Failing at the first hurdle: How IoT security risks derailing robotics before it ever goes mainstream
2019 is a big year for robotics, as we are seeing the expansion of automation technologies into new markets. But with IoT security still a weak spot, one major attack within robotics could have a domino effect on the entire industry, says Eric Jensen, head of IoT Product Management at Canonical – the company behind Ubuntu. Add to this the verticals that robots are beginning to infiltrate – healthcare and agriculture for example – and the threat becomes immediate and very real.
IoT is an established concept and connected devices are now mainstream. Still, its full potential has not been realised, as growth has been stunted by security concerns and other factors. Paradoxically, as the market grows, vulnerability points multiply and security risks skyrocket.
As a result, confidence in the Internet of Things (IoT) drops year-on-year. 90% of consumers lack confidence in connected devices, according to recent a survey. These concerns are more than valid, as nearly half of companies are unable to detect when a breach occurs, and only 15% of budgets are earmarked for IoT security.
Robotics’ future rests on IoT
And yet, the future of robotics rests firmly on the shoulders of IoT. Robots act as one part of intelligent ecosystems: they depend on the IoT to link various sensors and smart metres, pass data to and from third parties, and increasingly allow robots to ‘understand’ the world. The self-driving car, for example, is a robot orchestrated by various smaller devices and smart sensors.
In fact, robots are being created to tackle every conceivable problem. Take the Google-funded RangerBot – an underwater machine designed to track down one species of starfish responsible for coral reef destruction, or Small Robot Company, a start-up tackling farming deficiencies with bots that autonomously feed, seed, and weed arable crops.
Rising levels of sophistication within robotics, however, go hand-in-hand with more targeted and damaging attacks. Telesurgery uses robotics to help surgeons perform procedures remotely – a malware bug in this scenario could mean the downing of tools, threatening the patient’s life. Researchers at Brown University proved how easy it is to hack robots – the industry will simply not be sustainable without the backing of a secure, connected IoT network.
Robot manufacturers, therefore, must build with a ‘security-by-design’ mindset. This begins by selecting a robust operating system from the outset – secure now, but also ready for future market demands. Hackers are constantly evolving their activities and businesses must be flexible in their approach to security, shedding the old hardware-centric view of IoT security. Software can no longer end when a device is shipped. It must align to the lifespan of a robot and be able to update whenever there is a potential flaw. The world of mobile took many years to get to grips with this – robotics and IoT developers should learn from their mistakes.
One way developers can safely build and secure software is through snaps – containerised software packages, an open platform for building and publishing applications to an audience of millions. If a security vulnerability is discovered in the libraries used by an application, the app publisher is notified so the app can be rebuilt quickly with the supplied fix and pushed out. This allows for developers to stay focused on innovation while ensuring the longevity of robotics hardware.
It remains unclear where the onus lies for IoT security, with nobody holding anyone else to account. Market constraints often prevent device makers from putting more budget than what is absolutely necessary into design security, when there is so much pressure to innovate ahead of competitors. But it’s no secret that we need to do better when it comes to regulation.
The IoT Code of Practice in the UK introduced last year was a good start; however, it’s still not compulsory for companies to adhere to it. Similarly, the Cybersecurity Act in the EU remains leaves compliance largely voluntary. It may be that binding government legislation, where there are serious financial consequences for negligence, is the only remedy. This would make it impossible for companies to turn a blind eye to security.
Risk to industry’s reputation
For robotics to progress, IoT security needs to be addressed, and fast, before the reputation of the entire industry suffers a permanent setback. Innovations often outpace the more mundane aspects of technology, and the new age of robots is no different. Every industry has a journey to maturity that involves taking security seriously, among other things. For robotics, that time has come. Failing to start robotics projects on the right software foundations will see confidence continue to drop, stunting the rate new solutions are created.
The author is Eric Jensen, head of IoT product management, Canonical