SSenStone announced that the company has successfully completed a proof-of-concept (PoC) with LS Electric on preventing external threats toward programmable logic controllers (PLC), a key device for integrated operation and control in automatic operational processes. The two companies plan to work together to resolve global common vulnerabilities of PLCs, which are spreading from manufacturing production fields to advanced system operation and various internet of things (IoT) environments.
PLCs are regarded as a key device for industry automation, comparable to the 'human brain'. The global PLC market, which was worth $14.6 billion in 2022, expects to reach $20.2 billion by 2028 with a compound annual growth rate (CAGR) of 5.38%.
However, as IoT environments based on network connection increase in industries that apply PLCs, inappropriate access and authentication challenges as a result of cyber attacks are expanding. Thus rectifying the user authentication process based on one password for one device (often within a private network) is a key focus. PLC hacking attempts continue to increase, targeting weaknesses inherent in passwords that use fixed values, as well as password sharing, poor password management, and loopholes in user change management. In addition, many of the current PLC access control security solutions are accompanied by system upgrades that require a lot of time, manpower, and resources, so the administrative burden is by no means small.
SSenStone and LS Electric are focused on solving the inherent weakness of passwords, while simplifying the authentication process by focusing on convenience and scalability of PLC operation and carrying out a POC to make the most of the existing infrastructure.
First, SSenStone applied its one-time authentication code (OTAC) to PLC user authentication, with a focus on minimising changes from the existing PLC interface instead of creating a new authentication interface. Second, access control list (ACL) management was provided as a post-PLC authentication process.
As a result, it was confirmed that access through password sharing, as well as access by unauthorized users through password theft, was fundamentally blocked. In particular, it was proven that attacks such as packet sniffing can be neutralized by allowing only authorized users to access the PLC. PLC managers were also satisfied with the new authentication process as it can was performed in the same way as with the existing interface.
Kwon Daehyun, team Leader at Ls Electric and member of IEC SMB, expressed the intention to deepen collaboration between the two companies to implement security enhancements at actual industrial sites.
Yoo Chang-hun, CEO of SSenStone, said, "We were able to prove the solution tackles vulnerabilities inherent in PLC systems through this PoC. We will actively cooperate with LS Electric, who are making strides towards the global automation market, to solve the vulnerabilities of not only PLCs, but also industrial control systems (ICS) and operational technology (OT).
Together with LS Electric, the most prominent industrial automation company in Korea, it has been possible to prove the solution works on PLC systems at home and abroad through this PoC.”
The LS Electric PoC clearly demonstrated a reduction in manpower and cost, in addition to increased productivity and efficiency, were possible whilst maintaining strong and safe user & device authentication, via a simple, seamless deployment process. SSenStone and LS Electric plan to promote full-scale commercialization in the future, with two companies actively discussing the joint launch of a solution that combines SSenStone's OTAC technology with LS Electric's PLC product family.
---------------------------------
More about SSenStone's PoC with LS Electric
Background/Challenge
LS Electric's PLC goes through a user authentication process in which an 8-digit fixed value is entered. Access is granted as soon as a real user enters their password on the login screen. If a colleague other than the actual user enters the same password, they can access the PLC if the password is correct, meaning anyone can access PLC devices.
PoC on LS Electric PLC device
OTAC-applied PLC performs user authentication with a one-time dynamic code rather than a fixed value. The process of registering real users in the PC server is the same as the existing method. When the user registered on the PC server registers his/her smartphone to be used to generate the PLC login code, all preparations are complete.