In modern factories, "controlled" manufacturing systems, such as industrial robots, CNC machines, or 3D printers, are often connected in a control network, together with a plethora of heterogeneous control devices. Despite the obvious advantages in terms of production and ease of maintenance, this trend raises non-trivial cybersecurity concerns. Often, the devices employed are not designed for an interconnected world, but cannot be promptly replaced: In fact, they have essentially become legacy systems, embodying design patterns where components and networks are accounted as trusted elements. In this paper, we take a holistic view of the security issues (and challenges) that arise in designing and securely deploying controlled manufacturing systems, using industrial robots as a case study--indeed, robots are the most representative instance of a complex automatically controlled industrial device. Following up to our previous experimental analysis, we take a broad look at the deployment of industrial robots in a typical factory network and at the security challenges that arise from the interaction between operators and machines; then, we propose actionable points to secure industrial cyber-physical systems, and we discuss the limitations of the current standards in industrial robotics to account for active attackers.
Security of controlled manufacturing systems in the connected factory: the case of industrial robots
Journal of Computer Virology and Hacking Techniques, February 2019
© Springer. Personal use of this material is permitted. The definitive version of this paper was published in Journal of Computer Virology and Hacking Techniques, February 2019 and is available at : https://doi.org/10.1007/s11416-019-00329-8
PERMALINK : https://www.eurecom.fr/publication/5816