The short and only answer is YES!

I am sharing my home office with my partner in crime who runs his own Cyber Security company – Foxtrot Technologies (https://www.foxtrot-technologies.com/). It is interesting to see what this means daily and how they make their customer’s infrastructure safer. This makes me wonder, how vision systems are secured and how to improve them.

In the last few years, I have seen various vision systems that have been exposed to the internet. To debug a problem it is convenient to just jump onto a remote session, see what is happening, and propose a fix. Most vision systems solve critical applications in manufacturing and processing and it isn’t good if they are compromised. Unfortunately, some people/companies only think about security when something happens!

A common problem is that on vision systems most antivirus and firewalls are turned off. If on, this could block an application from running at all (especially newer Windows versions are more clever looking out for threads) -> when I debugged a custom program for a customer my antivirus always popped up and complained. If GigE is used it is hard to open certain ports on the firewall. While the communication port for GigE Vision is/can be the same all the time the streaming port is allocated dynamically.

A few thoughts:

Should the system be on the same network as the office?

It is probably best to separate the operational technology network (IoT devices/vision devices) from the informational network (office). Should the PC be attacked will only mean that the vision system is compromised (and hopefully no other infrastructure). While this is inconvenient and can cause a loss in profit it will contain the damage.

How to restore the PC quickly?

A consideration is to use Windows Embedded which allows you to lock down the PC and restore it after a reboot (this can get rid of a virus quickly if on the locked partition) and helps with tinkering with the computer. If storing data is required this needs to be considered in the design and might require an external hard drive. If the data is critical or needed at a later point re-occurred back-ups can be beneficial.

How can you connect to the computer remotely?
While connecting to the computer still requires a remote connection there are companies out there that specialize in hardware firewalls that allow to toggle a switch by a human to allow access to the computer. This means the customer has control over when to allow access to the system and does not expose it to the internet all the time. Also if 3rd party tools are used for the remote connection make sure the password is strong and secure. Do not use the same password for other customer PC’s.