Warehousing, IoT Robotics and Dangerous Goods
Security and Fire Safety Perspectives
by: Zachariah Reisch and Christopher Koch
The continued rise of E-commerce, spurred on at least in part by COVID-19 lockdowns, is set to drive another record year of industrial property development - primarily storage warehouses and production facilities. Much of this expansion is being built upon machines: Internet of Things (IoT) enabled robotics that are manufacturing both general and specialised goods in unprecedented quantities. These robotics are also increasingly interacting with Dangerous Goods, a category of materials requiring special storage and transportation considerations. This article will cover considerations for security and fire safety arising from increased industrial and warehouse development, as well as the IoT and Dangerous Goods concerns wrapped up in this sector.
Security and Safety Considerations
Driven by efficiency and better inventory management systems, many warehouses are now being automated at various levels ranging from conveyor systems to automated retrieval services and more. An article by Dempsy and Lee (2021) published in the Financial Times highlights that robotic automation is being pressed into service to counter the labour shortage many countries are experiencing due to the COVID-19 pandemic.
Automation and robotics have been utilised in the industrial production facilities for decades - however only in recent times have they integrated IoT robotics at such a scale. IoT-enabled robotics come with their own set of concerns that have sparked a global discussion on an emergent field of 'cyber-physical' threats which will only continue to grow as time goes on, with industrial developments at the forefront of these technologies.
What kind of concerns affect the use of IoT robotics in warehouses and industrial contexts, then?
- IoT enabled devices, systems, networks and robots are inherently vulnerable to interference by malicious or untrained parties. This vulnerability is as a result of the interconnectivity of these systems with broader networks (robotics ↔ internal network ↔ external networks).
- The constant need for updated information and parameters of action in these robotics (current storage capacities, patches, additions in capability etc.) means that there is a multiplicity of opportunities to embed malicious implants in their software.
Detection of such implants is an arduous and time-consuming process, especially when these may easily be mistaken for bugs or glitches.
- A robot's deviation from intended course on a single occasion may be caused by anything from a minor malfunction or circumstantial pathing change to hostile reconnaissance and action. These deviations themselves also often go undetected.
- Deviations may be written off as 'one-offs' or simply incidental - especially when human-robotic coexistence in the same working space can throw robotic sensors off temporarily in any number of ways.
- Further, the average worker would have little care for the comings and goings or actions of robotic systems, beyond ensuring workflows don't clash.
The close manual monitoring of these systems is an effective (if time-consuming and inconvenient) solution to these concerns. Strong cyber protections and on-hand specialist staff are usually employed, however these barriers can often be bypassed or overwhelmed if met with a well-resourced and persistent opponent. Additionally, internal threats and vulnerabilities may exist to invalidate these measures.
Given the existence of these concerns, it is easy to understand why such issues would be compounded in the presences of Dangerous Goods. Dangerous Goods include materials such as flammable liquids, corrosive chemicals, flammable gases, asbestos, and explosives - among others. Hazardous Substances also exist as similar but definitionally unique goods, and present similar issues. Theft, destruction or other kinds of utilisation of such goods through use of IoT-enabled robotics is an underappreciated concern for warehouse and industrial organisations.
Without sufficient multistage countermeasures for this issue, it is simple to see how motivated parties could utilise industrial and warehouse robotics to steal, cause harm or otherwise disrupt these operations and put life at risk. Underdeveloped protections hope that the particular warehouse or industrial business won't be affected are short-sighted, as integration of automation in this industry and others continues to expand and draw malicious attention. A comprehensive Security Risk Assessment would capture the various cyber as well as crime and terrorism related risks and formulate a risk control plan that evolves along with future operations. Available controls to remedy this situation include, but are not limited to:
- Strong, frequently updated firewall systems for organisational intranet; housing the controls for robotics behind organisational firewalls is an effective way to repel many attempts at gaining access by malicious parties.
- Use of AI-based tools to mine data from robot control systems, sensors and communications hardware in order to detect anomalies and security breaches.
- Use of usernames and passwords, two-factor authentication, encryption, and other authentication measures to ensure as many layers of security as possible without becoming cumbersome to operate.
- Separation of robotic and human workers where possible.
- Monitoring the actions of robotics and their processes - both passively through programs and actively with regular in-depth searches and manual human investigation.
- On-site professionals to resolve any incursions that occur.
- Investigation into any unexpected or atypical behaviour on the part of robotic systems.
- Awareness of general staff and management of the kinds of threats posed.
