Updated: 06 Apr 2026
The production line at a large Indian auto components manufacturer in Pune runs twenty-four hours a day. Robotics arms on the floor are coordinated by a SCADA system. That SCADA system feeds live data to an ERP platform. The ERP platform is cloud-hosted. The cloud instance is accessible to three equipment vendors — one in Germany, one in South Korea, one in Pune — who provide remote support under service contracts.
Each of those connections exists because Industry 4.0 promised, and delivered, measurable gains: reduced downtime, better yield visibility, and faster response to equipment faults. The connections are real, the gains are real, and the attack surface they created is equally real.
75% of OT attacks begin as IT breaches. The plant floor is not being compromised through the SCADA system directly. It is being compromised through the identity layer — through the credentials of the IT administrator, the remote support technician, the shift supervisor who uses the same password for the ERP portal and his personal email. The machine is not the entry point. The person accessing the machine is.
This is the security problem that defines Indian manufacturing in 2025. And it is a problem that MFA alone — in its standard form — does not solve.
What is OT/IT convergence in manufacturing? OT/IT convergence is the integration of Operational Technology — the hardware and software that control physical industrial processes, including PLCs, SCADA systems, and industrial control systems — with Information Technology networks that handle data, communications, and business applications. Historically kept separate, these environments are now interconnected in most modern manufacturing facilities to enable real-time monitoring, predictive maintenance, and cloud-based management. That integration creates shared attack surfaces that neither traditional IT security nor traditional OT security was designed to protect alone.
The numbers are stark. Ransomware attacks in the industrial sector spiked 87% year-on-year in 2024, making manufacturing the top ransomware target for four consecutive years. Manufacturing alone saw a 61% surge in ransomware incidents in 2025, with roughly 50% of all ransomware attacks targeting manufacturing, healthcare, energy, or transportation combined.
The reason is not that manufacturing has poor security relative to other sectors. It is that manufacturing has a specific operational characteristic that makes ransomware uniquely coercive: downtime is immediately, quantifiably expensive.
In the last seven years, ransomware attacks on manufacturing companies have caused downtime costing an estimated $17 billion globally. Stopping a single assembly line for even a few hours can cost millions. Attackers understand this calculus precisely. The ransom demand is set against a cost the victim can calculate to the hour. For a manufacturer running a JIT production environment with customer delivery commitments, the pressure to pay is not hypothetical — it is mathematical.
India is directly exposed to this pattern. India ranked second globally for targeted cyberattacks in 2025, following only the United States.
70% of OT systems are projected to connect to IT networks in the next year, up from 50%. The isolation assumption that made OT security manageable — air-gap the plant network, keep it separate from corporate IT — is gone, and it is not coming back.
The security controls built for corporate IT do not transfer to OT environments. You cannot deploy an endpoint agent on a twenty-year-old SCADA controller. You cannot patch a PLC without a scheduled maintenance window and vendor approval, and sometimes not without flying someone in. Endpoint detection, patch management, and network segmentation all behave differently — or not at all — when the assets are industrial. 65% of OT environments had insecure remote access conditions in 2024.
What does transfer — and is in fact the primary lever available — is identity. You cannot harden the OT device against a credential-based attack. You can control, with precision, who is allowed to authenticate to the systems that manage it, from where, on what device, and under what conditions. That is the security problem this blog is about.
"The plant floor is not being compromised through the SCADA system directly. It is being compromised through the identity layer — through the credentials of the IT administrator, the remote support technician, the shift supervisor who uses the same password for two platforms."
Based on security assessments conducted across manufacturing environments in India, these are the three access vulnerabilities that appear most consistently — and that are most frequently exploited.
1. The Vendor Access Problem
Large Indian manufacturing operations — automotive, pharmaceuticals, FMCG, capital goods — typically maintain service contracts with multiple OEM vendors who require remote access to the equipment they supply. A German automation vendor needs access to calibrate the assembly line robotics. A Japanese PLC manufacturer needs to push a firmware update.
An Indian systems integrator needs to troubleshoot the HVAC management system.
Each of these access relationships was established at the time of equipment procurement or installation, under a service contract, and configured by the vendor's technical team or an SI during the project. The access credentials were created, the VPN tunnel was set up, and the project closed. What usually did not happen: a review of those credentials at any point afterwards.
65% of OT environments had insecure remote access conditions in 2024, and 45% of organisations with OT-heavy environments have SSH communicating to publicly routable addresses. Many of these are vendor access tunnels that were opened during a project and never reviewed. The vendor who was given access three years ago may no longer work for the company that holds the service contract. The credentials may not have been rotated since initial setup. There is no MFA on the connection.
