Rockwell Automation has urged customers to immediately disconnect all industrial control systems facing the public Internet. The company cites increasing malicious activity amid mounting geopolitical tensions worldwide a reason for this recommendation.
The company advised customers to disconnect devices not specifically meant to face the public internet such as its cloud and edge offerings. Air gapping ICS systems from the public-facing internet can significantly reduce the attack surface of the organizations and protect their critical infrastructure from cyber threats, an advisory from the company suggested.
Rockwell Automation is a major provider of ICS products that has been in business for nearly a decade. Headquartered in Milwaukee, Wisconsin the industrial automation giant provides services for Architecture and Software segments meant for controlling the customer’s industrial processes as well as Industrial Control Product Solution segments such as intelligent motor control, industrial control products, application expertise, and project management capabilities.
“Due to heightened geopolitical tensions and increased adversarial cyber activity globally, Rockwell Automation is issuing this notice urging all customers to take immediate action to assess whether they have devices facing the public internet and, if so, to urgently remove that connectivity for devices not specifically designed for public internet connectivity,” Rockwell Automation stated.
Rockwell Automation Discourages Remote Connections to ICS
In its latest security advisory, Rockwell Automation stressed that network defenders should never configure ICS devices to allow remote connections from systems outside the local network.
It advised organizations that disconnecting these systems from the public-facing internet could significantly reduce their attack surface. This action prevents threat actors from gaining direct access to vulnerable systems that may not yet have been patched against security vulnerabilities, thus protecting internal networks from potential breaches.
Rockwell Automation has also cautioned customers to implement necessary mitigation measures against several security vulnerabilities in its ICS devices. These vulnerabilities, identified by their CVE IDs, span across several Rockwell products like Logix Controllers, Studio 5000 Logix Designer, and FactoryTalk platforms.
The list of these vulnerabilities is as follows:
- CVE-2021-22681: Rockwell Automation Logix Controllers (Update A)
- CVE-2022-1159: Rockwell Automation Studio 5000 Logix Designer
- CVE-2023-3595: Rockwell Automation Select Communication Modules
- CVE-2023-46290: Rockwell Automation FactoryTalk Services Platform
- CVE-2024-21914: Rockwell Automation FactoryTalk View ME
- CVE-2024-21915: Rockwell Automation FactoryTalk Service Platform
- CVE-2024-21917: Rockwell Automation FactoryTalk Service Platform
Broader Efforts and Mitigation Actions for ICS Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also issued an alert advising Rockwell customers to implement the recommended security measures as these products are in use at several critical infrastructure organizations across the country.
Earlier in September 2022, the agency along with the NSA had issued recommendations and a “how-to guide” for reducing exposure across ICS and related operational technologies. The urgency of enhancing ICS security is further highlighted by the collaborative efforts of multiple U.S. federal agencies, including the NSA, FBI, and CISA, along with cybersecurity agencies from Canada and the U.K.
These agencies have previously issued several public statements about the threats posed by hacktivists targeting critical infrastructure operations through unsecured OT systems.
CISA has already recommended defensive measures on industrial control systems such as minimizing network exposure, isolating control system networks, and securing remote access through the implementation of Virtual Private Networks (VPNs).
The present administration also issued the 2021 national security memorandum instructing CISA and NIST to develop cybersecurity performance goals for critical infrastructure operators as part of the broader initiatives in recent years to secure critical infrastructure within the United States.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
