August 7, 2024 at 03:06PM
An analysis by Censys revealed over 40,000 internet-exposed industrial control systems (ICS) in the US, with challenges in notifying owners. The majority are linked to building control and automation, and low-level automation protocols are mainly in wireless and consumer networks. Risks include unauthenticated manipulation and targeting by threat actors. Notifying owners is often impossible.
Key takeaways from the meeting notes:
– More than 40,000 internet-exposed industrial control systems (ICS) in the United States, with significant challenges in notifying their owners about the exposure.
– Over half of these systems are likely associated with building control and automation, with approximately 18,000 used to control industrial systems.
– More than half of the hosts running low-level automation protocols are concentrated in wireless and consumer access networks.
– For human-machine interfaces (HMIs) in networks such as AT&T and Verizon, the inability to contact owners about exposure is a significant concern.
– HMIs associated with water systems have weak authentication, making them vulnerable to manipulation without proper authentication.
– Threat actors, including alleged hacktivist groups and state-linked entities, have targeted water facilities in the United States, with evidence of exfiltrating sensitive data.
– Risks associated with exposed HMIs are not just theoretical, as evidenced by instances of targeted attacks on water systems.
Additionally, it’s important to note that the issue of exposed industrial control systems and the associated risks have been the subject of recent alerts and incidents, indicating the urgency and seriousness of this matter.