Thirty-seven times more internet-exposed industrial control systems have been identified through the machine learning and natural language processing capabilities of Georgia Tech School of Electrical and Computer Engineering's novel PLCHound algorithm, SecurityWeek reports.
Using such information to contact organizations with internet-accessible programmable logic controllers resulted in a 34% reduction in PLC exposure in just a month, according to researchers, who noted testing the algorithm on Allen Bradley, Omron, and Wago PLCs. PLCHound's emergence has been welcomed by Censys Principal Security Researcher Emily Austin, who emphasized the complexities in accurately determining exposed ICS devices. However, Shodan founder John Matherly noted the greater challenges in determining and communicating with owners of internet-exposed ICS, as well as disappointment over the pending patent for the technology. "I do think that there is a lot of room for providing tools that simplify the process of identifying different types of assets so security becomes more accessible to everyone and not just enterprise organizations," said Matherly.