CSfR 2020

Cybersecurity for Robotics 2020 Conference

Change of Date : December 17 – 18th, 2020

CSfR 2020 – Global Community Building

Register now for December 17th : 2 – 6.30 pm CET – 8 – 12.30 am EST

Register now for December 18th : 2 – 6 pm CET – 8 – 12 am EST

Register Now!

CSfR CyberSecurity for Robotics aims bringing together stakeholders from multiple areas jointly trying to raise the level of CyberSecurity in robots and robotics. Started in Bilbao in 2019, we focus towards robot manufacturers and machine builders; industrial manufacturing, healthcare, logistics, defence, automotive, … end users; system integrators and developers; operators and business owners and facilities and security managers personas. Our focus is on security challenges related to known and unknown vulnerabilities, hardening existing systems, identifying specific challenges related to robotics systems such as the security and safety challenge, the high speed data requirements, cybersecurity of realtime operations, … On November 19th and 20th from 2PM CET / 8AM EST onwards.

Preliminary Program

  1. December 17th :
    1. (13.45 pm : connectivity testing)
    2. 2.00 pm : introduction – state of play of CSfR, Strategic Research agenda
    3. 2.15 pm : robotics state of play – EUrobotics & MassRobotics, keynote address & Q&A
    4. 2.45 pm : CyberSecurity Standards presentations and discussions
      1. 2.45 pm : ISA 99 – IEC 62443, Jim Gilsinn, chair IEC6244
        1. Jim started his career at the US National Institute of Standards and Technology (NIST) where he spent 20 years in the Engineering Laboratory (formerly the Manufacturing Engineering Laboratory). He began working on a variety of projects including unmanned ground vehicles, automated welding systems, stabilized cranes, sensor systems, and wireless networks. In 2000, he started working on industrial control system (ICS) network performance, reliability, and security. He helped ICS/SCADA customers develop programs and conduct assessments based upon the ISA/IEC 62443 series of standards, NIST SP 800-53/82, the NIST Cybersecurity Framework, ISO/IEC 27001/27002, and NEI 08-09. Jim joined Dragos in 2019 as a Principal ICS Consultant in Professional Services. Jim joined the ISA99 committee on Security for Industrial Automation and Control Systems (IACS), developing the ISA/IEC 62443 standard series in 2002. He currently acts as the co-chair for the ISA99 committee itself and the co-chair of the ISA99 working group developing a security program for IACS.
      2. 3.15 pm : SBOM – Security Bill of Materials, Allan Friedman, NTIA
        1. Allan Friedman is the Director of Cybersecurity Initiatives at National Telecommunications and Information Administration in the US Department of Commerce. Prior to joining the Federal government, Friedman was a noted cybersecurity and technology policy researcher. Wearing the hats of both a technologist and a policy scholar, his work spans computer science, public policy and the social sciences, and has addressed a wide range of policy issues, from privacy to telecommunications. Friedman has over a decade of experience in cybersecurity research, with a particular focus on economic, market, and trade issues. He is the coauthor of Cybersecurity and Cyberwar: What Everyone Needs to Know (Oxford University Press, 2014).
      3. 3.45 pm : SeCoIIA – Cyber Physical Systems Security in industrial settings
      4. 4.15 pm : panel discussion on cybersecurity standard developments and industrial development considerations
    5. 4.45 pm : Industry Keynote : Protecting robot end-points against cyberthreats, by Víctor Mayoral Vilches, CTO Alias Robotics.
    6. 5.15 pm CyberSecurity & Safety
      1. 5.15 pm : Safety and Security of Industrial Robots
        Jonas Stein, Research Officer, Institute for Occupational Safety and Health of the German Social Accident Insurance
      2. 5.45 pm : Functional Safety requirements and impact on CyberSecurity, manufacturer considerations – Pall Robotics
      3. 6.15 pm : panel discussion
      4. 6.30 pm : end of day 1
  1. December 18th :
    1. (13.45 pm : connectivity testing)
    2. 2.00 pm : opening notes, highlights of day 1
    3. 2.10 pm : End to End Cybersecurity for Robotics
      1. 2.10 pm : Embedded CyberSecurity technologies
      2. 2.30 pm : CyberSecurity perspectives from manufacturers
      3. 2.50 pm : System Integrators & Robot System developers
      4. 3.10 pm : Pentesting ROS-based Robotic Systems Research Results, Alias Robotics
      5. 3.30 pm : panel discussion
    4. 4.00 pm : CyberSecurity for Robotics future perspectives
      1. 4.00 pm : Autonomous Driving challenges, MITRE
      2. 4.20 pm : Fooling AI, adversarial AI attacks
      3. 4.40 pm : panel discussion on up and coming technological developments (5G, cloud robots, …) and CyberSecurity challenges
    5. 5.00 pm : Future Forward Looking & End Game
      1. 5.00 pm : closing keynote
      2. 5.45 pm : closing notes

 

The Cybersecurity for Robotics Conference 2019 (CSfR2019) was the first in a series of annual events dedicated to the research domain and investigating the cross cutting research topics related to cybersecurity, cyber-physical systems, safety, robotics, industrial control systems security, IoT, Industry 4.0, real time communication systems, privacy, AI and other related relevant domains.

