Passion for Technology
Discover the latest technology trends, meet technology enthusiasts, understand what’s behind talked about technological terms and get inspired by our passion for technology.
Passion for Technology
Ensuring HMIs stay safe from hackers
This article readout is part of The Quintessence magazine. The latest issue explores the latest trends in technology and offers valuable insights into the fascinating world of Human Machine Interfaces. Access it free of charge here: https://library.ebv.com/link/140915/
In this episode, we examine the vital measures needed to keep Human Machine Interfaces (HMIs) secure from hackers. From network segmentation and encrypted communication to biometric authentication and multi-factor systems, there’s a growing arsenal of tools to defend these essential systems.
Discover why overly simplistic passwords are a risk, how innovative solutions like RFID badges and voice authentication are changing the game, and how multi-layered approaches are creating safer interfaces. While no system is ever 100% secure, combining technologies can drastically reduce the risk of unauthorised access, keeping HMIs safe and efficient.
Ensuring an HMI does not become a Hacker Machine Interface
To prevent unauthorised access to the Human Machine Interface, the recommendation is to have several layers of protection. It all depends on the type of risk that would be caused by a device or machine being operated by an unauthorised person. For permanent operating points, the first step is to ensure that access to the room where the HMI is located can be monitored and controlled. This starts with a lockable door to which only authorised persons have a key and extends all the way to complex access control systems.
Given that many HMIs are networked today, protecting the associated network infrastructure is also crucial. This includes the wiring that connects the HMI to the network as well as measures like IP addressing, routers, switches, WLAN access points, etc. Segmenting the network using firewalls provide an additional security measure. For web-based applications, communication between the browser and the server should be secured, for example with HTTPS: the browser loads a server-side certificate and checks it for trustworthiness and validity. Based on the certificate, the data transmitted between the web server and the browser is encrypted. This way, process data and user input exchanged between the HMI browser and the HMI web server can neither be manipulated nor spied upon. Another useful security measure is to install systems that monitor network activity and can detect and ward off intruders.
The operating system of the HMI itself and its hardware, such as interfaces or drives, also need protection against unauthorised access. To minimise the attack surface, unnecessary ports and system services should be disabled and unused applications removed. The operating system’s security patches and antivirus services should be kept up to date.
Ensuring that the operator of an HMI is indeed who they claim to be is a fundamental prerequisite for ensuring security. A study conducted by Trend Micro in 2018 demonstrated the significance of secure authentication: according to the study, almost half of the successful cyber attacks on HMI systems could be attributed to insecure passwords and inadequate access rights management.
The use of passwords, as we are accustomed to from smartphones and PCs, is widespread and used for various devices. However, the protection is only as strong as the complexity of the password. Unfortunately, the use of overly simplistic passwords often comes down to work efficiency: which operator, who operates several stations within a facility, wants to or is able to enter a 16-digit password on a touchscreen keyboard every time?
A solution here is badges with integrated RFID chips: as the operator approaches an HMI, the radio chip sends the identification data wirelessly to the operating terminal. This solution is particularly suitable in areas where wearing protective clothing, gloves and mouthguards is required for hygiene reasons.
Biometric methods for checking access authorisation, such as fingerprint scanners integrated into the HMI, represent an even more sophisticated approach. This ensures that the respective person is actually physically present and a hacker cannot enter a command virtually.
If an HMI already works with voice control, these systems can also be used to identify the operator. Authentication via voice uses the respective voice’s individual characteristics: every single person has a unique voice with a multitude of measurable features. This voice profile is harder to fake than a fingerprint.
If an HMI uses camera systems for gesture control, it makes sense to also implement authentication via facial recognition. The biometric data of the face (for example, distance between the eyes, width of the forehead) captured by the camera is compared with a stored dataset. Modern “Face Authentication” systems are not fooled by three-dimensional masks either: the authentication process includes a genuineness check, which involves capturing the three-dimensional depth or recognising genuine skin based on a reflected infrared light beam, for instance.
Very often, several factors are used in the authentication process, for example a fingerprint and a password. This type of multi-factor system is much more secure than using just a conventional password. While it is never possible to achieve 100-percent security in the realm of cybersecurity, combining several factors can significantly reduce the risk of unauthorised access to an HMI.