Cybersecurity for Robotics 2019 Conference – CSfR2019
The Cybersecurity for Robotics Conference 2019 (CSfR2019) was the first in a series of annual events dedicated to the research domain and investigating the cross cutting research topics related to cybersecurity, cyber-physical systems, safety, robotics, industrial control systems security, IoT, Industry 4.0, real time communication systems, privacy, AI and other related relevant domains.
Location November 18th :
University of Deusto
Unibertsitate Etorbidea, 24, 48007 Bilbao, Spain
the Turing room
(in the left-up corner, in the orange box on the Location map)
Location November 19th :
University of Deusto
CRAI Library Building
Ramón Rubial Kalea, 1, 48009 Bilbao, Bizkaia, Spain
(other side of the river, on the left on the Location map)
Call for Papers
A call for paper was released at : https://easychair.org/conferences/?conf=csfr2019
Attendance was free for participants to the Call for Papers, LSEC partners, Basque Cyber Security and Baque Industry 4 Days participants.
Cybersecurity for Robotics and the Conference
Cybersecurity for robotics is a multidisciplinary research domain that is growing in relevance and importance due to the continuous growth of robotics systems and increase in cybersecurity and safety risks and challenges. The conference aims to bring together all dedicated researchers active in this domain and is about identifying risks, threats and vulnerabilities, safety considerations and solutions for robot systems due to cyber security.
Over the last couple of years research in this topic has been increasing due to many developments happening in both cybersecurity and the robotics domain. The initiative of the conference came from the Cybersecurity workshop at the European Robotics Forum 2019, where some of the research results were” presented, a connection was made to the Strategic Research Agenda of Cybersecurity and of Robotics, where the connection to Safety and Security was made and where we showed the interest and benefit for the innovation developments and future potential industrial applications and dedicated technologies.
The conference will be the first in its kind, specifically focusing on the domain, to raise the level of awareness, to ensure the further multidisciplinary approaches and to further ensure the improvement of the cybersecurity for robotic systems, for agile production, digital production and industry 4.0 and smart products and technologies. Other aim is to strengthen the European Cybersecurity infrastructure, systems and applications and increasing the Cybersecurity posture of the European Digital Market and specifically factories of the future and connected factories.
The conference will be organized in collaboration with the TRINITY project, by LSEC – Leaders In Security, together with the local cybersecurity SME Alias Robotics, the European Robotics Forum, the RODIN project, ECSO, EFFRA and the Basque Cybersecurity Centre. The conference is planned to be hosted alongside the Basque Industry 4.0 and Basque Cybersecurity Days on November 20 and 21st 2019 in Bilbao.
November 18 & 19th in relation to Basque Cyber Security and Industry 4.0 days
The conference will be organized in Bilbao, Basque Country, Spain on November 18th and 19th.
If you would like to be informed on the progress, drop a note at robotics@lsec.eu.
Registrations for The Basque Cyber Security Days and Industry 4.0 days can be found here.
Cybersecurity for Robotics Research State of Affairs
The conference will be organized in Bilbao, Basque Country, Spain on November 18th and 19th.
Robots are widely used in industrial production environments and increasingly in logistics, healthcare and home appliances. Most of the traditional robot systems are being operated by a PLC and / or a specific robot controller. But even while being isolated in industrial networks, these machines are not free from harm. Both human safety and product quality are at stake. But more increasingly flexible, autonomous and versatile robots have entered in to the industrial domain. Collaborative robots are being released from their cages and put in close cooperation with humans. That positive trend also sees a significant decline in cost for robotics. Partially thanks to the availability of standard technologies (internet / IoT, OPC/UA, ROS, cloud, Azure Sphere, …) and the interconnectivity of the robotic systems. But most of the robotic systems lack a fundamental cybersecurity posture.
The variety of architectures following the five main trends (controller operated robots, PLC operated robots, ROS operated robots, IoT or cloud operated robots) allows for a versatility and diversity of potential vulnerabilities to robotic systems. The following list is not exhaustive and very dependent on the situation and the way the robots were implemented. A lot of research leading to identifying the vulnerabilities indicated that it was simply scratching the surface.
Controller take-over
Compromising controller
Configuration tampering
User-perceived robot state alteration
Robot State alteration
Production logic tampering
Calibration parameter tampering
Embedded System attacks Application Attacks – Buffer Overflows
Execution Attacks
Data – control traffic manipulation from/to client / robot
Data – application manipulation from/to client / application
Stealth publisher attack
ROS Service Isolation Attack
ROS stealth publisher attack
Service isolation attack
Malicious parameter attack
Fault-injection
Safety
IoT – device firmwares
Cloud based DDOS
Digital Identity Fraud
Open SSL Application vulnerabilities
ROS Exploits
IoT exploits : DOS
There are different approaches possible in trying to improve the Robots cybersecurity. These have to be systematic from an industrial perspective, depending on the risk they impose the factory and the situation. Isolation is a start, hardening access control, putting cryptographic measures in place and improving the application security are basic measures. A lot can be done by the robot manufacturers by ensuring security by design for the robot controllers, the robots and the applications instructing and controlling them.
Finally, the robot is mostly not acting completely in isolation, but is a part of an enterprise environment and needs to align to the company’s industrial cybersecurity policies and procedures, the specific.
The aim of the current activities is to gather a further improvement and perspective on the current state of affairs.
Agenda
Take a look at the draft program, follow the submenu.
