" "

Autonomous Mobile Robot Cybersecurity – Threats and Mitigation

14/3/2023
Autonompus Mobile Robot in warehouse with cyber hacker

About MOV.AI 

MOV.ai disrupts Autonomous Mobile Robot development with a Robotics Engine Platform that contains everything needed to quickly build, deploy and operate intelligent robots.

Autonomous Mobile Robots (AMRs) bring a new level of sophistication to the warehouse floor. Goods can now be seamlessly transported around the facility, utilizing the best possible route regardless of the layout or any changes in the environment. 

Previously, Automated Guided Vehicles (AGVs) could only follow predetermined paths and often required additional external equipment. Any unexpected obstacles or blockages caused them to grind to a halt until their way was cleared.

While the change from AGVs to AMRs (the transition from automation to autonomy) offers a range of operational benefits, it also brings new considerations. AGVs rely on programmable logic controllers, simple, closed systems that provide little attack surface. 

In contrast, the greater functionality of AMRs requires greater computational resources and constant communication between robots and their control systems. Therefore, AMRs need industrial PCs, effectively becoming data centres on wheels.

AMR cybersecurity concerns

AMRs have the same digital cyber concerns as any other industrial PC (data breaches, ransomware attacks, etc.), except they are also physical objects moving around the real world. Hackers can take control of AMRs and hinder or alter their operations to create significant safety concerns and potentially sabotage processes. 

A fully loaded pallet mover behaving unexpectedly presents real dangers to the employees working alongside it. Additionally, AMRs handle a considerable amount of proprietary data by recording the warehouse and tracking operations. Hackers could compromise an AMR to send footage and other sensitive information to competitors.

The threat of cyberattacks on industrial robots is a growing concern, and across the board, cyberattacks are on the rise. Research from Check Point shows 2022 was a record year, with the global volume of attacks increasing by 38% compared to 2021. 

Unfortunately, integrating new and advanced technologies always brings new opportunities for cybercriminals. Taking advantage of the considerable AMR benefits on offer requires taking significant steps to secure them. Below are a series of cybersecurity tasks for manufacturers, integrators, and operators to consider.

AMR Cybersecurity Checklist

Cybersecurity threats can be introduced across the AMR lifecycle, from design and development to deployment and operation. Therefore, minimizing the risk from cyberattacks must be a collective effort from everyone involved in AMR operations: 

  • Manufacturers need to lay the groundwork, producing secure robots from day one while also considering tools to ensure continued cyber resilience
  • Integrators must understand the wider IIoT network, finding ways to securely install new AMR systems within the existing warehouse security programs and support future security practices
  • And finally, the end customers (in particular their IT management) have to follow cybersecurity best practices to keep hackers outside of their systems.

While the list below offers a series of tasks to help protect AMRs, remember cybersecurity is a complicated field, and there may be significant crossover and dependencies between them.

1. Static code analysis

The process of scanning the source code for vulnerabilities before release. Static code analyzers model the code running on an AMR, determining the control and data flows to compare them to a predefined set of rules. Common vulnerabilities uncovered during static code analysis include injection (e.g., SQL, LDAP, etc.) or buffer overflows.

2. Vulnerability tests

Like static code analysis, vulnerability tests check to see if there are any risks or vulnerabilities present within the AMR systems. However, vulnerability tests take a broader view, looking at the entire IT ecosystem, including:

  • Computer networks
  • Systems
  • Hardware
  • Applications
  • Any other components present

A range of possible vulnerability tests can be performed on a given system. MOV.AI offers tests based on the updated OWASP (Open Worldwide Application Security Project) cybersecurity standards. Tools provided scan the operating system, network ports, APIs, as well as any other software endpoint.

3. System hardening

System hardening involves many tools, practices, and automated processes to minimize vulnerabilities by eliminating potential attack vectors and reducing the AMR attack surface. A broad field, system hardening covers a vast array of systems, such as:

  • Hardware – physically protecting devices
  • Software application – updating software and implementing security measures such as firewalls, encryptions, process/network isolation, authentication, and documentation to track errors, warnings, and suspicious activity
  • Databases – protecting access and encrypting files
  • Network – securing the communication infrastructure used by the AMRs within the warehouse network

4. Application Security

AMR application security refers to the rules and processes used to prevent hackers from accessing and modifying any internal processes. MOV.AI uses a series of best practices recommended by OWASP, including:

    • Role-based access control
    • Session timeouts following user inactivity
    • Strong password management
    • Ensuring no generic user accounts
    • Separate roles for password reset or account unlocks

5. Software updates

Hackers are constantly testing software to find new exploits and gain unwarranted access. They may target specific companies, or they may target commonly used code libraries. Developers incorporate a significant amount of code from third parties (open source or commercial). Therefore, cybercriminals can increase the impact of any exploits they find by targeting the software supply chain – specific components used across many applications.

With new vulnerabilities always being discovered, software must be continually updated to remain protected. To securely run AMRs, organizations should:

  • Enable software updates for the relevant parts of the system
  • Allow users to define upgrades based on their update windows
  • In the event of a breach, enable a controlled rollback

6. User authentication and authorization

User authentication is the process of confirming people on the network are who they say they are. User authorization defines what people can do on a network and what information and resources they can access. MOV.AI allows operators to define specific user roles and permissions in compliance with other authentication tools (LDAP, SSO, etc.).

7. Embedded hardware security

Embedded hardware security must be done at the Linux kernel level. MOV.AI provides a detailed checklist and recommendations for a range of embedded hardware security practices, including:

  • Disk encryption
  • Protected BIOS using a dedicated module
  • Bluetooth, using what Linux offers with the most up-to-date version
  • Wifi, again relies on what Linux offers and making sure it requires authentication so that only trusted users can access the same network as the AMRs.

Summary

As you can see, there is a lot to think about when it comes to AMR cybersecurity. You can think of everything on this checklist as tackling cybersecurity on three levels:

  1. Process level – code analyzers, periodic vulnerability testing
  2. Software level – infrastructure hardening, software updates, application security, user authentication, and authorization
  3. Hardware level – embedded hardware security

Protecting AMRs and the wider network they operate within requires significant expertise and access to a range of cybersecurity tools. MOV.AI Robotics Engine Platform™ has Cybersecurity tools and processes built into it, to enable secure AMR development, deployment, and operation.

Sign up for news update

*By providing my details I agree to the MOV.AI Terms and conditions and Privacy policy. I also agree to receive emails from MOV.AIand I understand that I may opt out of MOV.AI subscriptions at any time.

Ready to build awesome robots?

We use cookies to so that you can enjoy the best experience on our website. If you continue to use this site we will assume that you are happy with it.
Skip to content