By Eric Jensen, Head of IoT Product Management at Canonical – the company behind Ubuntu
Building a robot is like a game of technical dominos, with individual components combining to create something new and exciting. One chink in the chain, however, and the big picture can be spoilt. This domino analogy also relates to the robotics industry as a whole. Both businesses and consumers are getting to grips with the potential of machines – in healthcare, retail and agriculture – meaning one issue could have a ripple effect and stunt uptake in robotics before it ever gets going. One of the biggest weaknesses remains the Internet of Things (IoT), which allows smart machines to communicate and process data at the edge. Without a secure IoT, robotics will always be vulnerable, and its potential never fully realised.
The IoT is now a mainstream concept, but it remains a taboo where security is concerned. That’s because as the market for connected devices grows, so too do the points of vulnerability; access points multiply; and security concerns skyrocket in turn. As a result, trust in IoT is precarious. Gemalto found that ninety per cent of consumers now lack confidence in connected devices. And these concerns are more than valid, as nearly half of companies are unable to detect when an IoT breach occurs, and only 15 per cent of budgets are earmarked for IoT security specifically.
Still, the future of robotics rests firmly on the shoulders of IoT. Robots act as one part of intelligent ecosystems: they depend on the IoT to link various sensors and smart metres, pass data to and from third parties, and increasingly allow machines to ‘understand’ the world. The self-driving car, for example, is a robot orchestrated by various smaller devices and smart sensors. In fact, robots are being created to tackle every conceivable problem. Take the Google-funded RangerBot – an underwater machine designed to track down one species of starfish responsible for coral reef destruction, or Small Robot Company, a start-up tackling farming deficiencies with bots that autonomously feed, seed, and weed arable crops.
Rising levels of sophistication within robotics, however, goes hand-in-hand with more targeted and damaging attacks. Telesurgery uses robotics to help surgeons perform procedures remotely – a malware bug in this scenario could mean the downing of tools, threatening the patient’s life. Researchers at Brown University proved how easy it is to hack robots – the industry will simply not be sustainable without the backing of a secure, connected IoT network.
Robot manufacturers, therefore, must build with a ‘security-by-design’ mindset. This begins by selecting a robust operating system from the outset – secure now, but also ready for future market demands. Hackers are constantly evolving their activities and businesses must be flexible in their approach to security, shedding the old hardware-centric view of IoT security. Software can no longer end when a device is shipped. It must align to the lifespan of a robot and be able to update whenever there is a potential flaw. The world of mobile took many years to get to grips with this – robotics and IoT developers should learn from their mistakes.
One way developers can safely build and secure software is through snaps – containerised software packages, an open platform for building and publishing applications to an audience of millions. If a security vulnerability is discovered in the libraries used by an application, the app publisher is notified so the app can be rebuilt quickly with the supplied fix and pushed out. This allows for developers to stay focused on innovation while ensuring the longevity of robotics hardware.
It remains unclear where the onus lies for IoT security, with nobody holding anyone else to account. Market constraints often prevent device makers from putting more budget than what is absolutely necessary into design security, when there is so much pressure to innovate ahead of competitors. But it’s no secret that we need to do better when it comes to regulation. The IoT Code of Practice in the UK introduced last year was a good start; however, it’s still not compulsory for companies to adhere to it. Similarly, the Cybersecurity Act in the EU remains leaves compliance largely voluntary. It may be that binding government legislation, where there are serious financial consequences for negligence, is the only remedy. This would make it impossible for companies to turn a blind eye to security.
When people think about robotics, innovation will always trump the more mundane aspects of software security and maintenance. However, if the industry is to succeed and make a real impact on society, both manufacturers and technology suppliers must not ignore the basics. Every industry goes through a process of maturity when it first moves from theory to practice. Robotics is still in its infancy, meaning time is still on the side of those championing a more robust security framework. Without it, robotics and the IoT risks tearing down the foundations that have only just been built.