Working with the EPA to Secure Exposed Water HMIs
a year ago
- #Critical Infrastructure
- #Cybersecurity
- #HMI Exposure
- Censys researchers discovered nearly 400 web-based HMIs for U.S. water facilities exposed online in October 2024.
- The exposed HMIs were categorized into three states: Authenticated, Read-only, and Unauthenticated (40 systems).
- Censys collaborated with the EPA and the vendor for remediation, leading to 58% of systems being secured by mid-November 2024.
- By May 2025, fewer than 6% of the systems remained online in a read-only or unauthenticated state.
- The discovery highlighted the risks of internet-exposed HMIs, which provide direct access and context to critical infrastructure.
- The EPA and manufacturer's swift response demonstrated effective collaboration in securing critical infrastructure.