Rockwell Automation is urging its clients to disconnect any industrial control systems (ICSs) that are not intended for public internet access in order to prevent unauthorized or harmful cyber activities. This advisory comes in light of escalating geopolitical tensions and an increase in adversarial cyber actions across the globe, according to the company.
In its advisory, Rockwell Automation emphasizes the immediate need for organizations to identify any devices reaching the internet and to sever connectivity for those that should not be exposed. The firm strongly cautions against configuring any assets for direct connection to public-facing networks, as this could significantly compromise their security. By doing so, companies can proactively reduce their attack surface, immediately lessening their vulnerability to external threats.
Additionally, organizations are encouraged to adopt the necessary mitigations and patches to protect against various identified vulnerabilities affecting Rockwell products. Key vulnerabilities include CVE-2021-22681, CVE-2022-1159, CVE-2023-3595, CVE-2023-46290, CVE-2024-21914, CVE-2024-21915, and CVE-2024-21917, with CVSS scores ranging from 5.3 to a critical 10.0, indicating their severity.
This warning has been disseminated through the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which has also highlighted the importance of following security measures detailed in their recommendations to minimize exposure. Past advisories, including warnings from CISA and the National Security Agency (NSA), have pointed out the risks posed by malicious actors exploiting internet-connected operational technology (OT) assets, raising the stakes for critical infrastructure.
Notably, recent reports have indicated that adversaries are increasingly targeting ICS systems, with advanced persistent threat (APT) groups exploiting vulnerabilities to gain political or economic advantage. In some cases, these intruders have gained access to programmable logic controllers (PLCs) and manipulated control logic to disrupt the intended functions of machinery, raising concerns about potential consequences on critical systems.
Research from the Georgia Institute of Technology has revealed alarming implications of web-accessible PLC systems. Their findings suggest that attackers could execute a Stuxnet-style operation by manipulating the interfaces used for remote monitoring and programming. This type of intrusion allows cybercriminals to alter sensor readings, disable safety protocols, and hijack physical actuators, posing severe risks to both operational integrity and safety.
Given the vulnerabilities associated with emerging web technologies in industrial environments, experts recommend a multifaceted security strategy. Limiting exposure to critical system information, securing remote access points, conducting regular security audits, and implementing a dynamic network architecture are essential to fortify defenses against potential cyber threats.
As cyber adversaries continue to evolve their tactics, business owners must remain vigilant and proactive in securing their ICS and OT networks, aligning their security measures with the insights provided by frameworks like the MITRE ATT&CK Matrix. By understanding and addressing potential adversary tactics—such as initial access, persistence, and privilege escalation—organizations can bolster their defences against this growing tide of cyber threats. The call to action is clear: businesses must take decisive steps to safeguard their systems and mitigate risks associated with public internet exposure.
