Frequently Asked Questions

F.A.Q.

General Questions

Robots have their own networks, technologies, safety requirements and business priorities, all of which must be uniquely addressed. Simply put, you can't secure robots the same way you secure other IT, IoT or OT environments. Existing industrial solutions for monitoring networking traffic and detecting threats do not include robots and are generally left beyond the area of protection, assumed as air gapped. This becomes specially relevant given the safety implications. Cybersecurity in robotics will be more important than in any other area (compromised robots can cause human harm).

Safety cares about the possible damage a robot may cause in its environment, whilst security aims at ensuring that the environment does not disturb the robot operation. Safety and security are connected matters.

There's no safety without security.

IEC 61508 “Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems” is a meta-standard for safety and from where most functional safety norms grow. This is the case for ISO 26262 (automotive), IEC 61511 (industrial processes), IEC 61513 (nuclear) or EN 50126/8/9 (railways), among others.

IEC 61508 indicates the following in section 7.4.2.3:

"If the hazard analysis identifies that malevolent or unauthorised action, constituting a security threat, as being reasonably foreseeable, then a security threats analysis should be carried out."

Moreover, section 7.5.2.2 from IEC 61508 also states:

"If security threats have been identified, then a vulnerability analysis should be undertaken in order to specify security requirements."

which translates to security requirements. Note these requirements are complementary to other security requirements specified in other standards like IEC 62443, and specific to the robotic setup in order to comply with the safety requirements of IEC 61508. In other words, safety requirements spawn from security flaws, which are specific to the robot and influenced by security research. Periodic security assessments should be performed and as new vulnerabilities are identified, they should be translated into new security requirements.

More importantly, the fulfillment of these security requirements to maintain the robot protected (and thereby safe) will demand pushing the measures to the robot endpoint. Network-based monitoring solutions will simply not be enough to prevent safety hazards from happening. Safety standards demand thereby for a security mechanism that protects the robot endpoints and fulfill all the security requirements, a Robot Endpoint Protection Platform (REPP).

In robotics there is a clear separation between Security and Quality that is best understood with scenarios involving robotic software components. For example, if one was building an industrial Autonomous Guided Vehicle (AGV) or a self-driving car, often, she/he would need to comply with coding standards (e.g. MISRA C for developing safety-critical systems). The same system's communications, however, regardless of its compliance with the coding standards, might rely on a channel that does not provide encryption or authentication and is thereby subject to eavesdropping and man-in-the-middle attacks. In this case neither security nor quality would be mutually exclusive, there will (and should) be elements of both.

Triage is the commonly known term for the qualification of a security flaw.

Being robotics the art of system integration, its modular characteristic by nature, both in hardware and software aspects, provides almost unlimited flexibility to its system designers and integrators. This flexibility, however, comes at the cost of complexity. In this environment triage seems of special relevance for the domain of robots. Distinguishing between common IT or OT flaws and robotics ones is a must.

Making security recommendations on robotic architectures demands proper understanding of such systems. Similarly, mitigating a vulnerability or a bug requires one to first reproduce the flaw. This can be extremely time consuming with robots, specially ensuring an appropiate enviroment for its analysis reproduction. Current robotic systems are of high complexity, a condition that in most cases leads to wide attack surfaces and a variety of potential attack vectors. This difficulties the mitigation process and the use of traditional security approaches. In-depth understanding of such systems (robots) is required and new mechanisms must be used.

Connected to the inherent complexity and time consumption is flaw prioritization. Patch management in robotics requires one to priorize first existing vulnerabilities. Existing scoring mechanisms such as CVSS have strong limitations when applied to robotics. Simply put, they fail to capture the interaction that robots may have with their environments and humans, leading to potential safety hazards. New scoring techniques in combination with knowhow is a must to maintain robotic systems secure.

Absolutely! Several groups are researching this actively. See [1] for one of such studies describing a variety of attacks.

Moreover, we ourselves in an attempt to raise awareness are continuously advocating on "how vulnerable" popular robotic platforms are read the article here or check our public archive of robot flaws, the Robot Vulnerability Database (RVD).

[1] Bhardwaj, A., Avasthi, V., & Goundar, S. (2019). Cyber security attacks on robotic platforms. Network Security, 2019(10), 13-19.

