Rockwell Automation and CISA have sent a security advisory warning industrial control system users to immediately disconnect devices from the internet to protect from cyber threats.
Industrial technology company Rockwell Automation and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on May 21 issued a notice urging all users to immediately assess whether they have industrial control system (ICS) devices facing the public internet.
If so, the alert says to remove that connectivity for devices not specifically designed to be used with the public internet.
Rockwell says this alert was released because of heightened geopolitical tensions and adversarial cyber activity globally.
The cyber threat to operational technology (OT) has been on the rise, with an IBM study finding the manufacturing sector was the most targeted sector for ransomware attacks in 2022. The report says that commonly used OT has traditionally not been hardened against such attacks.
[Here’s a list of cyber security techniques specifically developed for manufacturing assets.]
Remove Connectivity
Rockwell’s guidance states only industrial devices specifically designed for public internet connectivity such as cloud and edge offerings should be configured to directly connect with the public-facing internet.
“Removing that connectivity as a proactive step reduces attack surface and can immediately reduce exposure to unauthorized and malicious cyber activity from external threat actors,” Rockwell says in the advisory.
If disconnection is not feasible, Rockwell Automation urges its customers to follow the security best practices outlined in this document: Rockwell Automation | Security Best Practices [login required].
Check this list of related common vulnerabilities and exposures (CVE) to ensure mitigations are in place, where possible:
CVE No.: 2021-22681
Alert Code: 21-056-03
Advisory Name and Link: CISA | Rockwell Automation Logix Controllers (Update A)
CVE No.: 2022-1159
Alert Code: 22-090-07
Advisory Name and Link: CISA | Rockwell Automation Studio 5000 Logix Designer
CVE No.: 2023-3595
Alert Code: 23-193-01
Advisory Name and Link: CISA | Rockwell Automation Select Communication Modules
CVE No.: 2023-46290
Alert Code: 23-299-06
Advisory Name and Link: CISA | Rockwell Automation FactoryTalk Services Platform
CVE No.: 2024-21914
Alert Code: 24-086-04
Advisory Name and Link: CISA | Rockwell Automation FactoryTalk View ME
CVE No.: 2024-21915
Alert Code: 24-046-16
Advisory Name and Link: CISA | Rockwell Automation FactoryTalk Service Platform
CVE No.: 2024-21917
Alert Code: 24-030-06
Advisory Name and Link: CISA | Rockwell Automation FactoryTalk Service Platform