Challenge 11.8

What is the problem, and how does it affect the Challenge Sponsor organisation, service users and/or People of Scotland?

Given the expansion of robotics applications in a wide range of sectors, and the potential for robotics solutions to form part of the future of public services, how do we make the adoption of robotics safe and cyber secure?

This Challenge aims to address the barriers to adoption by looking at two components:

• The technical component: new and novel cyber-security tools to address robotics and networked systems of increasingly autonomous agency, and -

• The design component: the lack of approaches to support operational capability that can respond to risks and threats associated with adopting robotics.

Robotics technology is advancing at a rapid rate. The public sector has begun to adopt robotics in some areas such as high precision surgical robotics and improving safety and efficiency in dispensing. However, by and large, the public sector isn’t yet embracing the opportunities that robotics can offer in cost reduction, efficiency, performance improvement and supporting current employees do less of the dull, dangerous or dirty tasks. More examples include:

• Robotic innovation is helping NHS Scotland to plug into better healthcare

• CAELUS project for NHS Grampian

Furthermore, public sector organisations tend to be uncertain about robotics. They’re unsure about how robotics can improve some public services, what is and is not an acceptable use of robotics, how to procure robots effectively and efficiently - and critically, how to ensure they are safe.

With the growth in connectivity and networking capabilities of robots comes increased vulnerabilities such as data breaches, unauthorised access and network attacks – all of which present significant threats. Robots are also prone to malware and cyber-attacks.

These attacks can result in a range of harms - data breaches, operational disruption, safety hazards, and physical harm. The risks and the extent of potential harms will only grow as robotics become increasingly integrated into critical sectors such as manufacturing, healthcare, logistics and defense, and there is a real risk that these problems will ‘creep’ into the supply chain if clear standards and security arrangements are not set and executed.

Robust security and privacy measures are crucial but there isn't a robotics-specific solution in the marketplace so this Challenge aims to explore the cyber security and information governance implications and requirements of robotics, focused on public sector requirements.

In short, we want the public sector and every citizen to reap the benefits robotics can provide and can do so in an environment in which frameworks and assurance processes help to ensure risks are minimised.

This Challenge is split into two components, and applicants may wish to respond to either one of the components, or both. If you apply for this Challenge, please be clear and explicit about what you are applying for. 

The Technical Component

Robotics presents novel challenge from a cyber security point of view. The nature of robotics mean they are fundamentally different to other software, hardware or IOT. Applicants should consider the following -

• ‘On-Robot’ security considerations

• How data is stored and used

• Consideration of networks of robots communicating with each other, independent of direct commands from humans

While there are some solutions available on the market that address IOT/ connected devices, robotics come with specific and sometimes novel challenges, and points of differentiation relating to, for example, autonomy, physical interaction with the world. To our knowledge there are no solutions on the market for those who are buying and/or developing robots.

The Design Component

The second aspect of this Challenge is much broader and potentially more difficult to address. This focuses on designing robotics.

Robotics lack maturity regarding ‘secure by design’ methodologies, risk assessment and assurance frameworks/certification processes that are applied in broader software development and computing.

This component will explore the development of a structured approach to this issue, and Applicants should consider the following -

• How we can ensure the procurement of robots can be risk-assessed to ensure a proportionate assurance response

• How a structured, actionable approach to assurance of robotic systems throughout their lifecycle can be developed, adapting ‘secure by design principles’ for the particular needs of robotics, from design and production to deployment and operation, leading to –

• Testing and verification methods to ensure integrity of individual robot platforms, multi robot solutions and widescale operation of multi robot systems; and -

• How multiple robots, both individually and as a group, can remain secure when they are operating via multiple networks

• Successful applicants on will have the opportunity to work on use-cases within the public sector.

How will we know the Challenge has been solved?

• Identification of common threats and vulnerabilities of robotics and autonomous systems in relation to cyber-attacks.

• A comprehensive security framework has been developed that includes secure design principles, risk assessment methodologies and incident response strategies for robotics developers.

• The framework should provide a structured, actionable approach to securing robotics systems throughout their life cycle, divided into two key phases: Design and Production and Operational Deployment. Each phase should include specific requirements and detailed guidance to address the unique risks associated with robotic components such as sensors, actuators, controllers, and communication interfaces

• The framework should be adaptable to various types of robotics systems and applications.

