Over 100,000 Critical Infrastructure Devices Vulnerable to Cyberattacks: More than 100,000 industrial control systems (ICS) are accessible via the internet globally, overseeing crucial operational technologies (OT) like power grids, water systems, and building management systems (BMS).
However, the extent of cyber risk posed by this exposure depends on the protocols these systems use.
Key Takeaways to Over 100,000 Critical Infrastructure Devices Vulnerable to Cyberattacks:
Table of Contents
- High Cyber Risk: There are over 100,000 publicly accessible ICS devices worldwide, making them prime targets for cyberattacks and posing a global risk to physical safety in nearly 96 countries.
- Protocol Matters: The risk level depends on the protocols these systems use; some are more vulnerable than others.
- Reducing Exposure: Taking steps to secure ICS, including removing them from public internet access, is crucial.
Assessing Cyber Risk in Critical Infrastructure
Researchers from BitSight, a cyber-risk assessment firm, have conducted an analysis revealing that more than 100,000 industrial control systems (ICS) are exposed to the public internet.
These systems play a critical role in managing physical infrastructure, from traffic lights to vaccine production. The exposure of these systems to cyber threats poses a significant risk to business operations, human safety, data security, intellectual property, and even national security.
The Protocol Factor
The level of cyber risk associated with these exposed ICS devices depends on the protocols they use. Some protocols lack essential security measures, leaving devices vulnerable to unauthorized access.
Additionally, certain protocols make it easier for attackers to identify device details, simplifying their search for exploits.
Geotargeting and Protocol Use
Protocol use can also be a clue for potential attackers. Different protocols may indicate the presence of various vendors, supply chains, and software types within an organization’s exposed surface.
Geographically, the distribution of exposed ICS devices varies by protocol. For instance, devices using CODESYS, KNX, Moxa Nport, and S7 are predominantly found in the European Union, while those using ATG and BACnet are more prevalent in the United States. Modbus and Niagara Fox, on the other hand, are used globally.
Leveraging Protocol Data for Security Strategies
Organizations that own ICS can analyze their protocol use to identify and assess risks. While eliminating all Internet-facing points may not always be practical, knowing where to focus security efforts can be invaluable in safeguarding critical infrastructure.
Declining Exposure Over Time
Interestingly, the exposure of ICS devices to the internet has decreased over time.
In 2019, there were nearly 140,000 exposed ICS devices within the study’s parameters. Initiatives like CISA’s “Securing Industrial Control Systems: A Unified Initiative” and increased discussions within the security community may have contributed to this decline.
The adoption of Industry 4.0 technologies, including more secure cloud environments and mature security programs, has also played a role.
Improving ICS Security and Reducing Exposure
To enhance ICS security and reduce exposure, organizations can take several steps:
- Identify and assess the security of all deployed ICS systems, including those of third-party partners.
- Remove ICS systems from public internet access.
- Implement safeguards like firewalls to prevent unauthorized access.
- Recognize the unique control requirements of OT, including ICS, rather than applying traditional IT risk models.
In summary, the key rule is to reduce exposure. Industrial control systems should not be accessible via the public internet. Employ firewalls, configure access controls, and leverage mechanisms like virtual private networks to prevent widespread access to these critical systems.
About BitSight:
BitSight is a leading cyber risk assessment firm specializing in evaluating and managing cybersecurity risks. Their insights assist organizations in enhancing their security posture and reducing cyber threats.
