The number of industrial control systems (ICSs) exposed to the internet has continued its downward trend over the last five years, falling below 100,000 in June, a significant reduction compared to the 140,000 recorded in 2019, according to a company report Bitsight cybersecurity rating.
Companies and researchers regularly scan the internet for exposed ICS, and over the past decade have reported seeing tens of thousands and even millions of exposed systems, depending on the methodology and length of the study. However, it is interesting to follow Bitsight’s year-over-year trends, which have a consistent methodology.
Bitsight has been tracking the number of internet-facing ICSs, mapping these systems to its inventory of global organizations, although it identifies as ICS — based on the protocols they target — not only systems used in industrial environments, but also IoT (internet of things). ), building management and automation devices, and other operational technologies (OT).
The company’s analysis shows that the number of exposed systems gradually decreased by about 40% between June 2019 and June 2023. “This is a positive development, suggesting that organizations may be configuring correctly, moving to other technologies, or removing ICSs earlier exposed from the public internet,” noted Bitsight.
Additionally, the number of exposed organizations fell from approximately 4,000 to 2,300 over the same period. Even so, those that still have internet-facing systems are organizations spread across 96 countries, including companies from Fortune 1000.
The ten most impacted countries are the United States, Canada, Italy, United Kingdom, France, Netherlands, Germany, Spain, Poland and Sweden. The most affected sectors are education, technology, government, business services, manufacturing, public services, real estate, energy, tourism and finance.
This year, the most observed protocols were Modbus, KNX, BACnet, Niagara Fox, Siemens S7, Ethernet/IP, Lantronix, Automatic Tank Gauge (ATG), Moxa’s NPort and Codesys. In the case of the education sector, for example, the most seen protocols were BACnet, Niagara Fox and Lantronix, which are typically used for building automation and physical security systems.
“Although the aggregate number of exposed ICSs has trended downward, we detected unique protocol-by-protocol behavior,” Bitsight explained. “Exposed systems and devices communicating via the Modbus and S7 protocols were more common in June this year than before, with the former increasing in predominance from 2020 and the latter more recently from mid-2022.”
However, exposed industrial control systems that communicate via Niagara Fox, according to Bitsight, have been trending downward since approximately 2021. Organizations must be aware of these changes in dominance to create their OT/ICS security strategies. “One of the first steps to mitigating OT risk is knowing where the risk is likely to be,” the company added.
Bitsight also noted that companies should focus on securing specific protocols based on their location. For example, systems using the Codesys, KNX, Nport, and S7 protocols are primarily in the European Union, while ATG and BACnet are primarily seen in the United States.
Source: CisoAdvisor
