What is RIS? What can it bring to a company that already uses other cyber security solutions?
RIS stands for Robot Immune System, an Endpoint Protection Platform specifically built for robots. Some companies are using generic products that dive into some OT-equipment, but that do not understand specific threats to robots and cannot act at robot level. RIS does, and protects exclusively your robotics deployments. Of course, we created RIS to be compatible and interoperable with other cyber security solutions a company may have and does not conflict with other 3rd party infrastructure or products, including set ups in industry, healthcare and other professional environments.
RIS is a bio-inspired solution. What is the biology behind this solution?
We conceived and created RIS with biological immune systems in mind. Every living entity has its own unique means of identifying and responding to pathogens and environmental insult to overcome hazarduous situations, which provides an inside out, highly resilient system. In essence, what the cybersecurity industry invented in the last decade, had previously been out there for thousands, if not millions of years. Simplest bacteria hold defenses that resemble the malware and signature bases that conventional anti-viruses used in the past, which comprehend molecular mechanisms that where discovered a decade ago. CRISPR technology (proper name of the immune system piece I'm referring to) is now extensively used in genetic-engineering and gene editting. For the human context, our immune system is a complex machinery that understands our situation, detects and acts upon pathogenic entities even if those are novel to us, eventually coming over the situation. Immune systems constantly monitors what is "out" there and "in" there and makes no assumptions until proper checks have been done at various levels of biological organization. Biological immune systems empower Zero Trust by default. This is critical, since in the natural world as well as in robotics, threats are constantly evolving and novel threats are emerging. A very clear example is COVID-19, which is the homologous of a “Zero-day” devastating attack.
Before I joined Alias Robotics, back in early 2018, I was a researcher in academia studying how biological warfare allowed organisms early detect and respond to damage (e.g. toxicants, pathogens, environmental stress) at different levels of biological complexity, providing a layered, yet comprehensive response. We brought that back into RIS and built upon it for the last 2 years.
The RIS approach to robot cyber security is highly disruptive. We conceive robots as entities that lack the immune system they deserve, and provide them with it. RIS “lives” inside the robot and gets installed into it in different modules, resembling the levels of biological response of the immune system. The first its
Firewall, that resembles our natural physicochemical barriers, such as our skin. Second, we provide robots with
hardenning -innate immunity-, that one that we have “as is” because we’re human beings and responds to “generic” hazards. On the third instance, we built
Logging, as a conceptualization of the immunological memory, that holds exposure patterns, such as the antibodies we generate when exposed to a certain illness. Fourth place, we built our
AI based lightweight intrusion detection and prevention, leveraging Artificial Immune Systems and other proprietary machine learning methods to mimic precisely what happens within our Adaptive Immune system. Our fifth layer provides an easy to use
data visualization and User Interface that depicts the global status of the system, but this one does not exist in natural immune systems, of course. You’ll need to do extensive research hands on in the lab to get an intuition of it!
You mentioned AIS as a field and it’s one of the beauties of RIS. Some companies out there claim leveraging on machine learning, or even an “Immune system” approach for recognition of self and non self patterns. How’s Alias Robotics different to those?
Artificial Immune Systems is a subfield that mixes immunology and computer science in classic literature. The very first references date from the 90s, and often claim to be able to discriminate between the self- (own, propietary or “normal”) and non-self (antigen, pathogenic or “abnormal”) for intrusion detection and prevention. These approaches often learn about the “normal” or baseline and detect deviations, with some amounts of false positives, particularly large where systems are not operating under usual conditions. However, as always in science, these classical immunological theories later expanded and reiterated due to explainability issues. A classical example is onset of the “Danger Theory”, an immune theory that states that pathogenic activity is a mix between detected antigens and the context this within. This is why, for instance, a mother’s immune system does not attack it’s baby (which is about 50% similar, but not identical to her). Another one is Cohen’s degeneracy model, that illustrates further the “imperfect” process by which the immune system is conditioned by molecular drift when it comes to antigen and receptor matching, which provides extra power to detect polymorphic threats. We leveraged some of the latest research pieces and theories in immunology and biological response, to make our Robot Immune System top class in terms of detecting actual threats, but also to reduce our false positives.
Could the Robot Immune System, RIS, evolve and get applied to other-than-robots systems? e.g. in humans?
Interesting question. We are transducing cybersecurity computing in robotics to biological terms, which is already an ambitious mix of disciplines. We are creating abstractions of biological processes within the robots we protect, so we could say that we're creating some sort of robotized immune cells, antibodies and antigens. I guess pieces of the technology we developed could be landed in other areas of interest, and I also see application outside cybersecurity, although this is still a long shot to be a reality, I can give my "two cents".
To name one, drug discovery would benefit greatly of having the power computational transduction of "what are the pathogens out there" and how and why are they pathogenic, which connects to the ongoing rush on getting right the COVID-19 cure. Currently AI based drug discovery is a tremenduously fast growing field and will explode within this decade.
Autoimmunity is also an interesting topic to touch upon (False Positives, when it comes to cybersecurity), which to date remains largely unresolved on the medical field and probably has to do with aging factors and how our components, pieces, and software (genetic) make-up gets rusty and flawed with time.
