Updated: 29 Apr 2026
Manufacturing companies can secure OT access with MFA by deploying an authentication proxy in front of existing OT systems. This approach does not require replacing or modifying legacy SCADA, PLC, or MES platforms. It intercepts the authentication request at the network level and enforces a second factor before access is granted.
Most OT systems in Indian manufacturing environments predate modern authentication protocols. They authenticate via LDAP against Active Directory or through proprietary interfaces with no native second-factor capability. A RADIUS-based authentication proxy addresses this without touching the validated or certified software running on those systems. The deployment sequence matters.
Start with vendor and remote access. Unmanaged vendor credentials represent the highest-risk entry point in most manufacturing OT environments. Every remote session should be logged to a named individual with a time-limited credential. This step alone satisfies a significant portion of the CERT-In remote access MFA requirement.
Next, address shift-based operator authentication. Plant floor operators typically work on shared workstations without personal smartphones. Hardware TOTP tokens are the appropriate factor: no smartphone required, no mobile data required, and a six-digit rotating code that works in any environment including cleanrooms and foundries.
Finally, address SCADA and HMI systems directly through the authentication proxy. No application-level changes are required. The session is logged to a named individual from the moment the proxy is deployed.
CERT-In CISG-2025-02 requires MFA for all remote access. It does not require OT systems to be replaced to achieve it.
Proactive Data Systems, a Cisco Preferred Security Partner, has deployed Cisco Duo across OT and IT environments in Indian manufacturing plants including automotive, pharmaceutical, and industrial engineering facilities.
We'll get back to you shortly.
