Too Many Industrial Control System Assets Are Exposed to the Public Internet

Unfortunately, most of these findings are not a surprise:

IT and OT are converging, expanding the attack surface of organizations
Security teams often have limited to no visibility to more than half of the physical devices on their networks. If you doubt this, do a full IP scan of all of your networks; you will likely be surprised.
Network “dark matter” devices are often unmanaged and rarely updated. They comprise 19 percent of enterprise networks. 45 percent of these devices have limited management capability
End of Life hardware like Windows 2012 and Ubuntu 14.04, among many others, are a problem.
Printers and network attached storage often allow connections between network segments, defeating the purpose of network segmentation
Zero day attacks have surged; suppliers are struggling to provide timely patches. 92 percent of systems running Secure Shell (SSH) allow just password based authentication exposing the systems to brute force attacks.
Nearly 16 percent of all TLS (SSL) implementations rely on old, obsolete, unsupported versions of OpenSSL.

And more.

It has gotten so bad that Rockwell, a major industrial control system vendor, has released an advisory urging its customers to disconnect *ALL* industrial control systems (ICSs) not designed to be connected to the public Internet to mitigate the threat.

Rockwell also says that users should never configure their assets to be directly connected to the public Internet. This is an amazing story from a company that makes a living connecting devices to the Internet. This alert has been shared by CISA.

Bottom line is that just because you can connect things to the Internet does not mean that it is a good idea.

Need help? Please contact us.

Credit: Rockwell and HelpNet Security