Security is not a product, it is a process. Our services offer end-to-end offensive security research, security certification and compliance for robots and robot components.
We help you find vulnerabilities and flaws in your robots before others do.
Discover the robot security flow
Robot Threat Model
What's your security landscape?
Our team analyzes and evaluates your robot and its infrastructure helping you understand your security requirements.
By threat modeling. Threat modeling helps you understand better your security flaws by studying the dataflows and the trust boundaries that apply to your use case/s. Once you have a clear picture of which attack vectors you're subject to, you'll be in position to decide on what to invest.
We offer three types to meet more specifically our customer needs, however, all of them can be combined into what we call a full assessment delivering all three.
Safety cares about the possible damage a robot may cause in its environment, whilst security aims at ensuring that the environment does not disturb the robot operation. Safety and security are connected matters.
There's no safety without security.
Our team has past experience in robot and security related standardization committees and bodies. In particular, we are currently accumulating experience with MISRA C, FIPS-140, DO-178B and ISO 27001.
In robotics there is a clear separation between Security and Quality that is best understood with scenarios involving robotic software components. For example, if one was building an industrial Autonomous Guided Vehicle (AGV) or a self-driving car, often, she/he would need to comply with coding standards (e.g. MISRA C for developing safety-critical systems). The same system's communications, however, regardless of its compliance with the coding standards, might rely on a channel that does not provide encryption or authentication and is thereby subject to eavesdropping and man-in-the-middle attacks. In this case neither security nor quality would be mutually exclusive, there will (and should) be elements of both.
Making security recommendations on robotic architectures demands proper understanding of such systems. Similarly, mitigating a vulnerability or a bug requires one to first reproduce the flaw. This can be extremely time consuming with robots, specially ensuring an appropiate enviroment for its analysis reproduction. Current robotic systems are of high complexity, a condition that in most cases leads to wide attack surfaces and a variety of potential attack vectors. This difficulties the mitigation process and the use of traditional security approaches. In-depth understanding of such systems (robots) is required and new mechanisms must be used.
Connect to the inherent complexity and time consumption is flaw prioritization. Patch management in robotics requires one to priorize first existing vulnerabilities. Existing scoring mechanisms such as CVSS have strong limitations when applied to robotics. Simply put, they fail to capture the interaction that robots may have with their environments and humans, leading to potential safety hazards. New scoring techniques in combination with knowhow is a must to maintain robotic systems secure.