ICS/SCADA, Critical Infrastructure Security

Researchers see uptick in exposed ICS devices

Electrical switchgear,Industrial electrical switch panel at substation in industrial zone at power plant

Cybersecurity Dive reports that internet-exposed industrial control system devices were discovered by Bitsight to have increased from almost 160,000 to over 180,000 between the beginning and end of 2024, and are poised to exceed 200,000 by the end of 2025.

The security firm observed an increase in operational technology-specific weaknesses, including vulnerabilities that could allow remote code execution, logic errors, and broken web authentication, with some flaws carrying the highest possible severity ratings and offering "trivial exploit paths."

The number of devices grew 13% in 2024, from roughly 160,000 at the start of the year to over 180,000 by December of the same year.

"Were increasingly seeing new ICS/OT exposures going live with internet access, often with outdated or insecure protocols, minimal authentication, and implying little consideration for network segmentation or attack surface reduction," according to researchers.

They also found that the overall numbers pointed to a "misalignment in how ICS/OT assets are being managed and secured."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds