Professor Nicholas Johnston (pictured) knew that he had the perfect opportunity to apply his passion and research expertise in cyber security when presented with a project tackling security gaps in a manufacturing industry partner’s web application software.
With the support of a FedDev Southern Ontario Network for Advanced Manufacturing Innovation (SONAMI) grant and access to a cutting-edge facility at the Sheridan Centre for Advanced Manufacturing and Design Technologies (CAMDT), professor Johnston worked collaboratively with Simplified Automation Inc. to successfully identify and address gaps in the security controls of their web application login and password resets. Simplified Automation Inc. is a company which employs cloud-based software for the manufacturing industry.
With the help of two student researchers in FAST, Professor Johnston assessed the company’s current login flow and process. He recommended introducing industry-standard security controls for commercial web applications that account for certain restrictions and limitations in their environment, respecting employee privacy and promoting data security. For example, shop floor manufacturing employees would not have company email addresses, which often act as a security credential for login access. To support this, the research team introduced multi-factor authentication (MFA) for login access along with enabling secure password and other MFA credential resets.
“Many organizations will never meet their customers face-to-face and must rely on credentials such as a username and a password to properly identify their customers. Implementing strong authentication and authorization workflows, such as those that leverage multi-factor authentication, is critical to stopping cyber attacks against applications that live outside the traditional network perimeter,” says Johnston, a professor in the Sheridan Honours Bachelor of Information Sciences (Cyber Security) degree program in the Faculty of Applied Science & Technology (FAST).
The proposed security workflows and test solution has since been implemented into Simplified Automation’s production environment.