Adrian Johnson
TLDR:
- Censys found over 40,000 internet-exposed ICS devices in the US, with many owners impossible to notify.
- Approximately 18,000 of these devices control industrial systems, posing a significant security risk.
Article Summary:
An analysis by Censys has revealed that there are more than 40,000 internet-exposed industrial control systems (ICS) in the United States, with a majority being related to building control and automation. Censys highlighted that approximately 18,000 of these devices are actually used to control industrial systems. Moreover, over half of the hosts running low-level automation protocols are concentrated in wireless and consumer access networks, making it difficult to contact and notify owners about the exposure. The company also noted that human-machine interfaces (HMIs) associated with water systems, in particular, were found to be vulnerable, with almost half being manipulable without authentication. This poses a serious security risk as threat actors have been known to target such systems in the past. Groups like the Cyber Army of Russia Reborn and the Cyber Av3ngers have carried out attacks on water facilities in the US, demonstrating the real-world consequences of these exposed ICS devices. The China-linked Volt Typhoon group has also been implicated in exfiltrating sensitive data from ICS and other operational technology (OT) systems, further underscoring the importance of securing these devices. Overall, the high number of internet-exposed ICS devices in the US poses a significant cybersecurity challenge, especially given the difficulties in notifying owners about the risks associated with these systems.
