Rockwell Automation, a leader in industrial automation, has issued an urgent security notice to its customers, stressing the critical need to ensure their industrial control systems (ICS) are not exposed to the internet, thereby mitigating significant cyber threats.
The company urges customers to take immediate action and assess whether any devices, particularly those not designed for public connectivity, are exposed to the web. A recent Shodan search for ‘Rockwell’ reveals over 7,000 instances of exposed devices, including thousands of Allen-Bradley programmable logic controllers (PLCs). The heightened geopolitical tensions and increased adversarial cyber activities globally have raised serious concerns about potential cyber attacks targeting these systems.
Rockwell Automation’s advisory emphasizes the importance of minimizing the attack surface by ensuring that assets are not directly connected to the public internet. Devices not specifically designed for public internet connectivity, such as cloud and edge offerings, should never be configured for direct exposure. Proactively removing this connectivity can significantly reduce the risk of unauthorized and malicious cyber activities from external threat actors.
Understanding Attack Surfaces in OT Environments
In OT environments, the attack surface encompasses various components and systems integral to industrial operations. These include PLCs, human-machine interfaces (HMIs), sensors, actuators, and communication networks. Exposure of these components to the public internet significantly increases their vulnerability to cyber attacks.
Different Ways of Exploiting Vulnerabilities
Cyber attackers can exploit several vulnerabilities within ICS environments:
Implications of a Cyber Attack on ICS
The consequences of a successful cyber attack on ICS can be severe:
Operational Disruption: Attacks can halt production lines, causing significant financial losses and operational delays.
Safety Risks: Compromised systems may lead to unsafe operating conditions, posing risks to personnel and the environment.
Data Integrity: Unauthorized access to control systems can result in the manipulation or theft of sensitive operational data.
Reputation Damage: Companies may suffer reputational damage, impacting customer trust and investor confidence.
Measures to Protect ICS from cyber attacks:
Disconnect ICS from Public Networks: Ensure that industrial control systems are not connected to the public internet. This reduces the risk of unauthorized access and malicious activities.
Regular Security Assessments: Conduct routine security assessments to identify and mitigate vulnerabilities. This helps in recognizing and addressing potential weaknesses before they can be exploited.
Network Segmentation: Implement network segmentation to isolate critical systems from less secure networks. This limits the spread of potential attacks within the network.
Access Controls: Enforce strict access controls to ensure that only authorized personnel can access critical systems. This includes using strong authentication methods and role-based access controls.
Continuous Monitoring: Deploy continuous monitoring solutions to detect and respond to suspicious activities in real-time. This allows for quick identification and mitigation of potential threats.
In the face of escalating cyber threats, it is crucial for organizations to take proactive measures to protect their ICS environments. By disconnecting ICS from the public internet, adhering to best practices, and staying vigilant, companies can significantly reduce their exposure to cyber risks and safeguard their critical operations.
Source: https://www.securityweek.com/rockwell-automation-urges-customers-to-disconnect-ics-from-internet/