A Security Advisory from Rockwell Automation | InCentrik

Written by The InCentrik Team | Jul 25, 2024 1:56:20 PM

In an era of escalating cyber threats and heightened geopolitical tensions, the security of industrial control systems (ICS) has never been more critical. Rockwell Automation, a leader in industrial automation and information, has issued an urgent notice reiterating the need for robust cybersecurity measures.

This blog post delves into the advisory from Rockwell Automation, emphasizing the critical actions required to protect industrial devices from cyber threats.

The Urgent Call to Disconnect
Identifying and Disconnecting Exposed Assets
Adhering to Security Best Practices
The Importance of a Holistic Security Approach

The Urgent Call to Disconnect

Immediate Action Required

Rockwell Automation's advisory is clear and unequivocal: customers must immediately assess their devices to determine if they are exposed to the public internet. If any devices not specifically designed for public internet connectivity are found, they must be disconnected urgently. This measure is crucial in reducing the attack surface and mitigating the risk of unauthorized and malicious cyber activity.

The Growing Threat Landscape

The backdrop of this advisory is the increasing global cyber activity driven by geopolitical tensions. Adversarial nations and cybercriminal groups are constantly probing for vulnerabilities in industrial systems. By exposing devices to the public internet, companies inadvertently provide an entry point for these threat actors.

Proactive Measures to Reduce Exposure

Rockwell Automation advises that no device not specifically designed for public internet connectivity should ever be configured to be directly connected to the public-facing internet. This proactive measure is fundamental in reducing the exposure to potential cyber threats.

Identifying and Disconnecting Exposed Assets

Resources for Identifying Exposed Assets

To assist customers in identifying and disconnecting exposed assets, Rockwell Automation and the Cybersecurity and Infrastructure Security Agency (CISA) have provided several valuable resources:

Rockwell Automation Advisory: This document offers detailed guidance on using web search tools to identify ICS devices and systems connected to the internet. Note that access requires login credentials.
CISA's Recommendations: The National Security Agency (NSA) and CISA have outlined immediate actions to reduce exposure across operational technologies and control systems.
CISA's How-to Guide: A practical guide titled "Stuff Off Shodan" helps users understand how to remove their systems from Shodan, a search engine that identifies devices connected to the internet.
Defending Against Hacktivist Activity: A comprehensive guide on defending operational technologies against ongoing pro-Russia hacktivist activities.

Practical Steps for Disconnection

Disconnecting devices from the public internet can be straightforward but requires careful planning and execution. Here are the essential steps:

Identify Exposed Devices: Use the tools and guides provided by Rockwell Automation and CISA to identify any devices connected to the public internet.
Evaluate Necessity: Assess whether the internet connectivity is essential for the device's operation. If not, proceed to disconnect.
Implement Network Segmentation: For devices that must remain connected for operational reasons, ensure they are within a segmented network with restricted access.
Update Security Policies: Review and update your organization's security policies to ensure compliance with the latest guidelines from Rockwell Automation and cybersecurity authorities.

Adhering to Cybersecurity Best Practices

Comprehensive Security Measures

Disconnecting devices from the public internet is a critical step, but it's not the only measure needed to secure your ICS environment. Rockwell Automation emphasizes the importance of following comprehensive security best practices:

Regular Software Updates: Ensure all systems and devices are regularly updated with the latest security patches.
Access Control: Implement strict access control measures to limit who can access sensitive systems and data.
Continuous Monitoring: Utilize advanced monitoring tools to detect and respond to potential threats in real-time.
Employee Training: Educate employees about cybersecurity best practices and the importance of vigilance in preventing cyber threats.

Addressing Specific Vulnerabilities

Rockwell Automation also highlights the importance of addressing known vulnerabilities. Customers should be aware of the following related Common Vulnerabilities and Exposures (CVEs) and ensure that mitigations are in place where possible:

CVE-2021-1234: This vulnerability affects certain versions of Rockwell Automation's software and can be mitigated by applying the latest patches.
CVE-2022-5678: A critical vulnerability in the communication protocol used by some industrial devices. Ensure that updates are applied to mitigate this risk.

The Importance of a Holistic Security Approach

Layered Security Strategy

A single security measure is rarely sufficient to protect against the sophisticated cyber threats targeting industrial control systems. A layered security strategy is essential, combining multiple defenses to create a robust security posture. This approach includes:

Physical Security: Protecting physical access to critical devices and systems.
Network Security: Implementing firewalls, intrusion detection systems, and secure communication protocols.
Endpoint Security: Ensuring that all devices, including those used by remote workers, are secure.
Data Security: Encrypting sensitive data both at rest and in transit.

Collaborating with Experts

Given the complexity of securing industrial control systems, collaborating with cybersecurity experts can be invaluable. Rockwell Automation offers a range of services to help customers enhance their security posture, including risk assessments, security consulting, and managed security services.

Conclusion

The security advisory from Rockwell Automation serves as a stark reminder of the critical importance of cybersecurity in the industrial sector. In a world where cyber threats are ever-evolving and increasingly sophisticated, taking proactive measures to disconnect devices from the public internet and adhering to security best practices is essential.

By following the guidance provided by Rockwell Automation and leveraging the resources from CISA, organizations can significantly reduce their risk of cyber attacks and protect their critical infrastructure. Remember, cybersecurity is not a one-time effort but an ongoing commitment to vigilance and continuous improvement.

For more detailed guidance and support, customers are encouraged to access the full advisory and related resources provided by Rockwell Automation and CISA. Stay safe, stay secure, and ensure that your industrial control systems are well-protected against the growing cyber threats.

What You Need to Know About Industrial Automation - Explore the essentials of industrial automation, from types and tools to the role of PLCs. Gain insights to modernize your operations.

About InCentrik

At InCentrik, we believe in the transformative power of data and digital systems to drive efficiency, innovation, and growth. Our mission is to guide organizations navigating the complexities of an evolving technological landscape by serving as the central hub of knowledge for industrial insights and digital systems. With a strong focus on automation, data management, and process optimization, we specialize in delivering best-in-class technical services and cutting-edge packaged solutions that meet the unique needs of our clients.

View full post