Quarta, D., Pogliani, M., Polino, M., Zanchettin, A.M., Zanero, S.: Rogue robots: Testing the limits of an industrial robots security. Tech. Rep., Technical report, Trend Micro, Politecnico di Milano. https://documents.trendmicro.com/assets/wp/wp-industrial-robot-security.pdf (2017)

  22. McLaughlin, S., Konstantinou, C., Wang, X., Davi, L., Sadeghi, A.R., Maniatakos, M., Karri, R.: The cybersecurity landscape in industrial control systems. Proc. IEEE 104(5), 1039–1057 (2016). https://doi.org/10.1109/JPROC.2015.2512235

    Article  Google Scholar 

  23. Nohl, K., Lell, J.: Badusb-On Accessories that Turn Evil. Black Hat USA (2014)

  24. Object Managemenet Group: The DDS security specification version 1.1. https://www.omg.org/spec/DDS-SECURITY/1.1/ (2018)

  25. Pinto, A.D., Dragoni, Y., Carcano, A.: TRITON: The first ICS cyber attack on safety instrument systems. Tech. Rep., Nozomi Networks. https://www.nozominetworks.com/downloads/US/Nozomi-Networks-TRITON-The-First-SIS-Cyberattack.pdf (2018)

  26. Quarta, D., Pogliani, M., Polino, M., Maggi, F., Zanchettin, A.M., Zanero, S.: An experimental security analysis of an industrial robot controller. In: Proceedings of the 38th IEEE Symposium on Security and Privacy, pp. 268–286 (2017). https://doi.org/10.1109/SP.2017.20

  27. Quigley, M., Gerkey, B., Conley, K., Faust, J., Foote, T., Leibs, J., Berger, E., Wheeler, R., Ng, A.: Ros: an open-source robot operating system. In: Proceedings of the ICRA Workshop on Open Source Software (2009)

  28. Ramaswamy, A., Bratus, S., Smith, S.W., Locasto, M.E.: Katana: A hot patching framework for elf executables. In: Proceedings of the 2010 International Conference on Availability, Reliability and Security ARES, pp. 507–512. IEEE (2010). https://doi.org/10.1109/ARES.2010.112

  29. Sametinger, J., Rozenblit, J., Lysecky, R., Ott, P.: Security challenges for medical devices. Commun. ACM 58(4), 74–82 (2015). https://doi.org/10.1145/2667218

    Article  Google Scholar 

  30. Tischer, M., Durumeric, Z., Foster, S., Duan, S., Mori, A., Bursztein, E., Bailey, M.: Users really do plug in usb drives they find. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 306–319 (2016). https://doi.org/10.1109/SP.2016.26

  31. Universal Robots: Service manual—revision ur10\_en\_3.1.3 (2016)

  32. U.S. DHS ICS-CERT: Advisory (ICSA-18-191-01). https://ics-cert.us-cert.gov/advisories/ICSA-18-191-01

  33. Zanchettin, A.M., Ceriani, N.M., Rocco, P., Ding, H., Matthias, B.: Safety in human-robot collaborative manufacturing environments: metrics and control. IEEE Trans. Autom. Sci. Eng. 13(2), 882–893 (2016). https://doi.org/10.1109/TASE.2015.2412256

    Article  Google Scholar 

Download references

Acknowledgements

Politecnico di Milano received funding for this project from the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement nr. 690972, and has been partially supported by CINI Cybersecurity National Laboratory within the project FilieraSicura: Securing the Supply Chain of Domestic Critical Infrastructures from Cyber Attacks (www.filierasicura.it), funded by CISCO Systems Inc. and Leonardo SpA.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Marcello Pogliani.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Pogliani, M., Quarta, D., Polino, M. et al. Security of controlled manufacturing systems in the connected factory: the case of industrial robots. J Comput Virol Hack Tech 15, 161–175 (2019). https://doi.org/10.1007/s11416-019-00329-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-019-00329-8

Keywords

Navigation