Cybersecurity in Robotics Tutorial | IROS 2021

Cybersecurity Tutorial - Demonstrating vulnerabilities and methods to protect robots

This tutorial will spot diverse cybersecurity vulnerabilities and attack patterns for robotic systems and demonstrate new quantitative methods of cybersecurity management and design. In particular, a model-based security approach with game theory will be present to address security issues related to the heterogeneity and complexity of robotic systems.


Tutorial Objective

Robots are widely used in industrial production environments and increasingly in logistics, healthcare, and home appliances. Most of the traditional robot systems are being operated by a PLC and/or a specific robot controller. But even while being isolated from industrial networks (air gapped), these machines are not free from harm. Both human safety and product quality are at stake. But more increasingly flexible, autonomous and versatile robots have entered into the industrial domain. Collaborative robots are being released from their cages and put in close cooperation with humans. That positive trend also sees a significant decline in cost for robotics. Partially thanks to the availability of standard technologies, such as Internet / IoT, OPC UA, ROS, ROS 2, cloud, Azure Sphere, and the interconnectivity of the robotic systems. But most of the robotic systems lack a fundamental cybersecurity posture.

The variety of architectures, including controller operated robots, PLC operated robots, ROS operated robots, and IoT or cloud operated robots, enables the versatility and diversity of potential vulnerabilities to robotic systems. There are different approaches possible in trying to improve the robots’ cybersecurity. These have to be systematic from an industrial perspective, depending on the risk they impose on the factory and the situation. Isolation is a start, hardening access control, putting cryptographic measures in place, and improving the application security are basic measures. The robot manufacturers can ensure security-by-design for the robot controllers, the robots, and the applications instructing and controlling them. This tutorial aims to present materials on this emerging area of research and provide a multi-disciplinary perspective on cybersecurity. This tutorial will serve as a comprehensive introduction of this emerging topic for theoreticians and practitioners working in the field. This tutorial will also provide educational materials that will foster a sub-community in robotics and allow more contributors to become part of the community.


Session Scedule

(Since IROS will be held virtually this year, this tutorial will be online)

The live session will take place at 14:30 (CEST), September 27 (Monday), 2021, in Hall 14 of the IROS 2021 platform.

All attendiees are welcomed to registered to IROS first: IROS registration.

Time Module Speaker
14:30 - 14:35 Opening Remarks  
14:35 - 15:20 1-ROS and Contemporary Cybersecurity Challenges Benjamin Breiling
15:20 - 15:40 2.1-Quantitative Modeling and Design Stefan Rass
15:40 - 16:00 Break  
16:00 - 17:00 3-Security Practice and Design Víctor Mayoral-Vilches
17:00 - 17:30 2.2-Quantitative Modeling and Design Stefan Rass, Quanyan Zhu
17:30 - 18:00 Discussions and Conclusions  

Module 1 presents the security challenges in robotic systems. We will introduce ROS vulnerabilities, known vulnerabilities in industrial robot systems, and the challenge of securing robots. We will also show ROS demos and penetration testing tools to demonstrate how to exploit the vulnerabilities.

Module 2 presents the security overview, common security practices and design tools for robotic systems. We will introduce materials related to penetration testing, DevSecOps, and vulnerabilities and scoring systems. (Moduel 2 will be divided into two sub-sessions.)

Module 3 focuses on the quantitative methods of modeling and design strategic defenses. This module introduces common threat models and game-theoretic frameworks that can be used for risk assessment and strategic defense design.



Prerequisite knowledge

This tutorial is self-contained. Basic knowledge about distributed systems and network security is helpful but not necessary. A basic understanding of robotic systems is sufficient.



Contemporary robotic systems are vulnerable to diverse attack patterns, and an a posteriori hardening is at least challenging, if not impossible at all. This tutorial aims to stipulate the inclusion of security in robotics from the earliest design phases onward and with a special focus on the cost-benefit tradeoff that can otherwise be an inhibitor for the fast development of affordable systems. We aim to introduce new quantitative methods of security management and design, extending known vulnerability scoring systems to the distinguished setting of robotic systems, and accounting for the highly distributed nature of robots as an interplay of potentially very many components. A powerful quantitative approach to model-based security is offered by game theory, providing a rich spectrum of techniques to optimize security against various kinds of attacks. Such a multi-perspective view on security is necessary to address the heterogeneity and complexity of robotic systems.


Previous Tutorial History

The organizers of this tutorial have previous experiences with the following workshops and tutorials:

  • Workshop on Security and Privacy in Robotics, 2020 International Conference on Robotics and Automation (ICRA), May 31 – June 4, 2020, Paris, France.
  • CS4R Cyber Security for Robots workshop - Cybersecurity challenges in robotics, European Robotics Forum 2020, March 3rd, 2020 - 15:30 CET, Tech update session - Room 3, FYCMA - Palacio de Ferias y Congresos de Málaga, Av. de José Ortega y Gasset, 201, 29006 Málaga, Spain
  • CS4R Cyber Security for Robots workshop - Cybersecurity for robotics solutions, European Robotics Forum 2020, March 3rd, 2020 - 15:30 CET, Tech update session - Room 3, FYCMA - Palacio de Ferias y Congresos de Málaga, Av. de José Ortega y Gasset, 201, 29006 Málaga, Spain
  • ROS2 Security Workshop, 2019 ROSCon, Wednesday, 30th October 2019 (14:00-17:00), Macau, China
  • Doing Real-Time with ROS 2 Workshop: Capabilities and Challenges, 2019 ROSCon, Wednesday, 30th October 2019 (14:00-17:00), Macau, China
  • Tutorial on Game Theory Meets Network Security, 25th ACM Conference on Computer and Communications Security (CCS), Oct. 15-19, 2018, Toronto, Canada.
  • Tutorial on Securing Robotics with SROS2, 2018 IEEE/RSJ International Conference on Intelligent Robots and Systems, Oct. 1-5, 2018, Madrid, Spain.

Expected attendance

We would like to accommodate as many developer and industry attendees as possible.

All attendiees are welcomed to registered to IROS first: IROS registration.


Quanyan Zhu

Associate Professor

Department of Electrical and Computer Engineering, Tandon School of Engineering, New York University

5 MetroTech Center, Brooklyn, NY, 11201


Phone: +1 646-997-3371


Stefan Rass

Full Professor

Johannes Kepler University Linz, Secure and Correct Systems Lab

Altenbergerstraße 69, 4040 Linz, Austria



Benjamin Breiling

Research Group for Robot Systems Technologies, Joanneum Research, Institute for Robotics and Mechatronics

Lakeside B13b, 9020 Klagenfurt, Austria


Phone: +43 316 876-2027


Víctor Mayoral-Vilches

  • Alias Robotics
    • Robotics and security researcher
    • Venta de la Estrella 6, Pab. 130, Vitoria, 01006 Spain
    • Email:
  • Xilinx
  • Klagenfurt Universität
    • Researcher at System Security Group, Klagenfurt Universität
    • 65-67 A-9020, Klagenfurt, Austria
    • Email:

We encourage attendiees to refer to the following references for more details in cybersecurity and robotics: