In this study we outline the security challenges surrounding so-called Automated Guided Vehicles (AGVs). These are mobile robots that are used in logistics, care and production to transport goods indoors. AGVs are already regularly used by Dutch companies and we expect this to be on a larger scale in the near future. We have placed the application of AGVs in the context of the developments around smarter machines, the Smart Industry, also referred to as Industrie 4.0.
This refers to Industrial Automation, which i operational technology (OT) in security terms. We have drawn up a number of guidelines for the safe (secure) use of AGVs:
- Create an incident response team, plan and administration. By means of a CSIRT team you can respond quickly to disruptions and you know how to act according to the scenario. Recording which attacks have taken place and sharing these with those involved increases the added value of the lessons learned.
- Think in terms of risks - determine potential threats and their impact. Regularly out for such a risk assessment. Determine per threat and probability (P) and impact (I) and draw up contingencies and mitigations.
- Do test security of your system annually to detect vulnerabilities that arise in time.
- Ensure a good separation between IT and operational technology (OT), and ensure proper coordination between the two.
- Perceive security as a process, organize a PDCA cycle (plan do check act) at management level.
- Pay attention to the following factors when protecting AGVs: Authentication and use of strong passwords, Safe system configuration and system hardening, Logging and Monitoring, Intrusion Detection Systems (IDS), Brute Force security, White and black listing, with a preference for whitelisting, Secure remote management, Secure network communication.