Kaspersky Industrial CyberSecurity (KICS) is a holistic solution for industrial infrastructures. It aims to protect and manage the security while monitoring network interactions and detecting unexpected traffic or cyber-threats. The solution consists of three components: KICS for Nodes, KICS for Networks and Kaspersky Security Center (KSC).
Current Operational Technology (OT) environments protected by KICS often include robotic endpoints. Robots have their own networks, technologies, safety requirements and business priorities, all of which must be addditionally uniquely addressed to secure robots effectively.
Cybersecurity incidents with robots have relevant consequences for the whole OT environment, including potential human harm. Robots often interact with humans and a lack of security leads to no predictability, which then leads to potential safety hazards.
Functional safety standards also hint in the same direction. IEC 61508, the Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems is a meta-standard for safety and from where most functional safety norms grow. This is the case for ISO 26262 (automotive), IEC 61511 (industrial processes), IEC 61513 (nuclear industry), ISO13849-1 (machinery, control systems) or EN 50126/8/9 (railways), among others. IEC 61508 indicates the following in section 220.127.116.11:
"If the hazard analysis identifies that malevolent or unauthorised action, constituting a security threat, as being reasonably foreseeable, then a security threats analysis should be carried out." Moreover, section 18.104.22.168 from IEC 61508 also states:
"If security threats have been identified, then a vulnerability analysis should be undertaken in order to specify security requirements."
which translates to new security requirements. In other words, safety standards depend on security requirements.
Security requirements are specific to the robot and influenced by security research. Periodic security assessments should be performed and as new vulnerabilities are identified, they should be translated into new security requirements, which then influence safety.
More importantly, the fulfillment of these security requirements to maintain the robot protected (and thereby safe) will demand pushing the measures to the robot endpoint. To meet functional safety standards demand and prevent safety hazards from happening, the effective measures, along with network-based monitoring solutions and endpoint protection for PC-based industrial hosts, should include a security mechanism that protects the robot endpoints, a Robot Endpoint Protection Platform (REPP).
Through a cooperation between Alias Robotics and Kaspersky, we launched a research effort to shed some light on the status of security for robot endpoints in OT environments. Our research showed evidence that simple attacks were feasible and that specialized security controls are necessary for capturing the complexity of modern robot interactions and preventing safety hazards. We deployed KICS and RIS, the Robot Immune System on selected robots. RIS is a security certified software solution that protects robots and robot components against malware, a Robot Endpoint Protection Platform (REPP). We confirmed how both solutions together successfully managed to protect and detect attacks targeting the robots.
USING THE BEST TOOLS TO CHALLENGE ROBOT ENDPOINTS
Our work was conducted using the alurity toolbox to help create a reproducible and high-fidelity virtual OT environment, including the robot endpoints. The virtualization happened at both hardware and software levels, using emulation and simulation respectively.
With alurity we simplified the cybersecurity research in OT environments with robots, empowering more secure use of industrial robots.
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 250,000 corporate clients protect what matters most to them.
Kaspersky Industrial CyberSecurity (KICS) is a holistic solution for industrial infrastructures. The solution consists of three components: KICS for Nodes, KICS for Networks and Kaspersky Security Center (KSC).
"Threat detection, network monitoring and visibility, systems and policy management, notification, and reporting are only a few components of a holistic OT cybersecurity approach. At Kaspersky we reckon the importance of keeping robot endpoints secure and to do so, we partner with best of class companies to extend our solutions. KICS and Alias Robotics' RIS will together help our clients protect their robots in OT environments and fulfill their safety and cybersecurity requirements.".