Challenges

Cyber threats against operational technology (OT) systems in critical sectors like energy, water, and transportation are escalating at an alarming rate. In 2024, the number of reported Common Vulnerabilities and Exposures (CVEs) reached an all-time high, highlighting the growing attack surface that cybercriminals exploit. These threats pose severe risks, including operational downtime, financial losses, and potential harm to human safety.

A major contributing factor to these security gaps is the weak authentication methods used in programmable logic controllers (PLCs), which serve as the backbone of OT networks. Studies indicate that 80% of vulnerabilities exist deep within the industrial control system (ICS) network, meaning attackers must first gain access to OT environments to exploit them. Many PLC devices still depend on factory-set or easily guessable passwords, making them highly susceptible to unauthorised access. Alarmingly, 81% of OT security incidents are linked to weak passwords or stolen credentials. In some cases, access is granted automatically or passwords are shared among users, exposing a severe lack of security enforcement.

While some OT organisations are making efforts to improve PLC security, progress is slow. As OT environments continue to evolve with more connected devices and advanced functionalities, implementing robust authentication becomes increasingly challenging—especially without direct collaboration from PLC manufacturers. As a result, many organisations remain dependent on vendor-released security patches to mitigate risks.

Moreover, user management in most OT infrastructures remains inadequate. Many PLC devices either lack individual user authentication or operate without any password protection, making it difficult to track and manage access.

Solutions

The OTAC Trusted Access Gateway eliminates the vulnerabilities of static password authentication by leveraging one-time authentication code (OTAC) technology—an innovative, one-way dynamic authentication method developed by swIDch. Instead of relying on fixed credentials, OTAC generates unique, non-reusable authentication codes via smartphones, smart cards, or authorised laptops, preventing credential theft and unauthorised access.

Designed to enhance PLC security without requiring modifications to existing devices, the OTAC Trusted Access Gateway acts as an intermediary between PLCs and users, ensuring that only authenticated personnel can gain access. This solution effectively blocks unauthorised entry and protects critical OT infrastructure from cyber threats.

Additionally, the OTAC Trusted Access Gateway simplifies identity management by recording both user and device activity, making access monitoring straightforward. Unlike public key infrastructure (PKI), which requires complex certificate management, or biometric authentication, which relies on bidirectional communication, OTAC operates as a one-way authentication solution that functions even in offline environments.

1. Deployment: The OTAC Trusted Access Gateway is positioned between the user device generating OTAC and the OT system requiring authentication.
2. Authentication Request: When an engineer launches a PLC, HMI, RTU, or DCS engineering application, the OTAC Trusted Access Gateway prompts the registered user device to complete the multi-factor authentication (MFA) process.
3. OTAC Generation: The user generates an OTAC on their registered device (e.g., smartphone or smart card) and enters it into the system.
4. Validation: The OTAC Trusted Access Gateway verifies the code and grants access if the user is authorised.

Benefits

The OTAC Trusted Access Gateway enhances OT authentication security without requiring extensive system modifications.

• No Modifications to Existing PLCs: The solution integrates seamlessly with current PLC infrastructure without requiring changes.
• Centralised User Management: Authentication is centrally managed for better access control.
• One-Time Dynamic Authentication Codes: Static passwords are replaced with unique, session-based codes to enhance security.
• Comprehensive Access Logs: Unlike traditional PLC access logs that lack user tracking, the OTAC Trusted Access Gateway provides detailed records, offering clear visibility into authentication events.

Why OTAC

OTAC, developed by SSenStone, is the original technology that provides all of the following features at the same time.

OTAC is a dynamic code, which means the code keeps changing. As a result, you don’t need to worry about any leak of your personal information, such as your card details, because the codes must have already been changed when others try to use them.
The network connection is NOT necessary at all for generating OTAC.

Reducing an authentication stage that requires the network connection directly means there are fewer gateways for the hackers to access our personal information.

Moreover, this feature enables users to authenticate even when they are in networkless environments, such as on the plane, underground, rural or foreign areas.
swIDch can guarantee that the code never duplicates with anyone at any given moment.

There is NO chance of someone else having the same code.
The users or their devices can be identified with the code alone.

Once OTAC has been generated, providing OTAC alone is already fully sufficient to identify the user as the code is unique.

It means, you can forget about the bundles of static information including IDs and passwords.