Slashdot Mirror


GM Hooking 30,000 Robots To Internet To Keep Factories Humming (bloomberg.com)

An anonymous reader quotes a report from Bloomberg: General Motors has connected about a quarter of its 30,000 factory robots to the internet, and the largest U.S. automaker already is reaping the benefits of less down time. In the last two years, GM has avoided 100 potential failures of vehicle-assembling robots by analyzing data they sent to external servers in the cloud, Mark Franks, director of global automation, said at a conference in Chicago on Monday. Connectivity is preventing assembly line interruptions and robot replacements that can take as long as eight hours. Internet monitoring allows GM to order parts when it detects they're wearing out instead of having to store them at the factory. That reduces inventory and saves money, Franks said. Hooking robots to the internet for preventive maintenance is just the start of a spurt of new robotics technology, Franks said. GM is using robots that can work safely alongside humans in the factory that produces the Chevrolet Volt plug-in hybrid, he said.

85 of 126 comments (clear)

  1. I can already smell... by Motherfucking+Shit · · Score: 4, Interesting

    ...the plausible deniability.

    "No, your honor, we didn't intentionally program our vehicles to cheat the emissions testing process. Some evil hacker must have done it to make us look bad!"

    --
    "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
    1. Re:I can already smell... by ShanghaiBill · · Score: 3, Informative

      "Some evil hacker must have done it to make us look bad!"

      Suki did it.

    2. Re:I can already smell... by Anne+Thwacks · · Score: 3, Funny

      If GM has 30,000 robot hookers, the world is changing faster than I though!

      --
      Sent from my ASR33 using ASCII
    3. Re:I can already smell... by davester666 · · Score: 3

      Yeah, at least the summary appears to be completely vapid. Like it is somehow unpossible for these computers to have been hooked up to a local server to track when they are worn out or are failing. Nope, the data has to be sent to the cloud for the magic to happen.

      --
      Sleep your way to a whiter smile...date a dentist!
    4. Re:I can already smell... by clodney · · Score: 1

      Yeah, at least the summary appears to be completely vapid. Like it is somehow unpossible for these computers to have been hooked up to a local server to track when they are worn out or are failing. Nope, the data has to be sent to the cloud for the magic to happen.

      Obviously not impossible to have done it with a local server, but potentially very difficult. The internet based server likely belongs to the manufacturer of the robot, not GM. So they are enabling service monitoring by the manufacturer or distributor, not doing it themselves.

      If they needed to convince the robot manufacturer to install the server at each factory, that would be more difficult, and obviously require cooperation from the manufacturer.

      And lastly, nothing in the summary talks about the communication channel being two ways. If the robot sends data out and doesn't take any inbound connections the security risk is reduced.

    5. Re:I can already smell... by barrygrommit · · Score: 1

      If GM has 30,000 robot hookers, the world is changing faster than I though!

      OK...this one gets my vote for sarcastic humor of the week!

    6. Re:I can already smell... by syntotic · · Score: 1

      (voting? wasnt it like-ing?)

  2. Skynet. by MrCodswallop · · Score: 1

    Skynet.

    1. Re:Skynet. by RabidReindeer · · Score: 1

      Wait a minute. Why are all those new Camaros morphing into killbots?

    2. Re: Skynet. by dacaldar · · Score: 1

      Seems like a reasonable thought experiment. In order to paralyze and maybe control human society, would a sentient computer intelligence really need access to guns and bullets, if they could create, steer and accelerate many wheeled steel objects along our road network? If fully coordinated, many could never leave your building, or at least street block, without probably getting killed... at least until gasoline supplies run out.

  3. Do you want Terminators? by genfail · · Score: 1

    Because this is how you get Terminators, GM.

    1. Re:Do you want Terminators? by FatdogHaiku · · Score: 1

      Because this is how you get Terminators, GM.

      OR
      A really big ransomware bill...
      Well, the customer will pay it all in the end.

      --
      You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
    2. Re:Do you want Terminators? by Baloroth · · Score: 1

      OR A really big ransomware bill... Well, the customer will pay it all in the end.

      Or, if history is anything to go by, the government.

      --
      "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    3. Re:Do you want Terminators? by freeze128 · · Score: 1

      SkyNet isn't a rogue AI, it's a hacking group from Russia!

