Cybersecurity Requirements in the OT world

Modern OT (Operational Technology) products, especially those with wireless capabilities, face increased cybersecurity risks due to growing connectivity. To protect both individual devices and the broader network, password protection is now mandatory. This ensures defense against unauthorized access—even in isolated environments. Devices are shipped with default passwords that must be changed upon first use, and disabling passwords is no longer permitted on wireless-enabled PLCs due to the elevated risk they pose.

Why is a Password Mandatory

1. Protecting Your Equipment

   • Passwords significantly reduce the chances of unauthorized access or malicious software taking control of your PLC—even in closed or air-gapped environments.

2. Protecting other network equipment in the area

   • Enabled passwords are required to prevent unauthorized access, which could compromise not only the device itself but also other connected systems within the surrounding network.

3. Meeting Cybersecurity Regulations

   • For products with wireless features (i.e. C2-02CPU, C2-02CPU-2, C2-03CPU and C2-03CPU-2), the EU Radio Equipment Directive (RED) requires secure setup, including unique credentials or mandatory password creation during installation.

   • These products must be secure by default meaning we ship with a temporary default password that must be changed on first connection.

4. Following Best Practices

   • Industry standards like IEC 62443 recommend basic protections, including password authentication, as part of a layered, defense-in-depth approach to OT cybersecurity.

Why Can't I Disable Password on these PLCs

Given the higher risk associated with wireless communications, international regulations and current security best practices no longer allow passwords to be disabled on devices with wireless capabilities.

This requirement helps prevent unauthorized access to a wireless system—even if it isn’t connected to the internet—by protecting against threats from service laptops, USB drives, or other indirect entry points. Enforcing a password provides a baseline level of security, even in air-gapped environments.

Summary

Even if your environment feels secure, passwords are now a required baseline security measure. They:

• Protect your equipment

• Protect other wireless devices

• Ensure compliance with cybersecurity regulations like RED

• Reduce the risk of unauthorized or accidental access

Because of these regulations and industry standards, vendors cannot legally or safely allow you to disable password protection.

For more information: PLEASE VISIT ADC CYBERSECURITY PAGE.