How ICS owners think

Based on an interview I did with John Matherly – the founder of Shodan -last year in Kuwait. I learned from him some interesting lessons about ICS security for online ICS devices:

  • ICS owners don’t look at their network.They don’t even know if they have been scanned by Shodan.
  • Industrial IoT (iIoT) devices are part of Shodan radar. They can be found online. He thinks it’s a mistake to put these devices online.
  • Many ICS vendors don’t bother to secure their devices, because they think they are not exposed online.
  • Many ICS asset owners aren’t disconnecting their ICS devices from the internet even after they been advised .
  • Nowadays, some ICS vendors are listening and considering security. An improvement to the past he admitted.
  • Shodan is working to expand ICS meta data in 2 ways: ability to identify the asset owner and to filter ICS devices if they should be online or not.

So to summarize the above lessons, which I would give to ICS asset owners:

  1. Make inventory of your assets and network.
  2. Decide what can be online or not
  3. Keep logs and and implement technologies that enable you to detect external traffic targeting your ICS assets/network.
  4. Secure and Configure your online devices based on best practices.Watch out for default settings and passwords.
  5. Stop information leakage from your online devices .

Stay safe !

Comments are closed.