Meet Endika Gil-Uriarte, CEO of Alias Robotics, which is a Spanish startup specialized in robot cybersecurity. Trained in Biological Sciences, Endika is a former researcher associated with several most prestigious Universities and Research Centers in Spain and Germany.
His exposure in biological sciences led him to transfer his know-how to the development of RIS, touted to be the Robot Immune System that protects robots from cyber-attacks. Endika is also a well-known panelist at robotics and cybersecurity discussions and advises international standards, such as ISO TC299 (Robotics).
I had a chance to interview Endika, and we spoke about some of the pressing issues in the cyber world. Of course, the email conversation centered around RIS that mimics the human immune system to adapt and identify novel threats before they hit robots. You can read more in the complete interview below.
In a recently published report, Alias Robotics has disclosed numerous security vulnerabilities in autonomous mobile robots used to disinfect hospitals in the COVID-19 crisis. The company alleged that leading robot manufacturers, including a top Danish company that sold more than 10,000 ultraviolet ray disinfection units, ignore cybersecurity issues, putting people working nearby at risk. What are the common vulnerabilities or bugs that endanger the end-users today?
There are tons of cybersecurity issues affecting robots, and the types are varied (Default credentials, weak data encryption, OS command injections, Buffer overflows, missing authorizations, etc.), but there’s something in common for all, the disasters to be suffered are on the shoulders of the end-users. Our Robot Vulnerability Database has some of these publicly available. We keep a private record for our customers that is much more extended, of course.
How do they pose disastrous consequences to the patients and hospitals? Can you give us some examples?
The difference with classical IT vulnerabilities and robotics is the fact that some of these bugs can affect the safety of end-users. For example, an attacker gaining control over a disinfection robot could radiate with UVC light (extremely mutagenic, thus carcinogenic) patients in a waiting room or run over people into corridors and crash into hospital beds, etc. We have proved this in several of our videos. You can watch one below:
Alias Robotics has developed a solution “RIS,” which you call “the first vaccine for robots.” It is a software, much like the human immune system that can adapt to the robot behavior and protect robots against cyber-attacks. How does it work? What are the features? Can you tell us more?
RIS (which stands for Robot Immune System) is a software solution that protects robots and robot components against cybercriminals. Inspired by our human immune system in a solution that “lives inside” the robots and delivers an integrated suite of protection technologies in each robot that adapts to each robot’s operation intelligently.
RIS protects each robot deployment inside-out, and it is formed by five modules inspired by immune layers: Firewall (SKIN), Hardening (Innate Immunity), Logging (Immune memory), AI-based threat detection (Adaptive Immune System) and Visualization that gets integrated into the robotic system. The excellent news is that RIS is exceptionally offered free of charge during the pandemic for robots in healthcare environments.
Cybersecurity in robotics is becoming a big issue these days due to various factors, such as increasing demand for cloud, AI and machine learning, insecure communications, authentication issues, weak default configuration, etc. Can regulations reassure cybersecurity? As a thought-leader, what do you propose?
We advocate for security-by default as a means of avoiding the burden of introducing later on security aspects, which is always costlier. In robotics, alike other domains of IT, security was a historically discarded aspect that no longer holds with the advent of connectivity (IoT, industry4.0). Regulation wise in robotics, we are observing that this is very domain-specific and geographically varied. International robotics standards, to which Alias Robotics contribute actively, have gradually moved from standpoints discarding cybersecurity aspects to other positions that consider security as a warrant of safety.
What are the top tech and cybersecurity trends you see amidst Covid-19?
We are all aware that attempts of cyber-breaches have multiplied in times of the pandemic. Cybercriminals are everywhere trying to get economic profit, or “who-knows-what,” with the increasing amounts of “open doors out there.” At the very same time, connectivity has accelerated about 5-10 years in a few months with the pandemic, and so have matured the mindsets and requirements of the users.
Solutions that cannot guarantee privacy and security in IT, such as some telco software, have had massive problems in the market. We see cybersecurity as a core driver in the “new normal” after the pandemic, and industries/vendors rejecting their responsibilities will likely suffer the consequences of reduced market trust. We should stop vulnerable robots out there, that’s why Alias Robotics is here to help.