- Use of trained staff to manage Dangerous Goods and Hazardous Substances where possible, instead of robots; oversight for when automation is necessary.
- Adequate monitoring of staff activity and vetting of new staff; depending on the degree of risk involved with operations, periodic re-vetting of existing staff may be appropriate.
- Regular appraisals of automated work to ensure correct action.
- Proper emergency procedures and chain of command, as well as training of staff for this.
It should also be noted that effective security system design considerations used to combat traditional criminal threats at these sites can also be adapted to assist the above controls. For example, access control measures control human movement as well as robotic movement, and prevent unauthorised tampering with machines from within and without. Similarly, video surveillance allows standard evidentiary and monitoring capacity for unauthorised human intrusion - functions which map seamlessly to robotics management.
Taking a macro approach as well, broader risk control plans for robotics management can and should be developed alongside traditional risk control plans for the site, ensuring that management of any risks or threats is streamlined and uniform. Maximising the interoperability of security measures between traditional and emerging uses (IoT and robotics management, in this case) reduces costs and over-securitisation, increases flexibility and streamlines security management overall.
The set of concerns for industrial contexts are related but distinct from warehouse contexts. These robotic systems are often similarly vulnerable, as they are regularly generic models produced by mass-manufacturers to keep costs low. This means they have a shared set of vulnerabilities that are far simpler to exploit than custom-built robotics. Mal-action in these robotics can possibly have more impactful consequences, especially when they are operating in the same environment as people.
Specialised robots designed for a variety of jobs can be repurposed by bad actors to inflict a variety of injuries to people, such as crushing, cutting, impalement or burning. Some may even be used to start fires or cause structural damage. However, the damage these robotics are capable of is not limited just to immediate injury, as the products they produce may be faulty and life-threatening as a result - for example faulty car brake parts or medical supplies. Any of these concerns will almost certainly imply a threat to life safety in addition to some kind of monetary damage and time setback.
The main practice for noticing such an intrusion is regular, scheduled quality assurance testing that ensures products are being produced correctly - this is in addition to some instances of cyber measures that are designed to notice the change.
While many industrial locations are expert testers with a frequent and reliable testing schedule, many are not as thorough and may also have lacking cyber infrastructure - this is a perfect target for intrusion. The scope of this problem also has the potential to rapidly spread, particularly in relation to faulty products. Due to the specialised nature of many industrial production lines that utilise robotics, reliance on outside parts to be included in manufacturing is highly likely.
This means that even a secure and regularly-tested organisation can still fall prey to faulty parts from another, less secure supplier - and it is possible that organisations will test the parts of their suppliers less frequently than their own productions, as the former is assumed to have already been tested.
Given the presence of Dangerous Goods in these environments, as well as their broader risk in general travel and storage, it is appropriate to identify general Dangerous Goods controls to include, as well as recommendations for safer storage and transport. Some ~30% of global shipping incidents occur as a result of Dangerous Goods, as well as ~15% of fatalities in shipping operations (Top Four Dangerous Shipping Statistics, 2017).
There is also growing concern about increased Dangerous Goods incident levels in rail transportation, and cargoes such as Lithium Ion batteries and paints are an ever-present risk for aerial deliveries. While existing controls such as CO2 pumping are often capable of managing events and preventing fatalities, incidents such as Asiana Cargo flight OZ991 are reminders that management of emergencies is not always possible, so prevention is a much more favourable solution.
As an attempt to manage risk and prevent incidents, many models have been generated that try to identify and categorise risk such as the '24 Model'. The 24 Model (pictured below) is a qualitative, systematic framework for exploring the behaviours and chains of causation that lead to accidents.
This model views the accident in a 'social' lighting in which each component piece of context 'talks' to each other, and where no one individual piece of information is the sole cause. For instance, the direct cause of an incident may be incompetence by a particular worker, but this particular piece of the context is intrinsically connected to material factors (e.g. unsafe material conditions, poor storage etc.) and organisational factors (e.g. lack of safety culture and appropriate oversight).
Figure 1. The 24 Model
In addition to these types of frameworks, most governments and industry bodies offer advice for concerns like the storage and handling of Dangerous Goods. This includes, but is not limited to:
- Risk-Managed approaches.
- Employer and Employee Obligations.
- Cleaning, Maintenance and Inspections.
- Information and Signage.
- Appropriate Space Design and Management.
- Robustness of Site Security.
- Internal and External Incident Reporting and Follow-Up.
- Access and Egress Guidelines.
- Segregation and Separation of Goods.
- Loading and Unloading Procedures.
- Stable Control Conditions, and more.
