Nearly 100,000 exposed industrial control systems indentified

Critical infrastructure sectors heavily rely on ICSs to control cyber-physical systems, leading to concerns that the exposed systems identified in the research could present significant risks.

To measure device exposure, Bitsight identified exposed ICSs and mapped them to an inventory of global organisations. Bitsight's analysis reveals that thousands of organisations are using ICSs directly reachable from the public internet, presenting a series of potential consequences of which private and public sector leaders should be aware.

Bitsight identified exposed industrial control systems around the world, revealing both concerning and promising trends. the study encompassed systems communicating via the most commonly used ICS protocols, including Modbus, KNX, BACnet, Niagara Fox and others.

The number of exposed – or internet-facing – industrial control systems was at nearly 100,000 as of June 2023, but the research revealed a promising trend: From 2019 to June 2023, Bitsight observed a decline in the number of ICSs exposed to the public internet. This is a positive development, suggesting that organisations may be properly configuring, switching to other technologies, or removing previously exposed ICSs from the public internet.

Bitsight advises organisations to: identify any ICSs deployed by the business and/or third-party business partners, and promptly assess the security of these systems; remove any industrial control systems from the public internet; and employ safeguards such firewalls to protect against unauthorised access to ICSs.

Read the full report via the link below:

bit.ly/3S9Od45