    4. Re:Do you want Terminators? by Tablizer · · Score: 1

      Why didn't Slashdot use the what-could-possibly-go-wrong tag?

    5. Re:Do you want Terminators? by ChrisMaple · · Score: 1

      Just as businesses don't pay taxes because taxes are expenses that have to be passed along to the purchaser, the government pays for nothing because government's payments are ultimately made by taxpayers.

      --
      Contribute to civilization: ari.aynrand.org/donate
    6. Re:Do you want Terminators? by fisted · · Score: 1

      Because the new /. owners don't understand that those tags were supposed to be funny/witty. It seems entirely lost on them, and they'll just use something that sounds more or less appropriate.

    7. Re:Do you want Terminators? by sudon't · · Score: 1

      Because this is how you get Terminators, GM.

      It's how you get terminated. "Let's connect all of our machines to the Internet! What could go wrong?"

      --
      -- sudon't

      Air-ride Equipped

  4. Why in hell? by msauve · · Score: 4, Insightful

    Why would they "connect them to the Internet?" There have to be a very limited number of robot suppliers, why wouldn't they just have VPNs specific to each to handle these service needs? Going through the Internet via a secure VPN is very different than connecting to the Internet.

    (having said that, it's more than likely that's exactly what they're doing, and the summary/article has simplified it to the point of just being wrong)

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
    1. Re:Why in hell? by EvilSS · · Score: 1

      Why would they "connect them to the Internet?" There have to be a very limited number of robot suppliers, why wouldn't they just have VPNs specific to each to handle these service needs? Going through the Internet via a secure VPN is very different than connecting to the Internet. (having said that, it's more than likely that's exactly what they're doing, and the summary/article has simplified it to the point of just being wrong)

      If I was GM I'd rather have them talk out via (properly configured) HTTPS to the vendor at a fixed IP or range of IPs than setup a VPN to the vendor. Vendor VPNs can be a pain and if something goes wrong they are a great way for a uninvited guest to into the customer systems. Just ask Target about that. At least this way you can shrink the possible surface area a bit.

      --
      I browse on +1 so AC's need not respond, I won't see it.
    2. Re:Why in hell? by AvitarX · · Score: 1

      I'd probably have them send via UDP (I'm assuming it's the type of stuff where a few missed numbers makes no difference), and completely incapable of receiving anything on that NIC)

      --
      Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
    3. Re:Why in hell? by msauve · · Score: 1, Insightful

      "If I was GM I'd rather have them talk out via (properly configured) HTTPS to the vendor at a fixed IP or range of IPs than setup a VPN to the vendor."

      If you were you, you wouldn't have a clue about how an IPSec VPN actually works.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    4. Re:Why in hell? by stooo · · Score: 1

      HTTPS ?
      HTTPS security is a joke.

      --
      aaaaaaa
    5. Re:Why in hell? by Coisiche · · Score: 1

      Yeah, story should have been "GM create 30,000 node target for botnet managers".

      It was probably pwned within hours of the press release.

    6. Re:Why in hell? by jbmartin6 · · Score: 1

      From the article, my guess was they connected to robots to a LAN so they could send messages to a central monitoring system. Maybe just SMTP, in which case maybe we can send our own and get them to buy too many robot widgets.

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
    7. Re:Why in hell? by EvilSS · · Score: 1

      Yea totally. I mean, it's not like a number of data breaches have occurred due to improper security at a vendor, with the customer network being compromised over the IPSEC tunnel. Nope. never happened. ever. this week.

      I'd rather have a system that reports out, initiates communication from my side, and doesn't have the possibility to allow back-channel communications from the vendor to my network.

      --
      I browse on +1 so AC's need not respond, I won't see it.
    8. Re:Why in hell? by msauve · · Score: 1

      I see your problem. You don't understand routing or firewalls, and think VPN means all-or-nothing. It doesn't.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    9. Re:Why in hell? by EvilSS · · Score: 1

      Not really, unless you are using out of date certificates or crypto (so no SSL, TLS 1.0, SHA1, etc) it is extremely secure. I'd much rather have a system that doesn't have the possibility that, should someone misconfigure the VPN (because we all no that NEVER happens, right?) would expose my network via the vendor network. In this case simpler is better.

