- Growing exposure of industrial systems puts critical services and infrastructure at real risk
- AI helps both defenders and attackers accelerate discovery and exploitation of vulnerabilities
- Convenience driven decisions leave critical devices online creating unforgivable risk
A new report has warned that after years of improvement the number of industrial systems directly accessible on the internet is growing again.
Research from Bitsight claims the number of exposed devices in 2024 grew from 160,000 to 180,000, a jump of 12%.
If things continue as they have been, the total number of at-risk devices is expected to exceed 200,000 by the end of 2025.
Worst case scenario
A large number of these systems, which include water treatment controllers, building automation equipment, and thousands of Automatic Tank Gauging systems without authentication, carry documented flaws, including CVSS 10.0 vulnerabilities that are easy for attackers to exploit.
In the worst case scenario, Principal Research Scientist Pedro Umbelino warns attackers could remotely cut off fuel access or alter safety settings.
New installations began appearing online in 2024 without basic security in place, coinciding with the rise of malware – like FrostyGoop and Fuxnet – designed to target industrial systems.
Italy and Spain had the highest exposure rates when measured per company and population, while the US had the largest number overall.
Talking about the report’s findings, Umbelino told us that AI has become “a multiplier on both sides.”
He explained that BitSight uses machine learning to process internet-scale scan data and detect anomalies, while LLMs now help analysts speed up tasks like parsing decompiler output.
At the same time, however, AI lowers the cost for attackers, making it easier for them to find targets and build malware.
“You don’t need a GPU farm when devices are already one misconfigured router away from the public web,” he told us.
Asked whether exposure is the result of negligence or deliberate choice, Umbelino pointed to both.
“I believe that exposure often happens because of basic oversight,” he said, adding that many cases come down to convenience: “Remote access is easier, cheaper and more convenient. Integrators want quick installs. Operators want less friction. Vendors want everything connected.”
“When those choices stack up,” he said, “the result is unacceptable systemic risk whether anyone meant to or not. That’s why I refer to this exposure as unforgivable. Because it seems to me that it is not if a catastrophic disaster will happen, but when.”
The report, which you can access here, urges operators to remove public access, demand stronger vendor defaults, and engage service providers as partners in monitoring.
These systems, the report warns, “run more than plants and pumps: they run trust.”
You might also like
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
