Cybersecurity Requirements |
Topic: CL345
|
Modern OT (Operational Technology) products, especially those with wireless capabilities, face increased cybersecurity risks due to growing connectivity. To protect both individual devices and the broader network, password protection is now mandatory. This ensures defense against unauthorized access—even in isolated environments. Devices are shipped with default passwords that must be changed upon first use, and disabling passwords is no longer permitted on wireless-enabled PLCs due to the elevated risk they pose.
Protecting Your Equipment
Passwords significantly reduce the chances of unauthorized access or malicious software taking control of your PLC—even in closed or air-gapped environments.
Protecting other network equipment in the area
Enabled passwords are required to prevent unauthorized access, which could compromise not only the device itself but also other connected systems within the surrounding network.
Meeting Cybersecurity Regulations
For products with wireless features (i.e. C2-02CPU, C2-02CPU-2, C2-03CPU and C2-03CPU-2), the EU Radio Equipment Directive (RED) requires secure setup, including unique credentials or mandatory password creation during installation.
These products must be secure by default meaning we ship with a temporary default password that must be changed on first connection.
Following Best Practices
Industry standards like IEC 62443 recommend basic protections, including password authentication, as part of a layered, defense-in-depth approach to OT cybersecurity.
Given the higher risk associated with wireless communications, international regulations and current security best practices no longer allow passwords to be disabled on devices with wireless capabilities.
This requirement helps prevent unauthorized access to a wireless system—even if it isn’t connected to the internet—by protecting against threats from service laptops, USB drives, or other indirect entry points. Enforcing a password provides a baseline level of security, even in air-gapped environments.
Even if your environment feels secure, passwords are now a required baseline security measure. They:
Protect your equipment
Protect other wireless devices
Ensure compliance with cybersecurity regulations like RED
Reduce the risk of unauthorized or accidental access
Because of these regulations and industry standards, vendors cannot legally or safely allow you to disable password protection.
For more information: PLEASE VISIT ADC CYBERSECURITY PAGE.
|
Note: C2-02CPU, C2-02CPU-2, C2-03CPU and C2-03CPU-2 PLCs require a User Account with a password setup to use this function. |