A recent report from cybersecurity ratings company Bitsight has shown a significant decrease in the number of internet-exposed industrial control systems (ICS), dropping below 100,000 as of June 2023 from 140,000 in 2019.
Bitsight’s analysis tracked these exposed ICS systems, which include not only industrial environments but also IoT, building management, and other operational technology (OT) devices. This decline is seen as a positive development, indicating that organizations may be improving their configurations, transitioning to alternative technologies, or removing exposed ICS from the public internet.
Additionally, the report highlights a reduction in the number of organizations with public-facing ICS systems, decreasing from approximately 4,000 to 2,300 over the same period. However, there are still entities across 96 countries, including Fortune 1000 companies, with public-facing systems. The top 10 impacted countries include the United States, Canada, Italy, the UK, and others, while the most affected sectors encompass education, technology, government, business services, manufacturing, utilities, real estate, energy, tourism, and finance.
Furthermore, the report delves into the prevalence of specific protocols in 2023, revealing that Modbus, KNX, BACnet, Niagara Fox, Siemens’ S7, Ethernet/IP, Lantronix, Automatic Tank Gauge (ATG), Moxa’s NPort, and Codesys are among the most commonly observed. While the aggregate number of exposed ICS systems has been decreasing, the report notes variations in exposure based on protocols, such as an increase in systems using Modbus and S7 protocols in June 2023. Organizations are advised to be aware of these changing trends to inform their OT/ICS security strategies and mitigate risks effectively, particularly given the unique behavior of different protocols.
Bitsight also emphasizes the importance of securing specific protocols based on their geographical location. For example, systems using Codesys, KNX, Nport, and S7 protocols are prevalent in the European Union, while ATG and BACnet are primarily found in the United States. This nuanced approach to protocol security reflects the evolving landscape of OT and ICS security.