A recent analysis by Censys revealed that over 40,000 industrial control systems (ICS) in the United States are exposed to the internet. These devices, which include human-machine interfaces (HMIs) and low-level automation protocols, are crucial to the operation of critical infrastructure such as water plants, power grids, and manufacturing facilities. The potential consequences of this risk are significant and could result in the disruption of essential services or even loss of life.

A Massive Exposure of Industrial Processes

More than half of the exposed systems are associated with building control and automation, while roughly 18,000 are used to control industrial processes. Alarmingly, most of these devices are hosted on consumer networks or wireless networks, meaning that notifying the owners of these devices about their exposure is nearly impossible. Automation protocols often lack the necessary context to determine the owner, leaving these critical systems vulnerable to attack.

Is Your System at Risk?

Given the difficulty in identifying and notifying the owners of these exposed systems, it’s crucial for organizations to take proactive steps. Effective tools are the relevant search engines that specialize in finding internet-connected devices. By searching for your own devices there, you can determine whether they are exposed to the internet and vulnerable to attack.

Our Recommendations: Protect Your OT Devices

To mitigate the risks associated with internet-exposed OT devices, we recommend several key strategies:

Network Segmentation

Isolate your OT devices from the internet and other parts of your network that may be less secure. This can be done by creating separate VLANs or using firewalls to restrict access.

Implement Strong Authentication

Ensure that all interfaces, especially HMIs, require strong authentication where possible to access and default passwords are changed. This can prevent unauthorized users from manipulating critical systems.

Regular Monitoring and Patching

Continuously monitor your OT network for any unusual activity and keep all devices up to date as far as possible with the latest security patches.

Use Intrusion 
Detection Systems

Deploy IDS to detect and respond to suspicious activity on your network. A system like StationGuard can detect unallowed network traffic to external devices in real-time.

Limit Remote 
Access

Only allow remote access to OT devices when absolutely necessary. Use secure methods like VPNs and multi-factor authentication.

The presence of internet-exposed OT devices is a ticking time bomb. Failure to take action could have catastrophic consequences. However, by implementing proactive measures such as network segmentation, strong authentication, and continuous monitoring, organizations can significantly reduce their risk and protect their critical infrastructure from cyber threats. Don’t wait for an attack to happen—increase your OT security now.

Resources

Eric Heindl

Cybersecurity Analyst, OMICRON

Eric describes himself as an IT guy with a heart for OT cybersecurity. In his role as Cybersecurity Analyst, he analyzes vulnerabilities in OT/IT networks, gives trainings on cybersecurity aspects of web applications and websites, and demonstrates cyber attacks on substations and energy operators.