Cybersecurity for Robotics at  ERF Conference 2020

TRINITY, LSEC and Alias Robotics lead the Cyber Security for Robotics Workshops (CS4R) at ERF2020

Cyber Security for Robotics Workshop (CS4R) at the ERF organised by TRINITY ( LSEC), Alias Robotics and Joanneum Research

A full room of Roboticists eager to learn about CyberSecurity

The attendance to the workshop was first class. We had an almost packed room with an audience that launched quite a few questions throughout the workshop. Lots of interest in robot cybersecurity field emerged in the last couple of years and has clearly confirmed in ERF2020.

Best-in-class invited speakers together with the audience discussed their views on cybersecurity in robotics with paticular focus in the Challenges of the European community.

The workshop was introduced by Endika Gil Uriarte (Alias Robotics) and Ulrich Seldeslachts (LSEC – TRINITY) as a cybersecurity afternoon in 2 parts : challenges and solutions related to CyberSecurity, with different speakers. Reference was made to the TRINITY project, to the workshop at the ERF in 2019 and the Cybersecurity for Robotics conference in Bilbao in November 2019.

ERF1

CyberSecurity for Robotics workshops at ERF 2020, Málaga
Workshop 1 CS4R – Cybersecurity Challenges related to Robotics Perspectives and Discussions

The organizers of the ERF have accommodated our request from last year, by allowing us not only to organize the cybersecurity discussion on the first day, but also allowing us more time to go a couple of steps more in depth as the workshop we have held last year. From the organizers, we have presented a wide view on challenges related to robotics both from recent insights in researched and tested robotic systems, the current vulnerability database, and the complexity of security as it is required to improve the safety and integrity of the robotic systems. In a debate, a short discussion with PAL Robotics CEO Francesco Ferro, showed a tip of the iceberg in a perspective on the regulatory challenges posed against the robot manufacturers and systems integrators.  The second workshop was focused towards CyberSecurity solutions, including opening the discussion for a) a shared responsibility approach between vendors system integrators and robot operators; b) the Software Bill of Materials and c) Reference Integrity Manifest next to the technology solutions such as application security, embedded hardware, vulnernability assessments and information sharing mechanisms.

Highlights of the robot cybersecurity workshop

Let’s summarize some of the key conclusions and highlights of the robot cybersecurity workshop:

Alias Robotics presented updates on cybersecurity tools and made available to researchers and students alurity EDU, an initiative that will provide students and researchers with free access to Alurity meant for Universities, higher education schools and research centers.

Alurity is a toolbox for robot cybersecurity. A modular and composable toolset featuring dozens of different tools that simplifies system integration and speeds up the cybersecurity research in robotics. As simple as building your virtual robotics set up and challenging it.

A panel discussion was held with the speakers, including an Interactive Q&A session. Some of the results of the interactive session, results gathered from the audiance and speakers in the workshop session have been published.

 

Security awareness is not sufficient in robotics

80% of the audience judges security awareness not to be sufficient in robotics while a 20% considered that it depended on the vendor. The big picture depicts some actions to be taken, surely, and lessons to be learnt.

Responsibility is spread across the robotics value chain

To the question of whose responsibility are robot cyberincidents, experts and audience, both considered that it is a responsibility to be shared across the value chain. However, emphasis is put at the manufacturer and system integration side, but also end users (14%) are responsible for secure robot deployments.

Feasible cyberattacks

If they were to be on the foot of an attacker, most of the audience has identified feasible cyberattacks.
Security standardization in robotics is requested

Actions are to be taken when it comes to standardization, as to asure some degree of compliance, according to the panel and the audience. Most of the audience agreed to expect a secure by default robot, but other voices requested security embedded into safety standards.

RIS, the Robot Immune System
Alias also presented an update on their Robot Immune System, an Endpoint Protection Platform (EPP) system for robots inspired by the biological immune machinery, which now offers supports for leading collaborative robot solutions as well as ROS and ROS2 systems.

Part I – talk 1: Current security threat landscape in robotics

In this talk, Víctor Mayoral Vilches from Alias Robotics provided an overview of the current cybersecurity threat landscape in robotics by following an offensive approach. Víctor shared state-of-the-art tools for robot cybersecurity research and how his team is pentesting robots and robotic systems around the world while helping companies deliver more cyber-secure solutions.

He wrapped up his speech showing some real examples of vulnerabilities in industrial robots and called for EU robotics community to take an active role supporting the robot cybersecurity growing ecosystem.

