Securing the playbook: safeguarding robotics in the AI-age

Image Credit: Unsplash (Image credit: Image Credit: Erhan Astam / Unsplash)

Last Sunday saw Super Bowl LIII, with the New England Patriots claiming the most Super Bowl victories in NFL history alongside the Pittsburgh Steelers. But it’s not just about the football – many tune into this global sporting event for the glitz, glamour, half time show and not forgetting, the advertisements.

Let’s briefly examine the adverts from this year’s event. The best ads were the “not brewed with corn syrup” ads from Budweiser Light.  The ads kept the popular “Dilly! Dilly!” concept going while cleverly weaving in Bud Light’s new “not brewed with corn syrup” theme. And the Bud Light take-over ad by HBO’s Game of Thrones was completely unexpected and captivating.

However, even when watching the Super Bowl, I couldn’t switch off from thinking about cybersecurity. So, I noticed just how many of this year’s Super Bowl ads related to the power and potential downside of artificial intelligence. 

AI’s portrayal at the Super Bowl

The most positive depiction of AI came with the ad for the Mercedes A class. The protagonist uses AI-backed voice recognition software to make his wishes come true, including swapping out the singer at an opera for Ludacris and freeing a whale in a ‘Free Willy’ fashion.  Although the Mercedes A class cannot make these dreams come true in real life, the voice recognition and AI can in fact free up the driver’s hands by making cabin temperature adjustments. It can also change the media that’s playing or altering the cabin lighting.

In contrast, other ads hinted at some of the potential risks that AI could bring. A good example here is the SimpliSafe home security ad where an anxious middle aged man worries that robots are going to take his job and that his smart speakers are “always listening”.  But, the ad that best exposes the risks of AI is the ad from Alexa showing some of the functions that didn’t make the cut, including a dog collar that let Harrison Ford’s pug order alarming quantities of dog food and sausage, while Harrison Ford is left looking on helpless.

Although done in a humorous spirit for a mass audience, the ad does point to the tangible down side of poorly designed, poorly secured and ‘always-connected’ AI-powered technology. Although an Alexa dog collar that allows Fido to order a tonne of dog food might seem funny, a manufacturing organisation that has its industrial robots hacked could face very serious consequences.

Image Credit: iStock

Image Credit: iStock

Protecting robots from cyberattacks

Recent reports have pointed to the risk of cyberattacks against industrial robots. These risks are increasing as more of these robots are being connected to the Internet and as the adoption of 5G encourages more connected automation. An attacker could potentially leverage unsecured privileged access to take control of a manufacturing robot and alter its movements so that it creates defective products. Or attackers could plant malware in the robots, forcing companies to pay a ransom before they can return to normal operations.

The risks are not strictly limited to the domain of manufacturing robots. Software bots are becoming increasingly popular as enterprises adopt Robotic Process Automation (RPA). RPA automates and standardises repeatable business processes with the use of software robots. These software robots interact with applications in the same way that a person does. While RPA delivers tremendous business benefits to organisations in terms of increased operational efficiency, it can come with some risks if not properly secured. For example, an attacker could compromise a highly privileged robot user account to gain access to sensitive data and move laterally within a network or a malicious insider could train a bot to destroy high-value data or interrupt key business processes.

I doubt that Amazon’s Alexa Super Bowl ad was supposed to send viewers down this line of thinking, but let’s hope that other vendors of AI powered technology will share the “not everything makes the cut” sentiment of this ad. In our software-defined world, the volume of attack vectors for hackers has significantly increased and there has never been a more critical time to ensure robust cyber security measures are in place in the world of software robotics.

David Higgins, Director of Customer Development EMEA at CyberArk

David Higgins

EMEA Technical Director, CyberArk.