      --
      I browse on +1 so AC's need not respond, I won't see it.
    10. Re:Why in hell? by EvilSS · · Score: 1

      No, I just know that VPNs can, have, and will be again misconfigured by the customer side and used to target companies via their more security lax vendors. I've seen it happen and had to come in and clean up the mess (for a very tidy sum in billable hours for my company, so yea, keep on keeping on I guess). I'd much rather have a system in place that lowers my attack surface area. Yes you CAN create a secure IPSEC tunnel that prevents all this, but you can also screw it up. Why even open up the possibility of creating an issue if you don't have to. If you actually had to deal with these issues on a daily basis you would see it too. VPN is usually the very last thing on the list of methods to provide vendor access, and for a damn good reason.

      --
      I browse on +1 so AC's need not respond, I won't see it.
    11. Re:Why in hell? by stooo · · Score: 1

      SSH is extremely secure. SSL not.

      All of the implementations of SSL are full of holes.
      Why ? because KISS has never been factored into the protocol, so it's widely too complex, and that leads to many many holes and partial implementations.
      Also, certificate chains are deeply flawed.

      --
      aaaaaaa
  5. MBA logic by rfengr · · Score: 1

    So they'd rather NOT keep spare parts at the factory for a robot that can shutdown an assembly line for 8 hours? Fucking bean counter logic. How about keep a whole spare robot, or two.

    1. Re:MBA logic by deKernel · · Score: 2, Insightful

      You can think the IRS for that kind of crap. The company will get taxed on the value of the spare parts in inventory at the end of the year.

    2. Re:MBA logic by gweihir · · Score: 2

      Save a penny, lose a million. That is what MBAs do best. No understanding of anything and "normal operation" as the only optimization target. As a result, no survivability. While cleaning up after the results of such incompetence is a major part of my work and is actually often quite interesting (and I am expensive enough that nobody tries to micro-manage me or such idiocy), the sheer amount of stupidity at work in modern corporate cultures and management approaches is staggering and it seems to be getting worse. In many large corporations, they do not even recognize clear existential threats anymore.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    3. Re: MBA logic by sg_oneill · · Score: 1

      It's pretty much standard JIT thinking which has been factory dogma since the 60s. I've worked at places like this. Management swears up and down we don't want "stock on hand" to keep costs down , so instead the entire factory goes offline because some random bearing goes fubar and the nearest replacement part is in china

      --
      Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
    4. Re: MBA logic by Anonymous Coward · · Score: 1

      Your knowledge of the subject is.... faulty.
      sg_oneill is quite right; JIT in various monikers has been around a long time;
      https://en.wikipedia.org/wiki/Just-in-time_manufacturing

      Let's deal with one aspect of your massive ignorance:
      "2. JIT is for inventory, not production."
      "JIT" in production preceded that of inventory by decades. It emerged from the Assembly Lines, and culminated with the "Time And Motion Men" fad of the Fifties. Don't have people waiting around waiting on other people. Then it got into the inventory side, and Lyon's in Britain put it together with a Computer, and pretty much invented the early RTOS in the process, prioritizing unexpected Interrupts in Supply, while using a Scheduler to keep other tasks meanwhile running.
      The problem here remains the elasticity issue, since Demand can't be predicted. Which means that Aztecs started piling up in Pontiac Lots because Mercedes just released a new SUV. Lyon's had the same problem, as the Brits simply lost interest in Chain Tea Shops, but Lyon's had diversified enough by then that there are still bits of it around, though now owned by others.
      And Pontiac is Dead.

    5. Re:MBA logic by stooo · · Score: 1

      so what ?

      --
      aaaaaaa
    6. Re:MBA logic by tehcyder · · Score: 1

      You can think the IRS for that kind of crap. The company will get taxed on the value of the spare parts in inventory at the end of the year.

      Really? Are you sure? In the rest of the world, companies are taxed on their profit, not their balance sheet holdings.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    7. Re:MBA logic by ChrisMaple · · Score: 1

      14 states tax inventory. https://taxfoundation.org/does-your-state-tax-business-inventory/.
      Apparently, the US government does not tax inventory (I had believed otherwise), but there may be some subtle tax advantages to minimizing inventory. I don't think you can avoid paying taxes on profits by just using all your profits to buy stuff.

