Table 3.
Proposed qualitative risk analysis for robotic systems
| System | Impact on security services | Risk | Exposure system level | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Components | Attacks | Confidentiality | Integrity | Availability | Authentication | Likelihood W/O protection | Impact W/O protection | Protected | Semi-protected | Unprotected | Countermeasure |
| Authorized user | Unauthorized user | Major | Minor | Major | Critical | High | Damaging | Low | Medium | High | Stronger identification and physical security |
| Weak authentication | Critical | Major | Major | Critical | High | Damaging | Medium | High | High | Multi-factor authentication | |
| Intentional accidents | Critical | Critical | Critical | Major | High | Devastating | High | High | High | Stronger verification/authorization | |
| Accidental mistakes | Minor | Minor | Major | Minor | Moderate | Less Damaging | Low | Low/medium | High | Verified backup/user training | |
| Robotic platform | Malicious malware | Critical | Critical | Critical | Major | Very High | Devastating | Medium | High | High | Anti-malware, IDS |
| DoS/DDoS | Minor | Minor | Critical | Minor | High | Damaging | Medium | High | High | Firewalls/IDS/secure backup | |
| Keylogging /backdoors | Critical | Critical | Major | Major | High | Damaging/devastating | High | High | High | Pen testing, vulnerability assessment, IDS | |
| Physical /logical tampering | Major | Critical | Major | Minor | Medium | Damaging | Low | Medium | High | Physical protection, tamper proof equipment | |
| Wireless connection | Passive attacks | Critical | Major | Minor | Minor | High | Damaging /devastating | Low | Medium | High | Dynamic lightweight encryption |
| Active attacks | Critical | Critical | Major | Minor | High | Devastating | High | High | High | Encryption, IDS/IPS | |
| Jamming | Minor | Minor | Critical | Minor | High | Damaging | Low | Medium | High | Frequency hopping, frequency shifting | |
| Stealing data | Critical | Critical | Major | Major | High | Devastating | Medium | High | High | IDS/IPS, Honeypot | |
| Cloud services | Malware/botnet | Critical | Critical | Critical | Major | High | Devastating | High | High | High | IDS/IPS, honeypot, anti-malware & virus |
| Side channel | Critical | Critical | Major | Minor | High | Damaging | Low | High | High | Secure system design, system protection | |
| Insider | Critical | Critical | Critical | Critical | Very High | Devastating | High | High | High | Employee screening, background check | |
| Service hijacking | Critical | Critical | Critical | Major | High | Damaging/devastating | Low | Medium/high | High | User awareness, anti-phishing and spamming | |
| Application layer | Malware/spyware /botnet | Critical | Major/critical | Critical/major | Minor | High | Damaging/devastating | High | High | High | Anti-malware/spyware up-to-date, avoid free applications, IDS/firewalls |
| Spoofing | Critical | Major | Critical | Minor | High | Damaging | Low | Medium | High | Encryption, anti-spoofing, Packet filtering | |
| Key log /rootkit | Critical | Critical | Major | Minor | High | Devastating | High | High | High | Vulnerability patching, Anti-virus, Hard-disk scan | |
| XSS/SQLi | Critical | Critical | Major | Minor | High | Damaging | Low | High | High | Vulnerability scan, web application firewall, mitigation and Discovery | |