“The industrial robot,” according to Mark Nunnikhoven of Trend Micro, “is not ready for the world it’s living in.”
Specifically, industrial robots being connected up with other devices do not have the same security strengths as those other devices. Nobody considered, back when the current automated denizens of U.S. factories were being built, that they might someday be communicating with someone via the world wide web.
Cybersecurity experts at Computerworld expressed shock that the average industrial robot doesn’t have ordinary security measures like passwords and two factor authentication.
Trend Micro hacked into an industrial robot in a lab setting, and was able to make it mess up its welding. Researchers also made random connections with industrial robots in the wild. They were able to get a number of those robots to share the software version they were using. In fact, they discovered that many of the robots they encountered had little or no cybersecurity built in. They proposed that a malicious hacker could program these machines to damage themselves, alter work parameters, or endanger humans they worked with by suppressing safety codes.
The fact is that many of the robots in service in modern factories were installed and configured before the internet existed. The hackers’ astonishment that machinery installed in the 1980s had little in the way of security reflects the attitudes of digital natives who don’t have a clear picture of industrial automation history.
But the fact that they found machinery without so much as a password hooked up to the internet reflects the attitudes of people who may be more comfortable with the history of automation than with its future.
The researchers pointed out that people who study robotics don’t usually study cybersecurity, and vice versa.
It’s a whole new kind of skills gap.