"Over the past two years, Shodan has gathered data on nearly 100 million devices, recording their exact locations and the software systems that run them. 'Expose online devices,' the Web site says. 'Webcams. Routers. Power Plants. iPhones. Wind Turbines. Refrigerators. VoIP Phones,'" O'Harrow wrote.
The story also told of a 22-year-old hacker from somewhere overseas who was able to hack a Siemens S7 controller and gain control of a water plant serving 16,000 people in South Houston.
Harding said he doesn't know the status of most critical infrastructure. But he said he's "certain that many, if not most are not fully updated, do not have adequate monitoring or protections, have inadequate contingency plans and are unnecessarily exposed to the Internet, and are therefore vulnerable."
"It is too expensive to unhook completely from the Internet, but that decision must be accompanied by diligent efforts to mitigate any vulnerabilities," he said.
Zwillinger said, however, that most nation-states will likely limit their attacks because they still fear the military might of the U.S. "While our critical infrastructure is vulnerable, would-be attackers are hesitant to launch a full scale attack knowing that the U.S. would respond, 'using all instruments of national power,'" Zwillnger said, citing a line from Securing Cyberspace for the 44th Presidency, a report by the Center for Strategic and International Studies.
Sign up for MIS Asia eNewsletters.