SANS ISC shares that improvements are being made to reduce Industrial Control system exposures over the internet.  Still, an estimated 80,000 firms are exposed based on recent research.

Number of industrial control systems on the internet is lower then in 2020…but still far from zero (sans.edu)

With the recent ransomware attack that impacted operation of one of the major US pipelines, it might be a good time to revisit the old topic of internet-connected industrial systems. Since operational technologies are generally used to support/control processes that directly impact the physical world, the danger of successful attacks on them should be self-evident, as should the need to protect them.  At the time of writing, Shodan detects approximately 80.8k public IP addresses where some sort of industrial system is accessible, while Censys sees about 74.2k such IPs. Although this is hardly a “good” result, the numbers are significantly lower then they were 12 months ago

 

ADDITIONAL RESOURCES

https://www.bleepingcomputer.com/news/security/largest-us-pipeline-shuts-down-operations-after-ransomware-attack/
https://www.shodan.io/search?query=tag%3Aics
https://censys.io/ipv4?q=tags.raw%3A+%22scada%22
https://isc.sans.edu/diary/27034
https://www.bleepingcomputer.com/news/security/hackers-tried-poisoning-town-after-breaching-its-water-facility/