As robotics becomes increasingly intertwined with other facets of IT such as the cloud, mobile devices, data analytics and the Internet of Things (IoT), concerns about the risk of data theft and other negative impacts are legitimate.
But the security issue goes beyond traditional risks such as the loss or theft of information or the interruption of services. It's about safety as well.
"The biggest risk is loss of control," said James Ryan, digital leadership fellow at Minnesota Innovation Lab, a non-profit organization that helps organizations in Minnesota to be more innovative.
"If the data that drives a robot is tampered with or the robot is controlled by a hacker, we could see these robots respond in unintended ways," Ryan said. "The risk could be as small as mustard being put in your fridge instead of ketchup. However, at the higher end, it could trigger billions of dollars of profits turned into billions of losses," and the use of a robot armed force controlled remotely over the Internet to inflict harm on people.
One of the better known machine-related attacks occurred in 2015, when hackers were able to gain access to a Jeep's entertainment system via a cellular connection, then through that gain access to other systems. The episode forced automaker Fiat Chrysler Automobiles to issue a recall notice for 1.4 million vehicles in order to fix a software vulnerability that allowed the hackers to break into the system and electronically control vital functions.
"While not generally considered a 'robot,' it is similar in that a control system is hacked and then physical damage occurs in the real world," Ryan said. Other related attacks in recent years include malware that caused physical damage at a uranium enrichment plant and an attack against a steel mill that stopped an industrial blast furnace from working.
"These examples are only early warning indicators of the damage to come," Ryan said. "The Internet of Robotic Things will grow robot usage exponentially, and the risk and consequences will grow exponentially at the same time."
What concerns Ryan is that cyber security programs are already struggling to protect systems--and the environment will likely become much more complex. "If we can't protect our laptops, why should we think we can protect a fleet of robots?" he said. "There are systemic and deeply rooted challenges that must be overcome if the promise of robots will be fully realized."
The businesses that create high-performance cyber defense strategies will dominate and capitalize on the new market opportunities created by robotics, Ryan said.
Who within organizations should be responsible for robotics security?
"Ultimately the C-suite and board of directors are responsible for cyber and physical security," Ryan said. "These top-level leaders must drive their physical and cyber teams to increase their collaboration so that life safety and physical damage risks that are born from cyber vectors are fully accounted for."
They will also need to bring in general counsel to deal with new kinds of liability claims. "Ultimately, the great companies will form diverse teams with varying specialties to deal with these new kinds of risk, some yet to be imagined," Ryan said.