Lastly, and maybe the most feasible short term, we're seeing lots of companies and individuals emerging in the bioinformatics area for miriads of applications, from cancer research to biodiversity studies. This is due to both computational power increased and biology and computer science came togheter, and now enables super-quick and super-efficient analysis of tons of data that some years ago would take you a lifetime. It is a simple as creating a (set of) well designed and meaningful scripts for a given purpose, then allowing launching it and getting the results, with increased reproducibility and replicability.
What may happen if we threw an actual biological data set to RIS still remains a question we might be able to answer in a few years. I just imagine we had early alert systems in our streets that might have noticed the presence of the pandemic at the precise time it came first to our cities.
Now that we're teleworking, what are the cyber threats we need to be aware of? Any tips to come over those?
Now getting onto more current hot topics, cyber threats are always there, and in times of COVID-19 we’re observing them flourish. In fact, we're seeing more and more incidences in relation to remote connectivity to work, whatever it is its shape. If you ask me of best practices to be followed, I can mention some:
- Always keep your systems updated. Contrary to popular belief, updates significantly improve system security and patch new vulnerabilities found by security researchers. Also, it is worth updating our endpoint protection or “anti-virus” software. Security is a process. It needs to be reviewed, patched and updated periodically to remain as protected as possible.
- Always segment specially the corporate side from the personal one, if you have to use the same device. If you rely on a single device we, make use of virtual machines, containers or other mechanisms to virtualize operating systems and hardware.
- Never use unsecure passwords and enable double-factor authentication (2FA) in all critical services, preferably more than one.
- Do not open suspicious files, links. These types of attacks often occur via email, from unknown or illegitimate senders. Sometimes it’s up to some clicks to get breached.
- If possible, use encrypted connections for everything and specially to work remotely, VPNs are a feasible alternative. Not the panacea though, since they have their own vulnerabilities like all software and need to be constantly updated as well.
- Encrypt our devices. All major operating systems include this function for free, but it is seldom used in work-related devices.
- In addition, it is convenient not to connect our devices by WiFi but use the Ethernet ports, whenever possible, particularly if we’re working from home.
- If you are using robots, you're lucky, RIS is available now for selected robots.
What are those types of incidents that are increasing during COVID-19?
Hackers are searching for novel (and old!) vulnerabilities to be exploited constantly, but I guess now they just have some “extra time” for it. We could mention the example of Zoom, where cyber security issues in Windows OS has forced its CEO to provide public apologies.
Some countries reported cyber breach attempts throughout the pandemic, particularly focused on healthcare assets and networks. Hackers dig where the profit can be most immediate and the willingness to pay for ramsons etc. is greatest.
In my personal view, as the current pandemic progresses into a global and new crisis situation, we’ll see those attacks shifting towards other domains, likely industrial processes, now that remote operation has become widespread.
There has also been an increase in the use of robots. Are they exposed as well?
Absolutely. Robots are set to be our companions in the global crisis, aiding industrial productivity while social distancing lasts, but also helping in other professional domains, such as last mile delivery. Healthcare robot use has also significantly increase, since it is a way of minimizing healthcare professionals exposure to the virus.
Robots are getting more connected and COVID-19 has brought an accelerated industry 4.0 course to many industries. Our research back in 2018 exposed more than 200 connected robots on an internet wide scan. Those were directly connected to the internet and accessible for malicious hackers with minimal knowledge of the systems, but most importantly, we found more than 9000 unprotected industrial routers with default credentials. Robots live behind those.
The outcomes of the attacks can be varied. FANUC product VP estimated a single robot’s downtime cost for up to 20,000 USD, per minute. A single incident could result in loss of up to 2M USD. Later on, blackhats may even want you to pay a ransom or whatever outcome is within their maliciousness.
However, cybersecurity-associated safety breaches are the outmost and major concerns for robot end users, according to our latest research on the Robot Security Survey. Imagine a robot you own gets hacked and safety features removed and damages equipment nearby, or even worse, humans. Then, very likely, you won’t be using that particular robot(s) again.
And the companies, are they aware of this risk? Are they taking any kind of measure?
Not always. Companies, like most of us as a consumer, are used to buy and use devices and equipment that is secure by default. This is clearly not the case with robotics. We are seeing vulnerable robots out there and takes minimal efforts and motivation for attackers to breach those. Our team found more than 400 vulnerabilities in an industrial robot. An attacker just needs to find one that is not remediated. Robotics is at its dawn and security is pretty much a new topic for most manufacturers. We witnessed the very same in Industrial Control Systems (ICS) security five years ago, now the situation has changed dramatically and vendors who neglected security aspects are irrelevant.
We are starting to see cyber incidents happening in robotics, worst case scenario, with attacks affecting safety aspects. Some manufacturers are acting irresponsibly and are knowingly rejecting to invest resources to deliver a secure product which leaves an open panorama for malicious attackers, which always profit the opportunity, sooner or later. Companies using robots know it is not a matter of “If” getting breached, but “When” are you getting breached and are getting increasingly prepared.
But very typically companies make use of IT or OT-centric security solutions that do not speak “robotics language” nor consider exploits or threats specific to robotic devices. Also, it is very commonly held the assumption that insecure robots within “secure” networks is a walkthrough. Attackers not always take the “front door” in their attacks, and particularly over industrial systems, we are observing a "race to the bottom" when it comes to assets that are attacked. In Alias Robotics, we care of robots in any deployment, but advocate for a defense-in-depth approach. That’s why we created our RIS, which gets deployed inside each single robot, providing a disruptive inside-out defense.