100K exposed systems endanger power, traffic, water utilities

Nearly 100,000 exposed industrial control systems (ICSs) allow attackers to take over physical infrastructure such as power grids, traffic light systems, security, and water systems, researchers say.

ICSs are a vital part of everyday modern life, controlling everything from traffic lights to water flow in municipal systems. However, according to a recent report from cybersecurity firm Bitsight, thousands of vital systems are exposed all over the world.

“Critical infrastructure sectors heavily rely on ICSs to control cyber-physical systems, compounding concerns that the exposed systems identified in this research could present significant risks to organizations and communities around the world,” researchers claim.

Exposed ICSs pose significant risks to organizations and communities in general since disruption of these systems could impact human safety and pose national security risks. Theoretically, attackers could alter water treatment systems or disrupt the energy supply.

Researchers studied systems communicating via the most commonly used ICS protocols, such as Modbus, KNX, BACnet, Niagara Fox, and others.

According to the report, nearly 100K ICSs are public-facing, which means attackers can pinpoint where the systems are and what they do – vital information for persistent attackers.

USA topped the list with the largest number of exposed organizations. Canada was deemed the second most exposed nation, with Italy, the UK, and France trailing behind.

The report shows that education sector organizations had the most exposed ICSs, with technology, government, business services, and manufacturing sectors lining up further.

“Manufacturers of industrial control systems and other operational technology must take action to increase the cybersecurity of their devices. This includes improving device security prior to deployment and working with clients to ensure the proper configuration and security of already deployed devices,” the report concludes.

More from Cybernews:

DarkBeam leaks billions of email and password combinations

LastPass employees and customers targeted in “pervasive” phishing campaign

NSA forms central AI security hub

Discord was down for thousands, outage related to Cloudflare

iPhone overheating controversy: some blame Instagram, others ­– design

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked