The Global State of Security in Industrial Control Systems: An Empirical Analysis of Vulnerabilities Around the World

Operational Technology (OT) networks and devices, i.e., all components used in industrial environments, were not designed with security in mind. Efficiency and ease of use were the most important design characteristics. However, due to the digitization of industry, an increasing number of devices an...

Full description

Saved in:
Bibliographic Details
Published in:IEEE internet of things journal 2021-12, Vol.8 (24), p.17525-17540
Main Authors: Anton, Simon Daniel Duque, Fraunholz, Daniel, Krohmer, Daniel, Reti, Daniel, Schneider, Daniel, Schotten, Hans Dieter
Format: Article
Language:English
Subjects:
Control systems
Empirical analysis
Industrial control
Industrial electronics
Industrial information technology (IT)-security
Industrial Internet of Things
Information technology
Integrated circuits
Internet
Internet of Things (IoT)
Networks
open source intelligence (OSINT)
operational technology (OT)-security
Performance evaluation
Protocols
Reconnaissance
Search engines
Security
threat landscape
Websites
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Operational Technology (OT) networks and devices, i.e., all components used in industrial environments, were not designed with security in mind. Efficiency and ease of use were the most important design characteristics. However, due to the digitization of industry, an increasing number of devices and industrial networks are opened up to public networks. This is beneficial for the administration and organization of the industrial environments. However, it also increases the attack surface, providing possible points of entry for an attacker. Originally, breaking into production networks meant to break an information technology (IT)-perimeter first, such as a public Website, and then to move laterally to industrial control systems (ICSs) to influence the production environment. However, many OT-devices are connected directly to the Internet, which drastically increases the threat of compromise, especially since OT-devices contain several vulnerabilities. In this work, the presence of OT-devices in the Internet is analyzed from an attacker's perspective. Publicly available tools, such as the search engine Shodan and vulnerability databases, are employed to find commonly used OT-devices and map vulnerabilities to them. These findings are grouped according to the country of origin, manufacturer, and number as well as severity of vulnerability. More than 13000 devices were found, almost all contained at least one vulnerability. European and Northern American countries are by far the most affected ones.
ISSN:2327-4662
2327-4662
DOI:10.1109/JIOT.2021.3081741