August 20, 2012
National headlines have been full of hacker-related news. Unencrypted surveillance data being hacked from military UAVs, cyberworms disrupting Iranian nuclear arms projects, and Chinese hackers aggressively pursuing the intellectual property of U.S. companies. The actual “attackers” can range from customers who inadvertently disrupt code to national governments willing to risk instigating a war.
“Having an unprotected service robot connected to the network in your location can give as much access to your private information as leaving the front door wide open.”Alex Dopplinger, Freescale Global Marketing Manager
Although hacking is a serious modern threat it is one that, fundamentally, occupies a peripheral space in the public consciousness. We often hear about cyber attacks “after the fact,” but few people are openly discussing how system security will be irrevocably impacted and complicated by the global adoption of robotics.
Many, including Bill Gates, have likened the proliferation of robotics to the introduction of the PC, and, like the PC, robots will introduce complex privacy and security issues that some early adopters may not have even considered yet.
If your PC is hacked, data loss and identity theft are the potential results. But robots meld advanced technology with mobile capabilities. A robot that gets compromised has the potential to do serious physical damage to the property and/or people around it.
Already, industrial trends towards open networks and remote access have seen an increase in tampering across markets. Robotics companies should be looking to existing models and considering at least basic security components such as authentication (username/password), authorization (limiting what a given user can “do” with a robot) and accounting (recording usage data) when developing their robotics software. Freescale is one company offering their 44 years of security expertise to the robotics community with solutions based on models that have worked with high-profile industry partners for years.
The Potential Threat
According to Freescale’s Industrial Segment Director for Robotics and Automation, Alexandra Dopplinger, the traditional market leaders in security development have been telecom, networking, aerospace and defense—areas where national security, intellectual property and major financial investments are obviously at stake. More recently targeted, says Dopplinger, have been civil infrastructure systems. When energy grid, water treatment and traffic management systems are attacked, they can cause massive inconveniences very quickly.
Think of those two worlds combined. From large, industrial robot vendors to smaller service robot vendors, there is intellectual property at stake in a highly competitive developmental environment. In an industrial setting, a hack meant to simply disrupt a system could end up affecting the quality of an entire line of products (automobiles with faulty construction) or halting a manufacturing run completely, costing millions of dollars in productivity. A hacked service robot, however, could injure a family member, dispense the wrong medication in an elder care facility or provide a hacker with a detailed map of your home.
Dopplinger states that, although industrial vendors are more aware of the importance of operator and equipment safety, they tend to secure their systems with a gateway approach that is not effective against the average hacker. Smaller service robot vendors, she says, are so busy developing their products that security seems to be a lower priority, one that might complicate or increase the cost of their systems.
Dopplinger suggests that there is no reason why the robotics community cannot immediately use security solutions that have been developed for defense and telecom networks to secure their robotics products.
Many Freescale QorlQ multicore processors, i.MX applications processors, Vybrid controllers and Kinetis microcontrollers include hardware for irreversible configuration and tamper detection, unique identification, secure boot, trusted execution and encryption for secure communications. All are industry-tested and adaptable for robotics applications.
Similarly, Dopplinger says, robotics companies should look to mobile device security for solutions. “As high percentages of people trust their personal data to smart mobile devices, mobile device security is also increasing. Robotics developers should be able to conveniently reuse security solutions developed for critical infrastructure and smart mobile device applications.”
Whether industrial or personal, equally important for robotics developers is that the secure processors they use are still available once the robot is ready for market. An unfortunate byproduct of robots taking a long time to undergo development and testing, is that their key component parts are no longer available when the robot needs to be mass produced. Freescale’s formal product longevity program offers many devices for a minimum of 10 or 15 years from the time of launch, meaning the secure processors you’re used to building with will not undergo changes that effect how they interact with your proprietary system.
Another issue to consider with robot security is the technical expertise of the intended user. Industrial robots tend to be developed by larger teams in established companies and used by formally trained engineers and technicians. By contrast, developers of personal robots must focus on basic requirements and may leave security for a later phase of development. Their customers will expect a robot’s interface and maintenance to be similar to their smart phone or personal computer.
“Those who don’t read user manuals or password-protect their home’s wireless network, should not be expected to enable or use the security features in their service robot,” Dopplinger says. “Having an unprotected service robot connected to the network in your location can give as much access to your private information as leaving the front door wide open.”
It seems unavoidable that commercial behaviors, such as shipping robots out with generic passwords, will have to change in addition to careless consumer behaviors. But how will security inform the actual growth of robotics culture as, for example, the open source model continues to take shape?
The Open Source Debate
The open vs. closed source debate remains in robotics’ news, with issues of reverse engineering and network security at the forefront. From a security standpoint, however, Dopplinger points out that open source has been effectively used in some of the most secure networking systems since the turn of this century. Using open source, vulnerabilities tend to be identified by a larger audience and addressed more quickly.
“As with proprietary systems, a good open source result depends on having a good design and effective project management, along with the necessary quantity and quality of resources to implement the project,” she says. “I expect we will need an increasingly large army of good people to keep a step ahead of those who want to hack our systems.”
Dopplinger hopes to see this kind of teamwork maintaining the security of our robotics systems as well as a shift towards developers who anticipate unique threats and implement the appropriate security measures ahead of release. These are the trends that will continue to feed advancements in the security of our robotics culture.