As industrial systems become increasingly interconnected, the operational technology (OT) landscape is undergoing a major shift. While this connectivity improves efficiency, it also exposes vulnerabilities that are often overlooked—one of the most significant being the continued use of default passwords on critical OT devices. From programmable logic controllers (PLCs) to SCADA systems, many of these devices are left unsecured, making them prime targets for cyberattacks.
The Perils of Default Passwords in OT
Many organisations don’t realise how widespread this issue is. PLCs, for instance, are used to control critical infrastructure, including oil and gas pipelines, power plants, and manufacturing facilities. Despite their importance, a significant number of these devices remain protected by easily guessable default passwords. The risks associated with this are immense. Once attackers gain access to a PLC or another OT device, they can potentially disrupt operations, manipulate data, or even cause physical harm to infrastructure.
One well-known incident occurred in Arkansas City, Kansas, where attackers targeted a water treatment plant’s OT systems. The facility was forced to switch to manual operations after hackers attempted to exploit weak credentials on exposed systems. While the water supply was not affected in this case, it serves as a stark reminder of how critical infrastructure remains vulnerable to even unsophisticated attacks.
Another example comes from Oldsmar, Florida, where attackers gained access to the city’s water treatment systems using a compromised remote access tool. The hackers attempted to change the levels of sodium hydroxide in the water supply—an attack that could have had dangerous consequences had it not been caught in time. These incidents are just the tip of the iceberg, illustrating the scale of the problem.
Vulnerabilities Across OT Units
Recently, the US cybersecurity agency CISA reiterated warnings about the dangers posed by weak or default credentials in OT environments. Attackers, armed with relatively unsophisticated methods, have been able to breach critical systems. The issue isn’t just limited to PLCs—other OT components like remote terminal units (RTUs), human-machine interfaces (HMIs), and distributed control systems (DCS) also share similar vulnerabilities. Many of these systems are exposed to the internet with minimal protection, leaving them open to exploitation. Hacktivist groups have, on multiple occasions, claimed responsibility for targeting OT systems through default passwords.
For example, the pro-Israel hacktivist group Red Evil recently claimed they had accessed SCADA software at water facilities in Lebanon, though the legitimacy of these claims is still being debated. Whether exaggerated or not, the methods used to breach these systems often rely on well-known vulnerabilities, such as unchanged default credentials.
Moving Beyond Basic Security
Securing OT systems should be a top priority, especially as attacks on critical infrastructure become more frequent. Basic cybersecurity practices, such as changing default passwords, regularly updating software, and restricting internet exposure, can go a long way in protecting these systems. However, a more comprehensive approach is needed—one that involves advanced authentication methods, role-based access control, and continuous monitoring to prevent unauthorised access to OT environments.
Organisations must understand that the security of their OT systems is not just a matter of protecting data, but also of safeguarding the physical infrastructure that underpins society. As attacks on OT continue to evolve, it’s crucial to stay ahead of the threats and ensure that even the simplest vulnerabilities, such as default passwords, are addressed.
--------------------
swIDch will continue its quest to innovate and pioneer next-generation authentication solutions. To stay up-to-date with the latest trends sign up to our newsletter and check out our latest solutions.
