Internet-Exposed ICS Systems: A Growing Cybersecurity Concern

Recent research highlights a critical securitychallenge: over 145,000 industrial control systems (ICS) worldwide areaccessible online, exposing critical infrastructure to potential cyber threats.These systems, vital to industries like energy, water, and agriculture, arespread across 175 countries, with the United States accounting for more than48,000 exposed devices.

The analysis by Censys underscores theseverity of the issue, revealing that North America hosts 38% of these exposedsystems, followed by Europe (35%) and Asia (23%). Commonly used ICS protocolslike Modbus, BACnet, and IEC 60870-5-104 dominate these systems, but theirregional use varies. For example, Modbus is more prevalent in Europe, whileprotocols like BACnet and Fox are commonly found in North America.

ICSExposure: A Global Problem

Human-machine interfaces (HMIs), crucial formonitoring industrial processes, make up a significant portion of these exposedsystems. Nearly 34% of HMIs accessible via the C-More protocol are tied towater systems, often targeted in cyberattacks, while 23% are linked toagriculture. Notably, some of these devices use Chinese hardware prohibitedunder the U.S. National Defense Authorization Act, raising additional concernsabout supply chain risks.

Real-WorldConsequences

The implications of internet-exposed ICSsystems are not theoretical. In the U.S., the Municipal Water Authority ofAliquippa, Pennsylvania, was breached last year via programmable logiccontrollers (PLCs), resulting in defaced systems. Similarly, malware like FrostyGoop,targeting Modbus TCP protocols, has disrupted operations in Ukraine’s energysector. Such attacks underscore how exposed systems can be exploited fordenial-of-service (DoS) attacks or malicious control.

The risks extend beyond ICS. Kaspersky’ssurvey of 400 UK industrial firms revealed that 90% had experiencedcyberattacks, with nearly half causing major disruptions. Key concerns includevulnerabilities in IoT devices, unauthorized access to manufacturing systems,and insider threats.

What Needsto Be Done

To reduce exposure and mitigate risks,industrial organizations must prioritize cybersecurity measures:

1. Identify and Secure Exposed Systems: Conduct regular assessments to identify internet-exposed ICS and     implement robust protections.
2. Segment Networks:     Isolate operational technology (OT) systems from the internet and     corporate networks to limit exposure.
3. Update Default Credentials:     Replace factory-set passwords with unique, strong credentials to reduce     the risk of unauthorized access.
4. Monitor for Threats:     Deploy advanced threat detection tools to identify malicious activities     targeting ICS and OT networks.
5. Enhance Supply Chain Security:     Ensure compliance with regulations like the U.S. NDAA and vet the security     of third-party hardware and software.

The PathForward

The interconnected nature of ICS and OTnetworks makes them appealing targets for cybercriminals and nation-stateactors. As industries rely increasingly on automation and connectivity,organizations must adopt proactive cybersecurity strategies to safeguard theircritical infrastructure. Addressing vulnerabilities today is essential topreventing disruptions tomorrow.

‍

‍