CSfR 2020

Cybersecurity for Robotics 2020 Conference

Change of Date : December 17 – 18th, 2020

CSfR 2020 – Global Community Building

Register now for December 17th : 2 – 6.30 pm CET – 8 – 12.30 am EST

Register now for December 18th : 2 – 6 pm CET – 8 – 12 am EST

Register Now!

CSfR CyberSecurity for Robotics aims bringing together stakeholders from multiple areas jointly trying to raise the level of CyberSecurity in robots and robotics. Started in Bilbao in 2019, we focus towards robot manufacturers and machine builders; industrial manufacturing, healthcare, logistics, defence, automotive, … end users; system integrators and developers; operators and business owners and facilities and security managers personas. Our focus is on security challenges related to known and unknown vulnerabilities, hardening existing systems, identifying specific challenges related to robotics systems such as the security and safety challenge, the high speed data requirements, cybersecurity of realtime operations, … On December 17th and 18th from 2PM CET / 8AM EST onwards.

Final Program

  1. December 17th :
    1. (13.45 pm : connectivity testing)
    2. 2.00 pm : introduction – state of play of CSfR, Strategic Research agenda
      • by Ulrich Seldeslachts, CEO LSEC & Bernhard Dieber, Joanneum Research
    3. 2.05 pm : robotics state of play – EUrobotics & MassRobotics, keynote address & Q&A
      1. 2.05 pm : Robotics developments in 2020, impact by COVID-19 on the global and US developments of industry by Tom Ryden , Executive Director MassRobotics,
        • As turbulent as 2020 was for all of us, even more so for robotics companies and manufacturers. Autonomous manufacturing has been key to the resilience the world needed during the global pandemic. How does this pan out in 2021?
        • Tom Ryden is the Executive Director of MassRobotics. MassRobotics is a non-profit organization whose mission is to help grow the next generation of robotics companies. Prior to joining MassRobotics Thomas was the founder and CEO/COO of VGo Communications, Inc. While at VGo Mr. Ryden oversaw the development and launch of the VGo telepresencerobot. The VGo is used by hospitals, eldercare facilities, schools and other organizations to help people stay better connected, allowing users to essentially be in two places at once. Previously, Tom was the Director of Sales & Marketing at iRobot Corporation. Under his leadership iRobot secured over $300M in contracts and revenue from its government and industrial products increased from $2M to over $80M annually.
      2. 2.20 pm : Robotics in Europe state of play and future expectations, on the road to MassRobotization? by Reinhard Lafrenz, Secretary General  euRobotics
        • Europe’s Digital ambitions are supported by Data and Robots (and Cybersecurity, AI, HPC, …) … ambitions are there, but what will it take to make it happen?
        • Reinhard Lafrenz is well known to the European robotics community because of his engagement as a scientific project manager of ECHORD and later ECHORD++, to name only the most outstanding EU projects he has been driving at the Technical University of Munich which he joined in 2009. Reinhard studied computer science in Kaiserslautern with a minor in electrical engineering and obtained a PhD from the University of Stuttgart with a thesis on cooperative robotics. euRobotics is a Brussels based non-profit association for all stakeholders in European robotics. Its member organisations from European industry and research work in close collaboration with the European Commission (EC) to shape the future of robotics in Europe.
      3. 2.40 pm : panel discussion developments, challenges, opportunities in cross-atlantic robotic developments
    4. 2.55 pm : CyberSecurity Standards presentations and discussions
      1. 2.55 pm : ISA 99 – IEC 62443 state of play and developments, Jim Gilsinn, chair IEC6244 – cybersecurity consultant at Dragos