If the storage and transportation of Dangerous Goods continues to cause issues in entirely human-managed contexts, then how are operators supposed to approach the issue of risk-managing IoT interactivity in the process? After all, clearly identified above are several issues caused by the introduction of IoT robotics in these spaces.
While they do come with their own concerns, if we take another look at the 24 Model, we can see that they also alleviate some fault lines: for example, Safety Culture becomes a matter of programming. While this isn't necessarily 'set-and-forget' and will require oversight, ensuring robots perform their function according to safety guidelines is far more feasible than with human workers. Robotics will also be exempt from some of the safety concerns faced by people. Similarly, the Safety Management System itself will be far simpler to operate, update and oversee than the monitoring of people - a safety manager can oversee the code of robotic systems far more easily than every individual action of their human staff.
This also directly addresses the Human Errors in Sections C and B of the model, functionally cutting these concerns out alongside regular testing and appropriate fail-safes. This results in the model becoming primarily concerned with External Factors and any Unsafe Material Conditions, simplifying the model considerably and heavily restricting causes that can lead to incidents. While this doesn't take into account the previously acknowledged risks of incorporating IoT robotics into the process, it does provide a potential alternative to the current human-based model which has the potential to become far more effective and safer if properly implemented.
Following recommendations from governments and industry bodies along with adapting and utilising relevant frameworks is a reliable way to identify and manage potential risks in the transport and storage of Dangerous Goods. However, if companies are to push the envelope and achieve what is possible in the space, further exploration of effective IoT implementation is required. As the 24 Model shows, this issue is complicated due to the interconnectedness of its nature where a single poor step can cause a large issue. By reducing the field of concern for incidents through the use of IoT robotics, there exists the potential to improve both efficiency and risk management with future handling of both Dangerous Goods and regular products.
Fire Safety Considerations
Driven by efficiency and better inventory management systems, many warehouses are now being automated at various levels ranging from conveyor systems right through to automated retrieval services. The conveyor belts and the battery systems utilised within the automated retrieval systems have their respective fire safety concerns. The former being potentially highly flammable conveyors and the latter relying heavily on large quantities of fragile Lithium-Ion Batteries.
When considering Performance Solutions for warehouses storing or manufacturing goods, it is important to understand what is being stored or manufactured, their respective quantities, and how these factors could impact on the proposed building design.
While a building can be constructed in accordance with all Building Code of Australia (BCA) Deemed-to-Satisfy (DtS) provisions, the presence of such materials can negatively impact on occupant life safety, fire spread and fire brigade intervention. This can result in a building that has a higher risk profile than that considered acceptable under BCA DtS provisions even through all prescriptive requirements of the BCA have been followed.
Storage of dangerous goods and large quantities of combustible are captured under two (2) main sections of the BCA:
- Storage quantities are regulated based on the provisions for Occupancies of Excessive Hazard under BCA Clause E1.5; and
- Dangerous Goods are loosely considered under the catch all 'Provisions for Special Hazards'.
One (1) major consideration for any warehouse with storage is the requirements for sprinkler protection which can add significant capital cost to the building construction. BCA Clause E1.5 outlines the requirements for different occupancy types, including occupancies of excessive hazard which is applicable to buildings with a fire compartment greater than either of the following:
- A floor area of more than 2,000 m² ; or
- A volume of more than 12,000 m³.
An occupancy of excessive hazard is defined based on the storage height and volume of combustible goods as per the below extract from the BCA:
"Combustible goods" with an aggregate volume exceeding 1000 m³ and stored to a height greater than 4 m including the following:
- Aerosol packs with flammable contents.
- Carpets and clothing.
- Electrical appliances.
- Combustible compressed fibreboards (low and high density) and plywoods.
- Combustible cartons, irrespective of content.
- Esparto and other fibrous combustible material.
- Furniture including timber, cane and composite, where foamed rubber or plastics are incorporated.
- Paper storage (all forms of new or waste) e.g. bales, sheet, horizontal or vertical rolls, waxed coated or processed.
- Textiles raw and finished, e.g., rolled cloth, clothing and Manchester.
- Timber storage including sheets, planks, boards, joists and cut sizes.
- Vinyl, plastic, foamed plastic, rubber and other combustible sheets, offcuts and random pieces and rolled material storage, e.g. carpet, tar paper, linoleum, wood veneer and foam mattresses.
- All materials having wrappings or preformed containers of foamed plastics.