We encourage you to start caring about security at the design phase. Defining a proper architecture that takes security into account is key. Security can also be tackled at later phases but the more you delay it, the harder and more costly it'll be to ensure security.

Traditional IT and recent OT network security are based on the castle-and-moat concept. In castle-and-moat security, it is hard to obtain access from outside the network, but everyone inside the network is trusted by default. The problem with this approach is that once an attacker gains access to the network, they have free reign over everything inside. This is what happens if you only use a VPN. VPNs offer a layer of protection but this is far from enough to guarantee security (specially when VPNs aren't flawless, e.g. see CVE-2019-14899)

Instead, we advocate for the use of Zero Trust security paradigm. Zero Trust security means that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network. Zero Trust moves network defenses from wide network perimeters to narrowly focusing on individual or small groups of resources. Access to data resources is granted when the resource is required, and authentication (both user and device) is performed before the connection is established.

Head to our robot security vulnerability database and report it there, the Robot Vulnerability Database (RVD). When opening a new ticket, make sure to follow the format and the taxonomy (link).

Yes we can. Provided you've got well identified flaws (maybe reported by us via a previous service?) we can help implement mitgations on a contract basis. Reach out with your needs.

An attack vector is a path that an attacker could follow to perform an attack on the system typically involving an entry point. An entry point is a specific area in your architecture from where an actor could initiate attacks. Both of them are found and analyse with a Threat Model service.

An architecture data flow diagram displays and interrelates the different components, actors and assets that play a relevant role on your system. This diagram also shows the interaction between components and the communication channels (both real and virtual ones) used to exchange data from one to another. It is the first step we take when creating your threat model, since it is essential to build on solid knowledge of your system.

Alias has created the Robot Immune System (RIS) . It is the result of more than two years of research financed by the European Union and the Basque Government, among other agents, which combines scientific and technological efforts to recreate the human immune system in a robot. It is a software that is installed in the robot and evolves with it, learning its usual environment, its usual commands and developing protections as it goes.

During these two years more than a dozen professionals have participated in its development, including biologists and robotics engineers. RIS is now available in several robots and robotic components. More will be announced soon.

Security is often defined as the state of being free from danger or threat. But what does this mean in practice? What does it imply to be free from danger? Is it the same in enterprise and industrial systems? Well, short answer: no, it's not. Several reasons but one important is that the underlying technological architectures for each one of these environments, though shares technical bits, are significantly different which leads to a different interpretation of what security (again, being free from danger and threats) requires.
To learn more about the differences, head to this essay and enjoy.

According to our data, the most common attacks are focused on disabling the robotic systems, encrypting their file systems and requesting a ransom in exchange for "leaving them alone". In other words, what is technically called 'ransomware'. In addition, we are increasingly seeing more sophisticated attacks in which attackers not only take control of the robot, but also take advantage of its sensors to cause damage (for example, by disabling safety systems and directly impacting a person when they approach).

Today, still very few manufacturers care about protecting their robots against cyber-threats. It's surprising, but true. In Alias Robotics my team has just discovered more than 80 vulnerabilities in one of the best-selling industrial robots on the market, manufactured by Universal Robots. This is just an example of manufacturers ignoring security recommendations and claiming that they leave the users in charge of protecting themselves. Security is not a product, which is applied, and "that's it!". It is a process that needs to be periodically reviewed. It is essential that protection systems evolve and adapt to the robot and the environment.

Many robots try to protect themselves with perimeters, but this is equally incorrect as it's been shown with other industrial devices. These security solutions (perimeters) do not add value anymore in the current hyper-connected landscape we're living in. There're too many entry points one could use to attack a robot. To adress this, our team is involved in helping to develop new security standards specifically for robots.

Protected in fact, it takes our team no more than a few days to "hack" a robot on site. The situation is very worrying as we have already demonstrated.

Services

By threat modeling. You should first understand what's your threat landscape. Theat modeling helps you understand better your security flaws by studying the dataflows and the trust boundaries that apply to your use case/s. Once you have a clear picture of which attack vectors you're subject to, you'll be in position to decide on what to invest.

Yes, absolutely. Having a threat model is only the starting point in the security flow. A threat model allows you to clearly identify which attack vectors should be considered "in scope" for further testing. If you already have that, simply tell us what are the vectors of attack you're concerned of. We'll define a proper scope and start assessing them for you.