The security team often does not have a complete inventory of these access relationships. They were created by procurement, or by operations, or by the SI — not by IT security. They exist outside the authentication governance programme because they were never part of it.
2. The Shift Handover and Shared Credential Problem
On the manufacturing floor, the authentication model that works in a corporate office — one user, one device, one identity — frequently does not map to operational reality. A shift supervisor uses a shared terminal to access the MES. The control room has three operators per shift, all using the same credentials to log into the SCADA interface. The maintenance engineer uses a tablet that was set up for the previous engineer and never re-enrolled.
Shared credentials are not a security negligence issue in manufacturing — they are often a practical response to the operational environment. The problem is that shared credentials make attribution impossible. When a breach occurs, there is no way to determine which individual authenticated the session that was compromised. And from an attacker's perspective, shared credentials are the ideal target: one credential set gives access to multiple users' sessions, dramatically extending lateral movement options once inside.
There is a deeper layer to this problem that most security guidance does not address: many SCADA and MES platforms do not natively support individual user authentication at the application layer. They were licensed, configured, and deployed before individual identity management was a realistic expectation in industrial environments. Some do not support it even now without additional licences, a vendor-managed upgrade, or a re-architecture of the application configuration — none of which can happen during production.
This is the point at which many manufacturing security conversations stall. If the application cannot enforce individual authentication, the argument goes, MFA is not deployable here.
The answer is that Duo's authentication proxy and gateway architecture enforces MFA at the network access layer, upstream of the application itself. The user authenticates through Duo before they reach the SCADA or MES login screen.
The application does not need to support MFA natively. Individual authentication, session logging, and adaptive access policy are enforced at the gateway, regardless of what the application behind it was built to handle. This is specifically what makes Cisco Duo deployable in legacy OT environments where other MFA solutions are not.
3. The Third-Party Integration Problem
Modern manufacturing ERP and MES environments are deeply integrated with supply chain platforms, logistics systems, and customer portals. Each integration point is an authentication boundary. The supplier portal that allows a Tier-2 vendor to submit delivery confirmations has its own login. The logistics platform used by the 3PL has an API key. The customer portal that allows a key account to track production progress has its own credentials.
93% of firms globally have been affected by a cybersecurity incident at the highest planning level, with vulnerabilities around interconnected and hybrid clouds and greater data sharing making key areas of the IT-OT stack more vulnerable. These third-party integration credentials are rarely subject to the same authentication standards as internal user accounts. They are often long-lived, rarely rotated, and frequently shared across the vendor organisation.
India's regulatory picture for manufacturing cybersecurity changed significantly in 2025. CERT-In's Comprehensive Cyber Security Audit Policy Guidelines now mandate annual cybersecurity audits that explicitly cover OT environments — not just IT. For operators of critical information infrastructure, this is a compliance requirement, not a recommendation, backed by the six-hour incident reporting obligation that has applied since 2022.
What matters to a manufacturing CTO preparing for a CERT-In audit is not the broad mandate — it is what auditors specifically look for in access controls, and what constitutes a finding.
Based on the framework, auditors assess the following access control elements in OT environments:
Remote access authentication. Auditors verify whether remote access to OT systems — including vendor and contractor access — is protected by MFA. An unprotected vendor tunnel is a finding. SMS OTP is typically flagged as insufficient for privileged or OT access. Hardware tokens or application-based MFA with device binding are the expected standard.
Access inventory and review cadence. Auditors request evidence of a current access inventory covering all users, service accounts, and third-party access pathways. They look for documentation of periodic access reviews — typically quarterly for privileged accounts, annually for standard accounts. A security team that cannot produce this documentation, or whose inventory has not been reviewed in over twelve months, will receive a finding regardless of how strong the technical controls are.
Shared credential policy. Auditors flag shared credentials on systems with access to OT environments as a control deficiency. The expectation is individual accountability for every access event. Where shared credentials are operationally necessary — as they frequently are on the plant floor — auditors expect compensating controls: session logging, time-limited access, and a defined review process.
Incident detection and logging. Authentication events on OT-connected systems must be logged and retained for a defined period. Auditors check whether anomalous authentication — failed attempts, access from unusual locations, off-hours sessions — generates alerts that are acted on. A SIEM with OT authentication logs feeding into it but no alert rules configured is not adequate.
