Securing robot endpoints in Operational Technology (OT) environments

Current Operational Technology (OT) environments protected often include robotic endpoints. Robots have their own networks, technologies, safety requirements and business priorities, all of which must be addditionally uniquely addressed to secure robots effectively. Through a cooperation between Alias Robotics and Kaspersky, we launched a research effort to shed some light on the status of security for robot endpoints in OT environments. Our research showed evidence that simple attacks were feasible and that specialized security controls are necessary for capturing the complexity of modern robot interactions and preventing safety hazards. Read the complete case study here.

Robot cybersecurity reviews ([1], [2]) criticize the current status of cybersecurity in robotics and reckon the need of further investing in securing these technologies. Previous attempts to review the security of robots via offensive exercises or tools (including [3], [4], [5], [6], [7], [8]) which mostly focus on proof-of-concept attacks and penetration testing, detecting flaws in the Robot Operating System (ROS) [9]. A recent study [10] mentions the identification of several flaws within the ROS-Industrial codebase however it does not explicitly describe exploitable ROS-specific flaws. Considerations are made with regard to the open and insecure architecture predominant in ROS-Industrial deployments throughout its open source drivers. From interactions with the authors of [10:1] it was confirmed that the reported security issues were made generic on purpose, further highlighting the need for further investment on understanding the security landscape of ROS-Industrial setups.

Use case architecture diagram of an OT environment when augmented with a professional cybersecurity solution. Depicts the current landscape of OT environments when augmented with a security specific solution, namely Kaspersky’s Kaspersky Industrial CyberSecurity (KICS). KICS is able to monitor and detect security threats at the network level efficiently, complying with the demands of many industrial automation processes. However the robot endpoints, if present, are often left aside. As discussed in [12], “the lack of security has safety repercussions” and both manufacturers as well as industry-owners will need to apply a security-first approach.

More recent research [11] showed that while ROS is rapidly becoming a standard in robotics (including its growing use in industry), the commonly held assumption that robots are to be deployed in closed and isolated networks does not hold any further and while developments in ROS 2 show promise, the slow adoption cycles in industry will push widespread ROS 2 industrial adoption years from now. Authors at [11:1] claim that ROS will prevail in the meantime and they wonder whether ROS be used securely for industrial use cases even though its origins did not consider it. [8:1] Analyzes this question experimentally by performing a targeted offensive security exercise in a synthetic industrial use case involving ROS-Industrial and ROS packages. The scenario is configured following common OT and ICS practices (including segmentation, segregation and an overall hardening). The authors of [11:2] select one of the most common industrial robots with ROS-Industrial support and configure an industrial environment applying security measures and recommendations. The exercise results in 4 groups of attacks which all manage to compromise the ROS computational graph and all except one take control of most robotic endpoints as desired.

In order to analyze the security of the robotic endpoints Alias Robotics has considered 3 different attack vectors.

Attack vector 1: Process network insider

Detection of an incident as a result of an attacker leveraging RVD#1489 . KICS for Networks shows how after a previous training phase (“Learning” mode) and once it has entered its “Monitoring” mode, it successfully detects unexpected network attempts. The menu on the right allows to handle the status of the event and/or introspect the impacted assets or the network traffic involved.

Attack vector 2: Controller insider

Entry point of an attacker acting as a controller insider and illustrating how KICS get no visibility. The attacker could gain access to the controller by either a) exploiting existing and known vulnerabilities in the controller directly or b) moving laterally using previously mentioned flaws affecting networking exposed services.

Attack vector 3: Compromising the ROS network

ROS computational graph: The computational graph models the nodes executing tasks with their topics, services and other abstractions.

If you wish to learn more, read the complete case study here.

Conclusions

With RIS complementing KICS, robot controllers remained resilient to the same attacks, preventing any safety hazards

The results acquired through the research led Alias Robotics to conclude that the combination of the Robot Immune System (RIS, on each robot endpoint) together with the Kaspersky Industrial Cybersecurity (KICS) managed to jointly secure robot endpoints in OT environments.

