Back to articles
Articles
Volume: 32 | Article ID: art00006
Image
Investigation of risks for Critical Infrastructures due to the exposure of SCADA systems and industrial controls on the Internet based on the search engine Shodan
Daniel Kant
Reiner Creutzburg
Andreas Johannsen
  DOI :  10.2352/ISSN.2470-1173.2020.3.MOBMU-253  Published OnlineJanuary 2020
Abstract

Industrial Control Systems occur in automation processes and process control procedures within Critical Infrastructures (CI) - these are institutions with important significance for the common good of the state and thus for the maintenance of a society. Failures or disturbances in industrial plants can have serious physical consequences, such as power outages or interruptions in production. Energy suppliers, in particular, are an attractive target for cyber attacks due to their interdependencies with other infrastructures. A large number of SCADA systems and Industrial Control Systems are directly connected to the Internet and inadequately secured from an information technology perspective, this represents a considerable risk for IT security and, consequently, for the availability of Critical Infrastructures. The Shodan search engine reveals a worrying extent of exposed industrial control equipment on the Internet. The collected information and metadata about Industrial Control Systems from this search are freely available online. They can serve as a basis for potential attacks. Without authentication mechanisms, anyone can connect to open ports using industrial and remote maintenance protocols. The resulting risks and consequences for the companies, operators as well as for the society due the exposure of industrial plants and Critical Infrastructures are examined based on the Shodan search engine within the scope of this work.

Journal Title : Electronic Imaging
Publisher Name : Society for Imaging Science and Technology
Publisher Location : 7003 Kilworth Lane, Springfield, VA 22151 USA
Subject Areas :
Views 107
Downloads 28
 DOI 10.2352/ISSN.2470-1173.2020.3.MOBMU-253
 articleview.views 107
 articleview.downloads 28
  Cite this article 

Daniel Kant, Reiner Creutzburg, Andreas Johannsen, "Investigation of risks for Critical Infrastructures due to the exposure of SCADA systems and industrial controls on the Internet based on the search engine Shodanin Proc. IS&T Int’l. Symp. on Electronic Imaging: Mobile Devices and Multimedia: Technologies, Algorithms & Applications,  2020,  pp 253-1 - 253-16,  https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-253

 Copy citation
  Copyright statement 
Copyright © Society for Imaging Science and Technology 2020
72010604
Electronic Imaging
2470-1173
Society for Imaging Science and Technology
7003 Kilworth Lane, Springfield, VA 22151 USA
10.2352/ISSN.2470-1173.2020.3.MOBMU-253
2470-1173(20200126)2020:3L.2531;1-
ei_24701173_v2020n3_input/s6.xml
/ist/ei/2020/00002020/00000003/art00006
Articles
Investigation of risks for Critical Infrastructures due to the exposure of SCADA systems and industrial controls on the Internet based on the search engine Shodan
KantDaniel
CreutzburgReiner
JohannsenAndreas
26012020
2020
3
253-1
253-16
2020
Industrial Control Systems occur in automation processes and process control procedures within Critical Infrastructures (CI) - these are institutions with important significance for the common good of the state and thus for the maintenance of a society. Failures or disturbances in industrial plants can have serious physical consequences, such as power outages or interruptions in production. Energy suppliers, in particular, are an attractive target for cyber attacks due to their interdependencies with other infrastructures. A large number of SCADA systems and Industrial Control Systems are directly connected to the Internet and inadequately secured from an information technology perspective, this represents a considerable risk for IT security and, consequently, for the availability of Critical Infrastructures. The Shodan search engine reveals a worrying extent of exposed industrial control equipment on the Internet. The collected information and metadata about Industrial Control Systems from this search are freely available online. They can serve as a basis for potential attacks. Without authentication mechanisms, anyone can connect to open ports using industrial and remote maintenance protocols. The resulting risks and consequences for the companies, operators as well as for the society due the exposure of industrial plants and Critical Infrastructures are examined based on the Shodan search engine within the scope of this work.
critical infrastructuresSCADAindustrial control systemsICSShodanethical hackingrisk managementremote maintenance protocol