Many medical centres are starting to rapidly use robots in the fight against COVID-19 for disinfection tasks, because of their effectiveness and their ability to solve the problem satisfactorily and with improved safety for healthcare professionals. Namely, Ultraviolet (UV) disinfection robots which damage DNA and sterilizes surfaces.
This technology can affect humans causing suntan, sunburn or even a reportedly increased risk of skin cancer, among others. The robots being used for these tasks are reportedly insecure and have too many unpatched security vulnerabilities.
Image from UVD robots
In Alias Robotics we have developed a solution that allows end-users to ensure their robots operate securely and safely: the Robotic Endpoint Protection Platform, Robot Immune System (RIS) Which could be configured, among others, for a well known and commercial and European robotics disinfection platform, UVD Robots, for its cyber-secure operation.
Why address it in the COVID-19 crisis
COVID-19 lasts extremely long on surfaces, with variable times of viral particle viability depending on material and environmental variables, according to latest research. Constant disinfection and hygienization of health-care environments is a must in the fight against the pandemic.
However, health-care environments are running low on protective materials and workers are constantly exposed to high amounts of viral particles. Indeed, a high proportion of health-care professionals and hospital workers are now infected in Spain and Italy, where the outbreak was more severe. In particular, hospital cleaners are a subgroup of non-clinical specialists that are in charge of cleaning and sanitizing hospital spaces, now greatly exposed to the virus, which do not always have the extended preparation to cope with infectious diseases.
To tackle this problem, several countries have successfully reinforced human based hospital space hygienization using robots for disinfection, such as the UVD Robot, Ultraviolet (UV) emitting robots, successfully used in Wuhan (China) to fight COVID-19. The danish vendor UVD robot, part of Blue Ocean robotics, has now announced partnership with the Spanish ministry of Health-care (Ministerio de Sanidad) to deploy a number of robots in the coming weeks.
Image from UVD robots
About the UVD robot
The UVD Robot makes use a high electromagnetic radiation with wavelengths from of 354nm that irreversibly damage nucleic acids and sterilizes surfaces and aerosols of different pathogens. Several studies have validated the use of UV to fight single stranded RNA Corona-viruses such as SARS, and now evidence that proves it against COVID-19 is rapidly arising. However, UV can also cause serious damages to humans. Particularly, sunburn or increased risk of skin cancer, among others. So a secure use of UV is very much required.
Most hospitals and health-care organizations are currently experiencing several attempts of cyber security breaches amid the pandemic context. Malicious hackers are now using the occasion to capture hospitals and devices therein with targeted malware, such as ransomware. Security concerns on health-care have been major ever since the Wannacry attack to the NHS (UK). This aspect is particularly relevant when it comes to robotics as demonstrated repeatedly by our group over past studies (refer to Alias Robotics open research on the robot insecurity). Cases of cyber-attacks have skyrocketed in the COVID-19 crisis.
Security is at the bottom of the priorities of (most) robot manufacturers, exposing robots to attacks and making them easy targets. In the case of disinfection robots, the consequences can be relevant to human health and should thereby be cyber-secured with a high priority. For this use case, the UVD Robot (which builds on top of the MiR-100 platform) have several reported and unpatched critical security vulnerabilities which allow an arbitrary attacker to penetrate the robot controller, access its internal networks (from where it could control the UV radiation) and even disable safety mechanisms enabling collisions that may cause hazards (refer to "Case study: Remote attack to disable MiR100 safety", restricted access).
Secure COVID disinfection
Alias Robotics is here to help and to protect people from those insecure robots that are moving around our hospitals completing disinfection tasks.
RIS, our solution, stands for Robot Immune System, and is a unique bio inspired Robotic Endpoint Protection Platform (REPP) solution for robots. At its core, it is an integrated suite of endpoint protection technologies —including a next-gen anti-virus, hardening for known flaws, data encryption, intrusion prevention mechanisms, data loss prevention, etc.— that detects, prevents, stops and informs on a variety of threats that affect the robotic system. RIS is a software that gets deployed directly into the robot. It has been designed with a modular architecture which facilitates its integration in a variety of robotic platforms.
It is formed by 5 distinct security modules:
1| Firewall: inspired by the human skin, provides robots with an intelligent and self-configuring firewall that adapts to usual communications of the robots within a training phase.
2| Hardening: inspired by human innate immunity, provides generic security primitives and protects against an array of well-known cyber-attacks.
3| Data logging: our immunological memory reflecting exposure to antigens. Holds data on previous actions and operation performed by the robot, and thus contributes to accountability, explainability and forensic capabilities upon breaches or malfunctions.
4| AI: (inspired by our adaptive immune system), we provide the robots with an array of lightweight intrusion detection and anomaly detection algorithms, to further examine incoming traffic and robot device operations. We use several machine learning techniques, including the use of several algorithms in the field of Artificial Immune Systems.
5| Visualization and User Interface: provides full visibility of RIS operation to the user.
RIS is currently deployed in an array of industrial and professional robots and accumulates relevant prior experiences in health-care. More specifically, RIS is built upon past security threat models in similar scenarios where together with health-care professionals. Our team of roboticists and security experts have captured different use cases and produced threat models to steer the security measures implemented (see more on threat modeling).
The added value
Most robot deployments are currently underestimating cyber security aspects. Robotization has to take place with warrants of safe robot operation, moreover in a context where robots are helping us combat the pandemic. The health-care robotics industry will benefit from an improved security position. It is recurrently observed that robot trustworthiness is evaluated on the basis of very first experiences in their use, so mistakes, malfunctions and third party interferences need to be mitigated.
The most relevant impact of our proposed solution is to empower securely and coherently, safe use of robots for automatic disinfection of health-care environments. Our proposal tackles COVID-19 crisis and supports professionals directly dealing with the pandemic, in the context of a growing amount of cyber threats to hospitals.
In robotics, safety is understood as protecting the environment from a given robot action, whereas security is about protecting the robot from a given environment. More and more studies are acknowledging that in robotics, there is not one without the other.
Acknowledgements
Robot Immune System (RIS) is the resulting work of more than two years of research and development funded by the Basque Government and the European Union, among others. Led by a cellular biologist, our team which includes scientists, roboticists, security researchers and software engineers brought immunological concepts to an advanced software system that detects, protects and prevents robots against malicious attacks.
During this time, RIS has been the subject of interest in various innovation and R&D programs, some of them have contributed by financing part of the technical development of RIS in its initial stages and have made possible reaching the maturity level today.