System Update

Описание: Are PLCs Putting Your Infrastructure at Risk?

At CyberStreams, we protect small businesses like manufacturers, higher ed, and non-profits from cyber threats. Programmable Logic Controllers (PLCs) are the silent workhorses of critical infrastructure, running water treatment plants, energy grids, and food production lines. Yet, a 2024 study reviewing 133 research papers found PLCs are alarmingly vulnerable (arXiv:2403.00280).

These devices, bridging cyber and physical systems, are prime targets for cyberattacks that could disrupt entire communities. Most PLCs have built-in access controls, but 80% are ineffective due to weak authentication. Encryption, when used, often relies on outdated algorithms, leaving data exposed.

Over the past 17 years, 119 attack methods have exploited PLCs, from Stuxnet’s sabotage of Iran’s nuclear program to recent ransomware halting production lines. In 2023, Iran-linked hackers targeted PLCs in U.S. water facilities, showing real-world risks (FBI alert, 2023).

I use checklists to keep my family of 6 on track in the morning, PLCs need similar discipline to stay secure. A manufacturing client we helped was unaware their PLCs used default passwords, risking a shutdown.
CyberStreams locked down their systems, disabled unused protocols, and added monitoring, to prevent a costly breach.
With 47% of manufacturing attacks in 2024 tied to supply chain vulnerabilities (IBM X-Force, 2025), unsecured PLCs threaten your operations. As industries embrace cloud-connected industrial control system (ICS), attack surfaces grow, demanding robust defenses to protect lives and livelihoods. CyberStreams ensures your infrastructure stays resilient against these evolving threats.

I’ve put together three takeaways and next steps:

1. Strengthen PLC Access Controls
Replace insecure-by-default passwords and settings in ICS & IoT devices.

2. Disable Unused Protocols
Limit attack surfaces by disabling unused communications protocols on the devices where possible and on the firewall or switch access control lists where it’s not possible on the device.

3. Monitor Systems Actively
Set it and forget it is not an effective option in today’s world. That would be like putting electronic scanners in the entry to Costco and no staff to make sure that everyone scans their cards. The people who don’t want to be seen, will just walk past them.

Link to original story: https://cyberstreams.com/blog/b/are-p...