Modrich: We, as a machine vision community, entered into these new digitization arenas with a high speed. A lot of AI based solutions were going into smart factories or parts of smart factories but there was no focus on cyber security. So for companies like Sick or Zeiss it’s on the agenda now. We have to fulfill all the rules that are coming out of this arena. But when we look into the startup area or to the smaller companies you have to ask: What is coming to them? If they don’t follow license agreements and regulations in cyber security they will not sell any solutions to big companies. And of course, the end customers are in this situation as well. They now need these technologies, but on the other hand side they have these great risks. And they are also not sure how to step further in the same velocity as we are doing with the technology. When we talk about cyber security, it includes information security and IT security. This is a huge challenge with risks and possibilities for the whole community, including end customers.
Gläser: We are the part that tries to bring the solution to those traction fields and what we see in terms of embedding going directly onto the camera. We started with a pure cloud and on-prem solution to anonymize image and video data mostly for automotive companies. Recently with the Deutsche Bahn, we started to anonymize the data within the trains. The discussions that we have with camera OEMs is that embedding technology to anonymize from the front is favorable in terms of the ecosystem behind. If we can remove PIIs right after the data being collected, then the entire stream afterwards works with essentially anonymized data. The tension fields between privacy and IT actually become smaller for everyone who’s behind it. I see those new technologies as opportunities to actually easen out the way of how to work with image data. One big part will be to embed it on a broad scalable way publicly to collect data anonymized from the start.
How willing are customers to pay for security in your experience?
Berghoff: What is the cost of not paying for it?
Modrich: We see the responsibility at the supplier. They have to define the rules for being part of the production system. And if we are not at the stage that we can really show them what is the value-add for the end customer, if we are complying to all those cyber security standards, then they will not be willing to pay that.
Heidepriem: I think at the end of the day the customer will pay for security. But we can’t say, for example, here is a camera for 10$ without security or he can buy it with security for 15$. The customer won’t accept to pay that extra only for security. But if there are cameras on the market with security and without security, he will just omit choosing the camera without security. So the cameras for the industrial field – the state of the art technology – will include security and they will be slightly more expensive.
Berghoff: Yes, I think this is an important factor: It’s only slightly more expensive. The biggest costs which are caused by security are the costs to change the way how products will be designed and maintained during its life cycle. And I fully agree with Mr. Modrich, it’s a question of the supply chain and also a question of liability that suppliers, not conforming to certain standards, will be rejected by customers. The fact is that they might be liable. Not right now, according to current laws but that could change. Once security raises to state of the art technology, everyone who does not take care of this point could be liable for damage of their customers?
Gläser: Privacy technology only really became relevant in this scale with the introduction of the GDPR in 2018. With that it became to a field in which not all questions can be solved with security anymore. Questions of consent, of removing personal identifiables, etc became relevant. A while back clients used to only implement us at the end of the projects, and sometimes they even forgot about it when planning their budget. So the privacy part was only recently taken as a dedicated topic to have implemented into the projects as well as in the production area.
Will there be a security solution which can be used worldwide or do you have to implement different solutions for each continent or for each country?
Gläser: The standards of the GDPR are so high that with the approval of the compliance with the GDPR we essentially became compliant worldwide. It’s highly respected how the GDPR is basically measuring if the system is complying, not just the anonymization but also other technical organizational measures.
Heidepriem: The good news is that we have with the IEC62443 an international standard which everyone acknowledges. There might be some open questions regarding this standard but it’s accepted by almost everyone in the industry. I hope that we won’t have the same situation as with wireless where we have all these country specific laws. I don’t think we have the time and we should not focus on country-specific solutions.
Berghoff: The fact is that it’s definitely not the technology that is different in any of the countries. But if you’re talking about the process of how to maintain security there are certainly differences. For example, you have to pay attention to where your servers are located. That makes a difference whether you deliver to the EU or to the US. And I also see the discussion about Huawei and their devices in this regard. So technology does not make the difference but there are different opinions about what security actually means.
Bild: TeDo Verlag GmbH 
Brighter AI: Marian Gläser – Bild: TeDo Verlag GmbH
What security solutions are already available on the market and do we need special vision security?
Heidepriem: What we already have is the perimeter protection. We have firewalls, zones and conduits and you can already secure your application, even when going to the cloud. We already providing solutions and those will be complemented by features on the devices. This is the next step but you already can secure your application today with IT solutions. (bfi)