More than 40,000 industrial control systems across the U.S. are exposed to the internet, nearly half of which are leveraged for industrial system management, compared with the UK's nearly 1,500 internet-linked ICS and 1,700 additional public HTTP devices associated with operational technology vendors, Hackread reports.
Water and wastewater systems were particularly vulnerable to attacks leveraging internet-exposed ICS, with exploitation possible in almost 50% of human-machine interfaces used by such systems even without authentication, according to a report from Censys.
Additional findings also revealed challenges in identifying and notifying organizations with vulnerable ICS due to devices being connected to commercial internet service providers.
"It is imperative that we shed light on the exposure of ICS as they are essential to our critical infrastructure across the globe. The goal for our research was to not only discover the exposed devices but to notify device owners of their improper exposure," said Censys CEO Brad Brooks.