        • IEC62443 is a universal standard when it comes to cybersecuring manufacturing environments, already for about 2 decades. It is considered as the technical standard approach on trying to manage and maintain a cybersecure operating environment ensuring network segmentation, policies and considering different data flows. During the talk, Jim will focus on new developments and how the standard keeps with the changes in time whereby systems are being hyperconnected and integrated with other systems. Industrial robots can be considered in a similar way in an industrial manufacturing environment, but shouldn’t there be a specific chapter on the future of robotics? We’ll follow up with a conversation on past, present and mainly future.
        • Jim Gilsinn started his career at the US National Institute of Standards and Technology (NIST) where he spent 20 years in the Engineering Laboratory (formerly the Manufacturing Engineering Laboratory). He began working on a variety of projects including unmanned ground vehicles, automated welding systems, stabilized cranes, sensor systems, and wireless networks. In 2000, he started working on industrial control system (ICS) network performance, reliability, and security. He helped ICS/SCADA customers develop programs and conduct assessments based upon the ISA/IEC 62443 series of standards, NIST SP 800-53/82, the NIST Cybersecurity Framework, ISO/IEC 27001/27002, and NEI 08-09. Jim joined Dragos in 2019 as a Principal ICS Consultant in Professional Services. Jim joined the ISA99 committee on Security for Industrial Automation and Control Systems (IACS), developing the ISA/IEC 62443 standard series in 2002. He currently acts as the co-chair for the ISA99 committee itself and the co-chair of the ISA99 working group developing a security program for IACS.
      2. 3.25 pm : Industry and Software Supply Chain challenges, the road towards industrial shared responsibility models?, Trey Herr, Director Atlantic Council
        • Society has a software problem. Since Ada Lovelace deployed the first computer program on an early mechanical device in the 1840s, software has spread to every corner of human experience, governing human-machine interaction and the core logic of autonomous systems as well as the humble lightbulb. With that software come security flaws and a long tail of updates from vendors and developers. Unlike a physical system that is little modified once it has left the factory, software is subject to continual revision through updates and patches. What kind of threats do developers and industry face in their software supply chains and what can the transatlantic community do to address them? Taking lessons from the ongoing investigation into the Sunburst attack in the United States, the talk will discuss the risks inherent in a software supply chain and highlight what industry and policymakers can do together to better manage these risks.
        • Trey Herr, Ph.D, is a postdoctoral fellow with the Belfer Center’s Cyber Security Project at the Harvard Kennedy School. His work focuses on trends in state developed malicious software, the structure of criminal markets for malware components, and the proliferation of malware. Trey is co-editor of Cyber Insecurity — Navigating the Perils of the Next Information Age, an edited volume on cybersecurity policy, and is a non-resident fellow with New America’s Cybersecurity Initiative. He previously worked with the Department of Defense to develop a risk assessment methodology for information security threats. He holds a Ph.D. and M.A. in Political Science from George Washington University and a B.S. in Theatre and Political Science from Northwestern University. Today he is Director of the Cyber Statecraft Iniative at Atlantic Council.
      3. 3.55 pm : SeCoIIA – Cyber Physical Systems Security in industrial settings, by Reda Yaich, Head of Cybersecurity @ IRT SystemX
        • The SeCoIIA project aims at securing digital transition of manufacturing industry towards more connected, collaborative, flexible and automated production techniques. It fosters user-driven application cases from aeronautics, automotive and naval construction sectors. Collaboration is considered from Organization to Organization (O2O), but also from Machine to Machine (M2M), Machine to Human (M2H) and Human to Human (H2H) perspectives. Part of this European funded research project is involving cybersecurity for humanoid robots in manufacturing, but also looks at a more holistic cybersecurity perspective, including different automation challenges for manufacturing.
