Securing Confidences

Securing and validating critical vision data

• By John Stamos
• Nov 01, 2016

Manufacturing companies are placing increasing emphasis on data security throughout their operations to protect confidential data and to validate their systems are protected against unauthorized and unwanted changes. The critical role that vision plays in many manufacturing processes makes it essential that system security be improved for vision applications. A new generation of vision-specific security tools offers improvements in access control, change tracking, auditing and general network security to help ensure the integrity of vision applications while at the same time protecting data confidentiality.

Vision System Security Concerns

A few decades ago, when production systems were primarily analog, they were often completely isolated from outside access. Since that time, plant operations have migrated to PC-based controls and monitoring with graphical human machine interfaces (HMIs) to graphically depict facility processes in real time. The personal computers that these systems run on as well as the programmable logic controllers (PLCs) used to execute many industrial processes are now usually connected to the larger corporate network in order to provide management reporting of production systems and communicate product data and information.

Vision systems often store or generate sensitive information such as product tolerances, inspection recipes and quality control data. A particular concern involves the transfer of serialized data in the pharmaceutical industry. Various international traceability and serialization initiatives are being implemented to protect billion dollar drugs from counterfeiting. The validation of the program is dependent on the integrity of this serialized information which is managed and verified throughout the supply chain by vision systems.

Another critical concern is unauthorized changes made internally to bypass inspections as well as unauthorized changes that may seem innocuous but are actually detrimental to the quality or integrity of the product. The danger is particularly great for regulated industries such as pharmaceuticals and medical devices where a failure of the manufacturing process could possibly lead to a customer injury.

Vision System Vulnerabilities

Like many other nodes of factory networks, traditional vision systems provide little protection against unauthorized access. Communications between vision systems and other devices traditionally occurs without encryption which could leave data vulnerable to intended or unintended subversive action. Vision systems have long offered password protection but user access has been administered locally which makes it very cumbersome to administer security parameters and creates the risk that user access information will become outdated which can create vulnerabilities. For example, previously Cognex In-Sight vision systems could be configured with one of three access settings.

Like other smart camera designs, administration occurred locally: administrators were required to log into each vision system from the In-Sight Explorer programming software to modify user credentials and privileges. These settings were not readily transferrable: user lists were unique to each In-Sight vision system. The result was that systems administrators often did not have the time to maintain good security practices, especially on larger vision installations which sometimes include thousands of devices. Furthermore, it was normally not possible to maintain an audit trail of access to the devices which in turn made it difficult to detect intruders.

Securing Vision Systems from Unauthorized Access

In today’s networked world, vision systems need to provide much higher levels of data security in order to secure critical manufacturing and quality control recipes and settings against tampering. Cognex has addressed these challenges with several products that substantially increase the level of data security of critical vision information. One of the key requirements is controlling who is accessing the system and what type of changes they are allowed to make. Cognex Directory Server (CDS) provides authentication and access rights from a central server including secure centralized control for all username and password settings network-wide and customized per-user permissions for job parameters, In-sight camera settings and In-Sight Explorer functions.

With the Cognex centrally managed smart camera architecture, privileges are configured remotely through the browserbased Cognex Directory Management Utility. For companies with large installed bases of In-Sight systems on the plant floor, the ability to update user information and access privileges remotely, offline, and in aggregate, without having to log into the individual smart cameras to configure this information, reduces downtime and increases administrative management efficiency.

From the Management Utility, CDS server administrators can add users and assign a multitude of permission levels, ranging from full programming access, to access to a single command embedded in the HMI graphical user interface, to readonly access. Administrators can group CDS-enabled In-Sight vision systems and assign users permissions based on these groups. This makes it easy to effectively manage, control and update access to In-Sight vision systems according to production line or section of a production floor.

Each time a user attempts to access an In-Sight vision system, the In-Sight vision system encrypts the username and password and queries them to the server ensuring that login information is verified to current information. Once the vision system verifies the user login information, the set of privileges associated with the user accessing the In-Sight vision system are queried from the server to the In-Sight vision system and to In-Sight Explorer before the user is allowed to perform any action.

Incorporating such an advanced level of security in the smart camera architecture is particularly beneficial for companies in regulated industries such as pharmaceutical and medical device. In conjunction with In-Sight vision systems’ built-in audit messaging capability, CDS makes it possible implement a more stringent interpretation of the FDA’s 21CFR Part 11 code of federal guidelines. CDS also offers a deeper level of eSignature security for companies following the GAMP5 approach to specification and verification of a validated system.

Confirming Process Specifications

Even when user access is controlled, the potential still exists for a user to make a change that will have an adverse impact on the performance of the system. Cognex TestRun addresses this challenge through its ability to be configured to run a series of tests to ensure that the vision system has not been tampered with and is operating according to process specifications. TestRun compares the current settings with the expected settings and flags anything that’s different. The next layer uses a database of stored images, often called a challenge set, to confirm that the current settings will correctly accept good parts and reject bad parts. Test cases can verify that the part is accepted with the right measurement tolerances or rejected for the right reason. TestRun can also incorporate tests that verify the physical environment to detect if the camera has been bumped and is out of position, if the lens is out of focus or if there’s a problem with the lighting.

Maintaining an Audit Trail

The Cognex Audit Message service application runs on a PC and tracks significant events on the camera. When the audit messaging is enabled, cameras send XML formatted messages to the audit messaging service whenever a user logs in, changes a job, puts the camera online or offline and changes a parameter. These messages can then be archived. If for some reason, the Audit Message service is down, the camera will buffer up to 1000 events on the camera, and then transmit them after the connection to the server is restored. In addition to logging camera events, the Audit Message service also logs events from Cognex Directory Server such as changes to access rights or privileges and who made the changes. Audit messaging helps meet the requirements established by 21 CFR Part 11 for electronic signatures and records for Cognex vision systems.

Maintaining Network Security

Network security in the factory is a critical issue. With increased dependence on Ethernet as the factory networking backbone, integration of production systems with ERP (Enterprise Resource Planning) systems and manufacturing execution systems (MES) has led to more Ethernet-enabled devices being accessible from the corporate LAN. As a result, the migration of IT into the factory is driving the demand for increased security.

CDS provides authentication and authorization services for In- Sight vision systems using the standard Ethernet security protocol SSL (Secure Socket Layer). All In-Sight vision systems with CDSmode authentication confirm user credentials and access privileges based on data stored in the server. This data is communicated securely so as to ensure that the data is not subverted or intercepted. The data security further extends to the Management Utility with the transmission of information encrypted over HTTPS.

To ensure that sensitive data is appropriately protected, Cognex has integrated standard encryption protocols to data transmission. IPsec provides secure transmission of data between an In-Sight vision system and other devices or PCs on the same network. IPsec is an open standard for encrypting and authenticating IP (Internet Protocol) traffic, and any two devices that are IPsec-capable can communicate securely. Additionally, In-Sight vision systems can securely write images to a secure FTP server (SFTP) on the network, communicating over the encrypted SSH protocol. Using IPSec or SFTP, companies can ensure sensitive proprietary or serialized data remains protected.

The challenge of securing vision applications boils down to controlling who is accessing the system and what types of changes they are making while protecting information as it moves from the vision system to the corporate network. Cognex CDS, TestRun and Audit Server and integrated encryption protocols make up a comprehensive suite of network security tools that can provide the level of system security needed to ensure that vision systems are operating according to process requirements while protecting critical data and reducing administration burdens.

This article originally appeared in the November 2016 issue of Security Today.