A new paper from Palo Alto Networks and Siemens examines the increasing risks of SCADA and OT devices connected to the public internet. It also offers actionable insights to help organizations secure their cyber-physical OT systems.
Some notable findings:
- 82.7% of internal exploit attempts happened in the manufacturing sector alone
- 79.9% of detected malware in OT networks classified as unknown – underscoring growing challenge of identifying and mitigating novel threats
- 61.9% of exploit triggers in OT networks were caused by vulnerabilities aged 6-10 years old
- Exploitation of remote services was a leading cause of incidents in OT networks, responsible for 20% of them
This whitepaper, a collaborative effort by Palo Alto Networks and Siemens, explores the escalating cybersecurity risks associated with SCADA and OT devices exposed on the public internet. As the convergence of information technology (IT) and operational technology (OT) accelerates, the attack surface for critical infrastructure expands, making these systems increasingly vulnerable to cyberattacks with potentially severe operational and physical consequences.
In 2023, over 1.25 million SCADA and OT devices were found to be exposed to the internet, a significant risk that could allow cyberattacks to directly impact essential services. The study highlights that enhanced fingerprinting techniques, introduced in March–April 2023, dramatically improved the identification of these exposed devices, particularly SCADA and building control systems.
This advancement provided better visibility into the global distribution of vulnerable devices, emphasizing the need for more robust security practices in OT environments.
The analysis of 51,000 OT firewalls, using Palo Alto Networks App-ID™, revealed substantial malware and exploit activity in OT networks. Mapped to the MITRE ATT&CK® Matrix for ICS, key attack tactics identified include Initial Access, Lateral Movement, and Privilege Escalation, which were frequently used to target OT systems.
These findings underscore how attackers gain footholds in critical infrastructure. The geographical and industry-specific analysis further showed that sectors such as manufacturing, energy, and retail are particularly at risk, with poor network segmentation and misconfigurations expanding their attack surfaces.
The whitepaper concludes that, to mitigate these risks, organizations must strengthen security controls, improve network segmentation, and implement continuous monitoring. A proactive, adaptive approach to OT security is critical to safeguarding against the growing complexity of cyberthreats targeting critical infrastructure systems.
