Enforcing security for robotics: Which bolts should be tightened?
To start with, robotics research is mainly about what is feasible. System security is often neglected in the process. Jasmin Wachter, a doctoral student pursuing her doctoral degree in the Karl-Popper-Kolleg “Responsible Safe and Secure Robotic Systems Engineering, SEEROSE”, wants to find out what measures are required to ensure that security for robotics also pays off.
Jasmin Wachter understands her research topic from both an academic and a practical perspective. Following her Mathematics degree, she has been working at Joanneum Robotics in Klagenfurt’s Lakeside Park for one and a half years. Here, she tells us about two colliding paradigms when it comes to cybersecurity in robotics: “On the one hand, research represents a risk-free space. The idea is to find out what can be accomplished with which technical methods. However, system security is often disregarded in the field of robotics.” For instance, often there is no authentication when an additional robot is added to the network, or the communication between the individual devices is not encrypted. At the same time, the main responsibility for security is transferred to those who will ultimately deploy the robots, for example, in industry. “Naturally, this means that developers are less interested in system security than they really should be,” Jasmin Wachter concludes.
She goes on to explain that the (in-)security culture in robotics has scope for improvement, but that it is of vital importance: “In the case of software, the potential risks, such as data leaks, involve personal rights or financial matters. On the other hand, in the event that robots or drones are hacked, they can also cause physical damage.” So, are there too few technical systems to meet these challenges? “No, there are plenty. The problem lies in the involved security-economics”, Jasmin Wachter replies.
Security does not always pay off. Thus, cybersecurity is uncared-for, and there are practically no consequences for developers and manufacturers as others bear the greatest share of responsibility. To address this, Jasmin Wachter is investigating the effectiveness of mechanisms that could render the security aspects more economical. Using game theory, she assesses which bolts in the system need to be tightened in order to achieve an optimum level of security – be it in the form of penalties or other regulations. Her approach is largely interdisciplinary: To solve the problem at hand, Jasmin Wachter can make ideal use of her expertise in mathematics, system security and robotics. In the context of the Karl Popper College “Responsible Safe and Secure Robotic Systems Engineering, SEEROSE”, she is supervised by the computer scientist Stefan Rass.
Jasmin Wachter tells us that she is idealistic in her approach to her work. What she appreciates most about the academic environment is the freedom to pursue questions that are important to her. This is the case in the area of security, which can be a tricky issue: “Yes, I am security-conscious in my private life as well. We don’t have talking and listening speakers as roommates, and the webcams are usually covered. I don’t write down my passwords either.“ Even in private IT security matters, it is important to think economically: “A payment card is not unsafe compared to cash. It provides transparency about possible damage and liability issues. You have to weigh these things up when you use technical devices.”
A few words with … Jasmin Wachter
What motivates you to work in science?
The opportunity to question things critically and to contribute to improving the situation for humans. Especially in the technical field, the human factor is often neglected – whether as an actor or as a person affected. I want to change that – that’s what motivates me.
Do your parents understand what you are working on?
Conceptually, yes, we often talk about it – but I leave out the details of the underlying mathematical models. By and large, however, they understand what I am working on.
What is the first thing you do when you get to the office in the morning?
I check my diary for appointments. Then I set an alarm for each appointment.
Do you take proper holidays? Without thinking about your work?
Yes, it’s only when I really manage to clear my head that the most interesting solutions pop up. Besides, new impressions help me to gain new perspectives. That’s why I go on holiday with all my senses – and without work.
What makes you furious?
Arbitrariness and injustice.
And what calms you down?
Creative activities and exercising outdoors. It reminds me of the essential things and makes me forget the routine of everyday life.
Who do you regard as the greatest scientist in history and why?
I do not want to single out any one individual. But I especially appreciate those scientists who actively seek to pass on their knowledge to students and make it publicly available.
What are you afraid of?
That a technology or method developed by me could be used against humanity.
What are you looking forward to?
I’m looking forward to my 1-month research residency at the Center for Cybersecurity at New York University.
RESPONSIBLE SAFE AND SECURE ROBOTIC SYSTEMS ENGINEERING (SEEROSE)
Robot ethics demands programmers to write code that is not only functionally correct but also secure and safe to disallow any intended or accidental harm to humans. Hence, programmers bear a responsibility w.r.t. several instances (e.g., system customers, providers, end-users, etc.), for which awareness is required (likewise for questions of liability, which is a complex matter of contemporary research and legislation). SEEROSE aims at achieving usable robotic security by jointly addressing process ethical, psychological, and technical aspects of developing safe and secure robotics systems. More