First off @Khalid_Hersafril, you probably may want to establish clarity between safety and security. Simply put, safety is about making sure the robot doesn’t harm its environment or humans. Security (meaning cybersecurity) in the context of robotics is generally understood the other way around, aims to ensure the environment (and humans) don’t modify the behavior of the robot. You’re interested in the latter, I believe. Second, you should accept that there’s no absolute secure status for cyber-physical systems. This applies to any ROS 2-powered robot. Security is a process. It’s only a matter of time (and how motivated an attacker is) that flaws affecting your system are uncovered (if not already).
As some hint above, the first thing you’d do from a security perspective if you want to understand your robot’s cyber-resilience is to capture your threat landscape. That’s generally done by building a Robot Security Threat Model. Then, following from that, after you’ve implemented security measures, you typically conduct a Robot Penetration Testing exercise (or a red team one) to obtain an experimental measure of how susceptible your ROS 2 robots are to cyber attacks.
A few of us collaborated in the past and built some ROS 2-related open resources that might be helpful to you to get started. Besides the ones mentioned above, these could be helpful:
- Threat model case study: Pick & place with a ROS 2 manipulator (introductory, more graphical, easier to digest)
- ROS 2 Robotic Systems Threat Model
As a general recommendation, I’d encourage you to check SROS2 project and carefully consider your communication middleware’s security capabilities. Put those in practice when possible but don’t assume these security capabilities will provide any guarantees, as we demonstrated in the past. There’s plenty of flaws still affecting popular middleware implementations and crafting a package that brings down complete remote ROS 2 nodes is still possible today. A way to further mitigate these threats is to harden each one of your robotic systems (considering granularity, via ROS 2 enclaves and based on your resources) and to further tunnel your network communications using a VPN (besides using other security means provided by the communication middleware). I’m quite fond of wireguard these days and works very well with ROS 2.