Setting up network with industrial robots

In ROS, industrial robots are often connected to the PC running ROS (ROS PC) using so called motion servers. These are programs written in the OEM specific programming language that are running on the indutrial robot controller and enable receiving target values (typically axis positions) from and sending actual values as well as the robot status to the ROS robot driver running on the ROS PC. The interface used for this communication differs from one robot OEM to another. As of now robot OEMs do not provide interfaces that enable encryption or authentication methods for these interfaces and no such measures can be added to the motion server programs running on the robot controllers. Therefore, it is possible for intruders to attack the communication interface between ROS robot driver and the motion server program running on the robot controller.

To minimize the risk of this potential attack vector on the interface between the ROS PC and the industrial robot controller the network needs to be setup correctly. The connection between the ROS PC and the industrial robot controller needs to be isolated from other networks. This can for example be done by using a ROS PC with two physical network adapters which connect to two different networks. One adapter should be connected to the industrial robot controller (Net2 adapter), the other adapter can be connected to a router of a local network (Net1 adapter). Net1 and Net2 adapters have to be configured with different subnet address ranges. Forwarding between the two networks should be avoided.

Network configuration example: