Regulatory Compliance 101: FCC

Welcome to Regulatory Compliance 101!

Have you ever wondered what all of those marks on the bottom of your keyboard or power strip mean, or why they are even there?  FoxGuard Solutions presents a new blog series, “Regulatory Compliance 101,” as an introduction to the purpose of these marks and the testing and certification behind them.  In this first installment of our series, we’ll be taking a closer look at compliance with the FCC.

What is the FCC?

The Federal Communications Commission (FCC) is the agency of the United States government that regulates interstate communications by radio, television, wire, satellite, and cable.  It is responsible for governing the interference potential of equipment which emits radio frequency energy.  The rules and regulations of the Federal Communications Commission are housed inTitle 47 of the Code of Federal Regulations (CFR).

FCC Testing

Nearly every electronic device emits radio frequency signals, whether it be intentional, unintentional, or incidental. Many products that FoxGuard deals with are in scope of Part 15 of Title 47, which pertains to electromagnetic interference. Electronic devices with end destinations of the United States are required to undergo testing to ensure they comply with the technical requirements of the FCC concerning these emissions. The two types of tests performed are Conducted Emissions Limits and Radiated Emissions Limits. Depending on the type of device, emissions measurement testing can be done by the manufacturer, which then “verifies” its own equipment without any further approval by the FCC; or for equipment which includes special types of electronics, by a nationally recognized testing lab (NRTL). Similar certifications for electromagnetic compatibility (EMC) in other countries include RCM in Australia (formerly C-Tick), ICES-003 in Canada, CE in the European Union, KC in South Korea, and TIS in Thailand. 

Unintentional Radiators

Subpart B of 47 CFR Part 15 concerns “unintentional radiators.”  Certain devices (such as computers and some peripherals) can create and discharge radio frequency signals even though it’s not the primary purpose of the device; these discharges are known as “spurious emissions.”  Unintentional radiators fall into one of two classes:

  • Class A, for devices marketed for use in business / industrial / commercial environments
  • Class B, for devices marketed for use in residential environments

Class A Devices

Class A devices are subject to authorization under “verification,” defined in Subpart J of Part 2, as the manufacturer takes steps to ensure equipment complies with appropriate technical standards.  The product must be labeled with the following: “This device complies with part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.”   For example, FoxGuard’s new 3U Industrial HMI has been tested to the requirements of Title 47 CFR, Part 15 Subpart B for a Class A Digital Device, and includes this language on the product label.   While not a requirement for a Class A device, FoxGuard also provides a Declaration of Conformity when the HMI is sold for use within the United States.  This document assures customers of the quality and safety of our product.

Class B Devices

Class B devices, which are marketed primarily for residential use, are subject to authorization under a Declaration of Conformity and “certification,” and are required to bear the FCC mark.  Certification is defined as an equipment authorization issued by the Commission based on representations and test data submitted by the applicant.

FoxGuard’s Dedicated Compliance Team

FoxGuard has a team dedicated to meeting the regulatory compliance needs of our customers, so don’t hesitate to contact us if you need further help with your compliance efforts. Thanks for reading the first installment of our new regulatory compliance series. We hope it helped you to better understand compliance with the FCC. Still have questions about FCC compliance? If so, leave a comment below, and we’ll get back to you as soon as possible.

Talk to an Expert

Top 5 Touch Screen Interfaces

Touch screens have a very commonplace in our daily lives: cell phones, ATM’s, kiosks, ticket vending machines, and more. They all use touch panels to enable the user to interact with a computer or device, without the use of a keyboard or mouse. But did you know there are several different types of touch screens? The five most common types of touch screens are 5-wire resistive, surface capacitive, projected capacitive, surface acoustic wave (SAW), and infrared.

5- Wire Resistive

5-wire resistive is the most commonly used touch technology today. A resistive touch screen is composed of a glass panel and film screen, each covered with a thin metallic layer that’s separated by a narrow spacing. When a user touches the screen, the two metallic layers make contact, resulting in an electric flow. The point of contact is detected by this change in voltage.

