Internet-
Connected
OT Devices
A Ticking Time Bomb
Are your operational technology (OT) devices connected to external networks? Thanks to convenient features like update capabilities and remote connections, the answer is likely positive. This presents an alarming but often overlooked threat.
A recent analysis by Censys revealed that over 40 000 industrial control systems (ICS) in the United States are exposed to the internet. These devices, which include human-machine interfaces (HMIs) and low-level automation protocols, are crucial to the operation of critical infrastructure such as water plants, power grids, and manufacturing facilities. The potential consequences of this risk are significant and could result in the disruption of essential services or even loss of life.
A Massive Exposure of Industrial Processes
More than half of the exposed systems are associated with building control and automation, while roughly 18 000 are used to control industrial processes. Alarmingly, most of these devices are hosted on consumer networks or wireless networks, meaning that notifying the owners of these devices about their exposure is nearly impossible. Automation protocols often lack the necessary context to determine the owner, leaving these critical systems vulnerable to attack.
Is Your System at Risk?
Given the difficulty in identifying and notifying the owners of these exposed systems, it’s crucial for organizations to take proactive steps. Effective tools are the relevant search engines that specialize in finding internet-connected devices. By searching for your own devices there, you can determine whether they are exposed to the internet and vulnerable to attack.
Our Recommendations: Protect Your OT Devices
To mitigate the risks associated with internet-exposed OT devices, we recommend several key strategies:
Network Segmentation
Implement Strong Authentication
Regular Monitoring and Patching
Use Intrusion
Detection Systems
Limit Remote
Access
The presence of internet-exposed OT devices is a ticking time bomb. Failure to take action could have catastrophic consequences. However, by implementing proactive measures such as network segmentation, strong authentication, and continuous monitoring, organizations can significantly reduce their risk and protect their critical infrastructure from cyber threats. Don’t wait for an attack to happen—increase your OT security now.
Resources
Cybersecurity Analyst, OMICRON
Eric describes himself as an IT guy with a heart for OT cybersecurity. In his role as Cybersecurity Analyst, he analyzes vulnerabilities in OT/IT networks, gives trainings on cybersecurity aspects of web applications and websites, and demonstrates cyber attacks on substations and energy operators.