Benefits of two-factor authentication for manufacturing companies
A key part of securing assets is establishing the identity of an individual who wishes to access that asset in some way. We need to be sure that the person who is making the request is who he or she claims to be. The asset can be a control system, a building, a VPN or an application, to name a few. Two-factor authentication is becoming relatively common as a method of confirming that identity.
The concept of two-factor authentication is relatively simple and is an example of defense in depth. In order to establish identity, the user needs to provide something they know such as a password and something they have such as a token or smart card. The user can also provide something that verifies their identity such as a fingerprint. These should be two independent methods or technologies—having multiple passwords is not two-factor authentication.
While two-factor authentication can significantly decrease the ability of an imposter to steal an identity, it comes at a cost, both in money and time. So, like any solution, it should be used where the reduction in the level of risk justifies the use.
Typical uses for two-factor authentication include general access to sensitive on-line applications (think of getting a code sent to your smart phone when you log into a financial application on-line), establishing a VPN connection for remote access, and physical access.
It also can be used in manufacturing for an initial login such as for an operator or engineer.
Two-factor authentication may not be appropriate for situations where identity needs to be established quickly. It can be very quick to type in a password or scan an ID, but doing both could take too long in a situation where a quick response is required. It can also become cumbersome if authentication has to be performed often.
In some situations, two-factor authentication can significantly protect against identify takeover and should be strongly considered. For example, if a system is can be compromised by remote access such as a hacker, then a second factor (such as a card being read by a proximity sensor) can establish local presence, protecting the system against remote takeover.
Considerations for protecting critical assets should take into account the advantages of two-factor authentication and compare them to the effort to implement and use it. In many cases, with the proper design, the additional security is worth the cost and effort.
Dirk Sweigart, CISSP, PMP is an MES solutions manager and cybersecurity expert at Applied Control Engineering in Newark, Del. He is also a member of the MESA Cybersecurity Working Group. This article originally appeared on MESA International’s blog. MESA International is a CFE Media content partner. Edited by Chris Vavra, production editor, CFE Media, firstname.lastname@example.org
See additional stories from MESA International linked below.