        • Dr. Reda Yaich is a senior researcher and cybersecurity team leader at IRT SystemX. Reda holds as PhD in Computer Science from the ENS Mines of Saint-Etienne with a focus on Trust Management using Artificial Intelligence technologies. He served as lecturer and/or research assistant in several universities (e.g. University of Saint-Etienne, University of Lyon) and engineering schools (ENS Mines Saint-Etienne, Telecom Bretagne, IMT Atlantique, ENSIBS, Telecom SudParis). Reda has several publications in journals and conferences related to Decentralized Access Control, Authorization and Digital Trust Management and contributed to different national (ANR, PIA, Web Intelligence, RAPID, etc.) and international (FP7, COST, H2020, etc.) R&D projects
      4. 4.15 pm : SBOM – Security Bill of Materials, Ulrich Seldeslachts, LSEC
      5. 4.20 pm : panel discussion on cybersecurity standard developments and industrial development considerations
    5. 4.45 pm : Industry Keynote : Protecting robot end-points against cyberthreats, by Víctor Mayoral Vilches, CTO Alias Robotics
      • Recap on the experiences in the sector, offensively and defensively. Alias Robotics has been spearheading cybersecurity for robotics, taking up on industrialising what research has been finding in the last couple of years and  innovating with cybersecurity products and technologies that support filling some of the gaps. Robots are still being engineered insecurely and being deployed and installed with known, major, threats to operations and economies globally. A perspective of findings.
      • Victor Vilches is a Roboticist. Experience leading different groups across projects in robotics, AI and cybersecurity. Spent the last 10 years building robots. Selected in 2017 as one of the ten most innovative individuals under 35 in Spain by the MIT Technology Review for his work in robot modularity. Currently, leading technology at Alias Robotics where we assess the cybersecurity of robots and robot components, while creating the first immune system for robots: the Robot Immune System (RIS).
    6. 5.15 pm CyberSecurity & Safety
      1. 5.15 pm : Safety and Security of Industrial Robots, by Jonas Stein Research Officer at the DGUV
        • Ongoing research of Robots in a work environment in relation to CyberSecurity.
        • Jonas Stein, Research Officer, Institute for Occupational Safety and Health of the German Social Accident Insuranc. The IFA is an institute for research and testing of the German Social Accident Insurance in Germany. It is located in Sankt Augustin near Bonn/Germany.The IFA supports the German Social Accident Insurance Institutions and their organisations particularly in solving scientific and technical problems relating to safety and health protection at work; the IFA does so by means of research in Safety and Health Protection at work, including research on robotics in workplaces.
      2. 5.45 pm : Functional Safety requirements and impact on CyberSecurity, manufacturer considerations, by Francesco Ferro, Pal Robotics
        • Francesco Ferro, is the CEO and co-founder of PAL Robotics, one of the leading service robotics companies worldwide, with over 16 years of experience. He received a BSc+MSc degree in Telecommunications Engineering at the Politecnico di Torino, a Master at ISEN in Lille and an Executive MBA at the University of Barcelona.
          Since 2004 he has been working in the development of state-of-the-art robots specially designed to solve clients’ needs.
          Today PAL Robotics is known for the humanoid robots REEM-C, TALOS, TIAGo, and ARI, as well as the retail and manufacturing solutions, TIAGo Base and StockBot. PAL Robotics is also active in many Collaborative Projects as a partner, such as SeCoIIA and CyberFactory#1.
      3. 6.15 pm : panel discussion
      4. 6.30 pm : end of day 1
  1. December 18th :
    1. (13.45 pm : connectivity testing)
    2. 2.00 pm : opening notes, highlights of day 1
    3. 2.10 pm : End to End Cybersecurity for Robotics 
      1. 2.10 pm : Embedded CyberSecurity technologies and challenging a robot system – experiences,  by Lennert Wouters & Benedikt Gierlichs, COSIC KU Leuven
