Report: 145K+ Industrial Control Systems Worldwide are Exposed to Cyberattacks

More than 145,000 industrial control systems (ICS) worldwide, with more than 48,000 in the U.S., are exposed to cyberattack, according to the State of the Internet Report from Censys in Ann Arbor.
26
Thirty-four percent of human-machine interfaces (HMIs) are water and wastewater related, while 23 percent are associated with agricultural processes, according to Ann Arbor-based Censys research. // Image courtesy of Censys

More than 145,000 industrial control systems (ICS) worldwide, with more than 48,000 in the U.S., are exposed to cyberattack, according to the State of the Internet Report from Censys in Ann Arbor.

The report focuses on ICS protocols being leveraged by ICS-specific malware variants and human-machine interfaces (HMI), often used as a point of entry for many threat actors.

Censys investigated the exposure landscape to help the cybersecurity community better understand the true attack surface of ICS around the world and how to best protect it.

Attacks using ICS protocols are less common and require specialized knowledge and understanding of such environments, the report states.

Censys says it recognizes that in order to protect real-world control systems, it’s essential for security teams to understand and assess the exposure of these protocols and HMIs, which constitute an often overlooked, yet vital, component of the security ecosystem.

With Censys’ comprehensive internet visibility, it was able to identify:

  • Of the 145,000 ICS services exposed globally, 38 percent of devices were located in North America, 35 percent in Europe, and 22 percent in Asia.
  • Attack surfaces are regionally unique: Modbus, S7, and IEC 60870-5-104 are more widely observed in Europe, while Fox, BACnet, ATG, and C-More are more commonly found in North America.
  • 34 percent of C-More human-machine interfaces (HMIs) are water and wastewater related, while 23 percent are associated with agricultural processes.
  • Nearly 200 hosts running HMIs also run products from vendors explicitly prohibited by the U.S. National Defense Authorization Act (NDAA) Section 889.
  • Most observed ICS services and HMIs run on mobile or consumer and business-grade internet service providers (ISPs). Given the often-remote nature of industrial facilities, a wired Internet connection may not be readily available.

“Many of these protocols can be dated back to the 1970s but remain foundational to industrial processes without the same security improvements the rest of the world has seen,” says Zakir Durumeric, co-founder and chief scientist at Censys.

“The security of ICS devices is a critical element in protecting a country’s critical infrastructure. To protect it, we must understand the nuances of how these devices are exposed and vulnerable.”

Another Censys co-founder, Rick Snyder, serves as CEO. Snyder served two terms as Governor of Michigan (2011-2018), was president and chairman of Gateway Computers, and founded two $100-million venture capital investment firms in Ann Arbor — Avalon Investments and Ardesta.

ICS security is consistently a focus of the cybersecurity and public sector community as its impact is far greater than many expect. As the industry continues to combat ICS-based attacks, it is “critical” to understand the full ecosystem and every component of it, Censys states.

To read the full report, visit here.

To learn more about the report, register for an informational webinar here.

To read a DBusiness cover story about Snyder, visit here.