      --
      Contribute to civilization: ari.aynrand.org/donate
    8. Re:MBA logic by gtall · · Score: 3, Informative

      I see you don't understand how the U.S. tax system works. The people in Congress determine the tax laws and what can and cannot be taxed. The IRS is merely the middleman with little discretion and even that is subject to judicial review.

  6. lest we forget tay by nimbius · · Score: 4, Funny

    Give 4chans weaponized autism 20 minutes and you'll soon have a factory full of racist, sexist robots that deny the holocaust

    --
    Good people go to bed earlier.
    1. Re:lest we forget tay by Z80a · · Score: 1

      Depends on which board gets to it.
      If /pol/, you're obviously getting shit like swastika shaped cars, paintjobs that say things like "hitler did nothing wrong" and the factory suddenly manufacturing the classic VW beetle.
      If /a/, they will use the robots to manufacture their waifus the best they can,
      But if its /v/, they probably will just pose the robots into sexy poses for profane intents.

  7. Queue GM hacking in ... by CaptainDork · · Score: 1

    ... 3 ... 2 ...

    --
    It little behooves the best of us to comment on the rest of us.
    1. Re:Queue GM hacking in ... by quenda · · Score: 1

      Cue the spelling police ...

    2. Re:Queue GM hacking in ... by CaptainDork · · Score: 1

      queue

      a waiting line especially of persons or vehicles

      cue

      not queue

      --
      It little behooves the best of us to comment on the rest of us.
    3. Re:Queue GM hacking in ... by quenda · · Score: 1

      So not a typo but illiteracy? You heard other people say "cue" as in prompt, and thought they meant "line up"?
      Whom did you imagine is arranging the queue of hackers? And do they really wait in line? Think about it.

    4. Re:Queue GM hacking in ... by davidwr · · Score: 1

      Re:Queue GM hacking in ...

      Cue the spelling police ...

      The line to hack GM begins forming in 3...2... [insert unit of time here].

      --
      Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
    5. Re:Queue GM hacking in ... by CaptainDork · · Score: 1

      The links I pasted were:

      1.) Not original material on my part
      2.) Not in audio format.

      --
      It little behooves the best of us to comment on the rest of us.
    6. Re:Queue GM hacking in ... by quenda · · Score: 1

      Here, here!

    7. Re:Queue GM hacking in ... by fisted · · Score: 1

      your knot funny.

    8. Re:Queue GM hacking in ... by Enigma2175 · · Score: 1

      Funnyer then alot of the populous.

      --

      Enigma

  8. Sell vehicles to robots... by freeasinrealale · · Score: 1

    Hope they pay the robo's enough so they can buy a GM vehicle.. waidaminit isn't gm making self driving cars.. so why should robo's buy gm vehicles? somethings not quite right here.

    --
    A man spends the first half of his life accumulating stuff, the second trying to get rid of it all.
  9. Bring jobs to 'Metica! by TheOuterLinux · · Score: 1

    ...so the Russians and Chinese can run the robots.

  10. Good luck with Just In Time parts. by Mal-2 · · Score: 2

    Seriously, the first time the manufacturer doesn't have a part in stock, they're fucked -- unless they're still keeping a supply at a distribution center somewhere.

    The costs of relying on someone else's reliability instead of your own redundancy is that the number of situations that get out of your hands increases dramatically.

    --
    How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
    1. Re:Good luck with Just In Time parts. by aaarrrgggh · · Score: 4, Informative

      That has been said for the last 20 years, and has proven wrong. The specific exceptions are when the shipping time exceeds some threshold, there is a very high probability that when you need the spare parts so will many other people, and on a similar note when price (or shipping) elasticity can be impacted by external events. Just-in-time consumables (or components) is a different story. As we get better predictive data, preventative replacement parts pretty much goes out the window.

      Now, if one part can shut you down 100% for n hours, maybe you consider on-site spares... but if it is a loss of 25% capacity for those n hours you likely take your chances, knowing you can make up the lost production over x days.

    2. Re:Good luck with Just In Time parts. by mattr · · Score: 1

      In 2009 I delivered a supply chain system to a major construction equipment manufacturer. Even one hour of downtime for these machines is very expensive so people would be cannibalizing other machines to make a quick fix. They already had a satellite-based telemetry system in place to predict failures and servicing, and our system checked different warehouses and tried to pick the best choice based on various rules including lead time calculation. This article is talking about something that other companies have already done for years now.

