Robotics landscape is experiencing big changes. Robots are spreading and will soon be everywhere. Systems traditionally employed in industry are being replaced by collaborative robots, while more and more professional and consumer robots are introduced in people's daily activities. Robots are increasingly intertwined with other facets of IT and envisioned to get much more autonomy, interacting physically with humans. We claim that, following Personal Computers (PCs) and smartphones, robots are the next technological revolution and yet, robot security is being ignored by manufacturers. The present paper aims to alert about the need of dealing not only with safety but with robot security from the very beginning of the forthcoming technological era. We provide herein a document that reviews robot hazards and analyzes the consequences of not facing these issues. We advocate strongly for a security-first approach as a must to be implemented now.
Robots are not new: they have played a big role in manufacturing, medicine, warehouse operations, and other industries for years. However, robotics, as a field, is experiencing big changes. Robots are morphing due to a confluence of mighty processing power, artificial intelligence, natural language processing and exponential data growth. These machines are spreading and will soon be everywhere. Robots traditionally employed in industry are being replaced by collaborative robots, while more and more professional and consumer robots are being introduced in our daily activities. They are already present at medical and health institutions, airports, offices, shopping centers, restaurants and many homes. Moreover, robotics is becoming increasingly intertwined with facets of IT such as the cloud, mobile devices and the Internet of Things (IoT). And, unlike traditional robots, the coming generation of these machines is being envisioned and designed to gain more autonomy. There is a growing consensus on that advances in AI will enable robots to move freely in unstructured environments.
It was only back in the 90's when both personal computers and the use of internet was democratized and those technologies' insecurities became more than evident for the general public: Neither the internet nor computers where conceived to be secure. Suddenly, producers had to admit their products' vulnerabilities and flaws and find mechanisms to protect them from an increasing array of external threats. Right until then, companies had rushed their products to the market taking advantage of the hype but without paying any attention to the forecoming consequences. Something very similar is happening now with robots. The growth of certain robots such as collaborative robots (cobots) in industry
Robots have to be protected as they go mainstream, connected and free. In order to be secure, reliable and safe. Nowadays, experts across both the robotics and cybersecurity fields do admit that security issues are already on the table of internal discussion among manufacturers and end-users of robots. However, robot makers take the chance of a fast-growing market and rush their products into it without giving an adequate consideration to security. Not enough attention is yet being given to well-known security issues that did already prove to be devastating at the edge of other technological revolutions, such as the spread of commercial computer networks.
Without rushing into any kind of Skynet, we find it extremely necessary to create public awareness on the need of dealing not only with safety but increasingly with security of robots, from the very beginning of this robotic revolution. In order to do so, we provide herein a complete review of the most relevant robotics malfunctions, analyze downstream societal implications of those and provide a conclusion.
Robots have worked in industry for a long time. The first installation of a cyberphysical system in a manufacturing plant was back in
From the eighties until nowadays: traditional robots in industryToday we are facing an upward trend of connectivity in most moments of our lives including robot-human and robot-robot interactions, what makes them a hot spot for cyber attacks. While robots leave industry to live and interact with humans, all of us start to be increasingly exposed to greater risks caused by hacked robots anywhere.
The first time an industrial robot killed a human was in 1979. Robert Williams, a 25-year-old factory worker in a Ford Motor Company casting plant in Flat Rock, Michigan, was asked to scale a massive shelving unit to manually
These two cases were the beginning of a horror story starred by killer robots which lasts until these days. Decades later after the beginning of the use of robots in industry, reports of human deaths caused by robots feel even more commonplace. Although many fences and safety measures are in place, dramatic accidents still prevail. According to data from 2014 distributed by the
Studies underline that the described cases are not exceptional. In fact, there are several recent reports stating that industrial robots are linked to thousands of accidents per year around the world. A work published in 2013, for example, stated that, only in Germany,
From now on: free-roaming and connected robots spreading everywhere
There is a growing consensus that, in the next decade, advances in AI will make it increasingly possible for robots to freely move in unstructured environments. On the other hand, robotics is becoming intertwined with facets of IT such as the cloud, mobile devices and the Internet of Things (IoT). Related to these contact, further than only thinking of how the machine may affect the environment (safety), there is a new concern on how external factors can affect the machine itself first, this is, change its behavior, leading to a situation were the robot may (re)act in a negative way. As
"New" industrial robots, collaborative robots
In the last years, as outlined in the introduction, a new kind of robot is spreading in manufacturing plants. Unlike traditional robots, the coming generation of these machines is being envisioned and designed to get much more autonomy and operate alongside humans. These new industrial robots that are being featured at the core of Industry 4.0 are the collaborative robots, commonly known as
The growth of these robots on industrial applications resembles other past disruptive changes and provides a direct answer to what many are already demanding: a switch from mass manufacturing to mass customization. Most of these robots provide easy-to-configure mechanisms via simplified user interfaces that abstract the final user from complex programming languages. Yet, although these simple mechanisms reduce the probability of operating these machines unsafely, they are not error-free. As
Collaborative robots are here to stay. Based on our observations, we claim that following after Personal Computers (PCs) and smartphones, cobots are the next technological revolution that will change many industrial operations. And yet, how long until the unsecurity of these devices causes damage that forces manufacturers to act? Would robot companies acknowledge that security has critical implications for safety? These new robots in industry will be connected to network, being more vulnerable to be hacked. And, in an industrial setting, a hack meant to simply disrupt a system could end up affecting the quality of an entire line of product or even provoke the halting of a manufacturing run completely, costing millions of dollars. Moreover, a hacked robot in a business or industrial setting could also be used to access other robots sharing the same network and configuration. As stated by
Like Universal Robots, many robotic companies have indeed a complicated landscape. These collaborative capabilities, while for now, mainly, developed and applied in industry will soon reach other areas and applications. The principles of collaborative robots will soon be reused in other areas such as healthcare as well as in a wide range of professional tasks involving cleaning, cooking or storing. All connected.
