Thousands of industrial systems, electrical grids and traffic lights are found in the public domain on the Internet.

According to a new report from BitSight, hundreds of thousands of industrial control systems (ICS) are connected to the public internet and accessible to hackers. The researchers claim that hackers can scan these endpoints for various vulnerabilities and, if they find any, exploit them to their advantage (financial or otherwise). BitSight conducted extensive scans of the entire IP address space, examining the systems running on each one.

It turned out that about 100,000 sensors, actuators, switches, building control systems and automatic tanks, among other devices, were connected to the Internet and ready to be tampered with. Some of these devices are owned by Fortune 1000 companies located in nearly 100 countries. Most of the devices were found in the United States, Canada and Italy. Also in the top 10 were the UK, France, the Netherlands, Germany, Spain, Poland and Sweden. The most vulnerable industries were found to be education, technology, public sector and business services, followed by manufacturing, utilities, real estate, energy, hospitality and finance.

The use of these devices by hackers for attacks is far from speculative or theoretical - there have been numerous examples over the years of attackers, including government sponsors, doing just that.

Back in 2018, the FBI warned private U.S. companies of an ongoing hacking campaign targeting supply chain software vendors. "Supply chain software vendors are believed to be targeted in order to gain access to the victim's strategic partners and/or customers, including entities supporting industrial control systems (ICS) for global energy production, transmission and distribution. "