May 21, 2024 at 01:50PM
Rockwell Automation urges customers to disconnect industrial control systems not designed for online exposure from the Internet due to increasing malicious activity. This reduces the attack surface and limits direct access to systems vulnerable to security threats. Additionally, CISA issued an alert regarding Rockwell’s new guidance to reduce ICS device exposure to cyberattacks and the NSA and CISA have jointly published advisories on securing OT and ICS devices against attacks.
From the meeting notes, the main takeaways are:
1. Rockwell Automation issued a warning urging customers to disconnect industrial control systems (ICSs) not designed for online exposure from the Internet due to increasing malicious activity worldwide.
2. Network defenders are advised not to configure devices to allow remote connections from systems outside the local network. Taking devices offline can significantly reduce organizational attack surfaces.
3. The notice aims to assess and remove devices facing the public internet that are not specifically designed for public internet connectivity.
4. Mitigation measures are required to secure Rockwell ICS devices against specific security vulnerabilities.
5. A joint advisory from the National Security Agency (NSA) and CISA was published in September 2022 to secure operational technology (OT) devices and industrial control systems (ICS) against attacks.
6. There have been warnings from multiple U.S. federal agencies and cybersecurity agencies from Canada and the U.K. regarding pro-Russian hacktivists disrupting critical infrastructure operations.
These takeaways highlight the urgency of addressing cybersecurity vulnerabilities in industrial control systems and the increasing threats posed by malicious cyber activity, particularly with geopolitical tensions and ongoing adversarial cyber activity globally.