\

Download our PLC brochure >>

Pain points

In the age of industrial automation, the global manufacturing environment is transitioning towards an integrated Operational Technology (OT) and Information Technology (IT) system. This shift necessitates an advanced authentication system to manage devices and equipment efficiently. Current vulnerabilities have been exploited, as seen in the PLC attack on the Israeli water treatment system and incidents in Florida. With the demand for PLCs expected to reach $22.17 billion by 2030, enhancing user authentication technology is crucial to prevent unauthorised access to OT and PLC equipment.

img_plcotac_painpoint_eng (swIDch)

Key challenges related to OT & PLCs

shutterstock_2248577885 resized

Weak authentication in current PLC systems

Because ICSs are often limited in adapting higher security stacks due to their low computing output, the password-based credential is commonplace and still being used as an authentication mechanism for human users and processes. However, passwords bring with them significant challenges. 

 
Typical challenges
  • Password sharing (where users not uniquely defined - not recommended)
  • Password management between ID/PW specified for each PLC device
  • Difficulty managing user changes (leavers/contractors)
  • Inherent password weaknesses (static information vulnerable to brute forcing, phishing, credential stuffing etc)

Exploitation of these vulnerabilities were made clear via the Stuxnet case which directly targeted weakly configured password and continues to pose a risk today. 

 Deployment Limitations Due to Multiple PLC Devices

Most end-users rely on system integrators for PLC device selection, resulting in a mix of products from different manufacturers with varying security technologies. This diversity makes it challenging for end-users to specify and request security solutions for automation devices.

Weak Security Management Without PLC Security Experts    

PLCs are often managed by control and facility departments, falling outside the purview of the security department. This reliance on control device suppliers for security measures can lead to vulnerabilities, hindering the implementation of effective security solutions.

Reluctance to upgrade existing OT/PLC systems    

Upgrading existing OT systems for enhanced security poses challenges, requiring significant time, manpower, and resources. PLCs must operate seamlessly despite inherent vulnerabilities, and the burden of upgrades may lead to delays, exposing systems to increased risk. 

The Solution

 

swIDch's PLC OTAC addresses these challenges by offering an authentication process tailored for Industrial Control Systems (ICS) and OT environments. Utilising the world's first one-way dynamic authentication (OTAC) technology, it ensures high security with minimal resource requirements.

Neutralising Password Vulnerabilities with Dynamic Authentication Codes

swIDch’s Programmable Logic Controller OTAC provides a highly optimised and highly secure authentication solution specifically for PLC devices. It utilises our dynamic 'one-time authentication code' (OTAC) technology to resolve typical ICS/OT security challenges.

 
OTAC resolves:
  • Password sharing in password-only authentication systems
  • Difficulty managing ID/PW specified for each PLC device
  • Difficulty managing user changes (leavers / contractors etc)
  • Hacking attempts using password cracking software

OTAC ensures only known and authorised users/devices can access PLC using dynamic, non-reusable, constantly changing code guaranteed with 0% duplicates (defeats packet sniffing attacks)

Current PLC certification: Password-based

PLC webpage image 2_edit

Issues with current PLC certification using just passwords

  1. Password sharing between engineers
  2. Access is granted to users who are indistinguishable (un-identified)
  3. If a password is stolen (from any user) it can be later used to gain access without any further challenge

Optimal PLC authentication method: OTAC-based authentication

PLC webpage image 3_edit

Issues resolved by using OTAC-based authentication

  1. No password sharing – users enter dynamic codes (OTAC) which are generated differently each time
  2. Access is only granted to authorised users – who are also fully identifiable
  3. If the OTAC is stolen and later used it will be denied access by the OTAC verification module
  4. All of this is possible without any need to modify the existing password interface (8-digit example above)
OTAC resolves Common Vulnerabilities and Exposures (CVE) including:
CVE-2022-32143, CVE-2022-2003, CVE-2022-1794, CVE-2021-37172, CVE-2021-32982, CVE-2021-32978, CVE-2021-20827, CVE-2020-15791, CVE-2020-10628, CVE-2020-10276, CVE-2022-2758 

Customisable Design for Each Company's Environment

PLC OTAC allows for easy deployment, accommodating the specific needs of each end-user. It supports various authentication code lengths and issuance mediums, such as smartphones or display cards, providing flexibility in implementation.

[image1] PLCNext Store_OTAC auth_appstore screenshot_eng

Maintaining Existing UX/UI and Standardising Authentication Processes

swIDch ensures a seamless transition by allowing end-users to maintain existing PLC authentication UX/UI. Based on successful Proof of Concept (PoC) and Minimum Viable Product (MVP) implementations, it offers a standard process for device and user registration.

