Nuclear power plants and other critical infrastructures should not be connected to the internet, but often the reality shows us something different. At the CCC conference in Hamburg, Germany, an team of security researchers (Speakers: Sergey Gordeychik, Aleksandr Timorin, repdet) showed how it was possible to find railroad systems which are connected to the internet, by simply using the Shodan Computer Search Engine.
Once you navigate to the Shodan.io website, you will be able to perform a query on their database. If you query for railway, you will get 32 “public” results back from Shodan.
Now it is strongly possible that the devices which are shown, are not “actual” railway systems a.k.a, they can be honeypots – I did not lookup the IPs or anything.
But the concern remains; Why are critical infrastructures like railways connected to the internet?!