Fewer than 100,000 industrial control systems were exposed to the internet in June 2023, compared with nearly 140,000 internet-facing ICS in 2019, according to SecurityWeek.
Organizations with public-facing ICS decreased from nearly 4,000 to 2,300 between 2019 and June 2023, with the U.S., Canada, Italy, the UK, and France having the most number of exposed ICS, a Bitsight report revealed. Moreover, exposures were most prevalent in the education, technology, government, business services, and manufacturing sectors.
Despite the overall decline in exposed ICS, internet-facing systems and devices using the Modbus and S7 protocols have reached their highest prevalence in June 2023 whereas those using the Niagara Fox protocol have declined over the past two years.
"Organizations should be aware of these changes in prevalence to inform their OT/ICS security strategies. One of the first steps in mitigating OT risk is knowing where the risk is likely to lie," said Bitsight.