A professional robot is a service robot used for a commercial task, usually operated by a
In this segment, surgical robots have now taken a relevant position. For instance in medicine, an area where reliance on security seems substantially critical. But this growth is already showing downsides. As a study carried out in 2014 by researchers at the University of Illinois at Urbana-Champaign, the Massachusetts Institute of Technology and Chicago's Rush University Medical Center stated, over a 14 year period (2000-2013), at least 144 deaths and more than 1,000 injuries related to surgical use of robots were detected
Furthermore, security surveillance is another professional niche were collaborative robots are being implanted. And together with some positive aspects, the negatives are also emerging. Back in 2016, for example, a robot acting as a security guard knocked down and injured a toddler for still unknown reasons. And the robot, called Knightscope K5, a five-foot, 300-pound robot that had begun trials in the mall the year before,
Consumer sector robot
Roomba will not be home alone soon. In the next years a greater number of increasingly sophisticated robots are expected to be used for diverse tasks by individual clients, including not only chores, but communication, entertainment or companionship. Consumer robots are personal service robots used for a non-commercial task, usually by
Apart from the need of making them secure and privacy respecting, household robots pose other specific challenges to robot manufacturers and researchers. Back in 2009 already, a team from the
Into a new era of hacked robotsSafety cares about the possible damage a robot may cause in its environment, whilst security aims at ensuring that the environment does not disturb the robot operation. Safety and security are connected matters. A security-first approach is a must to ensure safe operations.
From industry to consumer robots, going through professional ones, most of these machines are not prepared for cyber-threats and security vulnerabilities. Manufacturers' concerns, as well as existing standards, focus mainly on safety. Security is not being considered as a relevant matter. The architecture of many of these robots is actually the greatest example of how little security has been considered. A simple way to understand this lack of concern appears when looking closely at robot architectures nowadays. Most, include at least two differentiated networks: an external one, meant to be used by end-users for operating the robot, which usually is less protected than it should; and an internal one, where sensors, actuators and other components within the robot exchange information and cooperate putting together what the robot is: a machine composed by distributed hardware and software components governed by a controller that requires access to the information from all these devices. External networks do typically include some sort of encryption, authentication and integrity mechanisms however, internal networks are often unprotected. Not even a simple authentication check is required, what means that anyone with physical access to the robot could potentially access this internal network and disrupt the robot behavior completely.
Safety has been accounted for, partially at least. Unfortunately, the lack of security has safety repercussions. We are about to dive into a new era of hacked robots. Those manufacturers that learn to apply a security-first approach will have a competitive advantage.
Consequences of not protecting robots in this new era
Robots being unprotected, unsafe, insecure and/or not private leads to multiple outcomes, all affecting companies negatively. The cases documented in the previous section serve as a brief glance at the real and practical consequences of not considering security a major issue. Fact is that not enough attention is yet been given to well-known security issues that did already prove to be devastating at the edge of other technological revolutions, such as the spread of commercial computer networks and the internet use. Sadly, nowadays, we see robot makers taking the chance and rushing their products to market without giving adequate consideration to security. Moreover, it is common for manufacturers lacking good security practices to not know how to deal with vulnerability reports. Most of them probably do not even have an effective procedure in place to handle reports, and neither to provide security fixes to customers. If lessons are not learned and robot manufacturers fail to take a security-first approach now, it may haunt them soon. In the following analysis of some of the resulting unfavorable effects, we have chosen three thematic points: Human loss and injuries, data theft and privacy issues, and the destruction of the corporate image. Yet, there is one dimension that intersects with all of them: the economical one.
