You are here

ICS/OT Threat Awareness – Censys Researchers Reveal Over 40,000 Vulnerable ICS Devices, Many Linked to Water and Wastewater

ICS/OT Threat Awareness – Censys Researchers Reveal Over 40,000 Vulnerable ICS Devices, Many Linked to Water and Wastewater

Created: Thursday, August 8, 2024 - 14:28
Categories:
Cybersecurity, OT-ICS Security, Security Preparedness

Recent research conducted by Censys, an internet intelligence platform, provides an extensive analysis of the exposure of industrial control systems (ICS), discovering over 40,000 vulnerable ICS devices in the U.S. alone. Excluding building control and automation protocols, there are approximately 18,000 exposed devices likely controlling critical industrial systems. Additionally, nearly half of the human-machine interfaces (HMIs) associated with water and wastewater systems were found to be vulnerable to manipulation without requiring any authentication. The analysis highlights significant security gaps in these systems, emphasizing the need for improved protection and awareness, especially in light of recent cyberattacks targeting critical infrastructure.

WaterISAC urges utilities to protect their systems by following the guidance previously provided by CISA and federal partners –  Top Cyber Actions for Securing Water Systems – which includes actionable items that all utilities should take. We also remind members of the best practices (listed below) provided by CISA, EPA, FBI, and WaterISAC.

Cyber Best Practices for Utilities

The following guidance is recommended by Cybersecurity and Infrastructure Security Agency (CISA), Environmental Protection Agency (EPA), FBI, Water Information Sharing and Analysis Center (WaterISAC). The top four recommendations will provide a critical reduction in the ICS attack surface.

  • Change Default Passwords Immediately
  • Inventory ICS Assets To Find Vulnerable Devices and Manage Associated Common Vulnerabilities & Exposures (CVEs)
  • Enforce User Access Controls and Multifactor Authentication for Remote Access
  • Conduct a Cybersecurity Risk Assessment Focused on Reducing Exposure to the Public-Facing Internet
  • Install Independent Cyber-Physical Safety Systems
  • Conduct Regular Cybersecurity Assessments and Cybersecurity Awareness Training
  • Develop and Exercise Cybersecurity Incident Response and Recovery Plans
  • Develop and Enforce Cybersecurity Policies and Procedures (Governance)
  • Implement Threat Detection and Monitoring
  • Back Up ICS
  • Integrate Cyber and Physical Incident Response, Mitigation, and Recovery Plans
  • Participate in Information Sharing and Collaboration Communities

For more details on the research conducted by Censys, visit Industrial Cyber or SecurityWeek.