The Global State of Security in Industrial Control Systems: An Empirical Analysis of Vulnerabilities around the World

TL;DR

This paper provides an empirical analysis of the global security state of industrial control systems by examining publicly accessible OT-devices, revealing widespread vulnerabilities and regional disparities.

Contribution

It offers the first large-scale empirical assessment of OT-device vulnerabilities worldwide using data from Shodan and vulnerability databases.

Findings

Over 13,000 OT-devices identified with at least one vulnerability

European and North American regions most affected

Most devices contain multiple vulnerabilities

Abstract

Operational Technology (OT)-networks and -devices, i.e. all components used in industrial environments, were not designed with security in mind. Efficiency and ease of use were the most important design characteristics. However, due to the digitisation of industry, an increasing number of devices and industrial networks is opened up to public networks. This is beneficial for administration and organisation of the industrial environments. However, it also increases the attack surface, providing possible points of entry for an attacker. Originally, breaking into production networks meant to break an Information Technology (IT)-perimeter first, such as a public website, and then to move laterally to Industrial Control Systems (ICSs) to influence the production environment. However, many OT-devices are connected directly to the Internet, which drastically increases the threat of compromise, especially since OT-devices contain several vulnerabilities. In this work, the presence of OT-devices in the Internet is analysed from an attacker's perspective. Publicly available tools, such as the search engine Shodan and vulnerability databases, are employed to find commonly used OT-devices and map vulnerabilities to them. These findings are grouped according to country of origin, manufacturer, and number as well as severity of vulnerability. More than 13000 devices were found, almost all contained at least one vulnerability. European and Northern American countries are by far the most affected ones.