Bitsight’s latest research report finds that, after years of progress, industrial control systems (ICS) and operational technology (OT) are increasingly exposed to the public Internet. Global ICS/OT exposure jumped 12% in 2024—surpassing 180,000 monthly unique IPs and trending toward 200,000 in 2025.
These systems, which control critical infrastructure like energy, water, and building automation, are often exposed with minimal security and known exploitable vulnerabilities. With real-world implications for safety, continuity, and national security, this report highlights the urgent need for coordinated action from ISPs, manufacturers, integrators, and policymakers.
Key takeaways
- ICS/OT exposure has surged globally, reversing years of progress
- Over 180,000 devices are exposed monthly—with known vulnerabilities
- Critical infrastructure is at risk, including fuel, water, and building systems
- Exposure is rising across all major ICS protocols
- Attribution challenges hinder remediation and response
Download the report to see the data behind this surge in ICS/OT exposure—and learn how organizations can take steps to reduce risk.
"Whether it’s a fuel tank sensor, an emergency shutoff valve, or a water chlorinator pump, exposed ICS/OT devices represent operational risk. That risk is no longer theoretical. It is observable, quantifiable, and increasingly being exploited in the wild."
Pedro Umbelino Principal Research Scientist Bitsight |