Open for contributions

While this year we won’t be having a call for papers, we’d still welcome inputs on existing and on and going research actions from both research groups, academia and industrial organizations on topics such as cybersecurity, AI, safety, connectivity, security in relation to robotics.

Attendance is free, registration is mandatory. Upon registration, you will receive a link to the Zoom webinar for both December 17th and December 18th.

Cybersecurity for Robotics and the Conference

Cybersecurity for robotics is a multidisciplinary research domain that is growing in relevance and importance due to the continuous growth of robotics systems and increase in cybersecurity and safety risks and challenges. The conference aims to bring together all dedicated researchers active in this domain and is about identifying risks, threats and vulnerabilities, safety considerations and solutions for robot systems due to cyber security.

Over the last couple of years research in this topic has been increasing due to many developments happening in both cybersecurity and the robotics domain. The initiative of the conference came from the Cybersecurity workshop at the European Robotics Forum 2019, where some of the research results were” presented, a connection was made to the Strategic Research Agenda of Cybersecurity and of Robotics, where the connection to Safety and Security was made and where we showed the interest and benefit for the innovation developments and future potential industrial applications and dedicated technologies.

The conference will be the first in its kind, specifically focusing on the domain, to raise the level of awareness, to ensure the further multidisciplinary approaches and to further ensure the improvement of the cybersecurity for robotic systems, for agile production, digital production and industry 4.0 and smart products and technologies. Other aim is to strengthen the European Cybersecurity infrastructure, systems and applications and increasing the Cybersecurity posture of the European Digital Market and specifically factories of the future and connected factories.

The conference will be organized in collaboration with the TRINITY project, by LSEC – Leaders In Security, together with the local cybersecurity SME Alias Robotics, the European Robotics Forum, the RODIN project, ECSO, EFFRA and the Basque Cybersecurity Centre. The conference is planned to be hosted alongside the Basque Industry 4.0 and Basque Cybersecurity Days on November 20 and 21st 2019 in Bilbao.

November 18 & 19th in relation to Basque Cyber Security and Industry 4.0 days

The conference will be organized in Bilbao, Basque Country, Spain on November 18th and 19th.

If you would like to be informed on the progress, drop a note at robotics@lsec.eu.

Registrations for The Basque Cyber Security Days and Industry 4.0 days can be found here.

Cybersecurity for Robotics Research State of Affairs

The conference will be organized in Bilbao, Basque Country, Spain on November 18th and 19th.

Robots are widely used in industrial production environments and increasingly in logistics, healthcare and home appliances. Most of the traditional robot systems are being operated by a PLC and / or a specific robot controller. But even while being isolated in industrial networks, these machines are not free from harm. Both human safety and product quality are at stake. But more increasingly flexible, autonomous and versatile robots have entered in to the industrial domain. Collaborative robots are being released from their cages and put in close cooperation with humans. That positive trend also sees a significant decline in cost for robotics. Partially thanks to the availability of standard technologies (internet / IoT, OPC/UA, ROS, cloud, Azure Sphere, …) and the interconnectivity of the robotic systems. But most of the robotic systems lack a fundamental cybersecurity posture.

The variety of architectures following the five main trends (controller operated robots, PLC operated robots, ROS operated robots, IoT or cloud operated robots) allows for a versatility and diversity of potential vulnerabilities to robotic systems. The following list is not exhaustive and very dependent on the situation and the way the robots were implemented. A lot of research leading to identifying the vulnerabilities indicated that it was simply scratching the surface.

Controller take-over

Compromising controller

Configuration tampering

User-perceived robot state alteration

Robot State alteration

Production logic tampering

Calibration parameter tampering

Embedded System attacks Application Attacks – Buffer Overflows

Execution Attacks

Data – control traffic manipulation from/to client / robot

Data – application manipulation from/to client / application

Stealth publisher attack

ROS Service Isolation Attack

ROS stealth publisher attack

Service isolation attack

Malicious parameter attack

Fault-injection

Safety

IoT – device firmwares

Cloud based DDOS

Digital Identity Fraud

Open SSL Application vulnerabilities

ROS Exploits

IoT exploits : DOS

There are different approaches possible in trying to improve the Robots cybersecurity. These have to be systematic from an industrial perspective, depending on the risk they impose the factory and the situation. Isolation is a start, hardening access control, putting cryptographic measures in place and improving the application security are basic measures. A lot can be done by the robot manufacturers by ensuring security by design for the robot controllers, the robots and the applications instructing and controlling them.

Finally, the robot is mostly not acting completely in isolation, but is a part of an enterprise environment and needs to align to the company’s industrial cybersecurity policies and procedures, the specific.

The aim of the current activities is to gather a further improvement and perspective on the current state of affairs.

Agenda

Take a look at the draft program, follow the submenu.