        • Embedded security is a group of security technologies that are being implemented on the equipment, or closely attached to the equipment, in this case the robot system. It can include security functionalities on the microprocessors, or specific security components such as Secure Elements (SE) that supports specific security functions such as encryption / decryption, authentication, access control, … In the talk, an overview of current and up and coming embedded security technologies are being presented, taking into consideration how through adversarial effects some of them can be breached.
        • Lennert Wouters got global recognition from his attempts to steal a Tesla Model S and Model X, by eavesdropping and copying the keyfobs of the electric cars. He is a Master in Industrial Sciences (Electronics-ICT) from KU Leuven, and an Advanced Master in Artificial Intelligence. His work as a PhD student and researcher at COSIC includes hacking everything with electronics, such as home robotic appliances. Benedikt Gierlichs is PhD,  researcher and  lectures H05E1A/2A Cryptography and Network Security, H05D9A/0A Cryptografie en netwerkbeveiliging, H03G5a Gevorderde methoden in cryptografie. Currently postdoctoral fellow at the Flemish research foundation (FWO) and researcher in embedded security at Cosic.
      2. 2.40 pm : about Secure Robot Operating Systems (S-ROS) and developments, by Mikael Arguedas, Robotics Software Lead at Neo-Farm
        • For many roboticists, SROS2 is the answer to CyberSecurity. While it addresses many  security enhancements for ROS, such as native TLS support for all socket transport within ROS, the use of x.509 certificates permitting chains of trust, definable namespace globbing for ROS node restrictions and permitted roles, as well as covenant user-space tooling to auto generate node key pairs, audit ROS networks, and construct/train access control policies – it doesn’t yet provide a CyberSecure robotic system. In this conversation we’ll be addressing some of the major components, how it could further enhance and what would be needed to achieve this.
        • Mikael Arguedas has been for more than 3 years a ROS Developer at Open Robotics. He is one of the main contributors to SROS2, while he was working for OpenRobotics. At present he is working as Robotic Software Lead at Neofarm, a company devoted to produce better results in agriculture and still heavily involved in the active open ROS 2 Security Working Group.
      3. 3.10 pm : Physical harm, CyberSecurity lessons learned and cryptojacking. System Integrator’s Experiences from the field by Ibai Inziarte from Aldakin, interview with Endika Gil Uriarte, CEO Alias Robotics and Ulrich Seldeslachts 
        • During the course of 2020 Aldakin was called in by their customers on hacked systems. One of the systems cause harm to the empoyees of the manufacturing company. Another manufacturer’s legacy robotic system got hijacked for cryptomining. System Integrators play a major important role in the defense, detection, prevention and mitigation of cybersecurity incidents. CyberSecurity is a shared responsibility. During this interview talk, we’ll be discussing where we are moving towards and how this is further progressing for the whole industry, exploring current and future value chains.
        • Ibai Inziarte is Engineer in Automation and Industrial Electronics from Mondragon University and holds an MBA title. His areas of expertise include mechatronics, control and robotics. He has participated in more than 10 different research projects as project manager or researcher in ALDAKIN. Before joining ALDAKIN, for 10 years in a private Spanish research centre focused on manufacturing technologies, he was in the coordination team of 5 European research and innovation projects
        • Aldakin Group is a group of companies with more 150 employees founded in 1986 to be a reference in the sector of developers of robotic and automation solutions for the manufacturing industry. The main activities of the group are industrial robotics, collaborative robotics, the automation of industrial processes using artificial vision (2D and 3D), programming and maintenance of PLC’S, machinery retrofitting, and robotics for medicine and health sector. Their main objective is to offer a comprehensive service, from the design and automation of the processes to the installation and maintenance of the developed systems.
