TLDR:
- Rockwell Automation urges customers to disconnect ICS from the internet due to heightened geopolitical tensions and cyber threats globally.
- Customers are advised to take immediate action and check for devices not specifically designed for public connectivity that are exposed to the web.
Rockwell Automation has issued a security notice urging customers to ensure that their industrial control systems (ICS) are not connected to the internet and exposed to cyber threats. The company is concerned about potential attacks due to heightened geopolitical tensions and adversarial cyber activity globally. Customers are advised to take immediate action to check for any devices not specifically designed for public connectivity that are exposed to the web. Rockwell’s guidance recommends never configuring assets to be directly connected to the public-facing internet to reduce the attack surface and exposure to unauthorized cyber activity. The advisory links to resources on guidance and best practices. The company highlights several vulnerabilities that have been found and patched in recent years, which could allow for DoS attacks, privilege escalation, settings modification, remote compromise of PLCs, and potential Stuxnet-style attacks. The US cybersecurity agency CISA has posted an alert to draw attention to Rockwell’s notice. Rockwell Automation advises customers to take proactive steps to enhance the security of their ICS systems by disconnecting them from the internet.