For manufacturers with export relationships, ISA/IEC 62443 — the international standard for industrial cybersecurity — is increasingly referenced in customer contracts. MFA for remote access is a specific requirement under ISA/IEC 62443 Security Level 2, which most manufacturing environments are expected to meet. Failing to implement it is not only a security gap; it is a contractual one.
What an access inventory typically finds in a mid-size Indian manufacturing environment: In a 2025 Proactive Data Systems engagement across four plants — 31 active vendor credentials identified, 17 unrecorded by the security team, 6 belonging to vendors with expired service contracts, 2 unused for over 18 months, 1 connected to a system believed decommissioned. None had MFA. None had been rotated since creation.
In another engagement with a multi-site Indian capital goods manufacturer — four plants across Maharashtra and Gujarat, approximately 3,200 employees — the access inventory completed in the first two weeks produced exactly the findings described above. The organisation had come to Proactive following a CERT-In audit that flagged access control deficiencies.
The security team had records for 14 of the 31 active vendor credentials. The remaining 17 had been created during equipment procurement or SI-managed installations across the previous five years. Several connected directly to OT-adjacent systems — maintenance consoles, remote monitoring interfaces — without passing through a reviewed access policy.
The remediation sequence ran over eleven weeks, scheduled entirely around production windows.
Weeks one and two: access inventory and risk tiering.
Weeks three and four: revocation of expired and dormant credentials, notification to active vendors of the new authentication requirements.
Weeks five through eight: Duo deployment for Tier 1 accounts — vendor access, OT-adjacent systems, privileged IT accounts — with authentication enforced at the gateway layer for three legacy MES applications that had no native MFA support.
Weeks nine through eleven: Tier 2 rollout to shift supervisors and ERP users, with Verified Push replacing standard push across the organisation.
The CERT-In re-audit was completed four months after the initial findings. The access control deficiencies were resolved. The audit report documented individual authentication coverage across 100% of remote access pathways, a complete and current access inventory, and alert rules configured for anomalous authentication events on OT-connected systems.
The eleven-week deployment did not stop a single production shift.
"In Proactive's manufacturing security assessments across India, the access inventory consistently reveals vendor credentials and access pathways the security team has no record of. The gap between what the IT team believes is in place and what the access audit finds is, in most cases, significant."
Cisco Duo is not a generic enterprise MFA platform bolted onto an OT environment. Its architecture accounts for the specific access patterns that manufacturing operations require — and that standard corporate IT tools handle poorly.
The standard approach — a permanent VPN tunnel with static credentials — is the access architecture that most Indian manufacturers have in place and that most OT breaches exploit. The alternative is application-scoped access with time-limited credentials, enforced MFA, and device posture assessment before any session begins.
Duo's Secure Equipment Access architecture delivers this without requiring the vendor to install a full VPN client or the manufacturer to open a broad network tunnel. Access is granted to the specific application or system the vendor needs, for the duration they need it, with a complete session log and an automatic expiry.
Secure remote access for vendors and contractors without a VPN. Cisco Duo's device trust and application access policies allow vendor and contractor access to be scoped to specific applications and systems, not to the entire network. A German automation vendor can be granted access to the maintenance console for the specific equipment they support, authenticated through Duo's MFA, with session logging and time-limited access policies.
They do not get a VPN tunnel into the corporate network. They do not get credentials that persist indefinitely. The access is granular, auditable, and revocable.
This directly addresses the vendor access problem without requiring renegotiation of every service contract or a complete overhaul of existing remote access infrastructure. Duo integrates with Cisco Secure Equipment Access and existing VPN configurations; it adds an identity layer to what is already in place rather than replacing it.
Device posture assessment before granting access. When using Cisco Secure Equipment Access, Duo's device posture assessment analyses the device and assesses its security posture before allowing remote access to applications. When using Duo's Cisco Secure Endpoint integration, remote access is denied for devices identified as compromised. A vendor connecting from an unpatched laptop with an outdated antivirus is denied access before they reach the application layer.
Role-based access policies mapped to operational roles. For the shared credential problem, the right response is not to force every machine operator through an individual MFA enrollment — it is to enforce individual authentication for the roles that carry the highest access risk, while applying appropriate controls to shared workstations.
Duo's policy engine allows this distinction. A shift supervisor accessing the MES gets an individual MFA. A shared control room terminal can be configured with hardware token authentication that is specific to the physical device. The policy is applied at the role and application level, not as a single uniform requirement across the entire facility.
