You are here

Threat Awareness – Presence of Chinese Manufactured Connected Devices in U.S. Networks, Including Water and Wastewater Utilities

Threat Awareness – Presence of Chinese Manufactured Connected Devices in U.S. Networks, Including Water and Wastewater Utilities

Created: Thursday, April 4, 2024 - 13:02
Categories:
Cybersecurity, OT-ICS Security

There have been significant concerns in recent years over specific foreign-made components existing on U.S. networks, specifically devices and software connected to the internet carrying the risk of the potential for abuse via backdoors, supply chain implants, and tampering to aid in espionage or disrupt critical infrastructure. However, despite official government bans, research indicates foreign-manufactured connected device usage is growing faster in the U.S. than in other countries.

Yesterday, Forescout published research from its probing into the prevalence of Chinese-made connected devices in U.S. networks, including entities that operate water and wastewater services. In “All your base are belong to us” – A probe into Chinese-connected devices in US networks, Forescout looks beyond IP cameras to investigate the full scope of Chinese-manufactured devices in enterprise networks in the U.S. today, including small energy, water, or gas utilities throughout the country.

Key Findings from the report:

  • Despite official bans, U.S. networks see +40% YoY growth in Chinese-made devices
  • Critical infrastructure organizations use high numbers of IoT devices
  • Despite being banned, IP cameras remain connected to networks
  • VoIP phones are present in the thousands
  • Notable YoY growth by vertical:
    • Manufacturing: +105%
    • Healthcare: +47%
    • Financial Services: +40%
    • Government: +30%
    • Utilities/Oil & Gas: +20%

According to Forescout, looking at the organizations where these devices are deployed, it quickly identified 43 that are small energy, water, or gas utilities throughout the country:

  • Collectively, these 43 hosted 885 Chinese-manufactured devices exposed to the Internet.
  • On average, each organization had 20.
  • But the one with the most devices – a company providing electricity, natural gas, water and wastewater to a county in Georgia – had 97.
  • Almost all exposed devices in these organizations were Hikvision and Dahua IP cameras with a few examples of Huawei, TP-Link and Xiaomi IoT equipment.

Additionally, the report notes that IP cameras are often placed on highly sensitive networks where they can serve as an initial access point. To that point, Forescout highlights the November-December incidents involving the Unitronics PLC defacements at multiple water and wastewater utilities, with mention of the Municipal Water Authority of Aliquippa in Pennsylvania and the concern that the network that hosted the PLCs also included “several security cameras”. For more details, visit Forescout.