Securing Confidences
Securing and validating critical vision data
- By John Stamos
- Nov 01, 2016
Manufacturing companies are placing
increasing emphasis on data security
throughout their operations to protect confidential
data and to validate their systems
are protected against unauthorized and
unwanted changes. The critical role that
vision plays in many manufacturing processes makes it essential
that system security be improved for vision applications.
A new generation of vision-specific security tools offers
improvements in access control, change tracking, auditing
and general network security to help ensure the integrity of
vision applications while at the same time protecting data
confidentiality.
Vision System Security Concerns
A few decades ago, when production systems were primarily
analog, they were often completely isolated from outside access.
Since that time, plant operations have migrated to PC-based controls
and monitoring with graphical human machine interfaces
(HMIs) to graphically depict facility processes in real time. The
personal computers that these systems run on as well as the programmable
logic controllers (PLCs) used to execute many industrial
processes are now usually connected to the larger corporate
network in order to provide management reporting of production
systems and communicate product data and information.
Vision systems often store or generate sensitive information
such as product tolerances, inspection recipes and quality control
data. A particular concern involves the transfer of serialized data
in the pharmaceutical industry. Various international traceability
and serialization initiatives are being implemented to protect
billion dollar drugs from counterfeiting. The validation of the
program is dependent on the integrity of this serialized information
which is managed and verified throughout the supply chain
by vision systems.
Another critical concern is unauthorized changes made internally
to bypass inspections as well as unauthorized changes that
may seem innocuous but are actually detrimental to the quality
or integrity of the product. The danger is particularly great for
regulated industries such as pharmaceuticals and medical devices
where a failure of the manufacturing process could possibly lead
to a customer injury.
Vision System Vulnerabilities
Like many other nodes of factory networks, traditional vision
systems provide little protection against unauthorized access.
Communications between vision systems and other devices traditionally
occurs without encryption which could leave data vulnerable
to intended or unintended subversive action. Vision systems
have long offered password protection but user access has been
administered locally which makes it very cumbersome to administer
security parameters and creates the risk that user access information
will become outdated which can create vulnerabilities.
For example, previously Cognex In-Sight vision systems could be
configured with one of three access settings.
Like other smart camera designs, administration occurred locally:
administrators were required to log into each vision system
from the In-Sight Explorer programming software to modify user
credentials and privileges. These settings were not readily transferrable:
user lists were unique to each In-Sight vision system.
The result was that systems administrators often did not have the
time to maintain good security practices, especially on larger vision
installations which sometimes include thousands of devices.
Furthermore, it was normally not possible to maintain an audit
trail of access to the devices which in turn made it difficult to
detect intruders.
Securing Vision Systems
from Unauthorized Access
In today’s networked world, vision systems need to provide much
higher levels of data security in order to secure critical manufacturing and quality control recipes and settings against tampering.
Cognex has addressed these challenges with several products that
substantially increase the level of data security of critical vision
information. One of the key requirements is controlling who is
accessing the system and what type of changes they are allowed
to make. Cognex Directory Server (CDS) provides authentication
and access rights from a central server including secure centralized
control for all username and password settings network-wide
and customized per-user permissions for job parameters, In-sight
camera settings and In-Sight Explorer functions.
With the Cognex centrally managed smart camera architecture,
privileges are configured remotely through the browserbased
Cognex Directory Management Utility. For companies
with large installed bases of In-Sight systems on the plant floor,
the ability to update user information and access privileges remotely,
offline, and in aggregate, without having to log into the
individual smart cameras to configure this information, reduces
downtime and increases administrative management efficiency.
From the Management Utility, CDS server administrators
can add users and assign a multitude of permission levels, ranging
from full programming access, to access to a single command
embedded in the HMI graphical user interface, to readonly
access. Administrators can group CDS-enabled In-Sight
vision systems and assign users permissions based on these
groups. This makes it easy to effectively manage, control and
update access to In-Sight vision systems according to production
line or section of a production floor.
