MiR logo

Evaluate cybersecurity

Assess the cybersecurity of your MiR system. See Evaluate cybersecurity.

  • Conduct a cybersecurity risk assessment.

  • Protect the robots from unauthorized access.

  • Manage users

  • Implement an auditing system

Cybersecurity in the context of MiR products means protecting IT (Information Technology) and OT (Operational Technology) assets from unauthorized access, use, disruption, modification, or destruction.

MiR robots communicate all data over the network that it is connected to. It is the responsibility of the commissioner to ensure that it is connected to a secure network. We recommend conducting a cybersecurity risk assessment before commissioning the robot.

To ensure the cybersecurity of your MiR product, see MiR Cybersecurity Guide. You can find this document on MiR Support Portal.

The goal of a risk assessment is to consider adverse events that could occur and to identify areas which may need additional protection.

Consider the following topics when conducting your cybersecurity risk assessment:

  • How can the system be accessed?

    • Is it connected to an open Wi-Fi network so that anyone can access it?

    • Is it connected to the same network as all other assets within the company so that all employees can access it?

    • Is it connected to a separate network segment together with other industrial equipment so that only certain employees can access it?

    • Is it connected to its own network segment, so that only select employees that are intended to operate the system can access it?

  • What could happen if an unauthorized party were to gain access to the system?

    • The scheduling and execution of missions could be interrupted.

    • Connection to the robot could be disrupted.

    • Robots could become infected with malware.

    • Robots could be operated remotely.

A MiR system is not intended to be operated on open and unsecured networks.

MiR highly recommends considered the following measures as a minimum:

  • Use segmented networks.

  • Use strict firewall rules to allow only authorized traffic between different network segments.

  • Protect against physical access to the facility where robots operate. Consider who has access to the robots and where they are stored.

  • Some older MiR robots have the capability of broadcasting their own Wi-Fi access points. These should be disabled after setup as part of the commissioning process.

  • Review user groups and permissions.

  • Create frequent backups of the system in a known good state, so that any potential data loss can be avoided.

See MiR Cybersecurity Guide for more information. You can find this guide on MiR Support Portal.

The following lists all the actions we recommend you take to increase the cybersecurity of your site. For an overview of all the cybersecurity features that are automatically applied or are features you choose to use, see Security.

Actions you should complete on MiR Fleet and the whole system:

  • Conduct a cybersecurity risk assessment and define regular security maintenance to ensure that your security is up-to-date—see Risk assessment guiding questions.
  • Check that your MiR Fleet installer is signed and verified before installing MiR Fleet—see Install MiR Fleet.
  • Use a Managed Service Account to run the MiR Fleet service—see User for MiR Fleet Windows Service.
  • Manage your users and passwords so all users have a unique password and only have the necessary permissions to complete their tasks—see Create users and roles.
  • Automated, continuous monitoring of the Audit logs can help detect anomalies during the operation of the MiR Fleet—see Monitor system.
  • When decommissioning, follow data disposal procedures for the disk of the robot computer and for the external MiR Fleet database—see Configure MiR Fleet.

Actions you should complete on each MiR robot —see Add robots for step-by-step instructions:

  • Disable the internal Wi-Fi access point in older robots so they do not broadcast a network connection that can be accessed by attackers.
  • Change the password for the access point device if you continue to use these while the robot is operating.
  • Update the access point device if you continue to use these while the robot is operating.
  • Restrict the unused functionalities on robots to close off potential communication interfaces attackers can access.
  • Protect the BIOS and open ports of your robot and server.

Risk assessment guiding questions

Before operating a MiR system, it is essential to conduct a cybersecurity risk assessment. Consider the following topics to ensure a secure system.

MiR system should not be operated on open and unsecured networks. Limit system access to authorized personnel only. Consider the following options:

  • Use segmented networks to separate the MiR system from other assets within the company.
  • Implement strict firewall rules to allow only authorized traffic between different network segments.
  • Protect against physical access to the facility where robots are operated and on the robot itself using port locks. Consider who has access to the robots and where they are stored.
  • Disable any Wi-Fi access points on older robots after setup as part of the commissioning process.
  • Review users and roles in MiR Fleet to ensure that only authorized personnel can access the MiR system.

Unauthorized access to the MiR system can cause significant damage. Consider the following potential risks:

  • Interruption of mission scheduling and execution.
  • Disruption of the robot's connection.
  • Infection of robots with malware.
  • Remote operation of robots by unauthorized parties.

To reduce the impact if your system is attacked, create frequent backups of the system in a known good state to avoid any potential data loss.

To reduce the risk of your system becoming outdated, create a regular maintenance schedule to check all security related configurations and settings. Part of the regular maintenance should also be to review if there are new standards, site modifications, or other changes that also needs to be added to the maintenance schedule.