KICS (and particularly KICS for Networks and Nodes) qualifies nicely as an industrial-grade solution to monitor environments with robotic endpoints; however beyond monitoring general industrial networks, additional security means must be used in combination with KICS to prevent robots from being compromised and cause safety hazards. Alias Robotics confirmed this with attacks targeting robot controllers and ROS networks. Alias Robotics also verified that the addition of RIS as a complementary solution successfully protects robot endpoints, mitigating the cybersecurity flaws of the selected robot endpoints and fulfilling the safety requirements.

From the research what is concluded is the following:

  • KICS for Networks successfully detects basic network attacks, even
    those targeting robotic endpoints if the attack uses a channel sensed by
    KICS.

  • KICS for Nodes hardens control stations successfully and prevents them
    from being affected by attacks. ROS can be embedded into such
    hardened-stations.

  • RIS enhancing KICS prevents attacks and protects robot endpoints.

  • RIS for UR protects the robot endpoints against targeted attacks and
    can be used in combination with KICS for securing OT environments with
    robot endpoints.

  • The protection of ROS networks requires an extension of KICS for
    Networks that grasp the complexity of the ROS API. RIS for ROS follows
    such an approach and delivers an alternative protection for control
    stations against targeted attacks.


  1. L. Alzola Kirschgens, I. Zamalloa Ugarte, E. Gil Uriarte, A. Muñiz Rosas, and V.Mayoral Vilches, “Robot hazards: from safety to security,” ArXiv e-prints, Jun.2018. ↩︎

  2. G. Lacava, A. Marotta, F. Martinelli, A. Saracino, A. La Marra, E. Gil-Uriarte, and V.M. Vilches, “Current research issues on cyber security in robotics,” 2020. ↩︎

  3. J. McClean, C. Stull, C. Farrar, and D. Mascareñas, “A preliminary cyber-physical security assessment of the robot operating system (ros),” in Unmanned Systems Technolo-gy XV, vol. 8741. International Society for Optics and Photonics, 2013,
    p. 874110. ↩︎

  4. G. Olalde Mendia, L. Usategui San Juan, X. Perez Bascaran, A. Bilbao Calvo, A. Hernández Cordero, I. Zamalloa Ugarte, A. Muñiz Rosas, D. Mayoral Vilches, U. Ayucar Car-bajo, L. Alzola Kirschgens, V. Mayoral Vilches, and E. Gil-Uriarte, “Robotics CTF (RCTF), a playground for robot hacking,” ArXiv e-prints, Oct. 2018. ↩︎

  5. T. Olsson and A. L. Forsberg, “Iot offensive security penetration testing.” ↩︎

  6. V. Mayoral-Vilches, L. U. S. Juan, U. A. Carbajo, R. Campo, X. S. de Cámara,
    O. Urzelai, N. García, and E. Gil-Uriarte, “Industrial robot ransomware: Akerbeltz,” arXiv preprint arXiv:1912.07714, 2019. ↩︎

  7. S. Rivera, S. Lagraa, and R. State, “Rosploit: Cybersecurity tool for ros,” in the 2019 Third IEEE International Conference on Robotic Computing (IRC). IEEE, 2019, pp. 415–416. ↩︎

  8. B. Dieber, R. White, S. Taurer, B. Breiling, G. Caiazza, H. Christensen, and A. Cortesi, “Penetration testing rros,” in Robot Operating System (ROS). Springer, 2020,
    pp. 183–225. ↩︎ ↩︎

  9. M. Quigley, K. Conley, B. Gerkey, J. Faust, T. Foote, J. Leibs, R. Wheeler, and A. Y. Ng, “Ros: an open-source robot operating system,” in ICRA workshop on open source
    sof-tware, vol. 3, no. 3.2. Kobe, Japan, 2009, p. 5. ↩︎

  10. F. Maggi and M. Pogliani, “Rogue automation: Vulnerabile and malicious code in industrial programming,” Trend Micro, Politecnico di Milano, Tech. Rep, 2020. ↩︎ ↩︎

  11. Mayoral-Vilches, V., Abad-Fernández, I., Pinzger, M., Rass, S., Dieber, B., Cunha, A., ... & Gil-Uriarte, E. (2020). alurity, a toolbox for robot cybersecurity. arXiv preprint arXiv:2010.07759.
    https://arxiv.org/pdf/2010.07759.pdf ↩︎ ↩︎ ↩︎