Quantifying Cybersecurity Risk for Mobile Industrial Robots

September 9, 2020

An industrial company needed to understand cyber risk for robotics before deploying a large number of autonomous mobile robots at its facilities.  In this company’s particular case, the goal was to analyze the risk of an external actor deploying a jamming device that could cause an outage of mobile industrial robots.

The risk management team was also tasked with the exploration of two investment solutions that would aid in the prevention of jamming activity: implementation of a private LTE network or on-site jamming detection, either of which could eventually be rolled out to all its sites.

The challenge was to effectively analyze the likelihood and impact of the jamming scenario for mobile robots and which investment option reduced that risk exposure.  Ultimately, the task was to quantify this risk and translate it into non-technical financial terms that all key stakeholders could understand – a job for Factor Analysis of Information Risk (FAIR™), the international standard for cyber risk quantification, applied through the RiskLens platform.

The Solution

Working together with RiskLens services experts, the company’s risk management team was tasked with first solidifying the scope of the analysis – a key component in the FAIR risk analysis process.  A successful method of scoping an analysis is to start with the attack chain.  Understanding our true threat and where that threat ultimately causes our loss event is crucial.  Once the team was able to properly scope the scenario, the attack chain looked like this:

Put simply in FAIR terms, our goal was to identify the risk associated with an External Actor (our Threat), causing an outage (our Effect – Availability) of the autonomous mobile robot control system (our Asset), using a jamming device (our Method).

Next, it was up to the team with the help of RiskLens to properly identify the factors of the FAIR model to assess and apply to the scenario.  With the help of the RiskLens platform, the team was able to rapidly gather and apply the necessary data to this analysis.

Since the company has never experienced a true outage of autonomous mobile robots due to an external actor, we were able to utilize both industry data and calibrated estimates to help determine our Threat Event Frequency, or number of probable attempts at an outage.

After estimating the number of targeted attempts, the team then considered their range of susceptibility to those attempts based on the controls in their environment - the Vulnerability.

Once we were equipped with our likelihood components, it was time to complete the other half of the FAIR equation, the impact. To answer that “How Much” question, we analyzed the primary and secondary forms of loss that would be associated with this event.

Primary forms of loss included Productivity and Response. From a Productivity standpoint, it was important to capture the reassignment of employees to find the jammer, understand how many of the autonomous robots would be shut down due to the system disruption and the time it would take to complete additional safety checks and resume normal operations.  Response costs were comprised of person hours required by an array of different teams within the company that would also respond to the event such as Enterprise IT, Crisis Management and Site Support.

To also understand the fallout to secondary stakeholders, we analyzed our secondary loss event frequency, or the percentage of time this loss event would trickle out to customers, regulators or the media.  Responding to those outlets made up our secondary response costs for this scenario.  NOTE: This scenario did not include Fines & Judgments due to the following assumptions: 1. Since the robots are designed to automatically stop given any disruption, the event would not qualify as a safety event 2. The duration of the outage was not expected to exceed a specified threshold, thus not reportable to any regulatory agencies.

Using FAIR and RiskLens, the team was able to determine the probable frequency and probable magnitude of future loss associated with an outage of the control system caused by an external actor using a jamming device.

The last question to answer: ls the juice worth the squeeze - which investment provides our greatest potential return?  One of the most powerful features of the RiskLens platform – comparison reporting – allows us to answer that question.  By creating the two future state scenarios (LTE implementation and on-site jammer detection), the company was able to translate this risk reduction in financial terms for key stakeholders.

Ultimately, after running each future state scenario, it was the on-site jammer detection that reduced our risk the most, as the results depicted below show. Management was now empowered to speak on justifying an investment to purchase the technology needed and train those individuals to prevent future losses.