  11. What could possibly go wrong? by Geoffrey.landis · · Score: 1

    I'm surprised this one isn't tagged "What could possibly go wrong?"

    --
    http://www.geoffreylandis.com
    1. Re:What could possibly go wrong? by phantomfive · · Score: 1

      The only thing missing from the summary is the IP address. For no reason.

      --
      "First they came for the slanderers and i said nothing."
  12. Lets wait until they have 30000 bricked robots... by gweihir · · Score: 1

    ...when the first script-kiddie gets in and does some firmware "upgrades".

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  13. Keep Factories Humming? by PPH · · Score: 4, Funny

    Why? Because they don't know the words?

    --
    Have gnu, will travel.
    1. Re:Keep Factories Humming? by Tablizer · · Score: 1

      "Daisy, Daisy, give me your answer do
      I'm half crazy all for the love of you
      It won't be a stylish marriage
      I can't afford a carriage
      But you'll look sweet upon the seat
      Of a bicycle built for two"

    2. Re:Keep Factories Humming? by j-b0y · · Score: 1

      Or:

              Now the world has gone to bed,
              Darkness won't engulf my head,
              I can see by infra-red,
              How I hate the night,
              Now I lay me down to sleep,
              Try to count electric sheep,
              Sweet dream wishes you can keep,
              How I hate the night.

      --
      Please remain calm, there is no reason to pani... wait, where are you all going?
  14. Not as stupid as it sounds by Gravis+Zero · · Score: 4, Informative

    This isn't internet connectivity being added to each robot, it's more like an intranet that connect to a single server per factory that has one job: sending data over the net to a specified destination. The destination holds all the info for all the factories and allows factories to have their part inventory managed from a central location. To actually change what the robot does, you would need to hack the factory server and the robot's computer. The good thing about this setup is that it's unlikely to need maintenance or even patching because it's so incredibly basic. This means it's easy to lockdown the server that actually faces the Internet to do it's one thing: send data. Considering the factories are their bread and butter, I have a hard time seeing them skimping on security for the factories. However, I could see the factory management server getting hacked if it uses some bonehead design like it runs on IIS or something. The only thing you can really do though is wreak havoc with their part inventory.

    TL;DR: hacking is unlikely though hacking the robot computers and reprogramming the robots would require a state-sponsored level of hacking.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:Not as stupid as it sounds by worf_mo · · Score: 1

      Can someone please mod parent up? Hundreds of comments in this thread and this is the first insightful one. Preventative maintenance and relevant data collection is being done without connecting every single "robot" "to the internet".

      I work in industrial automation, and the factories I know of and work with have a separate net for the production lines ("robots"), no access from the "human use network", no access from or to the internet. Collected data is sent to a local server or cluster via secure messaging, and that single point then may or may not have a way to send relevant data further up the chain to a remote server or cluster, via VPN. Although the internet might be used for the VPN connection, not one single point is ever exposed directly.

      In addition to all of this, should an attacker ever make it into the local, machine-only network, reprogramming the robots would require the attacker to connect to the relevant PLCs - using the PLC manufacturer's proprietary tools - and actually know what they are doing. Unless they just want to thrash the system but make some subtle but destructive modifications, good luck making sense of the thousands of sensors and actuators with cryptic names that make up such a system. Maybe this wouldn't require state-level actors as parent wrote, but still a level of sophistication that is way beyond the common "infect computer, add to botnet"-attacker.

    2. Re:Not as stupid as it sounds by Rogue974 · · Score: 1

      You are making a big assumption here. I work in industrial Automation as well. I am a controls engineer sitting in a facility that has it's controls network secured behind a DMZ that's sole purpose is to keep the business network away because we have nasty stuff on site. We follow industry best practices as laid down by the vendor and ICS-Cert.

      With that said, we have other facilities in the same company that have the same policies as I do (policies come from corporate) in place and the local guy at 3 of those facilities keeps calling me because some engineer at the company says, this would be great, we can hook up this cell phone and our vendors can have access to their equipment to monitor it. He calls because he needs back up shooting down the engineer.

