While humans traditionally have staffed assembly lines, prepped and served food, and entered data into spreadsheets — more and more, machines are taking over these tasks. Although we're far from seeing robots at work that dominate entire professions, organizations are beginning to realize value from integrating intelligent machines into day-to-day operations. Small fixes like allowing machines to prep tax forms or support with revenue recognition can speed things up during crunch time and allow employees to do more creative and complex work.
With advances in workplace automation come a new set of security concerns. Interconnected devices and systems mean that an attack in one location can have ripple effects across an entire company. A data breach in one factory, for example, could halt processes across several plants. If cyberthieves illegally access patient records, they have the power to tamper with patients' medical devices and buy prescription drugs in their name.
This piece highlights three major examples of workplace automation and the ways team leaders can enhance the security of these systems to mitigate their risks.
Warehouses: Peeking Under the Hood of Amazon
When people think of robots, they don't often think of warehouses and inventory turnover. Amazon is changing this. In 2014, Amazon began rolling out robots at work to automate and speed up processes in its warehouse facilities.
The company has more than 700 distribution facilities worldwide. At the height of last year's holiday season, Bisnow reports that some of Amazon's warehouses delivered more than 1 million items per day.
RoboStow, one of Amazon's most powerful robots, weighs a whopping six tons and can move pallets of products over twenty feet high across a warehouse floor. This drastically reduces the physical labor and risk for Amazon's human employees. With its enormous capacity, RoboStow has helped Amazon store 50% more inventory over the last five years and reduce the human labor portion of shipping to just one minute per package.
The results have also corresponded with a boost to Amazon's finances. According to a Slice Intelligence report, cited in The Wall Street Journal, in 2017 the company retained 42 cents of every dollar spent online, up from 38 cents in 2016. This highlights improvements in the company's ability to cut costs and overall operational efficiency.
Despite the hype around RoboStow, the machine isn’t 100% secure. While new robots may appear like they’re bulletproof, in reality they’re subject to many of the same flaws as other devices connected to the internet.
One recent study by IOActive highlighted how their research team was able to steer several of Softbank’s robots meant for telecommunications to curse at people instead. They did this by injecting ransomware into the robot’s system through a public Wi-Fi network. Since many robots store valuable data (even if they’re simply transmitting it to a different endpoint), the team also revealed how hackers might access a robot’s software remotely, freeze it, and force the robot’s handlers to deliver something of value (e.g., money or other sensitive data) before unlocking it again.
In 2017 IOActive found nearly 50 vulnerabilities through which hackers could command popular commercial robots remotely. For Amazon and other companies that employ robots for physical labor in their warehouses, the dangers to human employees if a robot is hijacked or malfunctions could be severe.
While there is no single solution for fully securing machines like RoboStow, applying the same techniques used to secure other mobile devices, such as unique and complex passwords, employee education, and keeping systems updated goes a long way towards deterring dishonest users.
Factory Robots Exposed via Routers
The epitome of monotonous (and often hazardous) labor — factory work is a popular target for workplace automation.
Today, Japan-based FANUC is leading the way with a factory that builds industrial robots for sectors as diverse as transportation and big pharma.
Nearly 80% of FANUC's assembly work is automated. According to the company, human engineers complete only the wiring portion of the finished robots. That helps cut the costs of production dramatically and expands FANUC's margins.
Yet even this cutting-edge team isn't safe from cybercrime. Last year, researchers found that over 80,000 industrial routers were exposed on the public internet, including those of FANUC. Industrial routers underlie remote networks and devices and support automation at many levels, yet despite their outsized importance, this research found that several of these devices didn't even require authentication.
Authentication is critical to building a secure company foundation. Without it, organizations aren't able to verify the identities of its users —including employees, consultants, and customers. Without authentication, it's a cinch for a dishonest user to sneak in and steal company secrets.
At FANUC or another manufacturer with connected devices, a breach in one location could have widespread consequences across operations. As a company decision-maker, it's critical to constantly test for holes and patch and upgrade your systems to ensure that they're able to withstand increasingly numerous and complex threats.
The Automated Workplace of McDonald's
Restaurants and food service have some of the more visible examples of automation. A robot barista Cafe X, for example, recently opened up shop in San Francisco.
On a large scale, McDonald’s has boosted workplace automation by installing thousands of ordering kiosks. The company is aiming to install kiosks in 1,000 stores each quarter until its entire network is complete.
At the kiosk, customers can customize their meal — easily adding toppings and viewing nutritional information, such as calories. This reduces lag time in speaking with an employee at the cash register. McDonald's has also figured out how to present menu options on these digital screens in a more tantalizing format. They noted that customers spend an average of 30% more when using automated kiosks.
These kiosks certainly aren't immune to hacks. Last year, someone breached a McDonald's kiosk in Australia and removed $4.70 from their order. This might seem like a fun prank; however, the implications for customers and for the company's operations are more dire. If a hacker can access order histories, it’s likely they can also view customer names and credit card information.
Even in common products like ordering kiosks, being able to control users' navigation and access historical behaviors on the platforms are critical to figuring out where there might be holes.
New machines, similar security problems.
Despite their allure, robots at work have many of the same vulnerabilities as other pieces of hardware — and workplace automation falls prey to holes in unsecured networks. In the worst case scenario with robots, cybercriminals could exploit weak points to control their movements and cause harm to human employees or a company's operations. At the other end of the spectrum, stealing a few dollars by breaching ordering kiosks still underscores larger risks of personal data theft.
An interconnected workplace —with systems that help ease time-consuming, costly, and low-value work —can be an enormous asset. Learning from leaders in the field is a great place to begin. Understanding where they've fallen short will help your organization go one step further and create an even stronger foundation on which to grow.
Auth0 provides a platform to authenticate, authorize, and secure access for applications, devices, and users. Security and application teams rely on Auth0's simplicity, extensibility, and expertise to make identity work for everyone. Safeguarding billions of login transactions each month, Auth0 secures identities so innovators can innovate, and empowers global enterprises to deliver trusted, superior digital experiences to their customers around the world.