Better Safe Than Sorry

In a new threat briefing, Forescout researchers examine data gathered from 2017-2024 of internet exposed OT/ICS data. “Better Safe Than Sorry” contains an analysis of problem areas by region and offers mitigation strategies. The report also details three recent cases of device exposure, including the Unitronics attack wave, and attempts to proactively identify and notify asset owners with exposed Schneider Electric Modicon and Wago 750 PLCs.


Watch Webinar Read Report



internet-facing OT/ICS devices worldwide


decrease in exposed OT/ICS in the US (2017-2024)


Unitronics PLCs still exposed on the internet worldwide

Webinar: The Emergence of Exposed ICS: Trends, Threats and Best Practices

Dive into the world of operational technology (OT) and industrial control systems (ICS) with Forescout’s Elisa Costante and Rik Ferguson. Discover the latest in exposed ICS, including regional variations, targeted services and best practices for security.

Exposed OT/ICS Devices per Service (Jan. 2024)

  • Manufacturing and building automation protocols are the most exposed
  • Top 10 exposed service types are the same since 2017
  • Significant decrease in exposed Tridium Fox, Lantronix and MOXA Nport devices
  • Modbus and Siemens S7 saw increases

Exposed OT/ICS devices per country (Jan. 2024)

  • US has 27% of exposed devices followed by: Italy, Spain, France and Canada (combined total of 17%)
  • Only the US and Canada significantly reduced the number of exposed devices: 47% in the US; 45% in Canada

After One Year

  • 50% of exposed PLCs reported to asset owners remained open
  • 30% were no longer internet exposed
  • 20% remained exposed but had closed the OT port

Dive into the Research

Our research takes a fresh look at the topic of exposed OT/ICS by examining the nuanced evolution of exposed devices from 2017 to 2024. Read the full report to see other findings such as:
  • Why many of these internet-exposed OT devices and protocols appear to be the result of system integrator practices
  • How exposure rates can be reduced proactively through targeted notification efforts
  • Specific statistics about Unitronics PLCs and devices running InterNiche and Nucleus TCP/IP stacks

Strategic Recommendations:
How Forescout Can Help

  • Risk and exposure management: Identify, quantify and prioritize cybersecurity risk. Start by discovering and assessing every connected asset to gain real-time awareness of your attack surface.
  • Network security: Continuously monitor all connected assets to govern network access, using real-time traffic visibility to manage segmentation and dynamic control policies to mitigate and remediate risk.
  • Threat detection and response: Detect, investigate and respond to true threats and incidents using threat detection and response capabilities to collect telemetry and logs, correlate attack signals, generate high-fidelity detections and enable automated responses.
schedule demo
Demo RequestForescout PlatformTop of Page