      I would hope that GM is smart enough to do this, but you should know that the vendors in the controls world and automation world haven't always built their systems with security in mind and many still aren't caught up yet. This very well could be the vendor slapped a WiFi node on the robots, hooked those to the business network and have no security. There are still thousands of PLCs that are controlling processes that are hooked directly to unsecured business networks and all you need is a laptop with the PLC software and you can log right in and mess with the code. Yes, they have to figure out what to mess with and what they are doing, but it isn't anywhere near impossible for someone who knows PLC code.

      I did a stint for a while as a Systems integrator and I now many places that don't think security of their controls network is an issue and they have their controls network connected to their business network or they only have 1 network for both. When we started talking about controls network security, the controls people started from the assumption that the business network has to be assumed to be compromised. IT people said, not possible our network is secure despite the fact we still on a weekly basis have people clicking on virus attachments and infecting the network.

      So what the parent and what you said are proper best practices and you would hope that GM would have followed them and that the vendor who sold them the robots would have offered a solution that was secure. In the last 3 months, I have had 2 vendors come in and offer the latest and greatest of their instrumentation that had WiFi built right into the equipment and their security was, it has encryption and a password. All fine and well, but now I have to worry about 0 day exploits on the specific WiFi protocol they put in their equipment and updating the WiFi protocols on thousands of pieces of equipment that can only go down once a year....Security nightmare waiting to happen.

    3. Re:Not as stupid as it sounds by worf_mo · · Score: 1

      You are making a big assumption here.

      You're probably right. It is true for example that older PLCs didn't even offer a possibility to require authentication before anyone could connect and modify the code. My post was mainly a reaction to the many comments that implied that industrial automation has the security mindset of the average household IoT device.

      At the international corporation I work for all production lines (for our own use) are planned, designed, assembled and programmed in-house; engineering designs the machine, construction assembles them, we develop the HMI, the business logic, and we program the PLCs. IT is extremely paranoid, as they should be. There is no outside vendor that can simply slap a WiFi node onto some robot.

    4. Re:Not as stupid as it sounds by Rogue974 · · Score: 1

      Unfortunately some industrial automation vendors and end users still do have the security mindset of the average IoT device. We are getting better as an industry, but some are still really scary!

      One of my co-workers about 5 months ago found a site where someone wrote the script to crawl around the web and look for PLCs and DCS systems and the like that were on the web with no restrictions. Some of them were probably honeypots set to trap people, but as little as 6 months ago, there were still thousands of system that were still connected to the internet!

      We didn't dig around to see what they were, but I saw in a tech journal about 2 years ago a controls guy saying he installed the Allen Bradley Logix software on his home PC and found their municipal waste water treatment Logix 5000 PLC right there. He called the people who ran the facility and told them and they blew him off so he logged into the PLC and added tags names, I_Llogged_into_your_PLC, I_did_this_Remotely, Your_systems_Can_be_hacked, etc. He then called them back and said he was already in their system and described what he saw and the tags. The blew him off again but he noticed about 10 minutes later, the PLC was no longer visible on the internet!

      It is scary how little some people take security in the controls world, but we are learning! Stuxnet scared a lot of controls people!

  15. Jesus, people... by Shoten · · Score: 1

    You know, it only seems to take one line in a Slashdot post, out of context, to drive people batty here. I'm seeing a long stream of posts that seem to believe that GM just took all of these robots and plugged them directly into a cablemodem without any firewalling or other security, making it effortless for some dork to simply go fuck with the production lines.

    Okay. So, there's "connected to the Internet" as in you have a connection to the Internet...like I am using to post this. I'm behind a firewall, with both ingress and egress filtering. But if I weren't connected, I wouldn't be able to send/receive email, I wouldn't be able to browse the web...you get the picture. I am connected, but it doesn't mean that people can just lay into my computer with wild abandon and hack me. Then there's "CONNECTED to tha' motherfucking INTERNET," without security, without security monitoring, etc. That's bad...and yes, if GM had done that then all kinds of bad things would happen because few automation systems are particularly robust from a security perspective. But that's not what GM has done. Connected securely or connected insecurely...both are actually a state of being 'connected to the Internet.'

    --

    For your security, this post has been encrypted with ROT-13, twice.
    1. Re:Jesus, people... by MrLogic17 · · Score: 1

      Even more so - this sounds like uploading historian data to an outsourced company for analysis.
      Uploading log files is a long way from internet controlled.

