25 May, 2023Alias Robotics, world leader in cybersecurity solutions for robots became a CVE Numbering Authority (CNA) today, in order to broaden its scope of activity and cover Machine Tool manufacturing equipment. The CNA programme is a worldwide initiative led by MITRE comprising organisations in charge of assigning new vulnerability indicators (CVE IDs) to new kinds of vulnerabilities. Alias Robotics has been supporting this programme since 2020, covering vulnerabilities in its own products and robotics equipment that are not included in the scope of any other CNA to date.
Over 290 organisations from all over the world are taking part in this programme, with several types of players from the security ecosystem. The types of organisation include:
- Sellers: Organisations that sell products or services subject to CVEs.
- Research organisations: Organisations undertaking research that identifies vulnerabilities that are subject to the CVEs.
- Open source organisations: Organisations that produce, manage or maintain products or services with a source code that is freely available for possible modification and redistribution.
- CERT: Equipment for responding to I.T. emergencies.
- Hosting service: Any cloud-based service, platform as a service, infrastructure as a service, software as a service.
- Bug Bounty suppliers: Organisations acting as an intermediary between the sellers and the researcher and that can reward individuals for discovering and reporting software vulnerabilities.
- Consortia: Groups of entities that have come together to work on a specific project.
The most important participants include manufacturing companies like Airbus, Android, Google and outstanding security research teams like TrendMicro, Rapid7, F-Secure and others. Each organisation taking part has its own scope of participation. With this change, Alias Robotics strengthens its scope to help the machine tool manufacturers that are not yet part of the programme. Alias Robotics is expected to cover all types of connected machine tools, CNC-controlled machine tools and other industrial SPIs including lathes, saws, drills, gear shapers, brushing equipment and grinders.
World leader in researching and managing vulnerabilities in cyberphysical systemsAlias Robotics has publicly presented over 200 vulnerabilities in its Robot Vulnerabilities Database. These belong to different robotics and robot tech suppliers, including ROS (the robot operating system) and its second version ROS2.
In addition to the public focus, to date Alias Robotics has over 1,200 vulnerabilities pertaining to all types of robotics systems in a private RVD repository, known as RVDp.
“Some of the vulnerabilities we have managed as part of the programme have been highly critical and impactful for operations,” claims Endika Gil-Uriarte, CEO of Alias Robotics. “We have managed multiple vulnerabilities and mediated with third-party researchers from all over the world, collaborating with government bodies like INCIBE, CISA, BSI and CSA and presented new types of hitherto unknown vulnerabilities in systems like drones and UAVs, manipulators and many kinds of land vehicles”. This increase in scope is expected to increase the impact of Alias Robotics on the CVE and CNA programme with its experience in managing and handling CPS vulnerabilities.
Local cooperation expected to rise in the Basque country, with major focus on European Advanced ManufacturingFrom this announcement, the first thing to expect is closer ties between the AFM ecosystem (Association of machine tool manufacturers - Network of machine tool suppliers) and the Gipuzkoa centre for industrial cybersecurity - ZIUR, although the existing markets in Central Europe are also expected to strengthen.
The global machine tool market grew from 87,720 million dollars in 2022 to 93,410 million dollars in 2023, at a healthy annual growth rate (CAGR) of 6.5%.
Machine tool manufacturers have been challenged with the recently published revised Machine Directive to test the intersection of security and product protection. “The idea of regulations is to guarantee that security is not compromised by cybercriminals and that connected and smart machines, in any event, do no pose a security risk for the humans operating them or located in their vicinity -mapping the Regulation (EU) 2019/881 - also know as the Cyber Resilience Act”. In this context, Alias Robotics expects to increase its market share in professional services for cyberphysical systems, taking advantage of its proven experience in the intersection of security and protection.