Red teaming is a full-scope, holistic, multi-layered, and targeted (with specific goals) offensive attack simulation exercise designed to measure how well a company’s systems, people, networks, and physical security controls can withstand an attack. Penetration Testing (pentesting or PT) is an offensive activity that seeks to find as many vulnerabilities as possible to risk-assess them. Red teaming will also look for vulnerabilities but only for those that will maximize damage and meet the selected goals.

Summarizing, while a traditional penetration test is much more effective at providing a thorough list of vulnerabilities and improvements to be made (and should thereby be performed first), a red team assessment provides a more accurate measure of a given technology’s preparedness for remaining resilient against cyber-attacks.

Our team has past experience in robot and security related standarization committees and bodies. In particular, we are currently accumulating experience with MISRA C, FIPS-140, DO-178B and ISO 27001.

Products

An Endpoint Protection Platform (EPP) is an integrated security solution designed to detect and block security threats at the device level. An EPP provides several security features those of an anti-virus, anti-malware, data encryption, firewalls or Intrusion Detection Systems (IDS) among others.

Opposed to traditional anti-virus solutions which use signature-based approaches to identify threat, RIS monitors behaviors using a broader range of detection techniques.

An EPP for robots. A Robot Endpoint Protection Platform (REPP) is an integrated suite of endpoint protection technologies for robots that detects, prevents, stops and informs on a variety of threats that affect the robotic system.

Industrial IDSs normally only detect threats at the network level. These IDSs are not specific to robotics and do not protect robots as an endpoint. Given the current vulnerability landscape in robotics wherein safety needs to be ensured per-device, we advocate for a per-robot in-depth defense. That’s why we created RIS.

Safety and Security are tightly coupled. There is no real safety without security. Very often, malicious attackers target safety systems cyber security issues to disable or manipulate safety settings.

No. Safety has been in the robot manufacturers’s priority list since the dawn of the industry. A security trusted system might not be safe at all.

RIS stands for Robot Immune System. A dedicated protection system for robots. It’s modular architecture allows us to embed de Robot Immune System (RIS) directly into the robot putting together an Endpoint Protection (EPP) solution for robots.

We inspired ourselves in Biological Immune Systems to create RIS. Immune systems are one of the most prominent architechtures of nature which constantly protect organisms against external threats. We modelled and based ourselves how this immune response works based on different layers of protections and ported to robotics. RIS is formed by SKIN, Innate Immunity elements, Immune memory, Adaptive Immune system and Complex Immune System.

BlackBox is designed as a secure data recorder for robotics, RIS is an Endpoint Protection (EPP) solution for robotics based in Biological Immune Systems.

No. BlackBox introduces zero interference or latencies.

BlackBox connects to the most popular industrial robot controllers.

Alurity

Alurity was built by security researchers for security research. The toolbox allows an accelerated experience assessing the security of different robots and robot components.

To get access to "on-demand" or extra alurity modules, contact us.

We can provide advice on your use case and functionalities you may want to incorporate into Alurity.

Periodically. Most relevant modules update on a weekly basis.

Two reasons: a) in some cases we need to deploy some customizations into these modules to give you a best service and b) some modules include sensitive data.

Short answer, you don't. But be prepared to spend weeks getting your infrastructure ready. And this repeats for every new project.

Robotics is the art of system integration. There are lots (lots) of components involved and most setups are expensive, both time and budget-wise.

Alurity ensures that security researchers working in a project, have a common, consistent and easily reproducible development environment facilitating the security process (exploitation and mitigation) and the collaboration across teams. It's available for Linux (across distributions), Mac OS and Windows and includes a pre-built set of modules for most well known robots and robot tools.

Either if time is relevant for you, or if you don't wish to spend hundreds of thousands of Euros in purchasing robots/licenses, alurity is for you. To learn more about alurity ready its paper.

With Alurity, you can dig into the target system of interest yourself using the tool.

Customer service

Cyber security is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misuse of the services they provide. We could sum it up and say cyber security is the science and art of protecting digital assets and data.

By definition, robotics is the art of system integration. Robots are systems of systems formed by an array of technologies that perceive and act upon environment in which they physically operate. As robots become more intelligent and interconnected securing robots as an endpoint has become not only a challenge, but a need.