Research by a team from Georgia Tech School of Electrical and Computer Engineering has come up with an algorithm that improves upon previous detection methods of identifying internet-exposed ICS devices, in this case PLCs. Dubbed PLCHound, the new algorithm uses advanced language processing and machine learning techniques to identify devices. According to the researchers, PLCHound enabled them to identify 37 times more internet-connected PLCs than were previously estimated. After reporting some of the exposed devices to their responsible organizations, the researchers reported that one month later, 34% of the IP addresses had no longer been exposing their PLCs.
While accurately identifying the total number of exposed ICS systems will likely continue to be a complex problem, a tool such as this significantly improves the sector’s security. PLCHound is currently patent-pending and researchers are looking for partners to commercialize it. For more information, visit SecurityWeek.