The convergence of IT and OT systems has brought greater efficiency, visibility, and automation to industrial environments. But it has also introduced significant vulnerabilities — and the consequences are no longer theoretical.
In April 2025, a hydroelectric dam in western Norway was breached through a cyberattack. Hackers gained access to its control interface, opened a valve, and released hundreds of litres of water per second into the surrounding environment. Though physical damage was avoided, the incident exposed a critical reality: once a bad actor gains access, industrial control systems (ICS) can be manipulated remotely with ease — and the impact can be immediate.
This attack is part of a rising global trend. A 2024 threat report found that 68 publicly reported cyberattacks targeting OT systems occurred in 2023 — a 19% rise from the previous year — with 80% of those attacks attributed to ransomware. Ransomware in OT environments no longer simply encrypts files. It can cripple production, disrupt essential services, and even threaten safety.
Unlike IT networks, which are typically protected by layers of cybersecurity protocols and updated regularly, many OT systems still rely on legacy technologies that were not designed with cybersecurity in mind. These systems often:
A 2024 survey by the SANS Institute further reveals that over 75% of industrial organisations now use multi-factor authentication for remote access, and more than half report detecting OT incidents within 24 hours. However, rapid detection does not always mean rapid containment, and many organisations still lack effective tools to prevent damage once attackers gain access.
In OT environments, the impact of an incident often extends far beyond data theft. Production shutdowns, equipment damage, environmental harm, and even human safety risks are very real concerns — making proactive defence far more critical than reactive recovery.
In many reported cases, attackers did not use sophisticated malware or zero-day exploits to breach OT systems. Instead, they exploited inadequate authentication mechanisms — such as unpatched remote desktop access points, hardcoded credentials, or poorly secured human-machine interfaces (HMIs).
The challenge is that traditional IT security tools are rarely suitable for OT environments. They may cause latency, require constant connectivity, or be incompatible with legacy systems. More importantly, they are not built to accommodate the offline, low-resource, and high-safety nature of many OT networks.
As a result, many industrial operators face a difficult trade-off: allow external access for maintenance and support, or keep systems secure by limiting connections — both of which can carry operational and safety risks.
To address this growing vulnerability, a new class of authentication solutions is emerging — ones that are designed specifically for OT environments.
These solutions move away from static passwords or identity federation models and instead use dynamic, one-time codes that are generated offline, bound to a specific user and session, and cannot be reused or intercepted. They enable:
By adopting access authentication built for OT, industrial organisations can reduce one of the most critical attack vectors — and do so without compromising operational continuity.
The Norwegian dam incident is a reminder that waiting for a breach to act is no longer an option. Cybersecurity for industrial systems must begin with access control — not as an afterthought, but as a central part of infrastructure design.
As industrial systems grow more connected, the boundaries between digital and physical threats continue to dissolve. The best protection lies in preventing unauthorised access before it happens — with authentication tailored to the realities of OT environments.
Now is the time to rethink how access is managed — because in the world of critical infrastructure, response is often too late.
--------------------
swIDch will continue its quest to innovate and pioneer next-generation authentication solutions. To stay up-to-date with the latest trends sign up to our newsletter and check out our latest solutions.