Data collection is becoming more and more important in various fields where weighing instruments are used. In applications from digitalisation of industrial production to food processing, data is used and shared between different machines and instruments. Consequently, it is important that this data transmission-the electronic transfer of data from one device to another-is reliable.
CECIP, the European weighing industry association, believes that, from a legal metrology point of view, there needs to be control of metrologically significant information. However, the level of legally prescribed control should be appropriate.
Where is control needed?
There are currently various cases where controls and security of communication need to be considered. Some examples:
- Communication between components of an instrument
This communication might become even more important in the context of the “Internet of Things” and the technical possibility to interconnect functional components of an instrument over an open network.
Conventional instruments are intrinsically secure due to the fact that relevant components are within the same enclosure. However, when similar components are linked over an open network they might be vulnerable to interception and communication must be protected appropriately and may require encryption and authentication depending on the topology
- The download of firmware/software to an instrument in service
The emphasis on software download control should be within the instrument itself rather than the transmission of the program.
To verify the integrity of any downloaded software, there has to be some indication of the version and/or updates, and separation between legally relevant and other software. If that is the case, then there should be no need to control actual software transmission.
- Transmission of data from a complete instrument to an external system or deviceMany instruments have one or more interfaces to communicate with a wide range of devices such as printers, scanners, remote displays or host computer systems.
At the time of design and of type examination, it might be impossible to specify the actual use of such interfaces in operation or service. Therefore, itis difficult to specify restrictions that are appropriate to all types of use.
The need for reliable controls
The controls introduced for cases as described above should ensure the reliability of the data transmitted. However, they should not put a disproportionate burden on the manufacturer or installer. If requirements regarding controls and security of communication become too onerous and disproportionate to the potential risks, there are several possible negative impacts such as:
- Stifling of innovation
- Increase in complexity and cost
- Unintended consequences (e.g. a restriction of behaviour with one application in mind may prevent the good practice in another application)
- Focus on control of data from weighing instruments may result in other fraudulent activity remaining disregarded
- Manufacturers of weighing instruments may be at a disadvantage to manufacturers or suppliers of other types of products that may be unaware of or unaffected by such controls
Avoiding a disproportionate burden is made more challenging due to the fact that technology might develop faster than the regulations and standards drafted to control technology applications. It is difficult to predict the technological developments that will occur in the future and how controls in place shall be applied. This should be taken into account when defining appropriate controls.
An example of an inappropriate restriction is the clause in OIML R76 stating that negative values cannot be transmitted; this may be appropriate for communication to a host computer system or weigh-price labelling, but not to a printer used to record calibration checks or a remote display installed to ensure a proper return to zero after weighing.
A further consideration is the location of a recipient external device. Such a device may be located in a country or even continent which is outside the jurisdiction of the enforcement authority of the country in which the instrument is installed. Such external systems may be performing metrologically significant functions such as total installation or computation of price but would fall outside the control of those authorities.
Controls should strike the right balance
CECIP is convinced that the right balance needs to be found between risk management and the burden of the controls. To find such a balance the following principles should be taken into account:
- Any data transmitted must be correct. Some applications may require verification/validation.
- For metrological processing such as totalising or price calculation performed by a separate system then an alibi device; must be utilised.