By using search engines dedicated to scanning all open ports, or scanning the ports themselves, hackers can remotely take control of critical private and public U.S. infrastructure run largely by industrial control systems (ICS) that weren't built with security in mind.
American water and energy providers are particularly vulnerable to cyberattack because their legacy ICSs were designed without security in mind, said the report from Cybernews, which found numerous examples of water and energy supplies that have been left open for tampering.
Unprotected ICS access points mostly include offshore and onshore oil wells, which CISA recently warned about, as well as public and private water distribution and treatment systems that could be accessed by anyone without passwords. "By accessing exposed onshore oil well ICS, we could take control of multiple oil silos and cause damage to U.S. energy supply by silencing alarms, opening and closing discharge gates, adjusting freefall setpoints, and more," the report said.
They also found an unprotected ICS offering up a single point of access to as many as five coastal oil wells. "This is incredibly dangerous," Edvardas Mikalauskas, the report’s author, wrote, citing Foreign Policy as saying as "offshore oil rigs are particularly vulnerable to attacks, 'as they shift to unmanned robot platforms where vital operations […] are controlled via wireless links to onshore facilities.'”
In a hostile takeover, then, "there’s a likelihood that no human employees would be present to manually override the attackers’ commands," he said. “Virtually anyone with a specific skillset and a special interest can cause harm to critical U.S. infrastructure. From silencing alarms on oil wells to infecting the water supply by shutting down disinfectant production to causing town-wide or farm-wide water outages, such attacks could physically affect thousands of people.”
All the control systems examined were left open for attack and easy for anyone to seize and manipulate. In the event of a coordinated cyberwarfare campaign, control panels could be attacked to cause severe damage to private and public property, the environment, and public health and safety in the U.S.
The researchers uncovered an unprotected public water distribution system that could be shut off the water supply an entire town, and then be potentially compromised synchronized with arson attacks. Another system sieve allowed interference with sanitization processes, potentially making drinking water unsafe to consume for more than 7,000 people in total, while an exposed control panel allowed researchers to seize manual control of a sewer pump station in a town of more than 18,000 residents. It could have potentially damaged an entire town’s sewer system by adjusting sewage flow speeds or shutting the system altogether.
The U.S. Department of Homeland Security periodically has issued a number of ICS advisories and vulnerable ICS have been at heart of nation-state driven cyberattacks on energy sector-focused critical infrastructures and pipelines.
After the vulnerabilities were reported to CISA and CERT and the public and private owners of the ICSs were contacted in January 2020, open access was disabled.