Devices to facilitate specific tasks within industrial environments have been incorporated for some time now. The industry 4.0 aims to incorporate many more devices to give the maximum intelligence to the processes developed within these environments, robots and drones among others. It is clear that the drones and robots we find in industrial environments have nothing to do with those devices whose aim is to entertain people. Some of the characteristics to keep in mind of the robots and drones we find in the industry different from those sold to the public are the following:
- Industrial drones have specific features and a special equipment to perform tasks such as the maintenance of smart grids, ground recognition in hardly accessible uninhabited areas, longer time of autonomy, etc.
- Industrial robots have much greater power than robots found in the leisure market. Their objective is usually to perform specific tasks within an assembly line or they can be used as loading equipment to move heavy elements.
Drones are having a great impact within the new Industry 4.0 thanks to their usefulness and versatility in various industrial sectors like energy, transportation, civil engineering works, etc.
Regarding regulations applied to drones below 150 kg within the Spanish territory at the industrial level, drones are regulated by the General Regulation of Recreational Drones (regulación general de drones recreativos) governed by the State Air Security Agency (AESA - Agencia Estatal de Seguridad Aérea). The industrial operator handling the drone shall have a special license to fly, especially in restricted areas, issued by a specialised company, in addition to being previously authorised by the authorities regulating the air space in the area of operation.
Putting at risk third parties, interfering with civil air traffic or accessing critical infrastructures with restricted areas are three of the major risks which can arise at the industrial level. These dangers can occur if an attacker takes control over the drone.
A drone in the hand is worth...
The first thing we must bear in mind to implement security measures in our industrial drone is knowing it.
Mapping the equipment of a drone with the levels described in the ISA 95, explained in Evolving the ICS network infrastructure, we have:
- Level 1, E/S: Sensors and Actuators
- Airspeed sensor
- Video camera
- Level 2, Control
- Flight control
- Video receiver
- Receiver of telemetry data
- Level 3, Supervision
- Mobile/Tablet or PC with a flight software or remote communication of instructions
The protocols to communicate among the different components are:
- Level 1 and Level 2:
- Level 2 and Level 3:
- Telemetric link mainly through Wifi
-Drone protocols and attack vectors scheme-
Exposure is the main problem of these devices, since none of the network levels is isolated and any attacker can access the sensors and actuators. There are no wired communications like in traditional industrial networks, all communication channels are wireless. For this reason, the hardening of these communications must be the priority.
The main attack vectors identified are directed towards the control over the drone, its positioning and theft or impersonation of the data transmitted.
High risk involved in the following types of attacks:
- Man in the middle: mainly aimed at the communication between the control centre and the telemetric control. The telemetric control is a signal receiver, through Wifi generally, and a signal transmitter, under the Xbee protocol generally, and is used to set predefined flight plans, move the drone to a certain position, autopilot mode, etc.
- Denial of Service: aimed at all channels or sensors of the drone.
- Communications sniffing and forwarding or injection: allows obtaining information on unknown protocols and trying to inject in the channel partial collections observing the effects; this would affect the communications controlling the drone. They may be aimed at the audio and video channel, putting at risk the integrity of the data.
- Impersonation of GPS or Denial of the GPS service: saturation of the GPS channel with false data to try to affect the drone flight plan or make it send an incorrect position to the control centre.
At present, protocols with a recognised standard, such as 802.11, are quite robust; we only need to configure them with strong passwords and the best possible encryption level, like WPA2.
For proprietary protocols, like Xbee, a correct updating policy and our own test bed are the key to improve cybersecurity.
Depending on the level of criticality of our assets or the work configured in our drone, adding additional security layers must be considered, such as password policies or password managers, encryption and decryption hardware devices, or additional authentication methods for GPS signals.
We do not need to explain that attacks like those previously mentioned can have a great impact at the industrial level, producing economic losses, damages within infrastructures, loss of human lives, etc.
Industry 4.0 makes us think of robots with a higher level of autonomy, with high mobility, both in the plant and geographically, as well as in devices capable of totally changing their work role depending on the specific needs of the industry.
Robots must not only be able to develop their work in an efficient and reliable manner, but they are also required to interact with the environment and actively cooperate with human operators.
A robot is indeed an industrial device, and in the eyes of a control engineer it is a set of actuators, sensors and processors that execute actions or instructions generated by a programme or strategy. Depending on its complexity, the number of actuators and/or sensors increases, as well as the need for computational capabilities.
The evolution of these robots towards industry 4.0 involves a huge increase of complexity, making therefore the attack surface bigger.
- Attacks affecting Availability: Produce a sudden shutdown or interruption of the robot, due to a DoS or DDoS attack. Minimizing the access points to the robot control, implementing measures limiting the number of connections to the robots and actions that could be performed from it are recommended. In addition, it is advised to use management mechanisms of robust passwords and limit the operations that can be carried out remotely, even forcing that some operations are done through a point-to-point specific connection.
- Attacks affecting Integrity: Involve the modification of behaviour, for example any intrusion that allows an attacker to change the strategy or programme of the robot. The modification can be so subtle as a behavioural alteration upon an event detected by a sensor, or the control of audio or video sensors, turning the robot into a perfect spy. It is necessary to control all sensors and actuators involved in the robot unit, used protocols, protect the channel as much as possible against interferences or channel saturation, as well as restricting exposure to the environment to the maximum extent, using when possible robust encryption.
- Attacks affecting Confidentiality: Their aim is to impersonate the control of the robot itself –taking full control over it– or a node of the command chain accepted by the robot. It is recommended to always make a controlled use of accesses through role groups for the exact number of necessary services to execute the work in the robotic device and deny access to the rest. Having secure and encrypted connections for the different operations, in addition to using authentication certificates and a secure management of passwords.
The maintenance of all these measures and an updating plan controlled under a strict security policy is the key for the hardening of our robotic system.
There are several regulations affecting these devices, such as Royal Decree 601/2016 for drones in Spain; however, one of the shortcomings we are faced with is that all of them regulate the physical security, but there is no regulation regarding logic security.
Analysing the actual weight of our assets and assessing all risks that our new drones or robots may be exposed to is essential in the new Industry 4.0 era.
The decision about a technology or the election of a hardware or software device must be taken based on a preliminary study –both of strengths and weaknesses– of all aspects, included those regarding cybersecurity.