ADVANTAGES:

  • Can be activated with virtually any object – finger, stylus, gloved hand, pen, etc.
  • Has tactile feel
  • Lowest cost touch technology
  • Low power consumption
  • Resistant to dust, oil, grease, moisture, and other liquids

DISADVANTAGES:

  • Lower image definition compared to other touch technologies
  • Outer polyester film is vulnerable to damage from scratching, poking, and sharp objects

Surface Capacitive

Surface capacitive is the second most popular type of touch screen on the market. In a surface capacitive touch screen, a transparent electrode layer is placed on top of a glass panel and covered by a protective cover. When an exposed finger touches the screen, it reacts to the static electrical capacity of the human body. Some of the electrical charges transfer from the screen to the user. This decrease in capacitance within the screen is detected by sensors located at the four corners of the screen, allowing the controller to determine the touch point. Capacitive touch screens can only be activated by the touch of human skin or a stylus holding an electrical charge.

ADVANTAGES:

  • Better image clarity than resistive touch screens
  • Durable screen
  • Excellent resistance to surface contaminants and liquids- dust, oil, grease, water droplets
  • High scratch resistance

DISADVANTAGES:

  • Requires bare finger or capacitive stylus for activation
  • Sensitivity to Electro-Magnetic Interference (EMI)/Radio Frequency Interference (RFI)

Projected Capacitive

Projected capacitive is similar to surface capacitive, but offers two primary advantages. In addition to a bare finger, it can also be activated with surgical gloves or thin cotton gloves. It also enables multi-touch activation (simultaneous input from two fingers). A projected capacitive is composed of a sheet of glass with embedded transparent electrode films and an integrated chip (IC), which creates a three-dimensional electrostatic field. When a finger comes into contact with the screen, the ratios of the electrical currents change, and the computer is able to detect the touch points.

ADVANTAGES:

  • Excellent image clarity
  • More resistant to scratching than surface capacitive touch screens
  • Resistant to surface contaminants and liquids- dust, oil, grease, moisture
  • Multi-touch (two-touch)

DISADVANTAGES:

  • Sensitive to EMI/RFI
  • Must be activated via exposed finger, thin surgical or cotton gloves

Surface Acoustic Wave (SAW)

SAW touch screen monitors utilize a series of piezoelectric transducers and receivers along the sides of the monitor’s glass plate, to create an invisible grid of ultrasonic waves on the surface. When the panel is touched, a portion of the wave is absorbed. This allows the receiving transducer to locate the touch point and send the data to the computer. SAW monitors can be activated by a finger, gloved hand, or soft-tip stylus. SAW monitors offer easy to use and high visibility.

ADVANTAGES:

  • Excellent image clarity
  • Even better scratch resistance than capacitive touch screens
  • High “touch life”

DISADVANTAGES:

  • Will not activate with hard items- pen, credit cards, or fingernails
  • Water droplets may cause false triggering
  • Solid contaminants on the screen can create non-touch areas until removed

Infrared Touch (IR)

Infrared touch screen monitors do not overlay the display with an additional screen or screen sandwich. Instead, infrared monitors use IR emitters and receivers to create an invisible grid of light beams across the screen. This ensures the best possible image quality. When an object interrupts the invisible infrared light beam, the sensors are able to locate the touch point.

ADVANTAGES:

  • Highest image clarity and light transmission of all touch screen technologies
  • Unlimited “touch-life”
  • Impervious to surface scratches

DISADVANTAGES:

  • Accidental activation may occur because infrared beams are actually above the glass surface
  • Dust, oil, or grease buildup on screen or frame could impede light beam causing malfunction
  • Sensitive to water, snow, and rain
  • May be sensitive to ambient light interference
  • Higher cost

Touch Screen For Industrial Environments

All touch screen interfaces have advantages and disadvantages, depending on their application. For industrial use, there typically are requirements and nuances that lend better to certain types of touch screen interfaces. The most advantageous touch screen interface type for industrial and automation environments tends to be resistive touch screens. Since resistive touch screens allow the use of gloves and stylus, the user will not be bothered with having to remove gloves or protective wear in order to use the device. Some industry facilities, like food and beverage, require a strict “no exposed glass” policy. Resistive touch interfaces employ a flexible- polycarbonate in most cases- sheet over top of a glass substrate. Resistive touch screens prevent any exposed glass and allow use in these type of applications. Many types of touch screen interfaces can excel in many environments, so it’s best to research what the application environment will consist of, before choosing the type of touch screen interface that would be ideal for your operations.  