• We have widely recognised assurance frameworks and processes for procurement, deployment and management of robotic technologies

• Provision of tools, processes and methods by which public sector procurement and cyber security teams are able to clearly review and identify potential weaknesses within robotics and related systems and through this, build their capability to manage threats.

• Risk appetite for different applications is articulated and risks are actively managed.

Who are the end users likely to be?

• Public Sector Procurement/ Buyers

• Public Sector Cyber Security, Risk Assessment and Assurance

• The National Robotarium

• Robotics Industry

Has the Challenge Sponsor attempted to solve this problem before?

Despite research initiatives globally, development of standards internationally and a general willingness to ensure robotics is introduced responsibly there has not yet been a cohesive approach to ensuring cybersecurity for robotic systems.

Are there any interdependencies or blockers?

Any solution will need to consider the standards and requirements of the Public Sector procurement and assurance processes. The National Cyber Security and Resilience Division in the Scottish Government Digital Directorate, as well as partners within NHS National Services Scotland, will be able to support in aspects of this process.

Will a solution need to integrate with any existing systems / equipment?

The solution will have to be compatible with existing robotic operating system standards, wireless communications (wi-fi and 5G and others) as well as other connection and communication interfaces common on robotics platforms.

Is this part of an existing service?

This is not part of an existing service from The National Robotarium.

Any technologies or features the Challenge Sponsor wishes to explore or avoid?

We are open to a range of technology approaches to solve this Challenge. However, there is particular interest in the cyber security of multi-robot interconnected systems.

What is the commercial opportunity beyond a CivTech contract?

There is significant commercial potential for a solution which makes robotic systems resilient to cyber-attack. Both if it is a product onboarded to the system, and as a set of procedures and standards to which robotic systems must be tested and approved. These are not just limited to the public sector market, nor to Scotland or the UK.

Who are the stakeholders?

• CENSIS

• Department of Science, Innovation and Technology

• NCSC

• NHS CCoE

• British Standards Institute (BSI)

• National Manufacturing Institute for Scotland (NMIS)

• UKRI

Who’s in the Challenge Sponsor team?

• The National Robotarium (Primary Challenge Sponsor)

• Scottish Government – Directorate for Digital (Advisory to the Primary Challenge Sponsor)

We also expect a more informal involvement from NHS NSS in the team depending on the proposed solutions, and we are exploring a range of potential use-cases – some in the healthcare sector and some outwith.

What is the policy background to the Challenge?

Scotland’s Economic Strategy sets out our long-term objective of creating a fair, green, growing economy. One of the Strategy’s key objectives is to make Scotland’s businesses, industries, regions, communities and public services more productive and innovative .

Scotland’s National Innovation Strategy sets an ambitious plan to increase innovation levels across Scotland - creating jobs, accelerating economic growth and positioning Scotland as a global leader in emerging technologies. The Innovation Strategy is committed to improving and enhancing the role of Scotland’s public sector in driving and enabling innovation. By positioning the public sector as an anchor customer for innovation, we can foster collaboration to support growth in our priority areas. Harnessing the power of data and digital technologies - including AI and robotics – Scotland can transform public services, drive economic growth and deliver better societal outcomes.

However as we embrace new and emerging technologies, we must ensure they are safe and secure to use, particularly as criminals can seek to use cyber-attacks to identify and exploit vulnerabilities in systems, data and applications.  Cyber resilience should be seen as a critical enabler of our digital ambitions. This aligns with the vision of the Scottish Government’s Strategic Framework for a Cyber Resilient Scotland that “Scotland thrives by being a digitally secure and resilient nation”.

The Scottish Government’s 2025-26 Programme for Government has some key initiatives relating to robotics and AI -

• AI Scotland – a national transformation programme to unite academia, industry and government to advance the adoption of AI and robotics

• Technology council – aimed to advise ministers on emerging technologies.

• Robotics and Autonomous Systems cluster as part of the Innovation Strategy

• Within the UK Government, robotics has been explored through -

• UKRI funding for robotics and autonomous systems

• The National Robotarium welcomes UK Government's transformative £40 million robotics investment - The National Robotarium

• AI and Robotics strategy that emphasises automation in manufacturing, healthcare and transport.