Thousands of industrial control devices exposed online

Industrial computer system

Recent attacks have highlighted the vulnerability of industrial control systems to attack and a new report has found 18,000 exposed devices that are likely used to control industrial systems.

The report, from internet intelligence platform Censys, focuses on ICS devices in the US and UK and also finds that almost 50 percent of the human-machine interfaces associated with water and wastewater systems (WWS) identified could be manipulated without any authentication required.

In the UK 1,500 control systems were identified as exposed on the public internet, as discovered through scans of 18 automation protocols.

Other findings include that over 80 percent of administration interfaces discovered are for building controls. Plus over half of the hosts that are running low-level automation protocols are concentrated in cellular networks and commercial internet service providers (ISPs), including Verizon and Comcast, making notifications to owners of these devices impossible in many cases.

"It is imperative that we shed light on the exposure of ICS as they are essential to our critical infrastructure across the globe. The goal for our research was to not only discover the exposed devices, but to notify device owners of their improper exposure," says Brad Brooks, CEO of Censys. "Censys' comprehensive data set, predictive scan engine, and most up-to-date map of the internet gives us the unique opportunity to see beyond what other vendors in the attack surface management space can. This visibility is why the US government trusts Censys to provide them with the information and solutions needed to protect critical infrastructure across the country."

The full report is available from the Censys site.

Image credit: Gorodenkoff / Shutterstock

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.