Beyond passwords: modern access strategies for robust industrial control systems

According to "The True Cost of Downtime 2024," a white paper on predictive maintenance practices from Siemens, unplanned downtime costs the world’s 500 biggest manufacturers 11% of their total revenues, adding up to $1.4 trillion annually.

Of the many factors that contribute to downtime, cyberattacks are among the most costly and difficult to recover from. According to IBM's "X-Force Threat Intelligence Index 2024" report, manufacturing is the most attacked industry worldwide. According to research data Comparitech gathered and analyzed from 858 manufacturing ransomware attacks logged in its ransomware attack database, ransomware attacks cost a company an average of $1.9 million every day their production line remains down.

However, lesser issues like untracked errors and unauthorized modifications to equipment settings also erode productivity, profitability and compliance over time.

These problems have a root cause in common: inadequate logical access control. Shared workstations, weak credential practices and open access to human-machine interfaces (HMIs) and programmable logic controllers (PLCs) introduce vulnerabilities that compromise security while driving up IT and operational costs.

Without a secure, auditable way to manage who can access which systems and when, organizations are open to unnecessary risk.

Even minor access control lapses create serious risk exposure

Cyberattacks are the most visible and damaging threat stemming from logical access control issues. However, other risks impair manufacturing operations, too.

One of the most common and most overlooked issues is the continued use of shared credentials or generic logins across operator teams. When multiple operators access HMIs, PLCs or industrial PCs without individual authentication, it becomes nearly impossible to trace actions back to specific users. That lack of accountability not only introduces security vulnerabilities but also hinders root-cause analysis when something goes wrong.

For example, if a misconfigured setting causes a batch of product to be wasted or a line to go down, teams may waste hours troubleshooting it without a clear record of who made the change and when. Worse still, if malicious activity is involved, there’s no way to determine how the system was compromised or to prevent it from happening again.

This lack of access governance opens the door to compliance risks, too. If you operate in an industry governed by standards like ISO 27001, National Institute of Standards and Technology (NIST) or ISA/IEC 62443, you’re required to maintain rigorous access controls and auditability as part of a strong zero-trust architecture strategy. Failing to document who accessed key equipment and when can lead to failed audits, lost certifications and even legal consequences, depending on the systems or data involved.

What it takes to address accountability and security gaps on the plant floor

To close security gaps without slowing down production, it requires a system that manages who can interact with equipment and digital tools. Machine operators frequently move between shared HMIs, PLCs and other networked equipment, so it’s vital that any new access control solution is simple to use but robust enough to provide an audit trail of every interaction.

Beyond the plant floor, employees need access to a range of identity-based access points, including lockers, personal protective equipment (PPE) machines, timeclocks, forklifts and meeting attendance trackers. Any one of these connected endpoints can leave a network vulnerable to a cyberattack that shuts down production or compromises the physical security of the team and equipment.

Ideally, operators should use the same secure credential they use to enter the facility to access systems throughout the plant. This kind of unified access, backed by controlled and auditable authentication, makes it easier to track activity without adding friction for users.

Key elements of a modern, unified logical access control system built for manufacturing

Modern logical access control solutions can address even the most complex identity challenges in manufacturing by linking every physical and logical access point to a single, verified user identity. This unified approach improves security and compliance with industry standards while ensuring operational continuity.

As options for upgrading your access control infrastructure are evaluated, it’s important to consider the following capabilities that enable a secure, scalable and user-friendly system.

Role-based access control

A modern access control system should make it easy to assign and manage access permissions based on job roles rather than individuals. Using role-based access control (RBAC) allows a company to quickly onboard new employees, grant temporary access to contractors and update or revoke permissions as responsibilities shift without having to manually update settings across every workstation, HMI, PLC or application.

Instead of configuring access separately in each system, RBAC allows application of consistent permissions from a central policy engine, ensuring users automatically get the right level of access wherever they work. This reduces manual work for IT team while simplifying compliance with industry standards.

Get your subscription to Control Design’s daily newsletter.

Passwordless authentication

Access systems that require users to manage multiple credentials or frequently reset passwords drain productivity. Often, workers resort to unsecure workarounds, such as sharing logins or writing down passwords, that undermine both security and compliance.

Passwordless authentication eliminates these risks by relying on secure credentials, such as smart card badges or hardware-based passkeys, to authenticate users through encrypted technology. Tapping a badge or physical security key at a credential reader gives operators instant, secure access to logical and physical endpoints without the friction of passwords or personal identification numbers (PINs). Plus, passwordless credentials ensure every user interaction across all systems and facilities is tied to a verified identity, which provides an auditable access trail.

Interoperable and embedded readers

Upgrading access control across a manufacturing environment doesn’t happen overnight. That’s why it’s important to opt for access control hardware that supports a phased transition by accommodating both legacy credentials, such as proximity cards that are still widely used for building access, and modern, secure credentials like smart cards, near field communication (NFC) mobile wallet and security keys. These interoperable readers ensure continuity during rollout, avoiding the need for an all-at-once hardware replacement.

External readers can be mounted on your existing workstations, control panels or operator terminals to enable secure authentication without replacing the entire unit. However, as manufacturing equipment ages or comes up for refresh, consider transitioning to newer models that include embedded credential readers. These built-in readers reduce hardware clutter and promote safety and cleanliness by reducing exposed surfaces and cables.

Operational continuity and security start with unified access control

In highly automated production environments, even minor oversights in access control can escalate into major disruptions and costly downtime. So, it’s important to treat access management as a foundational element of cybersecurity and operational integrity.

The threat of cybersecurity incidents are looming every day, and more routine access risks already are impacting productivity, traceability and compliance.

It’s time to upgrade to a unified access control strategy that strengthens security at every level of a manufacturing operation and makes the job easier for the people who keep production moving.