Wouldn’t collecting data that is valuable to companies make it an attractive target for theft, even if it’s just a label?
Heidepriem: Well, in the beginning I said that spying wouldn’t be the big issue. But talking about facial recognition, which is not the focus of factory and logistics automation, I will take back this the statement. I still insist that the privacy of data is a second priority for us because harming the system, breaking down the system is the first target which is attacked in the moment. That is were the fears of the customers are. What I see coming up will – as a side effect – solve the problem with privacy as well. But only signing your data to secure the integrity of the data is not the last solution of security.
Modrich: When we look to the goals of cyber security we have to keep in our mind that it’s not only about privacy and confidentiality. It’s also about integrity and availability of data processes and systems. Therefore we have to look at these three dimensions of cyber security, especially considering the machine vision community and what that mean for us in our business.
Heidepriem: When we look into the past, we always had aperimeter protection. So no one was able to enter the factory and to access the plant. For the future this will break up: we will have connections to the cloud for example. But I think in the future this perimeter protection will be the first measure we will chose, but in a different form. So the connection to the cloud will be secured by a VPN tunnel for example. Therefore, when you secure the perimeters then you can secure the privacy of your factory as well.
Berghoff: I think it’s important to distinguish between ‚does someone have access to the data‘ or to the sensor of an imaging system, because then you have a real problem. Because then he has success to much more than to the storage where data is stored. So when we are talking about encryption of data, we are mainly talking about encryption of data through its process of being transferred. A lot of confidential information is still sent via email. Everybody knows that such information can be easily listened to but still people ignore it and just transfer PDF documents with confidential information trough simple email.
Gläser: Maybe to add on what Mr. Heidepriem said, I do believe as well that privacy is in some use cases not the first priority. It depends on if the data is stored or is not stored. If it’s a continuous stream there’s effectively less risk in terms of privacy regulation, but I believe – and this is also by article 5 from the GDPR – the moment the data is being stored privacy becomes an issue from basically the beginning. Privacy can be a limitation for industries so we have to find ways to incorporate systems and measures that allow a higher privacy layer without limiting industries to use the sensory data. We actually have a couple of projects in the manufacturing area about recording and capturing within factories and it’s a highly delicate privacy topic. But on the other hand process optimization, getting new systems into the industry, is hugely important as well. And this is why I think it’s not about second or first priority. It’s about finding measurements from the start to not have to prioritize, but have privacy in place by default.
How quickly do we need to act or is it already to late? Everybody has been talking about IoT and Industry 4.0 for years and started related projects. But I’m not sure if we have been acting with the same speed for security issues with these projects.
Heidepriem: We will provide security features and security measures in cameras to fulfill the customers needs. I already know, that we have a product soon ready to be launched with quite a lot security measures and security approaches and we will increase the security step-by-step. This will be necessarily done with the customers together, because it does not make sense to have a camera or any sensor with certain security interfaces and protocols when the counterpart is not supporting these protocols. So we have to work together with the companies providing the PLCs, the machine vision PCs and so on. They will also have to learn how to handle these approaches, to handle certificates, to build up PKIs. I think in the next year we will see a lot of cameras coming up and if we don’t provide any solutions here, then the market will not change. Because when there is nothing provided the customer can’t buy anything. Sure, some customers are complaining that these things are happening to slow. But on the other side it takes time to get it all working together. It’s a community and we will make the entire solution secure within this decade.
Modrich: We, as a machine vision community, entered into these new digitization arenas with a high speed. A lot of AI based solutions were going into smart factories or parts of smart factories but there was no focus on cyber security. So for companies like Sick or Zeiss it’s on the agenda now. We have to fulfill all the rules that are coming out of this arena. But when we look into the startup area or to the smaller companies you have to ask: What is coming to them? If they don’t follow license agreements and regulations in cyber security they will not sell any solutions to big companies. And of course, the end customers are in this situation as well. They now need these technologies, but on the other hand side they have these great risks. And they are also not sure how to step further in the same velocity as we are doing with the technology. When we talk about cyber security, it includes information security and IT security. This is a huge challenge with risks and possibilities for the whole community, including end customers.
Gläser: We are the part that tries to bring the solution to those traction fields and what we see in terms of embedding going directly onto the camera. We started with a pure cloud and on-prem solution to anonymize image and video data mostly for automotive companies. Recently with the Deutsche Bahn, we started to anonymize the data within the trains. The discussions that we have with camera OEMs is that embedding technology to anonymize from the front is favorable in terms of the ecosystem behind. If we can remove PIIs right after the data being collected, then the entire stream afterwards works with essentially anonymized data. The tension fields between privacy and IT actually become smaller for everyone who’s behind it. I see those new technologies as opportunities to actually easen out the way of how to work with image data. One big part will be to embed it on a broad scalable way publicly to collect data anonymized from the start.
