The global site of the UK's leading magazine for automation, motion engineering and power transmission
15 June, 2024

Twitter link

Study finds 100,000 control systems exposed to Internet

04 October, 2023

New research has found about 100,000 industrial control systems (ICSs) around the world that are exposed to the public Internet. This could allow cyber-attackers to take control of infrastructures in areas such as factories, power grids, water plants and security systems, potentially causing disruption, threatening safety and compromising data and intellectual property.

The study, by the cybersecurity firm Bitsight, found exposed organisations in 96 countries, including several Fortune 1000 organisations. It investigated systems communicating via common ICS protocols including Modbus, EtherNet/IP, BACnet, Codesys and S7.

Although there has been a steady decline in the number of Internet-facing ICSs since 2019, Bitsight warns that there remains a significant risk to organisations and their partners.

“This research shows that while the number of exposed ICSs is trending downwards, the overall threat level remains too high,” comments Bitsight chief risk officer, Derek Vadala. “An attack on just one ICS device could be a potentially catastrophic event that could have far-reaching consequences.”

Bitsight is urging ICS users to implement these measures as a matter of urgency:
• Identify any ICSs deployed by your organisation and/or business partners and assess the security of these systems.
• Remove any exposed ICSs from the public Internet.
• Use safeguards such as firewalls to protect against unauthorised access to your ICSs.

The number of ICSs exposed to the Internet has dropped from around 135,000 in 2019 to less than 110,000 now
Source: Bitsight

It is also calling on ICS manufacturers to improve the cybersecurity of their systems. Bitsight recommends that they:
• Use secure-by-design principles
• Improve the security posture of deployed equipment and machinery using data and insights.
• Build programs detect misconfigured or otherwise exposed systems.

Bitsight: X  LinkedIn  Facebook

  • To view a digital copy of the latest issue of Drives & Controls, click here.

    To visit the digital library of past issues, click here

    To subscribe to the magazine, click here



"Do you think that robots create or destroy jobs?"



Most Read Articles