In the future, industrial robots may create jobs, boost productivity and spur higher wages. But one thing seems more certain for now: They’re vulnerable to hackers.
Factories, hospitals and other big robot users often lack sufficient levels of defense against a digital attack, according to cybersecurity experts, robot manufacturers and engineering researchers. The risk levels are rising as more robots morph from being offline and isolated to being internet-connected machines, often working alongside humans.
“There’s no concept of antivirus for your robot. It just doesn’t really exist yet,” says Yossi Naar, a co-founder of Cybereason Inc., a Boston-based company that provides cybersecurity services for connected devices. “So protection tends to be very lax to nonexistent.”
Robot makers and buyers have become increasingly aware of their cyber risk. Groups like the Geneva-based International Organization for Standardization, a federation of national standards bodies, are studying the cyber risk for robots.
“Our world of robotics has been waking up to the notion of cybersecurity,” says Roberta Nelson Shea, global technical compliance officer at Denmark-based Universal Robots, which makes industrial robots. “The greater the connectivity, the greater the risk.”
Despite decades of automation, companies have seen little reason to boost cybersecurity because the robotic workforce has so far avoided a major hacking incident—largely because most robots weren’t connected to the internet for much of that time.
But the forthcoming next-generation 5G wireless networks—with speeds up to 100 times faster than most current data networks—are expected to encourage more connected automation in “smart” factories in the coming years.
Even on current network speeds, companies are connecting their robots to the internet because doing so makes it possible to back up programming, install software updates or send real-time data back to a home office.
“Historically those robots have been stand-alone, and you’ve personally had to be on the factory floor to make a change in their programming, so the risk to cybersecurity was quite low,” says Carole Franklin, director of standards development for the Robotic Industries Association, a trade group. “But now we’re connecting everything, so suddenly we have to be thinking about this.”
Cybersecurity experts say hackers, if successful in their attacks, could gain control of robots, altering their movement in such a way to create product defects. They could also implant ransomware into the robots, forcing companies to pay a sum to remove the malware.
Some experts, however, argue that the complexity of robots works in their favor against the threat of hacking, in contrast with personal computers.
One advantage the robots have over other potential hacking targets: their price. The machines often cost tens of thousands of dollars, if not much more, meaning hackers—for now—can’t easily obtain an industrial robot to dissect and study for cyber infiltration.
But prices will eventually fall and industrial robots will become more widespread, bolstering the need to fortify cyber defenses before that time comes.
“The likelihood it can be done is high,” says Howard Chizeck, a University of Washington professor of electrical and computer engineering. Mr. Chizeck in 2015 led a team that hacked an internally developed, teleoperated surgical robot, demonstrating such cyberattacks were possible.
“They are all vulnerable unless steps are taken to make them non-vulnerable,” Mr. Chizeck says.
In a 2017 report called “Rogue Robots,” Tokyo-based cybersecurity firm Trend Micro Inc. found more than 83,000 industrial robots were exposed to the public-facing internet, via servers or industrial routers that manufacturers installed for remote monitoring and maintenance.
“There does need to be a new sense of urgency,” says Mark Nunnikhoven, Trend Micro’s vice president of cloud research. “We should be moving faster.”
The proliferation of industrial robots is already under way. Global industrial robot sales doubled over the past five years, reaching 381,000 units and $16.2 billion, according to the International Federation of Robots, an industry association. Automation could displace 400 million jobs world-wide by 2030, or roughly 15% of the global workforce, according to a 2017 report by the McKinsey Global Institute.
“Overall, we expect continued adoption of robotics in the workplace,” says Michael Chui, a McKinsey Global Institute partner.