Home > Solutions > Security: 10 ways Our HMIs Protect Your Project

Security: 10 ways Our HMIs Protect Your Project

Security is a top priority, especially for today’s IIoT-enabled world. Ensuring the safety of employees, protection of company equipment, and intellectual property should be a top priority. That’s why Maple Systems HMIs provide several layers of security features that keep your control system safe, while remaining accessible to personnel outside of the plant.

Protect Your HMI from Unauthorized Access

First and foremost, Maple Systems HMIs offer the ability to protect your HMI data with extensive password control. Use a password to restrict access to the HMI's local setup menus. Uploading or downloading a new project to the HMI can be password-protected, as well as retrieving stored data in the HMI. Access from connected devices such as PCs, other HMIs, or smart devices, can also be password-protected.

Protected and Secure Remote Access

Using EasyAccess 2.0, remote PCs with an Internet connection can communicate to Maple HMIs for screen monitoring or to change settings on the HMI or connected PLC, lowering the cost of screen updates and minimizing down time. It is of paramount importance that this connection be secure. This is why Maple Systems employs a VPN (Virtual Private Network) connection and SSL encryption for remote communication. Wi-Fi access to select Maple HMIs using cMT Viewer is also password-protected. With the press of a button on the HMI, remote access can be temporarily disabled.

Secure Password Authentication (SPA) is also an important factor when sending predefined email messages from HMIs that contain sensitive data or information about an alarm event. The email function employs the SMTP protocol with the option for encrypting login credentials using SSL or TLS.

Many of our HMIs include two Ethernet ports which provide a physical separation between your local network and the web. Our HMI series uses a proprietary operating system that further reduces susceptibility to viruses or malware.

Role-Based User Permissions

Access to HMI screens, data objects (such as Video Player or Data Block Displays), or input objects (i.e. momentary buttons, toggle switches, or data entry) can be limited based on user permissions and security classes on Maple HMIs. Objects with restricted access are invisible or display an "access-denied" warning message to unauthorized users. Up to 12 users (or 128 users with USB security key) can be configured each with a unique username and alphanumeric password. The administrator can add, delete, or modify the list of users during HMI runtime. Easily select from a user list, then enter the assigned password to change permissions.

Safety Comes First

Security is a necessity, but it’s just as important to ensure that the operation of an HMI is conducted in a safe environment. All HMIs can be temporarily taken offline with the press of a button using the interlock feature, which monitors the status of a safety bit when activating potentially dangerous equipment. Other safety features include the option of a minimum press time before a button is engaged, or the display of a confirmation window. The Operation Log feature records each action of the HMI operator to help identify incorrect action sequences and to reinforce proper HMI operation.

Enhanced Security Features

Manage access to your control system and keep your facility safe. Our configuration software offers enhanced operational security features to prevent unauthorized personnel from accessing windows in the HMI or from operating critical functions including:

  • Projects
  • Screens
  • Objects
  • Adding/deleting accounts
  • Modifying privileges
  • Resetting passwords
  • And more

Alphanumeric Usernames and Passwords

  • Identify users by name or functions using alphanumeric characters
  • Longer alphanumeric login passwords, of up to 32 characters in length, provide a higher level of security

Add/Delete Users at Any Time

  • Grant access to as many as 128 users, each with a unique password
  • Temporary users can be added for a specified period of time
  • Usernames and passwords can be added or deleted on the HMI screen, or from a USB flash drive or SD card using a Function Key

USB Security Key Login

Login directly with a USB Security Key. Login information can be stored on a USB flash drive and allow a user to be logged in using a Function Key.

Project Protection

  • Project Password Feature: Secures a project and prevents it from being modified without the proper password
  • Project Protection Feature: Sets a unique password (Project Key) in the project that will cause the project to run only on specific HMIs that have a matching password (HMI Key)
  • Disable Upload Function Feature: Disables the upload function, preventing a project from being uploaded from your HMI
  • Decompiling Prohibited Feature: Prevents decompiling of a project
  • XOB Password Feature: Allows you to set a password when compiling your project to prevent unauthorized decompiling

Operational Security

  • Password Protection: Stops unauthorized entries into your HMI application
  • Security Levels: Provide up to 12 levels of security for various levels of access to critical functions. An "Access Denied" message can be configured to pop-up if an attempt is made to access a function without the correct security level
  • Object Level Security: Apply object level security so only certain users can have access to the function of an object
  • Object Security Disabled: An object's security can be disabled after activation/use
  • Object Warning Message: Displays a warning message if access to an object is denied
  • Object Invisibility: Set objects to turn invisible while protected
  • Window Access: Limits access to pop-up windows and screens, etc
  • Interlock Function: Control the visibility and functionality of buttons, switches, and displays under PLC control
  • Monitor User Actions:Record HMI input (such as the press of a function key/switch, changing screens, or data entry) or actions taken by the HMI operator along with date and time of each action, current security level, and the specific data that was entered. This action log can be viewed on the HMI or stored in an SQLite database file. This feature enhances security and helps to determine the sequence of events which may have led to an operational error
  • Additional Features: Sound output for alarms and auto logout

Secure Remote Access

  • EasyAccess 2.0: This feature provides a secure encrypted connection to your HMI from remote PCs or smart devices. A VPN (Virtual Private Network) connection that is encrypted with SSL (Secure Sockets Layer) prevents unauthorized access to your HMI. This optional feature is controlled by the domain administrator, who can limit access to specific users and HMIs.
  • cMT Viewer:Provides password-protected remote control and monitoring of select Maple HMIs.
  • Email Protection: Send predefined alarm messages to a list of designated recipients via email when a trigger condition occurs. Using the SMTP protocol, the HMI can be configured to use SPA (Secure Password Authentication) and authenticate to mail sending servers using SSL or TLS.
  • Hardware Protection: In addition to the software features above, many Maple Systems HMIs have two Ethernet ports to allow physical separation between the control system (internal network) and the outside (corporate) network. And finally, Maple Systems HMIs use a proprietary operating system, further protecting the HMI from risk of infection by viruses or malware that are common to Windows-based platforms.

⇐  Back To Solutions

Please Sign in or Register to continue reading this solution.