Report: US Accounts for Most PLCs Subjected to Iranian Targeting

Programmable logic controllers are the digital nervous system of modern factories, power plants, and water treatment facilities. Their integration with corporate networks and, increasingly, cellular connections has opened a new attack vector for nation‑state actors. Iranian cyber groups, leveraging publicly available exploits, have zeroed in on Rockwell Automation’s Allen‑Bradley line because of its ubiquity and legacy firmware that often lacks modern security patches. The recent CyberScoop analysis reveals that roughly three‑quarters of the exposed PLCs sit on U.S. soil, a statistic that underscores the country’s outsized exposure compared with any other region.

The data also highlights a surprising reliance on Verizon’s wireless infrastructure, with almost half of the vulnerable devices communicating over cellular links. While mobile connectivity offers operational flexibility, it also expands the attack surface, especially when devices run outdated operating systems that cannot receive timely patches. Researchers observed additional open services on the PLC ports, further increasing the avenues for intrusion. This confluence of legacy software, pervasive network exposure, and high‑value targets creates a perfect storm for Iranian actors seeking to disrupt critical infrastructure without direct kinetic action.

For U.S. policymakers and industry leaders, the findings translate into a clear mandate: accelerate PLC hardening, enforce rigorous patch management, and segment operational technology networks from public internet pathways. Federal agencies have already issued joint alerts, but implementation remains uneven across sectors. Investing in intrusion‑detection systems tailored for industrial control environments, coupled with robust vendor collaboration, can mitigate the immediate threat. In the longer term, establishing mandatory cybersecurity standards for PLC manufacturers will be essential to reduce the nation’s vulnerability to state‑sponsored cyber campaigns.