\

Download our PLC brochure >>

Pain points

Industrial Control Systems, (also known as Industrial Automation and Control Systems, IACS) are used for managing the automated industrial process and capturing data logged from the flow of the processes. ICS supports network connectivity to improve operational tasks, including remote supervisory and monitoring. Operational technology (OT) relates to the hardware and software which is used to control the equipment within the ICS itself. Traditional OT & Information Technology (IT) environments were separate, meaning OT owners relied on the ‘air gap’ that separated OT from IT systems in order to protect them. Cloud Computing & IoT (Internet of Things) aims to connect OT & ICT (Information and Communication Technology) infrastructure to various devices using different network connectivity technologies, but this bridging of the traditional ‘air gap’ has resulted in widened endpoints to the industrial network, leaving ICSs exposed to ever-increasing security risks and vulnerabilities. 


Programmable Logic Controllers (PLC) serve as key component of ICS and OT systems and are equally susceptible to cyber-attacks, with inadequate access control and authentication within these systems posing a major challenge. As a result, 93% of all organizations with OT environments experienced hacking in the past twelve months by June 2022 with over 78% confronted with three or more security incidents. The result is increased demand for enhanced authentication for ICS/IACS and ICS component manufacturers are now actively reviewing the design architecture in building robust password-based credentials. 

PLC webpage image 1 cropped

Key challenges related to OT & PLCs

shutterstock_2248577885 resized

Weak authentication in current PLC systems

Because ICSs are often limited in adapting higher security stacks due to their low computing output, the password-based credential is commonplace and still being used as an authentication mechanism for human users and processes. However, passwords bring with them significant challenges. 

 
Typical challenges
  • Password sharing (where users not uniquely defined - not recommended)
  • Password management between ID/PW specified for each PLC device
  • Difficulty managing user changes (leavers/contractors)
  • Inherent password weaknesses (static information vulnerable to brute forcing, phishing, credential stuffing etc)

Exploitation of these vulnerabilities were made clear via the Stuxnet case which directly targeted weakly configured password and continues to pose a risk today. 

24/7 operation limits OT security upgrades

Many PLCs power mission critical operations, which often need to operate continuously. This means updates to PLCs including applying security patches and enhancing the security stacks are difficult to manage. In many instances, once an ICS facility begins to operate, the inherent vulnerabilities within these systems remain. This is common knowledge amongst threat actors resulting in these systems being a constant target.

Reluctance to upgrade existing OT/PLC systems    

In addition, security upgrades to existing OT systems often require significant time, manpower and resources, which in turn pose considerable cost implications for ICS and OT organisations and manufacturers. As a result, many PLCs continue to operate despite inherent vulnerabilities, leaving PLCs and the systems they operate at considerable risk.  

Machine arm cropped

The Solution

swIDch’s Programmable Logic Controller OTAC provides a highly optimised and highly secure authentication solution specifically for PLC devices. It utilises our dynamic 'one-time authentication code' (OTAC) technology to resolve typical ICS/OT security challenges.

 
OTAC resolves:
  • Password sharing in password-only authentication systems
  • Difficulty managing ID/PW specified for each PLC device
  • Difficulty managing user changes (leavers / contractors etc)
  • Hacking attempts using password cracking software

OTAC ensures only known and authorised users/devices can access PLC using dynamic, non-reusable, constantly changing code guaranteed with 0% duplicates (defeats packet sniffing attacks)

Current PLC certification: Password-based

PLC webpage image 2_edit

Issues with current PLC certification using just passwords

  1. Password sharing between engineers
  2. Access is granted to users who are indistinguishable (un-identified)
  3. If a password is stolen (from any user) it can be later used to gain access without any further challenge