Human loss and injuries
The effects of not taking safety and security seriously enough are visible and devastating since the very beginning of robots’ implantation in different industrial scenarios back in the eighties. Dead or severely injured humans have been and still are the most dramatic result of unsafe and uncontrolled robots. In terms of business, those are the effects hardest to hide too. Ergo, the most expensive ones, both directly and indirectly. Because, once gone public, the derived huge lawsuits and fines are almost irremediable. Even the first case of a robot killing a man, back in 1979 in Michigan, illustrates this idea, as it was the starting point for the extensive history of fines and lawsuits paid by companies in those cases where incidents with robots reached trials. In William’s case, the jury agreed that not enough care had been put into the design of the robot to prevent a death like this. His family won a 10 million dollar lawsuit for his wrongful death from Unit Handling Systems, the manufacturer that designed
Not investing enough resources, time and effort into protecting workers from robots has costed companies lots of money. The latest of the known and available cases goes back to
Data theft and privacy issues
Following an economical narrative of the consequences of not paying enough attention to security, it needs to be highlighted that companies do also fear loss or theft of information. When a computer stores information, there always is a risk of exposure, accidental or desired, when some hacker or criminal breaks in and steals data. Robots are storing data that could be accessed and stolen. Furthermore, companies could be extorted with this data in exchange. Privacy issues, such as the legal consequences of customers’ data leak or misuse by third parties have also been put on the table recently. Lawsuits filed by clients and end users, or even by manufacturers, will be growing awareness around privacy and its importance rises. Moreover, as it already happened at the beginning of the PC era, robots are introducing complex privacy and security issues that may not have been considered enough yet. While if a PC is hacked, data loss and identity theft are the potential results, robots melding advanced technology with mobile capabilities that could get compromised have the potential of doing serious physical damage to people and property around them.
Destruction of the corporate image
Corporate image is generally defined as the mental picture that springs up at the mention of a firm's name. It is the public perception of the company, a composite psychological impression that continually changes with the firm's circumstances, media coverage, performance, pronouncements, etc. The corporate image is something fluid that can change overnight from positive to negative and the other way around to neutral. Large firms but also SME's use various corporate advertising techniques to enhance their image in order to improve their desirability as a supplier, employer, customer, borrower, etc.
Incidents and troubles like the documented in this work have a great impact in the involved firms’ public perception. This is why history shows that every company involved in issues with their robots tries to avoid its impact in the public sphere at almost any cost. When journalists do their job insisting and researching and the problems are communicated or leaked to media, insecurity affects the companies image. Both internally –among employees– and externally –among customers, policy makers, investors–. This has happened in almost every documented case in the industrial sector. When the Kawasaki factory worker was killed by a robot back in 1981, details of the accident were not revealed until December, at least 5 months after, by the Labour Standards Bureau of Hyogo prefecture, in western Japan. But even back in 2015, in the age of communication and preached transparency, it took Volkswagen's communication department more than ten days to openly admit that a robot killed a worker in one of their plants. To be precise, and according to the local newspaper Hessische Niedersächsische Allgemeine Zeitung (HNA), the multinational did only speak up when the journalists
The consequences for the corporate image of the firm going trough a situation like this can be a disaster in terms of Public Relations (PR). Following with the same example, immediately after the Volkswagen incident was revealed, and at a great speed, news around the world became fraught with the case of a worker being killed by a robot in a car factory. The story was picked up in the Washington Post, CNN or even in Daily Pakistan. Shortly thereafter, the American company HBO planned to shoot a documentary entitled 'Asimov's Law' on the relationship between humans and robots, which is to be out in 2019.
We are witnessing the dawn of robotics. But lessons should be learned from previous technological revolutions, such as the computer industry or the smartphone revolution. We aim to create awareness about the need of caring not only about safety when deploying a robot, but also enforcing strong security in robots. Particularly, we foresee cobots as the rising point of are the robotics technological revolution, called to change many industrial operations but also to influence greatly the professional and consumer sectors. In this context, we find extremelly relevant to promptly alert about the imperative of ensuring a security first approach now, before new devices continue being irresponsibly rushed to the market by a number of companies. Likewise, we encourage all sides involved to develop both internal and external policies aimed at the adequate management of some of the safety and security issues highlighted throughout this document.
How long will it take until manufacturers notice the damages that the unsecurity of these devices may cause and act? Consequences of not facing the problem range from data theft and privacy issues, or destruction of the corporate image, to human loss and injuries, beyong their implications within any economical dimension. And yet, it seems decisive to remind that, in a world where IT and robotics are increasingly intertwined, safety and security are necessarily tightly coupled. A security-first approach is a "sine qua non" requisite for ensuring safe operations with robots.
Robot hazards are a reality and concerns are already moving from safety to security.