TOUCH SCREEN COMPARISON

 

5-WIRE RESISTIVE

SURFACE CAPACITIVE

PROJECTED CAPACITIVE

SAW

INFRARED

CLARITY

XX XXX XXX XX XXXXX

SENSOR SUBSTRATE (TOP COATING)

Polyester top sheet. Glass substrate with ITO coating Glass with ITO coating Glass with ITO coating Glass with ITO coating Any substrate

EASE OF TOUCH ACTIVATION

XXXXX X XX XXX XXXX

TOUCH SENSITIVITY

XX XXX XXX XXXX XXXXX

CALIBRATION STABILITY

XXX XX XXX XXXXX XXXX

ACCURACY AND REPEATABILITY

XXX XX XXXXX XXXX XXX

SCRATCH RESISTANCE

X XXX XXXXX XXXXX XXXXX

HUMIDITY SENSITIVITY

XXXXX XXXXX XXXXX XXX XXXX

SENSITIVITY TO RAIN/SNOW

XXXXX XX XXXX XX XXXXX

SENSITIVITY TO CLEANING CHEMICALS

XXX XXXX XXXXX XXX XXXXX

SENSITIVITY TO SURFACE CONTAMINANTS

XXXXX XX XXXX XX XX

EMI/RFI SENSITIVITY

XXXXX XX XX XXX XXXXX

VIBRATION SENSITIVITY

XXXXX XXX XXXX XXX XXXX

SENSITIVITY TO AMBIENT LIGHT

XXXXX XXXXX XXXXX XXXXX XX

Pre-Compliance EMC Testing

Much of the data processing equipment produced by FoxGuard is required to meet one or more US and international certifications for Electro-Magnetic Compatibility (EMC). There are several international conformity standards that dictate technical requirements for equipment to operate in various national and geographical areas. The Federal Communication Commission (FCC) and the Conformité Européenne (CE) are the two major conformity standards for products sold in the United States and the European Union respectively. Notably, the FCC and CE requirements are very similar and a device can generally be qualified for both standards with only one set of tests. To ensure compliance with these particular specifications, EMC testing must be conducted by certified laboratories that possess the facilities and equipment as prescribed by the applicable standards.

Electro-Magnetic Compatibility

EMC testing measures the amount of radiated and conducted emissions the equipment under test (EUT) generates. These emissions, if at high enough levels, may cause other equipment located nearby to malfunction. EMC also determines the ability of the EUT to operate normally when subjected to externally sourced radiated and conducted emissions (susceptibility).

Pre-Compliance Testing

An effective way to prove your EMC containment designs, prior to the EUT being formally tested, is to choose a subset of tests that will be performed by the certified lab and run a close approximation of those tests at your own manufacturing facility. The pre-compliance tests are those which your EUT is most likely to fail and are the most cost effective to conduct. These tests include:

  • 30 – 200Mhz Radiated Emissions (horizontal and vertical polarity)
  • 200Mhz – 1Ghz Radiated Emissions (horizontal and vertical polarity)
  • 1 – 6Ghz Radiated Emissions
  • 150Khz – 30Mhz Power Line Conducted Emissions

These tests can be performed with relatively inexpensive test equipment and can produce a decent approximation of results without the use of a shielded enclosure (screen room). The parts of the formal testing that are excluded from the pre-compliance testing package are radiated and conducted susceptibility tests. These tests involve test equipment that is very expensive to own and operate, and generally require the use of screen rooms that are not only costly but also require a lot of facility space. Fortunately, susceptibility issues are fairly straightforward to address in the design stage with filters and enclosures, so the lack of pre-scanning in these areas will not increase the risk of failure beyond an acceptable level.

Benefits of Pre-Compliance Testing: Time & Money

Certified EMC testing laboratories schedule a time to test equipment to specific standards and generate the required certification documents. In the event of a test failure, any time required to troubleshoot, modify and re-test the equipment must be scheduled separately at additional cost, making the road to recovery long and expensive. Therefore, it is beneficial to invest extra time to correct EMC issues that may be present before the equipment is shipped off to the certification lab.

Pre-Compliance Testing at FoxGuard

The FoxGuard engineering team maintains an in-house collection of equipment to perform pre-compliance EMC testing.  An upcoming blog article will provide a more in-depth look at how our testing is done, so check back in a few weeks to learn more.

A Brief History of Critical Infrastructure Vulnerability: 1960-1989

In order to understand the current state of cyber vulnerabilities, an understanding of the development of computer infrastructure is essential. Through an examination of the history, we can learn about how technology has developed, how vulnerabilities have been discovered and exploited, who the actors are, and how the response to cyber vulnerabilities has grown to meet the challenge.