Optimal PLC authentication method: OTAC-based authentication

PLC webpage image 3_edit

Issues resolved by using OTAC-based authentication

  1. No password sharing – users enter dynamic codes (OTAC) which are generated differently each time
  2. Access is only granted to authorised users – who are also fully identifiable
  3. If the OTAC is stolen and later used it will be denied access by the OTAC verification module
  4. All of this is possible without any need to modify the existing password interface (8-digit example above)
OTAC resolves Common Vulnerabilities and Exposures (CVE) including:
CVE-2022-32143, CVE-2022-2003, CVE-2022-1794, CVE-2021-37172, CVE-2021-32982, CVE-2021-32978, CVE-2021-20827, CVE-2020-15791, CVE-2020-10628, CVE-2020-10276, CVE-2022-2758 
PLC poc image 2 cropped

* Example PoC success case from current client utilising swIDch's OTAC technology

 

* Read about our PoC with LS Electric >>

* Watch our PoC with LS Electric on YouTube >>

Benefits

 

Unique features of swIDch’s OTAC technology in PLCs include:

  • Uni-directional authentication (no network environment required)
  • Lower CPU overhead  (ie faster) compared to other authentication/encryption methods
  • Can be deployed on existing infrastructure (no large, expensive infrastructure changes required)
  • Unique dynamic code for each individual user - no more indistinguishable user access
  • Highly configurable code parameters enabling deployment with minimal UI changes if required
  • Lightweight SDK/applet  available to implement code generator in multiple forms (eg users smartphone or NFC card)
  • Low CPU overhead for code verifier  which can be implemented on a central backend server or in lightweight module on the PLC itself
  • Efficient user and device authentication management reducing time and manpower requirements
  • Significant cost saving  when compared to alternative solutions 
  • Faster and lower cost compared to authentication methods using PKI certificates

swIDch’s Programmable Logic Controller OTAC allows manufacturers and operators to significantly increase security with minimal disruption and minimal computing requirements whilst at the same time removing password associated vulnerabilities, and thus greatly simplifying the authentication process. Resolving PLC challenges opens the door to faster time-to-market for new products and solutions and therefore increased productivity and ultimately efficiency, a critical component of all ICS and OT systems. 

 

To understand more how swIDch’s Programmable Logic Controller OTAC can revolutionise ICS and OT systems, contact us below.   

 

International CC Certification for OTAC
Our OTAC technology has obtained the global CC standard for its strong security, stability and reliability. 

Contact us today

Why swIDch

OTAC, developed by swIDch, is the original technology
that provides all of the following features, tested and substantiated
by the University of Surrey technical report
Why swIDch
DYNAMIC CODE that is
sufficient to IDENTIFY user
Single-step IDENTIFICATION
and AUTHENTICATION
Uni-directional authentication in
off-the-network environment

Single-step identification and authentication with the code alone. Include our biometric option and get single-step MFA. Vastly improved UX by removing steps.

OTAC is a dynamic code, which means the code is constantly changing. Eliminates all use of static information. Forget usernames and passwords forever. Vastly reduced workload for IT helpdesks. 

No network connection required for generating OTAC, enabling uninterrupted use no matter where you are. No more waiting for additional tokens/OTPs and no need for heavy public key infrastructure (PKI). 

 

Highly configurable code parameters and lightweight SDK/applet means wide range of deployment options on many devices across multiple sectors.  

Learn More

'One-time-authentication-code' technical report by University of Surrey Get In touch

Related Topics

Securing Operational Technology in an Interconnected World: Challenges and the Imperative of Authentication
In today's rapidly evolving technological landscape, the convergence of Operational Technology (OT) and Information Technology (IT) networks has brought about remarkable efficiency gains and automation across industries. However, this integration has also given rise to unprecedented cyber security challenges that demand our attention and action.
Read More
Why should continuous authentication be at the heart of your Zero Trust Architecture?
Traditional perimeter-centric network security is based around a well defined network boundary where all enterprise resources such as devices, file servers, applications…etc were inside the network and users' access to the network was strictly controlled. I like to compare traditional perimeter-centric network security to old forts since they have quite a lot in common.
Read More
A comprehensive guide to secure operational technology (OT)
In today's interconnected world, Operational Technology (OT) faces increasing security challenges as network connectivity expands. Unlike Information Technology (IT), which primarily deals with business processes and data, OT involves devices that physically interact with the real world. This distinction necessitates tailored security approaches for OT environments.
Read More