SSO across corporate and operational applications. MFA and user policy can be applied during SSO, eliminating the need to duplicate and maintain authentication policies across multiple applications, such as remote access software. For a manufacturing environment where a plant manager needs to access the ERP, the MES, the cloud monitoring dashboard, and the corporate email without re-authenticating at every step, SSO with Duo's MFA provides a single authentication event that covers all downstream applications. This removes the practical friction that causes users to bypass MFA controls — and removes the administration overhead that causes IT teams to leave gaps.
Adaptive Authentication for anomalous sessions. An engineer authenticating to the remote SCADA management console from Pune at 9 a.m. on a Tuesday from a known device is a normal access event. The same authentication request from an unfamiliar IP in Eastern Europe at 2 a.m. is not. Duo's adaptive policies flag the anomaly and require step-up authentication — or block the session entirely — without requiring the security team to write custom rules for every access pattern. The risk assessment happens automatically, against the baseline of normal behaviour for that user and that application.
The deployment described above follows a four-stage structure that Proactive uses across manufacturing engagements. The stages are worth naming explicitly because the sequencing is not arbitrary — each one produces a deliverable that the next stage depends on.
Stage 1: Access inventory. A complete map of every access pathway into the OT and IT environment: internal accounts, vendor tunnels, API integrations, shared credentials, and service accounts. In the engagement above, this produced 31 active vendor credentials — 17 of which the security team had no record of. You cannot govern what you have not mapped, and in manufacturing environments, the map is almost always incomplete before this exercise.
Stage 2: Risk tiering. Accounts and access pathways are ranked by the consequence of compromise. Remote access to OT systems from external parties and administrative accounts on ERP and MES systems is Tier 1. Shift supervisors with production system access are Tier 2. Standard corporate application users are Tier 3. The deployment sequence follows this ranking precisely — highest risk, first.
Stage 3: Deployment sequencing. Authentication changes are scheduled around production windows, maintenance periods, and shift handovers. Nothing is applied to a production system without a tested staging environment and a defined rollback procedure. The eleven-week timeline in the engagement above was not slow — it was the fastest sequence that did not carry production continuity risk.
Stage 4: Governance integration. The access inventory becomes a living document. Vendor credentials are reviewed on a defined schedule. New third-party integrations go through an authentication standards check before go-live. The Duo admin dashboard generates the access control documentation that CERT-In auditors require. Proactive's managed services offering carries this function for organisations that do not have the in-house resource to run it continuously.
The most common objection to MFA deployment in manufacturing is not cost — it is disruption. The production floor cannot stop. Change windows are narrow. Vendor coordination is complex. And the IT team that owns the authentication platform is not the same team that owns the OT environment.
These are real constraints. They are also the same constraints that have left vendor access tunnels unreviewed for three years and shared credentials in place for longer. The production continuity argument has, for many manufacturers, become the reason that the access inventory described above was never done.
The counterargument is equally operational: a ransomware attack that locks the SCADA system does not respect the production schedule. The average breach cost in manufacturing was approximately $5 million per incident, and the industrial sector saw the sharpest increase of any sector in breach costs in 2024, rising $830,000 per incident year-on-year. The change window for an MFA deployment is measured in hours. The downtime from a successful breach is measured in days.
The question is not whether deploying authentication controls disrupts production. It is whether the disruption of deployment is acceptable compared to the disruption of a breach that could have been prevented.
India's manufacturing sector is investing seriously in Industry 4.0 — in automation, in cloud ERP, in real-time supply chain visibility, in predictive maintenance. The OT/IT convergence that enables all of these capabilities is not going to reverse. The attack surface it creates is permanent.
The access problem at the centre of most manufacturing breaches is solvable. It does not require replacing OT infrastructure, renegotiating vendor contracts, or building a security operations centre. It requires knowing who has access to what, applying appropriate authentication controls to the access that matters most, and maintaining that governance as the environment changes.
Phishing-resistant authentication closes the door that AiTM attacks try to open. MFA fatigue hardening closes the door that push bombing tries to walk through. Zero trust network access closes the door on lateral movement once an identity is verified. Identity access governance in OT environments closes the door that most manufacturing breaches actually use — the one that was left open during a project three years ago and never reviewed since.
Proactive Data Systems is a Cisco Preferred Partner in India, with active deployments across manufacturing, BFSI, and IT/ITeS enterprises in Delhi NCR, Mumbai, Bangalore, Pune, and Hyderabad. Our security architects have experience deploying Cisco Duo in environments where production continuity is non-negotiable — including automotive, pharmaceutical, FMCG, and capital goods manufacturers operating across multiple sites.
If you would like to understand what a manufacturing-specific Duo deployment looks like for your environment, speak with our team.
We'll get back to you shortly.