THE EARLY YEARS OF COMPUTING

1960: Phone Hacking

The first critical infrastructure to be exploited was the public telephone system. These early hackers were called phreakers (phone freaks). In 1960, the telephone system operators made the mistake of publishing an article titled Signaling Systems for Control of Telephone Switching, which contained detailed information on the frequencies used for the digits of routing codes. The phreakers, many of them blind with very acute hearing, were able to whistle the codes or even use a toy prize from a cereal box, which happened to match the far end trunk disconnect tone. This would allow the phreak to make free calls, or build “blue boxes” (homemade tone generators), that could replay codes to allow access to free phone calls. While this was not devastating to the phone system, it denied the operator revenue.

1965: First Reported Vulnerability

William D. Mathews from MIT, found a flaw in a Multics CTSS running on an IBM 7094, which disclosed the contents of the password file. That flaw is probably the first reported vulnerability in a computer system.

1969: ARPANET

In 1969, ARPA contracted to build ARPANET, which would one day evolve into the Internet we know and rely on today.

1970: Phreakers Convicted

In 1970, after monitoring 33 million calls, AT&T was able to prosecute and convict 200 phreakers.

1971: Self-Replicating Creeper Program

Bob Thomas at BBN Technologies, conducted an experiment writing a self-replicating program called “creeper”, which infected DEC computers on the ARPANET. This is the first instance of a computer “worm” before the term had been created in the computer context.

1972: Reaper Program Released

An anonymously authored program called “Reaper” was released on ARPANET to remove Creeper.

1974: The Rabbit Virus Appears

A computer virus named “Rabbit” appeared, multiplying and causing computers performance to diminish until they crashed. This is the world’s first virus-causing “denial of service”.

1975: The Pervading Animal

John Walker wrote Pervading Animal, a computer game that replicated itself in every directory on the infected computer, to which the user had access. Attempts were made to use the creeper/reaper tactic to replace the bad game with a benign version. Some computer scientists consider this the first “Trojan” program.

THE EXPLOSION OF PERSONAL COMPUTERS

1980: Modern Hackers Emerge

The 1980s saw the explosion of personal computing, as inexpensive computers and modem technology allowed people to begin exploring, communicating, and learning. People interested in computers could now dial into Bulletin Board Systems (BBS) and share knowledge. The Hacker population grew from a few scientists and students to a thousand fold. The criminal hacker who used his skills with criminal intentions beyond the simple exploration of computer systems directed his knowledge and experience toward distinctly criminal pursuits. This included the distribution of pirated commercial software and releasing viruses/worms that could shut down computer systems. Hackers surged in popularity, becoming nothing short of an epidemic.

1981: AT&T Servers Hacked

Ian Murphy, along with three friends, hacked the server used by AT&T to meter people’s calls. He changed the internal clocks so that customers would get midnight discounts in the midday while those who waited until midnight to call long distance were hit with high bills. For the incident, Murphy (known to his friends as Captain Zap) become the first hacker to be tried and convicted as a felon.

1981: The Elk Cloner

Rich Skrenta, a 15-year-old high school student, created the Elk Cloner for the Apple II operating system. The Elk Cloner spread using a technique now known as “boot sector” infection. If a computer booted from an infected floppy disk, a copy of the virus was loaded in the computer’s memory. When an uninfected disk was inserted into the computer, the Elk Cloner copied itself to the disk, spreading from disk to disk.

1982: The 414s

At the Memorial Sloan-Kettering Cancer Center, a system administrator for a DEC VAX 11/780 computer found his system down. Soon, dozens of other systems around the country were reported as being hacked by the “414s”, a group of Milwaukee teenagers aged 15 to 22 using their area code as the name of the gang. Using home computers connected to ordinary telephone lines, the group broke into 60 computer systems at institutions ranging from the Los Alamos Laboratories to hospitals and banks. The FBI busted the 414s and the incident appeared as the cover story of Newsweek with the title Beware: Hackers at Play. As a result, the U.S. House of Representatives began hearings on computer security hacking.

1984: Comprehensive Crime Control Act

The US Comprehensive Crime Control Act gave the Secret Service jurisdiction over computer fraud.

1986: The Computer Fraud and Abuse Act (CFAA)

The U.S. government tried to thwart the problem by passing the Computer Fraud and Abuse Act (CFAA).

1988: The Morris Worm

Robert Morris, a graduate student at Cornell University, allegedly planned to perform an experiment to map the size of the ARPANET. To achieve this goal, he wrote a program capable of copying itself across the network. Within 12 hours of its release, the worm was completely out of control. It infected at least 6,000 UNIX servers, approximately 10% of the entire network, clogging government and university systems. It would take years to completely eradicate the worm, causing damages estimated at around $10,000,000. Morris was dismissed from Cornell, sentenced to three years’ probation, and fined $10K.

