What is Authentication?
Authentication is the process by which a system verifies that someone or something truly is who or what it claims to be. It forms a first line of defence when accessing systems, applications and devices.
In OT networks, strong authentication is essential to prevent unauthorised access to systems such as SCADA, PLC or Engineering Station.
🧠 How does authentication work?
There are three main types of authentication factors:
- Something you know
- Password, PIN, answer to a secret question
- Something you have
- Token, smartcard, MFA app, badge
- Something you are
- Biometrics such as fingerprints or facial recognition
Authentication methods:
-
Single-factor authentication (SFA) Only one type (e.g. username + password)
-
Multi-factor authentication (MFA) Two or more factors combined → significantly more secure
-
Certificate-based authentication Using digital certificates at device or user level
🏭 Authentication in industrial networks
- Login to HMI or SCADA via username and password
- MFA for remote access to OT via VPN or Jump Server
- Use of badges or tokens for physical access to server rooms
- 802.1X for device authentication on network ports
- Digital certificates on OPC UA servers and clients
- RADIUS or Active Directory for centralised authentication management
Authentication in OT must be both user-friendly and secure, with minimal impact on process continuity.
🔍 Authentication vs. authorisation
| Aspect | Authentication | Authorisation |
|---|---|---|
| Purpose | Who are you? | What are you allowed to do? |
| Example | MFA login on SCADA | Read-only access to historical data |
| Order | Always happens first | Follows only after successful authentication |
| Mechanisms | Password, token, certificate | RBAC, ABAC, Group Policy |
🔐 Security considerations
- Prevents misuse of credentials and identity fraud
- Required by many security standards: IEC 62443, NIS2, ISO 27001
- MFA strongly recommended for Remote Access and management interfaces
- Combine with Least Privilege and Access Control for full access protection
- A core component of Zero Trust and Defense in Depth
Weak authentication is often the root cause of OT incidents: no MFA, weak passwords, hardcoded credentials.
📌 In summary
Authentication protects industrial systems by verifying who is trying to gain access. In OT environments, it is crucial to combine authentication with robust access management, especially for remote administration and critical systems.