        • Endika Gil-Uriarte is CEO of Alias Robotics, which is a Spanish startup specialized in robot cybersecurity. Trained in Biological Sciences, Endika is a former researcher associated with several most prestigious Universities and Research Centers in Spain and Germany. His exposure in biological sciences led him to transfer his know-how to the development of RIS, touted to be the Robot Immune System that protects robots from cyber-attacks. Endika is also a well-known panelist at robotics and cybersecurity discussions and advises international standards, such as ISO TC299 (Robotics).
      4. 3.30 pm : panel discussion
    4. 4.00 pm : CyberSecurity for Robotics future perspectives
      1. 4.00 pm : Reasoning About Assurance of Autonomous Vehicles in Adversarial Scenarios, by Dr. Andres D Molina-Markham, MITRE
        • Being a co-author of the NISTIR Taxonomy and Terminology of Adversarial Machine Learning as a step toward securing applications of Artificial Intelligence (AI), especially against adversarial manipulations of Machine Learning (ML), and based upon additional research that  AI also includes various knowledge-based systems, the data-driven approach of ML introduces additional security challenges in training and testing (inference) phases of system operations.Taking this into account into autonomous vehicles, the analogy towards robotic systems and robots is creeping around the corner.
        • Dr. Andres Molina-Markham is a cybersecurity researcher employed by the MITRE Corporation, leading projects related to protecting AI-enabled systems, including AI-enabled network defense and autonomous vehicles. Andres’ current research focus is to develop and evaluate defense approaches for real-world AI-enabled systems. However, he has contributed to security and privacy research in several application domains, including: network defense; autonomous vehicles; assured positioning, navigation, and timing; cryptographic protocols; privacy-preserving technologies; identity and access management; and security and privacy issues of ubiquitous systems.
      2. 4.30 pm : Fooling AI, adversarial AI, by Erik Hemberg Research Scientist as CSAIL MIT
        • While AI is considered to be utilized in all aspects of our daily lives, especially robotics, it has vulnerabilities. We want to understand the nature of cyber security arms races between malicious and benign parties. This is a shared vision with many in the field of autonomous cyber defenses that anticipate and mitigate counter attacks. In this talk we briefly describe how some AI can be tricked and delving into how it operates. We provide examples of AI applications to cyber security and identify challenges of the artificial learning and behavioral components.
        • Erik Hemberg is a Research Scientist at the AnyScale Learning For All (ALFA) Group of the MIT Computer Science and Artificial Intelligence Lab. His work focuses on developing autonomous, proactive cyber defenses that are anticipatory and adapt to counter attacks. Novel methods for: cyber-hunting, automated methods of cyber-attack and defense scenarios in Software Defined and Peer-to-Peer Networks, models of networks and a proof-of-concept for how adversarial modeling can inform adaptive cyber security defenses and pro-actively design better network protocols. Additional work includes: automated semantic parsing of law, predicting stop-out in Massive Open Online Courses (MOOCs) and analyzing neuronal development of autism. Research sponsorships include: cybersecurity research with DARPA XD3, DARPA CHASE program, Lincoln Labs and CyberSecurity @CSAIL.
    5. 5.00 pm : Future Forward Looking & End Game,
      1. 5.00 pm : panel discussion on up and coming technological developments (5G, cloud robots, …) and CyberSecurity challengesmoderator :
        • moderator : Ulrich Seldeslachts, CEO LSEC, coordinator CSfR
        • Dr. Andres Molina-Markham, MITRE
        • Dr. Erik Hemberg, MIT CSAIL
        • Dr. Tom Ryden, CEO MassRobotics
        • Dr. Bernhard Dieber, Joanneum Research
        • Dr. Minna Lanz, Tampere University of Technology
      2. 5.45 pm : closing notes