It is noted that the above list from Note 4 includes combustible cartons, irrespective of content and all materials having wrappings. Based on this, it can be considered that any and all storage over a height of 4 m and 1,000 m3 could likely trigger the requirements of an occupancy of excessive hazard based on the use of wooden pallets and shrink wrap that it employed when storing products.
A reliance on management plans to keep storage below these thresholds is a difficult situation to maintain as a growing need for storage is realised. It also becomes increasingly difficult to implement a policy whereby goods are separated into combustible and non-combustible materials based on height above the ground (i.e. combustible materials stored below 4 m and non-combustible materials stored over 4 m). These measures rely heavily on staff to follow implementation commitments made by building owners or operators.
In cases where there are many levels of management, these commitments can become watered-down by the time they reach the staff who are managing the storage areas on a daily basis. Additionally, reliance is placed on the owner or upper management's composition remaining unchanged. If the building is sold or its management changes, instantiated management-in-use policies are likely to deteriorate rapidly - and the fire strategy along with them. Thus, it is important that a fire strategy does not place too much reliance on occupants to follow a management-in-use policy, especially when it can hinder or limit their ability to complete a job quickly.
In addition to the above, the BCA attempts to capture all non-standard hazards under two (2) Clauses for 'Special Hazards', E1.10 and E2.3. This term is often used to describe any substance or material that is considered dangerous but is not specifically regulated or captured under the Deemed-to-Satisfy conditions of the BCA. These can include materials that are considered to be Dangerous Goods under AS 1940 (i.e. Combustible or flammable liquids) or emerging technologies that utilise materials that can contribute to a fire (i.e. Lithium Ion Batteries).
It is noted that the BCA does not specifically call up AS 1940 in Schedule 4 - Referenced Documents and relies on Clause E1.10 and E2.3 to capture this requirement. While it is important to review the stored goods against the prescriptive requirements of AS 1940 it is important to note that these requirements often do not take into consideration the nature of the building. In many cases the prescriptive requirements of AS 1940 can be especially onerous on certain building or storage types, while being relatively relaxed on others.
One such example relates to the requirements of distillery operations. AS 1940 does not distinguish the level of requirements based on the size of the operation and instead provided a blanket set of provisions for all such installations. In the case of a small batch process, such requirements could result in a significantly over-designed building that is impractical to operate - while a large installation may not be provided with sufficient measures to mitigate a large-scale event.
On the other hand, AS 1940 is often silent where it pertains to Lithium-Ion batteries, unless they are being transported; however, installations in buildings are not captured by the standard. Thus, it is important to realise and consider the impact that such materials can have on a building through the application of Fire Engineering Principles. This can be applied to a performance-based building (or a BCA DtS building containing dangerous goods) to review and consider how these materials can impact on occupant life safety and fire brigade intervention. This can include (but is not limited to) the potential increase in fire growth and the potential harmful gases that can be released during a fire.
Considering this, buildings that contain dangerous goods or materials that are not addressed by the BCA should not only be considered against the prescriptive requirements of AS 1940 by a Dangerous Goods Consultant, but also reviewed using fire engineering principles against BCA Clause E1.10 and E2.3. This should be based on designing the fire systems around the hazard to assist evacuating occupants and fire brigade personnel attending the site.
Industrial warehouses and production facilities are currently distinguishing themselves in the development space, largely driven by changes brought about by COVID-19. These changes have highlighted and emphasised the concerns of these developments, but the considerations explored here existed before the pandemic and will continue to exist beyond it. Much rhetoric from governments and organisations has been tilted towards "returning to normal", however it is apparent that the integration of robotics, dangerous goods and warehousing is very much here to stay
The recommendations offered here are inexhaustive - for example, not offering guidance on particular products to fill the requirements set out here. It is our hope that the concerns raised here will spur the owners and operators of these facilities to re-analyse their risk mitigation measures and consider alternative threats they may not have given appropriate time to previously. The industry has already shown us its direction - now it's up to us to take the next steps and ensure we mitigate the evolving risks of the space as effectively as we can.
Ellis, J., 2011. Analysis of accidents and incidents occurring during transport of packaged dangerous goods by sea. Safety Science, 49(8-9), pp.1231-1237.
Port Technology International. 2017. Top Four Dangerous Shipping Statistics. [online] Available at:
https://www.porttechnology.org/news/top_four_dangerous_shipping_statistics/ [Accessed 13 August 2021].
Dempsy, H. and Lee, D. 2021. Robots replace humans as labour shortages bite. Financial Times [online] Available at: https://www.ft.com/content/34b831a5-f6d9-4438-924d-b2999a714663 [Accessed 24 September 2021].