Rupert Marais joins us to discuss a critical surge in infrastructure vulnerability that has placed the American industrial heartland in the crosshairs of international cyber campaigns. With nearly 4,000 Allen-Bradley industrial controllers currently exposed in the U.S., the risk to municipal water and power utilities is no longer a theoretical concern but an active digital battlefield. We delve into the geographical risks of market dominance, the technical debt of unencrypted protocols like Telnet, and the immense logistical challenge of securing remote hardware connected via satellite and cellular networks.
With nearly 3,900 industrial controllers in the U.S. currently exposed to remote exploitation, what specific hardware vulnerabilities make these devices a primary target? How does the high concentration of these tools in North American infrastructure affect the overall risk profile for local municipal facilities and utilities?
The primary issue lies in how these programmable logic controllers, or PLCs, serve as the literal brains of our physical world, managing everything from water pressure to electricity distribution. Because Rockwell Automation holds a staggering 74.6% market share in North American industrial automation, our infrastructure has become a monoculture that is incredibly attractive to adversaries who only need to master one set of exploits. With nearly 3,900 devices in the U.S. currently exposed, a single vulnerability can be replicated across thousands of municipal facilities with terrifying efficiency. These are not just lines of code on a screen; they are heavy industrial computers that, if compromised, allow a remote hacker to physically manipulate the machinery that keeps our towns running safely.
Many industrial computers are deployed in remote substations using cellular modems or satellite terminals like Starlink. What unique hurdles do these specific connection types create for security teams attempting to patch or monitor systems? Why is isolating these remote hardware paths from the public internet particularly difficult?
Many of these vulnerable units are tucked away in dusty, remote pump stations or substations where traditional wired internet is simply unavailable, forcing operators to rely on cellular modems or Starlink satellite terminals as their sole internet path. These connection types create a “black box” environment where security teams struggle to maintain visibility, as these devices often sit outside the standard corporate firewall and security stack. Patching a PLC over a jittery satellite link or a metered cellular connection is a nerve-wracking process that can easily fail, leaving the hardware bricked or permanently offline in a location that might be hours away for a technician. This geographic dispersal makes it incredibly difficult to route traffic through a secure gateway, often leaving these devices “naked” on the public internet where scanners can find them in mere minutes.
Unencrypted protocols like Telnet and VNC are still being found on internet-facing operational technology. Why do these outdated services persist in modern infrastructure environments, and what is the step-by-step process an adversary follows to translate a protocol login into a significant physical or operational impact?
It is genuinely chilling to see that nearly 300 devices are still accessible via Telnet, a protocol so old and insecure that it transmits every keystroke, including passwords, in plain text for anyone to sniff out. These outdated services persist because “if it ain’t broke, don’t fix it” is a dangerous mantra in operational technology where twenty-year uptime is valued over the inconvenience of security updates. An adversary typically starts by scanning for these open ports, then uses a protocol like VNC to gain a direct window into the PLC’s controlling computer, effectively looking over the shoulder of the human operator. From there, they can override safety limits, open valves, or shut down critical pumps, translating a simple login into a catastrophic physical event that can cause real-world damage to a community’s essential resources.
Implementing multifactor authentication and secure gateways is often suggested, yet many pump stations and plants lag behind. What are the primary technical or budgetary barriers to deploying MFA in these settings? How should an operator prioritize between logging suspicious traffic and replacing legacy hardware that no longer supports updates?
The push for multifactor authentication often hits a wall because legacy PLCs and their management software were designed decades before MFA was even a standard requirement for consumer email, let alone industrial gear. In a municipal setting, budgets are often razor-thin, and the cost of replacing a fleet of aging hardware that no longer supports modern security updates can be a non-starter for local governments. To manage this, operators must immediately prioritize routing all traffic through secure gateways and implementing aggressive logging of inbound traffic from known hostile IP addresses to catch intruders at the gate. While replacing legacy hardware is the ultimate goal, creating a “wrapper” of security around these devices—disabling services like FTP and VNC where possible—is the most effective way to slow down an attacker without breaking the municipal bank.
What is your forecast for industrial control system security?
My forecast for industrial control system security is a period of intense, painful transition where we must bridge the gap between decades-old mechanical reliability and modern digital warfare. We are going to see a rapid shift toward “secure-by-design” requirements for new infrastructure, but the next five years will likely involve more frequent “living off the land” attacks where hackers use the system’s own remote-access tools against us. This is a loud wake-up call that the traditional air gap is dead; we must now treat every remote pump station and electrical substation as a front-line digital asset. Ultimately, the survival of our critical utilities will depend on our ability to integrate robust identity management and encrypted pathways into the very heartbeat of our industrial operations.
