A New Law of Robotics
Cybersecurity should share the same priority as other laws of robotics.
Science fiction fans recognize Asimov’s prescient thoughts on robot programming, captured in his three laws of robotics. In Asimov’s sci-fi world, robots were all programmed to protect their humans (the first law), to obey their humans (the second law) and to protect themselves (the third law). These laws laid the foundation for many fantastic, futuristic stories and have long provided actionable concepts for today’s robots, including those we launch over our modern battlefields. As the stories advanced, he later added another law, called the “zeroth” law, which had priority over all the others, “A robot may not harm humanity, or, by inaction, allow humanity to come to harm.”
Experience, especially experience in cybersecurity, has opened our eyes to the need for another law of robotics. Our robots, including unmanned aerial vehicles (UAVs), are all designed to communicate continuously when operating, and, unfortunately, these communications have been shown to have vulnerabilities. Many UAVs operate with light or no protections on their internal systems or the communications they have with other systems in the air and on the ground.
The enduring challenges of cybersecurity and the need to include security in the design of our systems from the beginning means it is time for a new law, a fourth law, of robotics.
The new law of robotics is:
There will be no unauthorized access of any robot communications.
It is imperative we consider this requirement for secure communications at the same level of the other laws of robotics. In fact, it should be a requirement levied on 100 percent of our robotic systems.
Consider, for example, the many worthy applications we give our drones:
- The military uses them for communications, logistics, intelligence collection and even direct military action.
- Private citizens use them for entertainment and recreation.
- Businesses use them in construction, agriculture and communications.
- State and local governments use them for law enforcement and first responder operations.
One of the most recently critical examples was in the Houston area in the wake of Hurricane Harvey when first responders, local governments and businesses used drones to assess damage to infrastructure, property and equipment. Some parts of that infrastructure include oil and gas production facilities, as well as power lines and other parts of the power grid.
In every case, the command and control of these flying robots and the data they provide while in flight needs to be protected. If unauthorized users can pass commands to UAVs, these devices can come under adversary control. If unauthorized users can view the data being transmitted off the UAVs, then adversaries can gain insights into what these systems are being used for and leverage the data for their own purposes. These systems require protection from unauthorized interception, whether the infiltration of a private citizen’s smartphone connected to a UAV, or that of a UAV deployed by the military collecting sensitive and top-secret, mission-critical data.
The fourth law of robotics most certainly applies here. Our UAVs need to be securely controlled, coordinated and operated. They need to deliver collected data to their users in ways that keep this data protected. As flying, sensor-bearing drones get smaller and lighter, they will need fast, effective and lightweight cryptography. The exponential increase in traffic and data generation will congest the common ciphers as they interpret their commands, navigate and send back their sensor take.
Industry is providing new approaches to encryption that can dramatically enhance the level of protection of our systems by using true random numbers and advanced capabilities like one-time pad (OTP) encryption. Pseudorandom numbers currently used in many applications are not truly unpredictable and have been associated with multiple vulnerabilities and breaches. Recent progress in true random number cryptography, often using high-speed quantum random number generators, allows for levels of security not possible before.
OTP encryption, a mathematically unbreakable type of encryption that requires large quantities of true random numbers, can stand on the shoulders of these new true random number capabilities. This adds an arrow to our quiver of solutions, shifting the burden of security away from power-hungry complex algorithms to variable levels of randomness matching the security needs per transmission.
Deploying OTP encryption on drones demands minimum power, provides for adjustable randomness to match security needs and enables technologies to securely spy, follow, track and detect. This certainly seems like a reasonable effort to follow the fourth law and keep secure data away from prying eyes.
Bob Gourley is a co-founder and partner of Cognitio and the publisher of CTOvision.com and ThreatBrief.com. Bob’s first career was as a naval intelligence officer, which included operational tours in Europe and Asia. Bob was the first director of intelligence (J-2) at DOD’s cyber defense organization JTF-CND. Following retirement from the Navy, Bob was an executive with TRW and Northrop Grumman, and then returned to government service as the CTO of the Defense Intelligence Agency (DIA).
Jane Melia is vice president of strategic business development at QuintessenceLabs, a provider of quantum cybersecurity solutions and maker of quantum random number generators.