New Practice for Securing Data Residing in Exoskeletons
1. Scope
1.1 This practice provides a recommended approach and a set of options for securing data-at-rest on both active and passive exoskeletons. Exoskeletons are not mobile devices, industrial control systems, nor Internet Of Things (IOT) devices, but they share some information technology characteristics with all of these. This practice does not cover the security of the transmission, communication, or any other type of movement of data, while still recognizing that these functions occur and could pose a risk to the data-at-rest. This practice is intended to assist the exoskeleton designers in choosing more secure designs and customers in implementing secure configurations of exoskeletons appropriate to their environment.
1.2 This is not intended to be the end all be all but a pointer to deeper technical guidance on this subject.
1.3 Safety, for this standard, includes privacy or personal data security, or physical harms potentially resulting from privacy or personal data breaches.
Keywords
cybersecurity; data-at-rest; exoskeleton
Rationale
Currently there is no guidance on what are the best practices to secure data-at-rest on both passive and active exoskeletons. Exoskeletons are not mobile devices, industrial control systems, nor Internet Of Things (IOT) devices, but they share some information technology characteristics with all of these. Data-at-rest on exoskeletons could be personal, biometric, sensor data, calibrations, HIPAA, control system data, GPS (geo relevant vs local positioning), applications, executables, eprom/firmware, and other types.
