On July 5th, the RIA published an article on how to improve cybersecurity for robotics. It states that “Cybersecurity in the robotics field is still immature, but manufacturers are starting to realize the vulnerability …”. It suggests improvements through IIoT architectures with multiple deeply layered system considering it harder for hackers to break through. It calls for Automation standards, IEC – ISA – IACS, indicating support from IEC 62443. Finally the article refers back to an earlier article posted in June 2018.
CSfR (CyberSecurityforRobotics.com) recognizes the effort, but suggests RIA to go deeper and elaborate on some of the suggestions.
Deepening through multilayers also implies additional layered vulnerabilities, which the article doesn’t take into account. By using multiple layers AND the latest versions of transport, authentication, firmwares, virtualization, isolation and open sources components, additional security layers can be created, but each has to be treated diligently.
Standards considerations are smart, but IEC62443 is highly insufficient in combination with the previous suggestion, and not suitable for IIoT practices. Many of the robotic systems do not allow for advanced authentication or encryption. Isolation can only happen on a network segment level, which result on lack of control and oversight, or challenges in integration.
A dedicated discussion will happen during the CyberSecurityforRobotics Conference on November 19th in Bilbao.