Why is security interesting for vision applications?
Sebastian Heidepriem (Sick): I think that’s the fundamental question for all of us. The world is changing and I see that for every asset of a business: Security will become more and more relevant and the world is changing. I believe that spying of a camera in a production line – where you will see perhaps a label – it’s really not that worthwhile. But breaking down the whole machine, breaking down your business, I think that’s the asset that people will need to secure in the future. It will become just a natural precondition for selling products to the market.
Kai-Udo Modrich (Zeiss): From my perspective I will come from the customer side: If we are looking into the transformation of the automotive industry in the meaning of digitization and turning factories to smart factories means for us as the vision community that more and more of our vision systems will be implemented in these future environments. We are now in a fully automated production IT environment, or we could also be part of a cloud-based system where access is possible for each and every area, from the suppliers to the OEM. So that means there’s a huge demand on security systems. Therefore if we – the vision industry – want to supply the automotive industry in future factories, we have to fulfill all the standards that are coming up, even besides security. If we are not doing this, if we are not compliant to that we will make no business.
Axel Berghoff (Phytec): I think it’s not a question about vision. Because if you have a camera with a lens and film material from the old 80s, there is no need for security (apart from the fact that you should pay attention to what you are taking a photo of). It’s the fact that there is a computer behind the sensor. So I think the question of security is directly connected with the microcontroller, with the operating system or whatever is behind the embedded imaging part. And therefore it has nothing to do with vision by itself but with the fact that we are running a computer system. And of course it’s not only the question of security, it’s a question of the maintenance of a product through its life cycle. Threats are coming and hopefully there are solutions for them. But you have to be able to apply them as well. So it’s a question of making a system secure and keeping it secure over its life cycle.
Marian Gläser (Brighter AI): This is part of our core business. We do not specifically look at data security. However, data privacy and being a privacy tech company is in a sense a measure in order to increase the overall security of a system and I couldn’t agree more with Mr. Berghoff. The problem is not vision but its computer system. I would go one step further, where the biggest concerns also in terms of privacy come in is, that the computer system becomes more scalable. Facial recognition started in the 80s, but it’s only since about five years and the advent of deep neural networks that the potential to go through vast amounts of data in a highly scalable manner became possible. We see this utilized more and more on the governmental side as well as in the private space now. Our role of course is the data protection but the security part around it becomes way more relevant nowadays due to scalable tracking systems.
Wouldn’t collecting data that is valuable to companies make it an attractive target for theft, even if it’s just a label?
Heidepriem: Well, in the beginning I said that spying wouldn’t be the big issue. But talking about facial recognition, which is not the focus of factory and logistics automation, I will take back this the statement. I still insist that the privacy of data is a second priority for us because harming the system, breaking down the system is the first target which is attacked in the moment. That is were the fears of the customers are. What I see coming up will – as a side effect – solve the problem with privacy as well. But only signing your data to secure the integrity of the data is not the last solution of security.
Modrich: When we look to the goals of cyber security we have to keep in our mind that it’s not only about privacy and confidentiality. It’s also about integrity and availability of data processes and systems. Therefore we have to look at these three dimensions of cyber security, especially considering the machine vision community and what that mean for us in our business.
Heidepriem: When we look into the past, we always had aperimeter protection. So no one was able to enter the factory and to access the plant. For the future this will break up: we will have connections to the cloud for example. But I think in the future this perimeter protection will be the first measure we will chose, but in a different form. So the connection to the cloud will be secured by a VPN tunnel for example. Therefore, when you secure the perimeters then you can secure the privacy of your factory as well.
Berghoff: I think it’s important to distinguish between ‚does someone have access to the data‘ or to the sensor of an imaging system, because then you have a real problem. Because then he has success to much more than to the storage where data is stored. So when we are talking about encryption of data, we are mainly talking about encryption of data through its process of being transferred. A lot of confidential information is still sent via email. Everybody knows that such information can be easily listened to but still people ignore it and just transfer PDF documents with confidential information trough simple email.
Gläser: Maybe to add on what Mr. Heidepriem said, I do believe as well that privacy is in some use cases not the first priority. It depends on if the data is stored or is not stored. If it’s a continuous stream there’s effectively less risk in terms of privacy regulation, but I believe – and this is also by article 5 from the GDPR – the moment the data is being stored privacy becomes an issue from basically the beginning. Privacy can be a limitation for industries so we have to find ways to incorporate systems and measures that allow a higher privacy layer without limiting industries to use the sensory data. We actually have a couple of projects in the manufacturing area about recording and capturing within factories and it’s a highly delicate privacy topic. But on the other hand process optimization, getting new systems into the industry, is hugely important as well. And this is why I think it’s not about second or first priority. It’s about finding measurements from the start to not have to prioritize, but have privacy in place by default.
How quickly do we need to act or is it already to late? Everybody has been talking about IoT and Industry 4.0 for years and started related projects. But I’m not sure if we have been acting with the same speed for security issues with these projects.
Heidepriem: We will provide security features and security measures in cameras to fulfill the customers needs. I already know, that we have a product soon ready to be launched with quite a lot security measures and security approaches and we will increase the security step-by-step. This will be necessarily done with the customers together, because it does not make sense to have a camera or any sensor with certain security interfaces and protocols when the counterpart is not supporting these protocols. So we have to work together with the companies providing the PLCs, the machine vision PCs and so on. They will also have to learn how to handle these approaches, to handle certificates, to build up PKIs. I think in the next year we will see a lot of cameras coming up and if we don’t provide any solutions here, then the market will not change. Because when there is nothing provided the customer can’t buy anything. Sure, some customers are complaining that these things are happening to slow. But on the other side it takes time to get it all working together. It’s a community and we will make the entire solution secure within this decade.