1988: CERT Is Founded

In response to the Morris worm incident, the Computer Emergency Response Team (CERT) was founded.

1989: Cyber Espionage By German Hackers

Karl Koch, the leader of a group of German hackers, was arrested for acts of cyber espionage, such as breaking into US government and corporate computers and selling the operating-system source code to the KGB.

1989: Hacktivism Is Born

The politically motivated WANK worm spread over DECnet. VMS machines worldwide were penetrated by the anti-nuclear worm, having their login screens altered.  The WANK worm was the first documented case of hacktivism.

LOOKING AHEAD AT THE WORLD WIDE WEB

The early years of computing, the 1960s and prior, saw the first steps towards the internetworked world as well as the first vulnerabilities of that world. The first critical infrastructure to be exploited was the public telephone system. The 1980s saw the rise of damaging code, hacking for profit, cyber espionage, and hacktivism. Not only have the attacks become more advanced, but the motivations now include nation states, criminals, and ideological organizations. In part 2 of this article, we will discuss the 1990s, and how it brought us the World Wide Web and the Internet as we know it today.

TO LEARN MORE

To learn more about how to proactively protect, maintain, and strengthen your critical infrastructure, contact FoxGuard.

Talk to an Expert

What You Should Know About Windows 10

Microsoft recently announced the next generation of their operating system – Windows 10.

Windows 10 is not just a new interface. It has an enterprise and business focus. More of what businesses need has been integrated into the OS such as enterprise-grade security, identity and information protection features, simplified management and deployment, and continued improvements based on customer feedback.

Windows 10 will unify the Windows platform. This means there will be one version of Windows for all devices, including embedded Internet of Things devices, phones, tablets, desktops, and servers. This doesn’t mean every device will have the same UI. The “User Experience” will be tailored for the different device types. The goal that Microsoft is trying to achieve is to have one application platform for developers, so developers are able to build applications that can target the entire Windows product family.

New Features of Windows 10

  • Start Menu:

    An updated and expanded Start Menu is returning in Windows 10 that adds customizable space for live tiles and applications.

  • Apps Run In a Window:

    Modern apps from the Windows Store now open in the same way desktop programs do. Previously, modern apps would only run full screen. These apps can now be resized and moved around, and have title bars at the top with buttons for maximize, minimize, and close with a click.

  • Virtual Desktops:

    Create desktops for different purposes and projects and switch between them easily to pick up where you left off on each one.

  • New Task View Button:

    There’s a new task-view button on the taskbar for quick switching between open files and quick access to any virtual desktops you create.

Windows 10 will also introduce new features that protect against modern security threats. These improvements will be easy to manage and will not compromise the user experience.

Security Improvements in Windows 10

    • Identity Protection and Access Control:

      Integrates multi-factor authentication into the operating system itself, eliminating the need for additional hardware security peripherals. Once enrolled, devices themselves become one of two factors that are required for authentication. The second factor will be a PIN or biometric.

  • Information Protection:

    Protection of corporate data enables automatic encryption of corporate apps, data, email, website content, and other sensitive information, as it arrives on the device from the corporate network. When users create new original content, they can define which documents are corporate versus personal. If desired, companies can designate all new content created on the device as corporate by policy. Additional policies can be enabled to prevent data from being copied from corporate to non-corporate documents or to external locations such as social networks.

  • Threat Resistance:

    Organizations will have the ability to lock down devices. Devices can be configured to only allow trusted apps that are signed using a Microsoft provided signing service to be run. Organizations will have the flexibility to choose what apps are trustworthy, apps that are signed by themselves, specially signed apps from ISVs, apps from the Windows Store, or all of the above.

The Windows 10 Technical Preview is available to test right now through the Windows Insider Program. This program is intended for PC experts and IT pros who are comfortable using pre-release software. Members will receive a steady stream of early builds with the latest features to test. Here are the system requirements if you would like to test the Windows 10 Technical Preview on your PC:

  • Processor: 1 gigahertz (GHz) or faster
  • RAM: 1 gigabyte (GB)
  • Free hard disk space: 16 GB
  • Graphics card: Microsoft DirectX 9 graphics device with WDDM driver
  • A Microsoft account and Internet access

Microsoft expects to release the Windows 10 operating system in fall of 2015.