Each time a user attempts to access an In-Sight vision system,
the In-Sight vision system encrypts the username and password
and queries them to the server ensuring that login information is
verified to current information. Once the vision system verifies
the user login information, the set of privileges associated with
the user accessing the In-Sight vision system are queried from
the server to the In-Sight vision system and to In-Sight Explorer
before the user is allowed to perform any action.
Incorporating such an advanced level of security in the smart
camera architecture is particularly beneficial for companies in
regulated industries such as pharmaceutical and medical device.
In conjunction with In-Sight vision systems’ built-in audit messaging
capability, CDS makes it possible implement a more stringent
interpretation of the FDA’s 21CFR Part 11 code of federal
guidelines. CDS also offers a deeper level of eSignature security
for companies following the GAMP5 approach to specification
and verification of a validated system.
Confirming Process Specifications
Even when user access is controlled, the potential still exists for
a user to make a change that will have an adverse impact on the
performance of the system. Cognex TestRun addresses this challenge
through its ability to be configured to run a series of tests to
ensure that the vision system has not been tampered with and is
operating according to process specifications. TestRun compares
the current settings with the expected settings and flags anything
that’s different. The next layer uses a database of stored images,
often called a challenge set, to confirm that the current settings
will correctly accept good parts and reject bad parts. Test cases
can verify that the part is accepted with the right measurement
tolerances or rejected for the right reason. TestRun can also incorporate
tests that verify the physical environment to detect if
the camera has been bumped and is out of position, if the lens is
out of focus or if there’s a problem with the lighting.
Maintaining an Audit Trail
The Cognex Audit Message service application runs on a PC and
tracks significant events on the camera. When the audit messaging
is enabled, cameras send XML formatted messages to the audit
messaging service whenever a user logs in, changes a job, puts
the camera online or offline and changes a parameter. These messages
can then be archived. If for some reason, the Audit Message
service is down, the camera will buffer up to 1000 events on the
camera, and then transmit them after the connection to the server
is restored. In addition to logging camera events, the Audit Message
service also logs events from Cognex Directory Server such
as changes to access rights or privileges and who made the changes.
Audit messaging helps meet the requirements established by
21 CFR Part 11 for electronic signatures and records for Cognex
vision systems.
Maintaining Network Security
Network security in the factory is a critical issue. With increased
dependence on Ethernet as the factory networking backbone, integration
of production systems with ERP (Enterprise Resource
Planning) systems and manufacturing execution systems (MES)
has led to more Ethernet-enabled devices being accessible from
the corporate LAN. As a result, the migration of IT into the factory
is driving the demand for increased security.
CDS provides authentication and authorization services for In-
Sight vision systems using the standard Ethernet security protocol
SSL (Secure Socket Layer). All In-Sight vision systems with CDSmode
authentication confirm user credentials and access privileges
based on data stored in the server. This data is communicated securely
so as to ensure that the data is not subverted or intercepted.
The data security further extends to the Management Utility with
the transmission of information encrypted over HTTPS.
To ensure that sensitive data is appropriately protected, Cognex
has integrated standard encryption protocols to data transmission.
IPsec provides secure transmission of data between an
In-Sight vision system and other devices or PCs on the same network.
IPsec is an open standard for encrypting and authenticating
IP (Internet Protocol) traffic, and any two devices that are
IPsec-capable can communicate securely. Additionally, In-Sight
vision systems can securely write images to a secure FTP server
(SFTP) on the network, communicating over the encrypted SSH
protocol. Using IPSec or SFTP, companies can ensure sensitive
proprietary or serialized data remains protected.
The challenge of securing vision applications boils down to
controlling who is accessing the system and what types of changes
they are making while protecting information as it moves
from the vision system to the corporate network. Cognex CDS,
TestRun and Audit Server and integrated encryption protocols
make up a comprehensive suite of network security tools that can
provide the level of system security needed to ensure that vision
systems are operating according to process requirements while
protecting critical data and reducing administration burdens.
This article originally appeared in the November 2016 issue of Security Today.