Notes on use

Customers are responsible for protecting their own PCs and preventing unauthorized access to their PCs used for connecting to AI Asset Manager.

To protect the host PC, Siemens suggests implementing the following measures:

• Deploy the host PC in the isolated plant networks only, but not the office networks.

• Enable the screen saver and lock the screen when away.

• Install appropriate anti-virus software.

• Install updates and patches for the operating system and software on the host PC in a timely manner.

A user with administrator rights has extensive access and manipulation options available to the system.

It is therefore important to provide adequate safeguards for protecting the administrator accounts to prevent unauthorized changes. To do this, use secure passwords and a standard user account for normal operation. Other measures, such as the use of security policies, should be applied as needed.

• The current AI Asset Manager is only applicable for non-safety-critical applications.

• AI Asset Manager stores project data without encryption on the host PC. The customer is responsible for the CIA (Confidentiality, Integrity, and Availability) of the files created, stored, downloaded or exported by the AI Asset Manager.

• It is strongly recommended that customers use secure protocols (sftp ,ssh, https) for transfering data to remote/external storage.

• AI Asset Manager should not be used to connect to insecure, unauthorized and unencrypted MQTT broker.

AI Asset Manager and AI Asset Manager Agent are NOT intended to be included in the control flow of industrial automation. The intended use is limited to supervise the operation of ML pipelines and some aspects of the underlying software and hardware. For example, data collected in AI Asset Manager MUST NOT be used to trigger automated actions by writing back data to PLC. Data collection in AI Asset Manager is not real time, therefore no alerting in Safety Critical applications should be based on data collected by AI Asset Manager.