October 4th – Nearly 100,000 industrial control systems (ICS) are exposed to the public internet, according to emerging research.
Experts worry that hackers could exploit public-facing information and gain control over physical infrastructure, including power grids, traffic light systems, security systems, and water systems.
Such an attack could lead to significant business disruption, threats to human safety, the compromise of data and intellectual property and national security threats.
Exposed ICS groups
The Cybersecurity and Infrastructure Security Agency (CISA) has flagged ICS exposure to the internet as a significant, persistent cyber risk.
At present, the exposed organizations span 96 nations and include multiple Fortune 1000 entities.
Although there has been a steady decline in the number of internet-facing ICSs across the past 5 years, much risk remains – especially to ICS partner groups and customers.
It’s estimated that 20% of ICS systems are vulnerable to critical severity flaws.
For relevant organizations:
- Identify any industrial control systems deployed and assess the security of these systems.
- Remove any exposed industrial control systems from the public internet.
- Deploy cyber security mechanisms to prevent unauthorized access to industrial control systems.
Manufacturers of ICS systems and similar operational technology should also take steps to increase the cyber security of the devices under their development. Experts recommend that manufacturers deploy secure-by-design principles and craft programs that can accurately and efficiently detect misconfigurations on exposed systems.
For more on this story, click here. Discover ICS insights via CyberTalk.org’s past coverage. Lastly, to receive timely cyber security insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.