Based on an interview I did with John Matherly – the founder of Shodan -last year in Kuwait. I learned from him some interesting lessons about ICS security for online ICS devices:
- ICS owners don’t look at their network.They don’t even know if they have been scanned by Shodan.
- Industrial IoT (iIoT) devices are part of Shodan radar. They can be found online. He thinks it’s a mistake to put these devices online.
- Many ICS vendors don’t bother to secure their devices, because they think they are not exposed online.
- Many ICS asset owners aren’t disconnecting their ICS devices from the internet even after they been advised .
- Nowadays, some ICS vendors are listening and considering security. An improvement to the past he admitted.
- Shodan is working to expand ICS meta data in 2 ways: ability to identify the asset owner and to filter ICS devices if they should be online or not.
So to summarize the above lessons, which I would give to ICS asset owners:
- Make inventory of your assets and network.
- Decide what can be online or not
- Keep logs and and implement technologies that enable you to detect external traffic targeting your ICS assets/network.
- Secure and Configure your online devices based on best practices.Watch out for default settings and passwords.
- Stop information leakage from your online devices .
Stay safe !