Programmable Logic Controller OTAC
We allow manufacturers and operators to significantly increase security with minimal disruption and minimal computing requirements whilst removing vulnerabilities and greatly simplifying the authentication process.
Industrial Control Systems, (also known as Industrial Automation and Control Systems, IACS) are used for managing the automated industrial process and capturing data logged from the flow of the processes. ICS supports network connectivity to improve operational tasks, including remote supervisory and monitoring. Operational technology (OT) relates to the hardware and software which is used to control the equipment within the ICS itself. Traditional OT & Information Technology (IT) environments were separate, meaning OT owners relied on the ‘air gap’ that separated OT from IT systems in order to protect them. Cloud Computing & IoT (Internet of Things) aims to connect OT & ICT (Information and Communication Technology) infrastructure to various devices using different network connectivity technologies, but this bridging of the traditional ‘air gap’ has resulted in widened endpoints to the industrial network, leaving ICSs exposed to ever-increasing security risks and vulnerabilities.
Programmable Logic Controllers (PLC) serve as key component of ICS and OT systems and are equally susceptible to cyber-attacks, with inadequate access control and authentication within these systems posing a major challenge. As a result, 93% percent of all organizations with OT environments experienced hacking in the past twelve months by June 2022 with over 78% percent confronted with three or more security incidents. The result is increased demand for enhanced authentication for ICS/IACS and ICS component manufacturers are now actively reviewing the design architecture in building robust password-based credentials.
- Weak authentication in current PLC systems
Because ICSs are often limited in adapting higher security stacks due to their low computing output, the password-based credential is commonplace and still being used as an authentication mechanism for human users and processes. However, passwords bring with them significant challenges. Exploitation of these vulnerabilities were made clear via the Stuxnet case which directly targeted weakly configured password and continues to pose a risk today.
• Password sharing (where users not uniquely defined - not recommended)
• Password management between ID/PW specified for each PLC device
• Difficulty managing user changes (leavers/contractors)
• Inherent password weaknesses (static information vulnerable to brute forcing, phishing, credential stuffing etc)
- Reluctance to upgrade existing OT/PLC systems
In addition, security upgrades to existing OT systems often require significant time, manpower and resources, which in turn pose considerable cost implications for ICS and OT organisations and manufacturers. As a result, many PLCs continue to operate despite inherent vulnerabilities, leaving PLCs and the systems they operate at considerable risk.
SSenStone’s Programmable Logic Controller OTAC provides a highly optimised and highly secure authentication solution specifically for PLC devices. It utilises our dynamic 'one-time authentication code' (OTAC) technology to resolve typical ICS/OT security challenges. OTAC ensures only known and authorised users/devices can access PLC using dynamic, non-reusable, constantly changing code guaranteed with 0% duplicates (defeats packet sniffing attacks)
• Password sharing in password-only authentication systems
• Difficulty managing ID/PW specified for each PLC device
• Difficulty managing user changes (leavers / contractors etc)
• Hacking attempts using password cracking software
Current PLC certification: Password-based
Password sharing between engineers
Access is granted to users who are indistinguishable (un-identified)
If a password is stolen (from any user) it can be later used to gain access without any further challenge
Optimal PLC authentication method: OTAC-based authentication
No password sharing – users enter dynamic codes (OTAC) which are generated differently each time
Access is only granted to authorised users – who are also fully identifiable
If the OTAC is stolen and later used it will be denied access by the OTAC verification module
All of this is possible without any need to modify the existing password interface (8-digit example above)
OTAC resolves Common Vulnerabilities and Exposures (CVE) including:
CVE-2022-32143, CVE-2022-2003, CVE-2022-1794, CVE-2021-37172, CVE-2021-32982, CVE-2021-32978, CVE-2021-20827, CVE-2020-15791, CVE-2020-10628, CVE-2020-10276, CVE-2022-2758
PLC PoC with LS ELECTRIC
SSenStone’s Programmable Logic Controller OTAC allows manufacturers and operators to significantly increase security with minimal disruption and minimal computing requirements whilst at the same time removing password associated vulnerabilities, and thus greatly simplifying the authentication process. Resolving PLC challenges opens the door to faster time-to-market for new products and solutions and therefore increased productivity and ultimately efficiency, a critical component of all ICS and OT systems.
Manpower and cost saving
Efficient user and device authentication management can reduce time and manpower requirements. You can not only reduce costs compared to PKI authentication methods, but also expect significant cost saving when compared to alternative solutions.
Improved productivity and efficiency
PLC OTAC provides lightweight SDK/applet enabling implementation of code generator in multiple forms. It requires low CPU overhead for the code verifier which can be implemented on a central backend server or in lightweight module on the PLC itself. Its highly configurable code parameters enable deployment on existing infrastructure with minimal, inexpensive UI changes.
Advanced security environment
PLC OTAC not only resolves password-based PLC system vulnerabilities by blocking indistinguishable user access through unique dynamic codes for each user, but also provides a more robust, less demanding security environment by supporting uni-directional authentication code generation, even in unstable network environments.
OTAC, developed by SSenStone, is the original technology that provides all of the following features at the same time.
OTAC is a dynamic code, which means the code keeps changing. As a result, you don’t need to worry about any leak of your personal information, such as your card details, because the codes must have already been changed when others try to use them.
The network connection is NOT necessary at all for generating OTAC.
Reducing an authentication stage that requires the network connection directly means there are fewer gateways for the hackers to access our personal information.
Moreover, this feature enables users to authenticate even when they are in networkless environments, such as on the plane, underground, rural or foreign areas.
swIDch can guarantee that the code never duplicates with anyone at any given moment.
There is NO chance of someone else having the same code.
The users or their devices can be identified with the code alone.
Once OTAC has been generated, providing OTAC alone is already fully sufficient to identify the user as the code is unique.
It means, you can forget about the bundles of static information including IDs and passwords.
make your service reliable with SSenStone!
5F, 329, Cheonho-daero Dongdaemun-gu, Seoul, Republic of Korea (02622)
Contact below if you have an urgent inquiry.
Korea Office (SSenStone)
5F, 329, Cheonho-daero Dongdaemun-gu, Seoul, Republic of Korea (02622)
Tel : 02-569-9668 | Fax : 02-6455-9668
UK Office (swIDch)
swIDch Ltd Office 176, 1st Floor, 3 More London Riverside, London SE1 2RE
Tel : 020-3283-4081