ICS-ALERT-11-301-01: Control System Internet Accessibility   [open pdf - 75KB]

"ICS-CERT [Industrial Control Systems Cyber Emergency Response Team] has recently received several reports from multiple independent security researchers who have employed the SHODAN search engine1 to discover Internet facing SCADA [Supervisory Control and Data Acquisition] systems using potentially insecure mechanisms for authentication and authorization. The identified systems span several critical infrastructure sectors and vary in their deployment footprints. ICS-CERT is working with asset owners/operators, Information Sharing and Analysis Centers (ISACS), vendors, and integrators to notify users of those systems about their specific issues; however, due to an increase in reporting of these types of incidents, ICS-CERT is producing a more general alert regarding these issues. In most cases, the affected control system interfaces were designed to provide remote access for monitoring system status and/or certain asset management features (i.e., configuration adjustments). The identified systems range from stand-alone workstation applications to larger wide area network (WAN) configurations connecting remote facilities to central monitoring systems. These systems have been found to be readily accessible from the Internet and with tools, such as SHODAN, the resources required to identify them has been greatly reduced. In addition to the increased risk of account brute forcing from having these systems available on the Internet, some of the identify systems continue to use default user names and passwords and/or common vendor accounts for remote access into these systems. These default/common accounts can in many cases be easily found in online documentation and/or online default password repositories. Control System owners and operators are advised to audit their control systems -whether or not directly connected to the Internet- for the use of default administrator level user names and passwords."

Report Number:
Industrial Control Systems Cyber Emergency Response Team, ICS-ALERT-11-301-01
Public Domain
Retrieved From:
United States Computer Emergency Readiness Team: http://www.us-cert.gov/
Media Type:
Help with citations