\

NIS2, CRA, and IEC 62443 are significant frameworks and directives that help enhance the cybersecurity posture of the Operational Technology (OT) sector. NIS2 brings stricter cybersecurity regulations to vital sectors like energy, water, and transportation, CRA makes sure any manufacturers of digital components meet a higher set of security standards and the IEC 62443 provides a cybersecurity roadmap tailored for industrial automation and control systems (IACS) and OT.

Compliance with Cybersecurity Frameworks

ISA

How OTAC meets the System Security Requirements (ISA 62443-3-3)

swIDch’s OTAC (One-Time Authentication Code) can be a valuable tool in aligning with the IEC 62443 standard, particularly with the Identification and Authentication Control (FR1) & Use Control (FR2) foundational requirement of the System security requirements (ISA 62443-3-3) , here’s how OTAC generally supports the standard:

FR1 & FR2 Requirements with OTAC

By integrating swIDch’s OTAC into their cybersecurity strategy, organizations can strengthen their defence against cyber threats and ensure a robust authentication mechanism that aligns with the IEC 62443 standards. 

image (1)

 

NIS

How swIDch can help achieve NIS2 compliance?

swIDch's OTAC technology is a patented algorithm that generates a one-time dynamic authentication code that can identify and authenticate users in a networkless environment. This technology can be used in the OT environment to achieve NIS2 compliance by:

  • Providing a secure and convenient way to access OT and ICS systems without relying on static information, such as passwords, or PINs, that are vulnerable to cyberattacks.
  • Reducing the complexity and friction of the authentication process by combining user identification and authentication steps into a single code, which can be generated on any device, such as a smartphone, tablet, or smartcards.
  • Enhancing the resilience and availability of OT and ICS systems by enabling offline authentication, which does not depend on network connectivity or server communication.
  • Supporting the implementation of the 10 minimum security measures required by NIS2, such as incident handling, supply chain security, cryptography and encryption, and multi-factor authentication.

swIDch's OTAC technology is a innovative and agile solution that can help organizations that provide essential or important services to the EU to comply with NIS2 and protect their OT and ICS environments from cyber threats. swIDch’s OTAC provides a highly optimized and highly secure authentication solution specifically for PLC devices. It utilizes our dynamic 'one-time authentication code' (OTAC) technology to resolve typical ICS/OT security challenges.

OTAC resolves:

  • Password sharing in password-only authentication systems
  • Difficulty managing ID/PW specified for each PLC device
  • Difficulty managing user changes (leavers / contractors etc)
  • Hacking attempts using password cracking software


OTAC ensures only known and authorized users/devices can access PLC using dynamic, non-reusable, constantly changing code guaranteed with 0% duplicates (defeats packet sniffing attacks)

CRA

How swIDch can help achieve CRA compliance?

swIDch's OTAC technology can significantly enhance Cyber Resilience Assessments (CRA) by providing a more secure and efficient method of user and device authentication. Here’s how:

  • Enhanced Security: OTAC technology generates a dynamic, randomized code locally on the user's device, eliminating the need for traditional password-based authentication. This reduces the risk of hacking and unauthorized access.
  • Simplified Authentication: By combining user identification and authentication into a single step, OTAC simplifies the authentication process, making it easier to manage and secure devices
  • Reduced Vulnerabilities: OTAC's uni-directional dynamic token overcomes the limitations of bi-directional systems, which often rely on network connectivity between clients and servers. This reduces the attack surface and strengthens the overall security posture
  • Seamless Integration: OTAC can be integrated into existing OT systems without requiring significant changes to hardware or network infrastructure. This makes it easier for OEMs to enhance security without disrupting operations.

 

International CC Certification for OTAC
Our OTAC technology has obtained the global CC standard for its strong security, stability and reliability. 

Contact us today

Why swIDch

OTAC, developed by swIDch, is the original technology
that provides all of the following features, tested and substantiated
by the University of Surrey technical report
Why swIDch
DYNAMIC CODE that is
sufficient to IDENTIFY user
Single-step IDENTIFICATION
and AUTHENTICATION
Uni-directional authentication in
off-the-network environment

Single-step identification and authentication with the code alone. Include our biometric option and get single-step MFA. Vastly improved UX by removing steps.

OTAC is a dynamic code, which means the code is constantly changing. Eliminates all use of static information. Forget usernames and passwords forever. Vastly reduced workload for IT helpdesks. 

No network connection required for generating OTAC, enabling uninterrupted use no matter where you are. No more waiting for additional tokens/OTPs and no need for heavy public key infrastructure (PKI). 

 

Highly configurable code parameters and lightweight SDK/applet means wide range of deployment options on many devices across multiple sectors.