November 21, 2024 at 08:37AM
Censys reports over 145,000 internet-exposed industrial control systems (ICS) across 175 countries, with 38% in North America. The U.S. has 48,000 such systems. Many are vulnerable human-machine interfaces, particularly in water and agriculture sectors. Additionally, a Kaspersky survey reveals 90% of UK industrial firms faced cyberattacks, highlighting significant security concerns.
### Meeting Takeaways
1. **Prevalence of Internet-Exposed ICS**:
– There are over 145,000 internet-exposed Industrial Control Systems (ICS) globally, with significant distributions as follows:
– North America: 38%
– Europe: 35%
– Asia: 22%
– The United States has 48,000 exposed ICS systems, an increase from the previously reported 40,000.
2. **Comparison with Shodan Data**:
– A Shodan search indicates approximately 110,000 ICS systems are directly accessible worldwide.
3. **Protocols Utilized**:
– Exposed ICS devices utilize common protocols, including Modbus, Fox, BACnet, WDBRPC, EIP, S7, and IEC 60870-5-104.
– Notable regional differences in protocol usage:
– North America: Fox, BACnet, ATG, C-More
– Europe: Modbus, S7, IEC 60870-5-104
4. **Vulnerabilities and Threats**:
– A significant number of exposed ICS instances are Human-Machine Interfaces (HMIs), which are easy targets for cyberattacks.
– 34% of HMIs using the C-More protocol are linked to water systems; 23% are in the agriculture sector.
– Nearly 200 HMI hosts also run products affected by the US NDAA Section 889, highlighting potential security concerns.
5. **Cybersecurity Landscape in the UK**:
– A Kaspersky survey of over 400 industrial companies in the UK revealed:
– Nearly 90% have experienced cyberattacks.
– Almost 50% of the incidents were significant disruptions.
– 72% believe their connected supply chains are vulnerable to cyber threats.
– Main perceived cybersecurity threats include:
– Vulnerabilities in IoT and connected devices.
– Unauthorized access to manufacturing systems and sensitive data.
– DDoS attacks and insider threats.
6. **Actionable Insights**:
– Operators should be vigilant regarding the products and software used alongside industrial processes, considering cybersecurity risks and compliance with regulations.
– There is a need for greater awareness and protection strategies against identified vulnerabilities, especially in connected systems.