Rockwell says: Disconnect ICS From Internet

Good idea to disconnect your automation devices from network – most of the devices are not secure enough to handle network connection. Here is one big news related to Industrial Controls Systems (ICS) from a big manufacturer:

ICS/OTRockwell Automation Urges Customers to Disconnect ICS From Internet
Rockwell Automation is concerned about internet-exposed ICS due to heightened geopolitical tensions and adversarial cyber activity globally.
https://www.securityweek.com/rockwell-automation-urges-customers-to-disconnect-ics-from-internet/

Rockwell Automation is concerned about internet-exposed ICS due to heightened geopolitical tensions and adversarial cyber activity globally.

Rockwell Automation has issued a security notice urging customers to ensure that their industrial control systems (ICS) are not connected to the internet and exposed to cyber threats.

The industrial automation giant has told customers to take ‘immediate’ action and check whether any devices that are not specifically designed for public connectivity are exposed to the web.

Translation: We added network interfaces to our machines because sales needed the feature, but nobody wanted to change their development practices to secure it.

Over many years cyber actors have demonstrated their continued willingness to conduct malicious cyber activity against critical infrastructure (CI) by exploiting internet-accessible operational technology (OT) assets. Many products many by many different companies and used in OT applications have more or less questionable cyber security. Many legacy OT assets were not designed to defend against malicious cyber activities, combined with readily available information that identifies OT assets connected via the internet. There are also many new security problems in many newer devices. So generally it is a good idea to not to connect your OT networks directly to Internet.

A Shodan search for ‘Rockwell’ currently returns more than 7,000 results, including thousands of what appear to be Allen-Bradley programmable logic controllers (PLCs).

Rockwell’s advisory highlights several vulnerabilities found and patched in recent years, including CVE-2021-22681, CVE-2022-1159, CVE-2023-3595 and CVE-2023-3596, CVE-2023-46290, CVE-2024-21914, CVE-2024-21915, and CVE-2024-21917.

These flaws can allow hackers to conduct DoS attacks, escalate privileges, modify settings, remotely compromise PLCs, and even conduct Stuxnet-style attacks.

The discovery of exploits targeting CVE-2023-3595 and CVE-2023-3596 suggests that threat actors, particularly APT groups, have set their sights on Rockwell industrial products

Disconnect ICS Devices From Internet Per Rockwell Automation
https://www.youtube.com/watch?v=eA4g2s_Pi40

Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats
https://thehackernews.com/2024/05/rockwell-advises-disconnecting-internet.html

The company said it’s issuing the advisory due to “heightened geopolitical tensions and adversarial cyber activity globally.”

SD1672 | IMPORTANT NOTICE: Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet to Protect from Cyber Threats
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1672.html

IMPORTANT NOTICE: Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet to Protect from Cyber Threats

Due to heightened geopolitical tensions and adversarial cyber activity globally, Rockwell Automation is issuing this notice urging all customers to take IMMEDIATE action to assess whether they have devices facing the public internet and, if so, urgently remove that connectivity for devices not specifically designed for public internet connectivity.

More information on attacks on public-internet-exposed assets, including information on how to identify exposed assets and disconnect them from the public internet, is available in these documents from Rockwell Automation and CISA (Cybersecurity and Infrastructure Security Agency):


Rockwell Automation | Advisory on web search tools that identify ICS devices and systems connected to the Internet
[login required]
CISA | NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems
CISA | How-to Guide: Stuff Off Shodan

The US cybersecurity agency CISA has also posted an alert to bring attention to Rockwell’s notice.
https://www.cisa.gov/news-events/alerts/2024/05/21/rockwell-automation-encourages-customers-assess-and-secure-public-internet-exposed-assets

I will never be able to hear the name “Rockwell Automation” without thinking of this:
https://www.youtube.com/watch?v=RXJKdh1KZ0w

SANS ICS HyperEncabulator
He’s baaaaaaaaaaaaaaack …
https://www.youtube.com/watch?v=5nKk_-Lvhzo

0 Comments

Be the first to post a comment.

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*