" "Skip to content
MOV.ai disrupts Autonomous Mobile Robot development with a Robotics Engine Platform that contains everything needed to quickly build, deploy and operate intelligent robots.
Autonomous Mobile Robots (AMRs) bring a new level of sophistication to the warehouse floor. Goods can now be seamlessly transported around the facility, utilizing the best possible route regardless of the layout or any changes in the environment.
Previously, Automated Guided Vehicles (AGVs) could only follow predetermined paths and often required additional external equipment. Any unexpected obstacles or blockages caused them to grind to a halt until their way was cleared.
While the change from AGVs to AMRs (the transition from automation to autonomy) offers a range of operational benefits, it also brings new considerations. AGVs rely on programmable logic controllers, simple, closed systems that provide little attack surface.
In contrast, the greater functionality of AMRs requires greater computational resources and constant communication between robots and their control systems. Therefore, AMRs need industrial PCs, effectively becoming data centres on wheels.
AMRs have the same digital cyber concerns as any other industrial PC (data breaches, ransomware attacks, etc.), except they are also physical objects moving around the real world. Hackers can take control of AMRs and hinder or alter their operations to create significant safety concerns and potentially sabotage processes.
A fully loaded pallet mover behaving unexpectedly presents real dangers to the employees working alongside it. Additionally, AMRs handle a considerable amount of proprietary data by recording the warehouse and tracking operations. Hackers could compromise an AMR to send footage and other sensitive information to competitors.
The threat of cyberattacks on industrial robots is a growing concern, and across the board, cyberattacks are on the rise. Research from Check Point shows 2022 was a record year, with the global volume of attacks increasing by 38% compared to 2021.
Unfortunately, integrating new and advanced technologies always brings new opportunities for cybercriminals. Taking advantage of the considerable AMR benefits on offer requires taking significant steps to secure them. Below are a series of cybersecurity tasks for manufacturers, integrators, and operators to consider.
Cybersecurity threats can be introduced across the AMR lifecycle, from design and development to deployment and operation. Therefore, minimizing the risk from cyberattacks must be a collective effort from everyone involved in AMR operations:
While the list below offers a series of tasks to help protect AMRs, remember cybersecurity is a complicated field, and there may be significant crossover and dependencies between them.
The process of scanning the source code for vulnerabilities before release. Static code analyzers model the code running on an AMR, determining the control and data flows to compare them to a predefined set of rules. Common vulnerabilities uncovered during static code analysis include injection (e.g., SQL, LDAP, etc.) or buffer overflows.
Like static code analysis, vulnerability tests check to see if there are any risks or vulnerabilities present within the AMR systems. However, vulnerability tests take a broader view, looking at the entire IT ecosystem, including:
A range of possible vulnerability tests can be performed on a given system. MOV.AI offers tests based on the updated OWASP (Open Worldwide Application Security Project) cybersecurity standards. Tools provided scan the operating system, network ports, APIs, as well as any other software endpoint.
System hardening involves many tools, practices, and automated processes to minimize vulnerabilities by eliminating potential attack vectors and reducing the AMR attack surface. A broad field, system hardening covers a vast array of systems, such as:
AMR application security refers to the rules and processes used to prevent hackers from accessing and modifying any internal processes. MOV.AI uses a series of best practices recommended by OWASP, including:
Hackers are constantly testing software to find new exploits and gain unwarranted access. They may target specific companies, or they may target commonly used code libraries. Developers incorporate a significant amount of code from third parties (open source or commercial). Therefore, cybercriminals can increase the impact of any exploits they find by targeting the software supply chain – specific components used across many applications.
With new vulnerabilities always being discovered, software must be continually updated to remain protected. To securely run AMRs, organizations should:
User authentication is the process of confirming people on the network are who they say they are. User authorization defines what people can do on a network and what information and resources they can access. MOV.AI allows operators to define specific user roles and permissions in compliance with other authentication tools (LDAP, SSO, etc.).
Embedded hardware security must be done at the Linux kernel level. MOV.AI provides a detailed checklist and recommendations for a range of embedded hardware security practices, including:
As you can see, there is a lot to think about when it comes to AMR cybersecurity. You can think of everything on this checklist as tackling cybersecurity on three levels:
Protecting AMRs and the wider network they operate within requires significant expertise and access to a range of cybersecurity tools. MOV.AI Robotics Engine Platform™ has Cybersecurity tools and processes built into it, to enable secure AMR development, deployment, and operation.