Challenges

Cyber threats to operational technology (OT) systems supporting critical infrastructure such as energy, water, and transport are increasing at an alarming rate. In 2024, the number of Common Vulnerabilities and Exposures (CVEs) reached an all-time high, underscoring the expanding attack surface for cybercriminals. These threats pose significant risks, ranging from operational disruptions to severe economic losses and even human casualties.

A key contributor to this growing issue is the weak authentication mechanisms of programmable logic controllers (PLCs), the backbone of OT networks. 80% of vulnerabilities reside deep within the ICS network and adversaries need initial access to OT networks to compromise vulnerabilities deep within the ICS network. Many PLC devices rely on default or easily guessable passwords, leaving them highly vulnerable to unauthorised access. Alarmingly, 81% of OT security breaches are linked to weak passwords or password theft. In some cases, passwords are shared or automatic access is allowed without any password being set, highlighting a critical lack of security awareness.

While some OT organisations are attempting to improve PLC security, progress remains slow. As OT systems incorporate advanced functionalities and connect more devices, implementing robust authentication systems becomes increasingly difficult without support from PLC manufacturers. Consequently, the current PLC security ecosystem largely relies on system patch updates from these manufacturers.

Moreover, user management in most OT environments is virtually non-existent. Many PLC devices share passwords or lack them entirely, making it nearly impossible to identify who is accessing them.

[ Standard OT Authentication Flow ]

[swIDch] OTAC TAG-3

The Solution

The OTAC Trusted Access Gateway leverages one-time authentication code (OTAC)—an innovative, one-way dynamic authentication technology developed by swIDch. This technology addresses the vulnerabilities of fixed-value password authentication. Dynamic authentication codes are generated via smartphones, smart cards, or designated laptops. These codes are unique, non-reusable, and impossible to share, ensuring strong and reliable security.

The OTAC Trusted Access Gateway was specifically designed to upgrade PLCs to dynamic authentication without requiring any modification to the devices themselves. This revolutionary gateway connects to PLCs and protects them from OT system attackers by preventing unauthorised access entirely.

Additionally, the OTAC Trusted Access Gateway simplifies identity management. It logs user and device activity, making access management straightforward and unlike public key infrastructure (PKI), which faces challenges such as certificate management and insufficient resources, or biometric authentication, which requires bidirectional communication, the OTAC Trusted Access Gateway offers a one-way dynamic code solution that operates effectively even offline.

[ OT Authentication Flow with The OTAC Trusted Access Gateway Deployed ]

[swIDch] OTAC TAG_02_1(최종)
  • OTAC Trusted Access Gateway placement: OTAC Trusted Access Gateway is deployed between the PC/Laptop and the OT system it is trying to access.
  • Authentication Request: When a target PLC/HMI/RTU/DCS engineering application is launched, the OTAC Trusted Access Gateway agent requests the registered user device to complete the multi-factor authentication (MFA) process.
  • OTAC Generation: The user generates an OTAC on their registered personal device (e.g., smartphone or smart card) and enters it into the input field.
  • Validation: The OTAC Trusted Access Gateway validates the entered code and grants access if the user is authorised.

Benefits

The OTAC Trusted Access Gateway provides a seamless upgrade to OT authentication environments without complex system modifications.

  • No Need to Modify current PLCs: The PLC devices remain unaltered.
  • Centralised Management: User authentication can be centrally managed for enhanced control.
  • One-Way Dynamic Authentication Codes: Static passwords are replaced with dynamic codes that change for each session, ensuring secure user and device authentication.
  • Comprehensive Access Logs: Unlike standard PLC access logs that lack user/device identification, OTAC Trusted Access Gateway’s logs provide meaningful, actionable records of access activity.

 

Contact us today

Why swIDch

OTAC, developed by swIDch, is the original technology
that provides all of the following features, tested and substantiated
by the University of Surrey technical report
Why swIDch
DYNAMIC CODE that is
sufficient to IDENTIFY user
Single-step IDENTIFICATION
and AUTHENTICATION
Uni-directional authentication in
off-the-network environment

Single-step identification and authentication with the code alone. Include our biometric option and get single-step MFA. Vastly improved UX by removing steps.

OTAC is a dynamic code, which means the code is constantly changing. Eliminates all use of static information. Forget usernames and passwords forever. Vastly reduced workload for IT helpdesks. 

No network connection required for generating OTAC, enabling uninterrupted use no matter where you are. No more waiting for additional tokens/OTPs and no need for heavy public key infrastructure (PKI). 

 

Highly configurable code parameters and lightweight SDK/applet means wide range of deployment options on many devices across multiple sectors.  

Learn More

'One-time-authentication-code' technical report by University of Surrey Get In touch

Related Topics

Synergizing Standards: How NIS2, CRA, and IEC 62443 Forge a Unified Front in OT Cyber Security
In the rapidly evolving landscape of Operational Technology (OT), maintaining robust cybersecurity measures is crucial. Several key frameworks and directives have emerged to address the unique challenges faced by this sector. Let’s delve into three significant standards—NIS2, CRA, and IEC 62443—that collectively enhance the cybersecurity posture of OT systems.
Read More
Rising OT Cybersecurity Threats Demand Immediate Action
The world enters 2025 at the precipice of a cyber age where the backbone of modern industry—Operational Technology (OT)—faces unprecedented risks. While the integration of OT with IT has streamlined operations and improved efficiency, it has also widened the attack surface for cybercriminals.
Read More
The Vital Role of User Access Control and IAM in OT
In an era where technology integrates seamlessly with operational processes, the importance of robust user access control and IAM cannot be overstated. As OT environments evolve, they become more susceptible to cyber threats, making it imperative to safeguard these critical infrastructures.
Read More