(TLP:CLEAR) Internet-Exposed Modbus – Systemic Cyber Risks in Industrial Control Systems

Summary: A recent analysis by Chawkr Reports examined more than 1,600 internet-exposed Modbus industrial control systems and found that security weaknesses are widespread and systemic, not the result of isolated mistakes. The research shows that many systems share identical default configurations, certificates, and unpatched software, creating predictable and easily exploitable paths of attack.

Analyst Note: Since Modbus was never designed for internet use, exposed systems often lack basic security protections such as authentication or encryption. This has major implications for water and wastewater utilities, which rely on Modbus to operate pumps, valves, and treatment processes. Similar configurations across facilities mean attackers could reuse the same methods to disrupt multiple systems.

To reduce risk, water systems can limit internet exposure, eliminate default settings, segment operational networks, and prioritize basic cybersecurity hygiene tailored to OT environments. Many resources exist to help guide utilities in these areas, including WaterISAC’s 12 Cybersecurity Fundamentals for Water and Wastewater Utilities and CISA’s Top Cyber Actions for Securing Water Systems. Members are also encouraged to review the information shared by Chawkr Reports to better understand the risks of internet-exposed Modbus.

Original Source: https://chawkr.com/threat-intel/exposed-industrial-control-modbus-clustering

Mitigation Recommendations:

• 12 Cybersecurity Fundamentals for Water and Wastewater Utilities
• Top Cyber Actions for Securing Water Systems
• Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems

Related WaterISAC PIRs: 6, 6.1, 8, 10, 10.2