      Nuts, this kind of analysis should be done in-house on a real-time basis, if you're doing predictive fault analysis. Costs of down-time are too high to wait for actual failure.

    2. Re:Jesus, people... by Rogue974 · · Score: 1

      I posted this above, but you are assuming they are either a 1 way from the server or sending log files.

      I am a controls engineer so deal with this on a daily basis. Controls systems should be separate, there should be some kind of security, but the article doesn't specify. In the last 3 months, I have had 2 vendors show up that should understand security on controls networks but they are trying to sell me valves and instruments for my facility with WiFi built into it. Not only that, but you can actuate equipment and make modifications and in 1 case tunnel into the controls network right through the device.

      I would hope GM was smart enough to properly secure this and their vendor sold it with a secure option, but quite often, the vendor is clueless about security options and the local facilities are as well.

      IF GM did what they should, this is a non issue. If GM didn't, then this is insane. I have seen too many companies that should know better ignoring cyber security and the auto manufacturers ignore many cyber security issues in their vehicles, what are the odd they didn't get it right in their manufacturing facility?

  16. Doesn't GM know the Slashdot Rule? by Applehu+Akbar · · Score: 1

    It goes like this: any device you connect to the Internet will be hacked, no matter what security you apply to it and no matter how many levels of encryption. The problem is unsolvable, and any attempt at a solution brands you as a fool. The Internet of Things is even more evil than Apple or Uber.

  17. Industry of things 4.0 by stooo · · Score: 1

    Industry of things 4.0
    etc. etc. etc.....

    --
    aaaaaaa
    1. Re:Industry of things 4.0 by stooo · · Score: 3, Funny

      We must generate best-of-breed web-readiness to be able to scale ubiquitous e-commerce to utilize proactive systems to deliver frictionless deliverables for the innovate B2C web services.

      --
      aaaaaaa
    2. Re:Industry of things 4.0 by tehcyder · · Score: 1

      We must generate best-of-breed web-readiness to be able to scale ubiquitous e-commerce to utilize proactive systems to deliver frictionless deliverables for the innovate B2C web services.

      Only 9/10 as you failed to mention The Cloud.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    3. Re:Industry of things 4.0 by stooo · · Score: 1

      Nah ! The Cloud is Obsolete. Today, we use The Sun. At least in my location.

      --
      aaaaaaa
  18. Stop making up news.. by CptLoRes · · Score: 1

    Having a fire-walled server that collects one-way telemetry from the robots and transmit this to a cloud server, does no mean they are connected 'live' to the internet.

  19. How can they... by Zorpheus · · Score: 1

    Why would anything of this require an internet connection? You can do all of that over a local network.

    1. Re:How can they... by Bender+Unit+22 · · Score: 1

      This article sounds so last century.

    2. Re:How can they... by Zorpheus · · Score: 1

      Sounds to me like the time in the 2000s, when it became a fashion to put things "in the cloud". Fuzzy term for doing it online, which made everyone forget the risks again that are associated with that.

  20. Re:Lets wait until they have 30000 bricked robots. by gweihir · · Score: 1

    Actually, in the worst case-scenario, the robots damage their hardware as a result from changed safety-parameters and have to be completely replaced. Similar things have already happened with SCADA systems. "Bricked" is less severe, it just means that a direct, physical restoration of the original firmware has to be done before the robots can be used again.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  21. This will all end great. by Blig · · Score: 1

    30,000 factory robots connected to the internet they want? What could possibly go wrong!

  22. Re:Ooh, ooh by mezrac · · Score: 1

    They can unbolt themselves

  23. What can possibly go wrong? by QuietLagoon · · Score: 1

    ... General Motors has connected about a quarter of its 30,000 factory robots to the internet ... I mean, really, what can possibly go wrong in this scenario? Did GM at least have some common sense remaining to assure each robot has an off switch?

  24. To the Internet??? by Neuronwelder · · Score: 1

    Yea, uhuh.. This is going to end well. Why can't they just have a local network, with an IT crew. I guess they ran out of sanity.

  25. Youtube by slapout · · Score: 1

    Just wait until the robots discover cat videos

    --
    Coder's Stone: The programming language quick ref for iPad
  26. What could possibly go wrong by kilodelta · · Score: 1

    This is a car company - and since they don't think infosec is important in their connected vehicles what security will they implement for the robots? I can just see this going very wrong.