Analysis of Publicly Accessible Operational Technology and Associated Risks
Matthew Rodda, Vasilios Mavroudis
TL;DR
This paper provides a comprehensive overview of the global exposure of operational technology systems to the internet, highlighting vulnerabilities, protocols, and potential security risks in critical infrastructure.
Contribution
It offers an updated analysis of the OT threat landscape, including geographic distribution, exposed protocols, and innovative use of screenshot analysis to identify vulnerable interfaces.
Findings
Nearly 70,000 exposed OT devices worldwide
Many devices use outdated firmware with critical vulnerabilities
Automated screenshot analysis reveals exposed HMIs and SCADA interfaces
Abstract
Operational Technology (OT) is an integral component of critical national infrastructure, enabling automation and control in industries such as energy, manufacturing, and transportation. However, OT networks, systems, and devices have been designed and deployed prioritising functionality rather than security. This leads to inherent vulnerabilities in many deployed systems when operational misconfigurations expose them to the internet. This report provides an up-to-date overview of the OT threat landscape exposed to the public internet and studies the affected protocols, vendors, software, and the geographic distribution of systems. Our findings reveal nearly 70,000 exposed OT devices globally, with significant concentrations in North America and Europe. Analysis of prevalent protocols (e.g., ModbusTCP, EtherNet/IP, S7) shows that many devices expose detailed identifying information,…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSmart Grid Security and Resilience · Safety Systems Engineering in Autonomy · Information and Cyber Security