Open in app

Sign in

Write

Sign in

Sulaiman Alhasawi
2 min readDec 4, 2023

8 Reasons to Share Cybersecurity Knowledge

I frequently post topics on Shodan dorks targeting ICS/OT devices like PLCs, HMIs, RTUs, and SCADA on a monthly basis.This concept is similar to Google dorks, such as the GHDB. I also maintain a list of ICS/OT dorks on my GitHub, which I began during my academic years for my PhD thesis. I enjoy sharing this knowledge with the cybersecurity community, encouraging different entities to take appropriate actions. Asset owners can decide which assets should be exposed to the internet. Researchers can use this knowledge to deepen their research or develop tools based on it. Vendors can inform their customers about precautions if they want to expose their assets to the internet.

The reason I’m writing this article is because I received a criticism for interacting with PLCs in my research, with someone suggesting it’s less responsible in security research. I responded to him by saying that my research involves highlighting online PLCs on Shodan and referencing warnings from CISA and WaterISAC along with best practices. To be frank , I often pondered if I’m doing the right thing, considering articles that disclose vulnerabilities or exploit details.

Some Glossary:

  • Team A: Programmers, Researchers, Owners
  • Team B: Criminals, Thrill-seekers, Curious Users
  • Bugs, Information, Knowledge: Software/Hardware Vulnerabilities

In this article, I’ve come up with a list of points to address this issue and confusion:

  • Every product has issues; the internet and web were designed for functionality, not security.
  • Team A reporting/fixing issues reduces potential victims compared to Team B exploiting them.
  • Availability of information can be used or misused, benefiting both defenders and attackers.
  • Cybersecurity thrives on collaboration and open information sharing, leading to progress.
  • Tools are essential in cybersecurity; blaming creators for misuse isn’t justified.
  • OSINT is about gathering public information; it can be used for research or malicious purposes.
  • Responsibility lies with both Team A and users to practice ethical cybersecurity.
  • Sharing information in cybersecurity is essential for advancement, despite potential misuse in the imperfect world.

Conclusion:

Sharing information in cybersecurity is crucial for the field’s progress.Understanding the potential for misuse and applying the points discussed is essential in this imperfect world.

Cybersecurity
Ics Security
Ot Security
Shodan
Dorks
Sulaiman Alhasawi
Sulaiman Alhasawi

Written by Sulaiman Alhasawi

127 Followers
118 Following

ICS/OT Cybersecurity Researcher | Founder of ICSrank.com | Podcaster 🎙️ https://www.youtube.com/@icsarabiapodcast

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams