Periodic Reporting for period 2 - RESPECT (Secure and Privacy-preserving Indoor Robotics for Healthcare Environments)
Période du rapport: 2023-05-01 au 2024-04-30
The growing range of security threats and requirements has recently forced organizations from all over the world to intensify their investments in new safety solutions. Besides, regulations are also in favour of a growing need for guidelines and resilient commercial products. Nevertheless, cybersecurity is one of the most constrained sectors in the labour market, both worldwide and at the European level
The RESPECT project objective is to create a sustainable European and inter-sectoral network of organisations working on a joint research programme aiming to design and develop concrete defense strategies to ensure secure, safe, resilient and privacy-preserving operation of indoor mobile robotics solutions for logistic applications in healthcare environments. Safety ensures that the robots will not harm patients while security ensures that the robots and their embedded software may not be attacked. A resilient medical robotic system is a system that can adapt to significant changes in the environment. Privacy-preservation ensures the protection of patients and users medical and personal data.
Specifically the main research objectives of the project are: (i) Explore and identify system-specific both cyber and physical weaknesses posing security, privacy, and safety threats, in autonomous mobile robots operating in a healthcare environment; (ii) Analyse surfaced vulnerability issues in conjunction with projected threats and propose defence measures and mitigation strategies towards safeguarding mobile robots operation. (iii) Define and standardize a minimal set of vulnerability testing procedures and guidelines leveraging and extending the Robot Security Framework, that ensures safe and autonomous robotic fleet management in a “safety-critical setting.
The project is implemented through staff exchanges among different organizations with complementary expertise in cybersecurity, healthcare, cloud computing and robotics from 5 countries across EU promoting transfer of knowledge between industry and academia.
The consortium finalized the attack framework, and implemented the individual attacks, including those targeting the robotic architecture, the vulnerabilities of 3rd party components, and the cloud-based applications. In a second phase, the consortium finalized the defenses to the aforementioned attacks: the set of mitigations explored ranges from system-level countermeasures to protections of more high-level components, which are essential to robotic systems of the health domain. Then, we have provided recommendations formalizing the lessons learned within the context of the RESPECT action activities. We have addressed a new standard from the International Electrotechnical Commission (IEC) to address the specific performance and safety characteristics of robotically assisted equipment. We have then given more broader guidelines and recommendations in healthcare robotics to ensure patient safety, data security, and the overall effectiveness of these technologies.
Transfer of knowledge were ensured though regular workshops as well as the final dissemination event. The work performed was published and presented in several top-notch scientific conferences. Finally, a potential exploitation plan was elaborated for the consortium as whole and for each participating organization.
The consortium pushed forward the development and implementation of hardening solutions to protect and safeguard robotics operation in healthcare environments. The defense solutions cover all robotics aspects, ranging from software to hardware, including robotic architecture and components, the vulnerabilities of 3rd party components, and the cloud-based applications. Our defense solutions not only ensure safe and secure robot operation but protect as well patient sensitive data and ensure their privacy when exchanged through robotic devices and cloud infrastructure.