Online Discoverability and Vulnerabilities of ICS/SCADA Devices in the Netherlands

Abstract: On a regular basis, we read in the news about cyber-attacks on critical infrastructures, such as power plants. Such infrastructures rely on the so-called Industrial Control Systems (ICS) / Supervisory Control And Data Acquisition (SCADA) networks. By hacking the devices in such systems and networks, attackers may take over the control of critical infrastructures, with potentially devastating consequences. This report focusses on critical infrastructures in the Netherlands and investigates three main questions: 1) How many ICS/SCADA devices located in the Netherlands can be easily found by potential attackers?, 2) How many of these devices are vulnerable to cyber-attacks?, and 3) What measures should be taken to prevent these devices from being hacked?