Industrial Security

Work With Us to Help Manage Your Risk

Similar to the key tenets of integrity, safety, system availability and performance, security has become essential in the design and operation of contemporary controls systems. Rockwell Automation recognizes the importance of security for industrial control applications. We embrace the employment of defense in depth practices to mitigate risk through a layered, system-level security approach.

 

We offer tools, products and services that can help you build security into your control system. In addition, our Network Services and Security Services capabilities help you design, troubleshoot and verify that your system meets the level of security that is right for you, today and tomorrow.

Although security is merely one aspect of a complete, system-level controls solution, it remains an integral aspect to the Rockwell Automation controls philosophy and we remain committed to evolve security solutions to meet your needs.

  • Membership & Leadership: Applying Standards to Help Your Security

    Rockwell Automation is an active member of several security standards development bodies. The efforts are focused in the International Society of Automation (ISA) Security committee (ISA99) which is working in tandem with the International Electrotechnical Commission’s (IEC) security working group (TC65 WG10) to develop international security guidelines (IEC 62443). The "Industrial Automation and Control System Security" committee establishes standards, recommended practices, technical reports, and related information that define procedures for implementing electronically secure manufacturing and control systems and security practices and assessing electronic security performance.

  • Process Control Security Adherence

    Other areas of activity include the Industrial Control System Joint Working Group (ICSJWG) established by the Department of Homeland Security (DHS) