Critical vulnerabilities in industrial computer networks are a cause for concern

I’ve spent the past couple of years learning some very worrisome things about how vulnerable many industrial computer networks are to cyber attack.

You don’t hear about Stuxnet-like incidents everyday. But a network intrusion doesn’t have to be anything like Stuxnet to cause harm to factories, utilities, and the like.

A few days ago, Claroty’s Team82 research group released a report that I believe everyone in industrial security should read. It’s titled “State of CPS Security: OT Exposures 2025.”

First, let’s define some words. OT stands for operational technology, a term many people in the industry use to refer to industrial computer technology, such as industrial control systems (ICS). KEV means known exploited vulnerabilities. I presume that means that not only are the vulns publicly known in MITRE’s CVE database, but also those vulns are known to have been exploited by threat actors before. A KEV is the opposite of a zero day. CPS stands for cyber-physical systems.

Onto Team82’s new report.

Claroty collected data from over 940,000 OT devices, from 270 organizations.

From the OT devices that Claroty researched:

• 12% contain KEVs.
• 7% of all of the researched OT devices have of the devices have exposed KEVs that have been linked to known ransomware samples and actors.
• 40% of the industrial organizations researched have devices insecurely connected to the internet
• 31% of organizations have devices with KEVs that are insecurely connected to the internet
• 12% of industrial organizations researched had OT assets communicating with malicious domains

As much as can possibly be done, industrial computer networks should be isolated from the internet. ICS components typically cannot be securely connected to the internet. They’re not designed that way, and a lot of it is legacy tech. Industrial security specialists like Joe Weiss have been trying to warn everyone for years about that.

Team82’s report warns that industrial networks are a major target of global cyberwarfare:

“Adversaries are targeting OT with greater frequency in the hopes of impacting national security among Western nations, as well as economic stability in those areas, and in some cases, public safety. The leverage point in an OT attack is often the inadvertent exposure of a device that is insecurely connected to the internet, including OT assets that are directly connected online rather than through some form of secure access technology.”

A lot of industrial computer systems are over 40 years old. Legacy tech is commonplace in the industrial sector, and these systems weren’t designed for the internet. Anyone who has worked in OT networks knows that their computer systems cannot be replaced or substituted as easily as modern PCs and cloud networks can. This is the kind of stuff that keeps FORTRAN programmers well employed.

As much as possible, have industrial technicians and operators do their work on site, rather than through remote computer networking. A VPN and a firewall may not be sufficient security for the use case of remote access through the internet to an ICS.

The global cyberwarfare threat will only worsen with time. A little bit of inconvenience is worth it to make sure that threat actors cannot attack American factories and utilities. Industrial technology should always be difficult to access, and have the most security possible.

It may take a lot of work, policy changes, and security culture changes. But it’s imperative to reduce the cyber attack surface of industrial technology now.

Team82’s full report can be read here.