Dipartimento di Ingegneria informatica, automatica e gestionale

The incautious connection to the Internet of any unprotected Industrial Control System (ICS) is enormously risky, especially if those belong to critical infrastructures like the national power grid. The goals of this work are to revise a methodology for estimating the exposure of the ICSes over the Internet, which we apply to the Italian network, and to raise awareness about this subject. In order to estimate such an exposure, our approach followed different phases. First, we studied the working principles and the technology of industrial control systems. Then, a list of the main ICS protocols was drawn up. Finally, we investigated the exposure of each ICS protocol over the Italian IP address space by querying Shodan’s database for protocol-specific features (e.g., TCP/UDP ports, headers). Besides, we investigated the exposure of IT technologies commonly used for monitoring and managing ICSes (e.g., web HMI and remote desktops). The findings we collected show that a vast amount of ICSes, belonging to different kinds of infrastructures, are currently exposed over the Internet and that anyone can freely interact with those. Moreover, this work shows how easily anyone could employ common public tools to search for ICSes exposed over the Internet.