Most OT security research looks inward — what is happening inside your network. We look outward. ShiftSix continuously maps internet-exposed OT assets, industrial protocols, and critical infrastructure services that are visible to threat actors right now. This research tracks what we find, how it is changing, and which adversaries are actively targeting it.
Our flagship quarterly publication tracking internet-facing OT devices by protocol, sector, and geography — correlated against active threat campaigns and compliance frameworks.
Sector-specific and protocol-specific deep dives into what we find exposed across critical infrastructure — water, energy, manufacturing, building automation, and more.
When a new vulnerability drops, we publish the external exposure footprint — how many devices are internet-facing, which sectors are affected, and which threat actors are exploiting it.
Our inaugural quarterly report mapping internet-exposed OT assets across critical infrastructure sectors. Covering Modbus, DNP3, BACnet, EtherNet/IP, S7, and OPC UA — with threat campaign correlation and sector-by-sector breakdowns.
Our research is based on continuous external scanning and analysis of internet-facing OT assets. We do not access, authenticate with, or disrupt any systems. Our methodology:
OT protocols monitored
Critical infrastructure sectors covered
Exposure Index publication cadence
All research published ungated
Get a complimentary external OT exposure assessment for your organization. No agents, no network access — just the attacker’s view of your infrastructure.
Continuous attack surface intelligence for IT, OT, and ICS environments — purpose-built for enterprise security teams and critical infrastructure operators.