Who takes responsibility for hacked robots? In Germany, this does not seem to be clearly clarified in companies, as a recent Kaspersky study [1] shows. According to the study, 61 per cent of employees state that it is unclear who would take responsibility in the event of a robot failure. This lack of clarity about responsibilities can have serious consequences; half (51 per cent) of the employees assume that the recovery of such robots will take at least several weeks.
Robots increase production efficiency on the one hand, but also pose risks in terms of cyber security and reliability on the other. In this context, it is unclear who assumes the actual liability. More than half (61 per cent) of the respondents in Germany, for example, say that it is unclear who ultimately assumes responsibility when robots fail due to equipment malfunction or as a result of a cyber attack. This is also one of the reasons why employees are not willing to hand over management positions to robots: only 14 percent would be willing to let an AI robot manage a production process.
In general, the Kaspersky study shows that employees are aware of possible cyber security risks – but there seems to be a lack of appropriate precautions in the event of an attack. Only ten percent are of the opinion that deactivated robots could be repaired immediately in the event of a cyber attack. About a quarter (22 per cent) assume a few days; half (51 per cent) assume that recovery would take a few weeks or even longer.
“Many employees have mixed feelings when it comes to assessing robot protection,” summarises Andrey Suvorov, head of the KasperskyOS Business Unit. “They are sure that there is a need to pay more attention to their security, and are sceptical about how quickly a robot can be up and running again after a cyber incident. We are well aware of the concerns about the proper functioning and protection of modern industrial IoT systems, which contain a variety of complex smart devices. That is why we offer cyber-immune solutions to protect individual company units or even the entire IT system. These make industrial robots, ICS machines or autonomous vehicles immune to most cyber attacks without the need for security tools. For example, Kaspersky IoT Secure Gateways protect the IT system, collect data at the field level and securely transmit it to digital platforms, providing a complete and reliable picture of assets and production processes.”
Kaspersky recommendations for protecting robots
- Conduct regular security assessments of OT systems to identify and remediate potential cybersecurity issues.
- Implement continuous vulnerability assessment and triage as the basis for an effective vulnerability management process. Dedicated solutions such as Kaspersky Industrial CyberSecurity [2] support this and provide actionable information that is not so publicly available in its entirety.
- Always update critical components of the company’s OT network and install fixes and patches.
- Implement industrial EDR solutions such as Kaspersky Industrial CyberSecurity for Nodes [3] with EDR for early detection, investigation and effective remediation of incidents.
- Conduct dedicated OT security training for IT security teams and OT personnel to educate them on malicious methods and tactics used by cybercriminals.
The full Kaspersky study, The Future of Jobs, is available at https://media.kasperskydaily.com/wp-content/uploads/sites/101/2022/12/15212601/Report_The_Future_of_jobs_final.pdf
[2] https://www.kaspersky.de/enterprise-security/industrial
[3] https://ics.kaspersky.de/products/#tab-2
Useful links:
– Kaspersky study “The Future of Jobs”: https://media.kasperskydaily.com/wp-content/uploads/sites/101/2022/12/15212601/Report_The_Future_of_jobs_final.pdf
– Kaspersky ICS: https://www.kaspersky.de/enterprise-security/industrial
