Report: Industrial Control Systems Exposed to the Internet Pose Significant Cyber-Risk
Introduction
According to a recent analysis by cyber-risk handicapper Bitsight, there are at least 100,000 industrial control systems (ICS) exposed to the public Internet worldwide. These systems control critical operational technologies (OT) such as power grids, water systems, and building management systems (BMS). This large number of exposed ICS devices presents a significant cybersecurity risk, which has implications for physical safety, business disruption, human safety, data compromise, intellectual property (IP) compromise, and national security threats in at least 96 countries.
Risk Assessment
Bitsight’s analysis determined the number of exposed ICS devices by inventorying reachable devices that use the top 10 most popular and widely used ICS protocols, including Modbus, KNX, BACnet, Niagara Fox, and others. The researchers found that some of these protocols lack security measures like basic authentication, leaving the devices vulnerable to unauthorized access. Other protocols are verbose, providing valuable information to attackers about the brand, model, and version of the device and simplifying their search for exploits.
It is important to consider the different protocols used in ICS environments when assessing cyber-risks. The adoption of different protocols indicates the presence of different devices from different vendors and supply chains, running different software. Attacks can be tailored based on these protocols, aiding geotargeting. For example, exposed industrial control systems using CODESYS, KNX, Moxa Nport, and S7 are primarily concentrated in the European Union (EU), while systems using ATG and BACnet are predominantly found in the United States. Modbus and Niagara Fox, on the other hand, are present globally.
Decrease in Exposure over Time
Despite the increasing digitization and move towards “smart” OT environments, the level of ICS exposure has actually declined over time. In 2019, the number of exposed ICS devices within the parameters of the study was nearly 140,000. Experts believe that initiatives such as CISA’s “Securing Industrial Control Systems: A Unified Initiative” and discussions within the security community have contributed to this decrease. Additionally, the adoption of Industry 4.0 technologies and more mature security programs have led to a more secure future for critical infrastructure.
Improving ICS Security
Owners of ICS environments can improve their security by following common-sense steps outlined by Bitsight. These include identifying all deployed ICS systems and assessing their security, removing ICS from the public Internet, implementing safeguards like firewalls to prevent unauthorized access, and acknowledging the unique control needs of OT and ICS. It is crucial to employ mechanisms such as virtual private networks (VPNs) to reduce exposure and make ICS devices less reachable.
Editorial: The Urgency of Securing Industrial Control Systems
A Wakeup Call for Critical Infrastructure Stakeholders
The findings of Bitsight’s analysis should serve as a wakeup call for critical infrastructure stakeholders worldwide. The large number of exposed ICS devices demonstrates the urgent need for enhanced cybersecurity measures. The recent incidents, such as the Colonial Pipeline hack, have exposed the real-world consequences of cyberattacks on critical infrastructure. The potential disruption to physical infrastructure, threats to human safety, and compromise of sensitive data emphasize the need for immediate action.
Addressing Misconfigurations and Neglect of Best Practices
Pedro Umbelino, principal security researcher at Bitsight, highlights that there are few justifiable reasons for ICS equipment to be directly reachable via the Internet. Misconfigurations and neglect of best practices contribute to the current level of exposure. Organizations must prioritize the security of their ICS environments by implementing proper configurations and following industry best practices. Industrial control systems should not be accessible via the public Internet without appropriate protections.
The Role of Industry 4.0 and Maturity of Security Programs
While the exposure of ICS devices has decreased over time, the adoption of Industry 4.0 technologies and more mature security programs have played a role in building a more secure future. Organizations have recognized the importance of robust security measures in the face of evolving cyber threats. However, continuous efforts are necessary to stay ahead of attackers and safeguard critical infrastructure.
Advice: Protecting Industrial Control Systems from Cyber Threats
A Comprehensive Approach
Protecting industrial control systems from cyber threats requires a comprehensive approach that combines technical measures, organizational policies, and awareness among stakeholders. It is essential to understand the unique risks associated with ICS environments and develop strategies accordingly.
Implementing Technical Measures
Owners of ICS environments should prioritize the following technical measures to enhance security:
- Identify and assess all deployed ICS systems, including those of third-party partners.
- Remove ICS devices from the public Internet to reduce exposure.
- Deploy firewalls and access controls to prevent unauthorized access.
- Utilize virtual private networks (VPNs) and other mechanisms to limit accessibility.
Adopting Organizational Policies
Organizations should develop and enforce cybersecurity policies specific to ICS environments. These policies should address the unique control needs of OT and prioritize the protection of critical infrastructure. Regular audits, vulnerability assessments, and penetration testing should be conducted to identify and mitigate weaknesses.
Raising Awareness and Education
Stakeholders in critical infrastructure should be educated about the importance of cybersecurity in ICS environments. Training programs and awareness campaigns can help employees recognize potential threats and adopt best practices. Collaboration between industry, academia, and government entities is crucial to foster a culture of cybersecurity and share knowledge and best practices.
The Role of Regulation and Standards
Regulators should prioritize the development of standards and regulations specific to ICS environments to ensure consistent cybersecurity practices across critical infrastructure sectors. Compliance with these standards should be enforced through audits and penalties. Government agencies should also collaborate with industry stakeholders to promote information sharing and provide guidance on cybersecurity best practices.
In conclusion, the significant number of industrial control systems exposed to the Internet poses a serious cybersecurity risk to critical infrastructure globally. Adequate security measures, including the removal of ICS devices from the public Internet, the implementation of firewalls, and the adoption of appropriate protocols, are essential to mitigate these risks. Stakeholders must work together to prioritize the security and resilience of industrial control systems, ensuring the safety and stability of our society.
<< photo by ThisisEngineering RAEng >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- The Global Spyware Trade: A Dark Web of European Complicity
- Cybercriminals Push Boundaries with Innovative Certificate Abuse Strategy
- Egyptian Opposition Leader Under Attack: Targeted by Spyware, Researchers Reveal
- Rising Wave of AvosLocker Ransomware Threatens Critical Infrastructure
- Deploying Cybersecurity Measures: Safeguarding Critical Infrastructure with the Same Vigilance as Classified Networks
- Exploring the Importance of US Government’s Security Guidance for Open Source Software in OT, ICS
- Microsoft Takes Big Step in Securing AI Technology with New Bug-Bounty Program
- ‘Looney Tunables’ Exploits Linux Systems, Granting Root Access to Hackers
- Rising Tensions in the Middle East: Iranian APT34 Spy Campaign Targets Saudi Arabia
