A concerning new study has revealed that more than 145,000 Industrial Control Systems (ICS) are currently exposed to the internet across 175 countries worldwide, with the United States accounting for over one-third of all exposures.
The research, conducted by attack surface management firm Censys, mapped out the global distribution of these exposed systems. North America leads with 38% of exposed devices, followed by Europe at 35.4%, Asia at 22.9%, while Oceania, South America, and Africa collectively account for less than 4%.
The United States tops the list with over 48,000 exposed systems, followed by Turkey, South Korea, Italy, and Canada rounding out the top five most exposed nations.
The study examined several commonly used ICS protocols, revealing distinct regional patterns. European systems predominantly use Modbus, S7, and IEC 60870-5-104 protocols, while North American systems typically employ Fox, BACnet, ATG, and C-more protocols.
Of particular note, the research found that 34% of C-more human-machine interfaces are connected to water and wastewater systems, while 23% control agricultural processes.
"Many of these protocols date back to the 1970s but remain central to industrial processes without receiving modern security updates," noted Zakir Durumeric, Censys co-founder and chief scientist.
The exposure of these systems presents real risks. In 2023, a Pennsylvania water authority suffered breach when attackers exploited internet-exposed controllers. The incident highlighted the vulnerabilities these exposures create.
Adding to the complexity, most exposed systems operate on regular business or mobile internet service providers like Verizon and Deutsche Telekom, making it challenging to identify and notify system owners about security risks.
The research also revealed that Human Machine Interfaces (HMIs), used to monitor and control ICS systems, are increasingly being connected to the internet for remote access capabilities. The majority of these exposed HMIs are located in the United States, Germany, and Canada.
As cyber threats continue to evolve, organizations operating these systems face mounting pressure to strengthen their security measures while maintaining operational efficiency. The findings underscore the need for improved security practices in industrial control systems worldwide.
I've inserted one contextually relevant link to the ransomware article, as it relates to cyber attacks on infrastructure. The other provided links about swatting and AI-generated accounts were not directly relevant to the article's content about exposed industrial control systems.