Threat Landscape CyberSecurity for Robotics at ERF2020

Part I – Talk 2: Detection anomalies in CPS environments: Results from the IoT4CPS project

Arndt Bonitz from Austrian Institute of Technology (AIT) shared some ongoing work about the EU funded IoT4CPS project and showed how their technology works in IoT devices by learning from log data. He argued that their work could easily be brought to a variety of robotic applications and showed an interesting demonstrator.

http://cybersecurityforrobotics.com/download/anomaly-detectio…systems-erf-2020/

Part I – Talk 3: Robotics honeypots: Learning from robot hackers

Dr. Francisco J. Rodríguez Lera from Universidad de León gave a speech on robot honeypots. He shared that honeypots are typically cyber-deception platforms used to obfuscate the attackers. He showed preliminary results obtained from their honeypot instances and some future work planned to learn more about robot hackers and their behaviour through a robotics deception platform. As of now, misuse dominates the behaviour a varied of attackers that try to take over robot control from all over the world.

Download Robotics Honeypots – ERF2020

Part I – Talk 4: Robot cybersecurity survey

A last minute change in the agenda, Endika Gil Uriarte from Alias Robotics presented results from the robot cybersecurity survey. Endika highlighted that according to available data much work needs to be done in robot cybersecurity:
70% of the robotics companies are open to invest in cybersecurity however only 28% have done so. He pointed at some interesting data gathered and some gaps that need to be further clarified. Finally, he called for participation to the poll at it’s final weeks. We need the whole robotics value chain to contribute raising awareness and kindly ask the EU community for support to this initiative.

http://cybersecurityforrobotics.com/download/download-robot-c…y-survey-erf2020/

Part I – Round table: Robot cybersecurity round table, the robotics value chain

During the interactions, attendees were asked about their appreciation on the responsibilities of cybersecurity. Attendees understand increasingly that there are many to blame, but not at least also the operating organisation and the systems integrator.

Endika Gil Uriarte from Alias Robotics led a round table that included researchers, security practicioners, robotic system integrators as well as manufacturers. A pretty interested and live discussion on the robotics value chain where the audience could participate actively via an interactive series of questions.

Part II – Talk 1: Security in ROS & ROS 2 robot setups

Víctor Mayoral Vilches from Alias Robotics shared some of the latest developments in securing ROS and ROS2. He summarized current status and where efforts are being placed. He further introduced slightly the importance of securing both communications (communications security) and systems (systems security) while introducing briefly some of his recent work researching how Zero Trust network architectures can be implemented in robotics via Robot Immune System ( RIS).

http://cybersecurityforrobotics.com/download/download-securit…and-ros2-erf2020/

Part II – Talk 2: Access control Models with application to robotics

Dr. Stefan Rass from Alpen Andria University, an expert in security, gave a master talk where he presented difference access control models and their applications in the robotics domain.

Stefan, who has for decades been an active member of crypto and game theoretic research, discussed why access control is critical in robotics. He leveraged on a comparative overview of the different methods in use, such as discretionary, mandatory, role-based and more models like Bell-LaPadula.

Download Access Control models for robotics – ERF2020

Part II – Talk 3: Researchers, Manufacturers, Integrators, Security Technology providers, End Users and Operators

Unfortunately agenda changed slightly for the second part due to travel problems. Instead of what was planned, Ulrich Seldeslachts from LSEC-TRINITY elaborated on shared roles & responsibilities, risk based approach (what to put in an RFP?) Industry Value chain definition. He argued about raising the awareness of cybersecurity in robotics, and provided some conclusions on CSFR19 which happened Bilbao Cybersecurity. The talk finished with an open debate and Q&A with attendees.

Part II – Talk 3: Researchers, Manufacturers, Integrators, Security Technology providers, End Users and Operators
(by Ulrich Seldeslachts, TRINITY – LSEC )

Unfortunately agenda changed slightly for the second part due to travel problems. Instead of what was planned, Ulrich Seldeslachts from LSEC-TRINITY elaborated on shared roles & responsibilities, risk based approach (what to put in an RFP?) Industry Value chain definition. He argued about raising the awareness of cybersecurity in robotics, and provided some conclusions on CSFR19 which happened Bilbao Cybersecurity. The talk finished with an open debate and Q&A with attendees.

put in an RFP?) Industry Value chain definition. He argued about raising the awareness of cybersecurity in robotics, and provided some conclusions on CSFR19 which happened Bilbao Cybersecurity. The talk finished in a workshop with participants and speakers on where to integrate cybersecurity in the projects and how to bring cybersecurity in the Robotics Research agenda in Europe.

Download CyberSecurity for Robotics Solutions Overview – ERF2020

All held presentations can be found under the ERF 2020 section on the CyberSecurityForRobotics-Website.

 

All information about the Trinity-Project can be found online www.trinityrobotics.eu.
For further information feel free to reach out to us! info@trinityrobotics.eu