 

The Cybersecurity for Robotics Conference 2019 (CSfR2019) was the first in a series of annual events dedicated to the research domain and investigating the cross cutting research topics related to cybersecurity, cyber-physical systems, safety, robotics, industrial control systems security, IoT, Industry 4.0, real time communication systems, privacy, AI and other related relevant domains. In CSfR2020 we go digital and seize the opportunity to go cross-atlantic, in an attempt to go global, with speakers and contributions, attendees and partners from around the globe, but specifically connecting the Robotics and CyberSecurity experts from North America and Europe.

Free Attendance, Open for contributions

While this year we won’t be having a call for papers, we’d still welcome inputs on existing and on and going research actions from both research groups, academia and industrial organisations on topics such as cybersecurity, AI, safety, connectivity, security in relation to robotics.

Attendance is free, registration is mandatory. Upon registration, you will receive a link to the Zoom webinar for both December 17th and December 18th.

Cybersecurity for Robotics and the Conference

Cybersecurity for robotics is a multidisciplinary research domain that is growing in relevance and importance due to the continuous growth of robotics systems and increase in cybersecurity and safety risks and challenges. The conference aims to bring together all dedicated researchers active in this domain and is about identifying risks, threats and vulnerabilities, safety considerations and solutions for robot systems due to cyber security.

Over the last couple of years research in this topic has been increasing due to many developments happening in both cybersecurity and the robotics domain. The initiative of the conference came from the Cybersecurity workshop at the European Robotics Forum 2019, where some of the research results were” presented, a connection was made to the Strategic Research Agenda of Cybersecurity and of Robotics, where the connection to Safety and Security was made and where we showed the interest and benefit for the innovation developments and future potential industrial applications and dedicated technologies.

The conference was the first in its kind, specifically focusing on the domain, to raise the level of awareness, to ensure the further multidisciplinary approaches and to further ensure the improvement of the cybersecurity for robotic systems, for agile production, digital production and industry 4.0 and smart products and technologies. Other aim is to strengthen the European Cybersecurity infrastructure, systems and applications and increasing the Cybersecurity posture of the European Digital Market and specifically factories of the future and connected factories.

The conferences are organised in collaboration with the TRINITY project, by LSEC – Leaders In Security, together with the Alias Robotics, MassRobotics, the European Robotics Forum,  ECSO, EFFRA and Joanneum Research.

The CSfR2020 conference will be organised online via Zoom Webinars on December 17th and 18th, 2020.

If you would like to be informed on the progress, drop a note at robotics@lsec.eu.

Cybersecurity for Robotics Research State of Affairs

The 2020 conference was organized online in a virtual setting, crossing the atlantic.

Robots are widely used in industrial production environments and increasingly in logistics, healthcare and home appliances. Most of the traditional robot systems are being operated by a PLC and / or a specific robot controller. But even while being isolated in industrial networks, these machines are not free from harm. Both human safety and product quality are at stake. But more increasingly flexible, autonomous and versatile robots have entered in to the industrial domain. Collaborative robots are being released from their cages and put in close cooperation with humans. That positive trend also sees a significant decline in cost for robotics. Partially thanks to the availability of standard technologies (internet / IoT, OPC/UA, ROS, cloud, Azure Sphere, …) and the interconnectivity of the robotic systems. But most of the robotic systems lack a fundamental cybersecurity posture.

The variety of architectures following the five main trends (controller operated robots, PLC operated robots, ROS operated robots, IoT or cloud operated robots) allows for a versatility and diversity of potential vulnerabilities to robotic systems. The following list is not exhaustive and very dependent on the situation and the way the robots were implemented. A lot of research leading to identifying the vulnerabilities indicated that it was simply scratching the surface.

Controller take-over

Compromising controller

Configuration tampering

User-perceived robot state alteration

Robot State alteration

Production logic tampering

Calibration parameter tampering

Embedded System attacks Application Attacks – Buffer Overflows

Execution Attacks

Data – control traffic manipulation from/to client / robot

Data – application manipulation from/to client / application

Stealth publisher attack

ROS Service Isolation Attack

ROS stealth publisher attack

Service isolation attack

Malicious parameter attack

Fault-injection

Safety

IoT – device firmwares

Cloud based DDOS

Digital Identity Fraud

Open SSL Application vulnerabilities

ROS Exploits

IoT exploits : DOS

There are different approaches possible in trying to improve the Robots cybersecurity. These have to be systematic from an industrial perspective, depending on the risk they impose the factory and the situation. Isolation is a start, hardening access control, putting cryptographic measures in place and improving the application security are basic measures. A lot can be done by the robot manufacturers by ensuring security by design for the robot controllers, the robots and the applications instructing and controlling them.

Finally, the robot is mostly not acting completely in isolation, but is a part of an enterprise environment and needs to align to the company’s industrial cybersecurity policies and procedures, the specific.

The aim of the current activities is to gather a further improvement and perspective on the current state of affairs.

Agenda

Take a look at the draft program, follow the submenu.