PLC poc image 2 cropped

* Example PoC success case from current client utilising swIDch's OTAC technology

 

* Read about our PoC with LS Electric >>

OTAC auth with PLCnext technology

OTAC Auth - MFA for PLCnext

Once a PLC is protected with our solution, the user can authenticate to PLC utilizing our dynamic 'one-time authentication code' (OTAC) technology. The code is generated on our mobile app (available on Google Play and Apple App store), is valid for a short period of time and even works offline. OTAC combined with device biometrics and/or PIN provides a highly optimized and secure authentication solution specifically for ICS/OT security challenges.

 

>> Read more

OTAC auth with PLCnext technology

Benefits

swIDch’s Programmable Logic Controller OTAC allows manufacturers and operators to significantly increase security with minimal disruption and minimal computing requirements whilst at the same time removing password associated vulnerabilities, and thus greatly simplifying the authentication process. Resolving PLC challenges opens the door to faster time-to-market for new products and solutions and therefore increased productivity and ultimately efficiency, a critical component of all ICS and OT systems. 

Benefits of PLC OTAC v.1

Unique features of swIDch’s OTAC technology in PLCs include:

  • Uni-directional authentication (no network environment required)
  • Lower CPU overhead  (ie faster) compared to other authentication/encryption methods
  • Unique dynamic code for each individual user - no more indistinguishable user access
  • Highly configurable code parameters enabling deployment with minimal UI changes if required
  • Lightweight SDK/applet  available to implement code generator in multiple forms (eg users smartphone or NFC card)

Significant Savings on Manpower and Cost

PLC OTAC improves user authentication without the need for additional hardware specifications or network changes, reducing the cost and time required for a new authentication process.

Improved Productivity and Efficiency

With a compact algorithm code size, PLC OTAC allows for versatile implementations, requiring low CPU overhead. It adapts to existing infrastructure, eliminating the need for extensive changes and costly upgrades.

Easy Management Without Technical Barriers

OTAC-generated authentication codes simplify PLC access management, limiting access to authorised users and devices. The setup process is straightforward, enabling efficient management without requiring extensive technical expertise or training courses.

To understand more how swIDch’s Programmable Logic Controller OTAC can revolutionise ICS and OT systems, contact us below.   

 

International CC Certification for OTAC
Our OTAC technology has obtained the global CC standard for its strong security, stability and reliability. 

Contact us today

Why swIDch

OTAC, developed by swIDch, is the original technology
that provides all of the following features, tested and substantiated
by the University of Surrey technical report
Why swIDch
DYNAMIC CODE that is
sufficient to IDENTIFY user
Single-step IDENTIFICATION
and AUTHENTICATION
Uni-directional authentication in
off-the-network environment

Single-step identification and authentication with the code alone. Include our biometric option and get single-step MFA. Vastly improved UX by removing steps.

OTAC is a dynamic code, which means the code is constantly changing. Eliminates all use of static information. Forget usernames and passwords forever. Vastly reduced workload for IT helpdesks. 

No network connection required for generating OTAC, enabling uninterrupted use no matter where you are. No more waiting for additional tokens/OTPs and no need for heavy public key infrastructure (PKI). 

 

Highly configurable code parameters and lightweight SDK/applet means wide range of deployment options on many devices across multiple sectors.  

Learn More

'One-time-authentication-code' technical report by University of Surrey Get In touch

Related Topics

A Comprehensive Guide to NIS2 Compliance and Operational Technology Resilience
The NIS2 Directive is the EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU. The EU's NIS2 Directive has arrived, bringing stricter cybersecurity regulations to vital sectors. OT systems, the backbone of our critical infrastructure, are now under the spotlight, requiring organizations to ramp up their security posture to ensure the continued operation of essential services.
Read More
Why should continuous authentication be at the heart of your Zero Trust Architecture?
Traditional perimeter-centric network security is based around a well defined network boundary where all enterprise resources such as devices, file servers, applications…etc were inside the network and users' access to the network was strictly controlled. I like to compare traditional perimeter-centric network security to old forts since they have quite a lot in common.
Read More
A comprehensive guide to secure operational technology (OT)
In today's interconnected world, Operational Technology (OT) faces increasing security challenges as network connectivity expands. Unlike Information Technology (IT), which primarily deals with business processes and data, OT involves devices that physically interact with the real world. This distinction necessitates tailored security approaches for OT environments.
Read More