Local companies have started to upgrade the protection of their control systems. According to data from Soitron’s Void Security Operations Centre (SOC), the number of devices exposed and visible on the internet has dropped by 21% since the beginning of 2022; however, the current situation is still not desirable. In particular, the control systems of industrial and domestic photovoltaic (PV) power stations are becoming an alarming danger.
In a year-on-year comparison (01/2022 vs 01/2023), the total number of publicly available Industrial Control Systems (ICS) with at least one of the eight monitored protocols – such as Moxa, Modbus, and Tridium – has been reduced. This was the finding of Soitron’s team of Void SOC analysts. “This is a slight improvement, but in absolute figures it still means there are more than 1,500 vulnerable systems in various organizations, which is still a significant risk. And we’re only talking about the eight most commonly used protocol types. If we expand the set to a few dozen types of protocols, we can find more than 2,300 vulnerable systems,” says Martin Lohnert, the director of the Void SOC. He alsoadds that it would be great if the downward trend was due to the increasing level of security of these industrial systems, which would make them disappear from this report.
Often, however, the opposite is true. An ICS disappears from the internet only after it has been exploited by attackers and has stopped functioning. When bringing it back to life, operators are more careful not to repeat the original mistakes. Unfortunately, they are often just a response to the damage already done.
Despite the overall reduction and a slight improvement in the situation, new vulnerable systems are still being added. “Last year these were mostly control systems for photovoltaic power stations. And that includes both industrial stations with hundreds of installed solar panels as well as home installations,” says Lohnert. In his view, it should be in the interest of operators to make sure that their equipment is protected from internet security threats. Essential steps include changing default login credentials, restricting access, regularly updating firmware, and monitoring for misuse or login attempts.
The potential problem lies in the deactivation of this system, losses due to solar power generation disruption, and the cost of repair. At the same time, a successful penetration into a poorly secured industrial system can allow an attacker, often undetected, to attack more important systems essential for a company’s operation. This may cause the organization to stop functioning completely, with losses running into millions of Czech crowns.
Although Soitron’s Void SOC has recently seen a positive trend, it is very likely that the number of potential risks will increase. In the Czech Republic and Slovakia, the major digitalization of industry is yet to take place. Both countries still lag far behind other EU countries in many aspects of digital transformation. Out of the twenty-seven EU countries, Slovakia is ranked 24th and the Czech Republic is ranked 20th in the Digital Economy and Society Index (DESI), which has been tracked by the European Commission since 2014. With the progress of digitalization, new technologies are gradually being introduced, such as production control systems, various sensors, programmable logic elements, and human-machine interfaces. If care is not taken to secure them, the figures in this survey will rise.
It is also clear that in order for digitalization to significantly shift the current state of cybersecurity, many industrial enterprises will need to invest in the tools, technology, and specialists to operate them; however, in most organizations (especially SMEs) this is not possible. “The most common reasons are insufficient funding and a general lack of qualified cybersecurity professionals. We therefore expect that the situation is likely to worsen before there is more awareness and a shift for the better. The safest solution is to use services of experts who will fully take care of the security of your business systems and infrastructure. Our monitoring centre can have everything under control 24 hours a day, 365 days a year,” adds Lohnert.
We are in the process of finalizing. If you want to be redirected to our old version of web site, please click here.