News & Information(eng)

SSenStone Partners with Phoenix Contact to Unveil Modular User Authentication on PLCnext Store

Written by SSenStone | May 2, 2024 8:54:44 AM

SSenStone and Phoenix Contact Collaborate to Fortify PLC Security in the Face of Growing Threats
SSenStone Partners with Phoenix Contact
to Unveil Networkless Multi-Factor Authentication on PLCnext Store

 

  • Introduction of Revolutionary User and Device Authentication with Unidirectional Dynamic Tokens Technology
  • Engagement in Customized Security for PLCnext Ecosystem by Embracing Password-Management-Free Authentication for Enhanced User Experience
  • Driving Efficiency in Industrial Automation by Cutting Development Time and Costs for Enhanced PLC Authentication Security
  • Sustaining Collaboration for a Secure OT Automation Environment and Continued Joint Marketing Efforts

(London, UK) A groundbreaking cybersecurity startup has successfully launched a customized authentication solution designed for Programmable Logic Controllers (PLCs), addressing the pressing security challenges faced by these vulnerable devices.

SSenStone has introduced ‘OTAC auth – MFA for PLCnext’, an advanced user authentication solution available on PLCnext Store, the digital software marketplace of Phoenix Contact. Phoenix Contact PLC device users can seamlessly transition to the One-Time Authentication Code (OTAC)-based user authentication system, offering cutting-edge passwordless access. Following successful proof of concept (PoC) and minimum viable product (MVP) collaborations with two of the world's top five PLC manufacturers, SSenStone is now poised to enter the global market for PLC user authentication advancements with the launch of its new solution on Phoenix Contact's marketplace.

Traditionally, Operational Technology (OT) in industrial automation has operated as a closed network to mitigate security threats, often lagging in the adoption of new technologies like the Internet of Things (IoT) and artificial intelligence (AI). Despite being part of a closed network, PLC devices, crucial components for OT automation, still rely on usernames and passwords, leaving them vulnerable to potential hacking. In addition, if the PLC infrastructure moves to a wired or a wireless network environment, it becomes significantly vulnerable to security threats. High-profile incidents, such as the 2015 Ukraine power grid hack and the 2021 Florida water treatment facility threat, underscore the serious consequences of exploiting these vulnerabilities, extending beyond material damage to societal chaos.

‘OTAC auth – MFA for PLCnext’ is gaining attention as a singular technology capable of proactively blocking device and user authentication security threats, identified as vulnerabilities in OT and PLC devices. As validated through PoC and MVP collaborations with leading global PLC manufacturers, ‘OTAC auth – MFA for PLCnext’ eliminates static values like ID/PW for login and adopts a one-time authentication code, preventing duplication and ensuring complete protection against external threats. Moreover, the ability to generate authentication codes without a communication network makes it suitable for infrastructure looking to enhance internal security within a closed network.

The OTAC auth system comprises a mobile app for generating user authentication codes and a PLC app for administrators. The mobile app can be downloaded from Google Play for Android and the App Store for iOS, while the PLC app for administrators is available on Phoenix Contact's PLCnext Store.

Registered users gain system access by entering the OTAC generated through the mobile app into the PLC login screen. The mobile app utilizes pin and biometric challenges to deliver MFA capability. The time-limited validity of OTAC, coupled with its immediate expiration after access, eliminates the risk of reuse through hacking.

This solution marks a significant step in simplifying and streamlining the PLC user authentication advancement process, which has historically demanded substantial time, manpower, and financial investments.

With this app-based solution launch, SSenStone aims to actively engage in the PLC ecosystem by reducing the technology entry barrier for users and delivering tailored technology to meet the needs and specifications of industrial automation software. The company plans to refine the PLC user authentication process based on feedback from users of various PLCs, including those from Phoenix Contact.

Chang-Hun Yoo, CEO of SSenStone, said, "We are delighted to introduce the most advanced authentication solution to PLC users in collaboration with Phoenix Contact, a leader in the global industrial automation field. This innovative new solution is the key to resolving longstanding challenges in the OT security landscape, offering a unique opportunity to overcome the risks and management limitations of passwords while seamlessly integrating with the current infrastructure. We are confident that OTAC auth will significantly contribute to addressing PLC users' concerns about optimizing industrial automation by drastically reducing development time and costs in the authentication domain, currently lacking in the automation sector."

SSenStone and Phoenix Contact are committed to ongoing collaboration, including joint marketing efforts, to fortify OT automation security by proactively thwarting PLC security threats.

 

[References]

 

###