“Security should also not be an afterthought,” Curran says. “Ultimately every device connected to the Web should be password protected. It should not be connected with the default out of the box password. A long complex password needs to be set. All devices should be updated as soon as updates are released, just like best practice on PCs and tablets.”
Robot manufacturers should also release security updates once vulnerabilities are found, Curran says, “but the incentive is simply not there for them to do it much of the time.”
Examine how robots use data
Data security risks related to robotics can be addressed by examining how robots use and harbor data, and by evaluating how they can be hacked. But again, the outcomes from such analyses depend in large part on the type of robot in use and how it is being used, Atwood notes.
Much like the risk of other industrial controls systems, the risk of autonomous machines is the unpatched vulnerabilities and access to critical and confidential information within the environment, says
Jerry Irvine, member of the U.S. Chamber of Commerce’s Cybersecurity Leadership Council and CIO of IT outsourcing provider Prescient Solutions.
“These vulnerabilities can allow access to [business] critical systems and intellectual property,” Irvine says. He recommends that organizations implement secure access and authorization controls, limiting access to people who need it to perform their jobs. Another good practice is to segment autonomous machines from other networks to limit their digital footprint and accessibility to other systems and applications, he says.
One of the most important steps to ensuring strong security for robotics is to keep a close watch on them.
“Human stewardship of robot protocols and operating procedures, and human oversight of robots at work, must be maintained at a high level at all times for the foreseeable future,” Atwood says.
“These detailed oversight practices are important to prevent endangerment of people in work environments where robots operate,” Atwood says. “Hotel lobbies, factory floors, parking lots, warehouses, hospitals and our streets where robotic autos are emerging are all immediate front lines.”
Deciding who within an organization is responsible for robotics security is up to the individual enterprise. But in general because robots can transcend multiple areas of operations it should involve representatives from several groups, including IT and security management, operations, and even top senior managers.
“The board of directors and the most senior officers bear ultimate responsibility,” Overly says. “IT management and security management are on the front line, but senior management is, by law, the ultimate responsible party. They need to exercise reasonable business judgment in addressing these issues.”
The role of CISOs and CSOs in robotics security should be to oversee overall security policy and approach, but also to ensure that the board and senior management is adequately informed of any security-related issues and the efforts being made to address them, Overly says.
Sign up for CIO Asia eNewsletters.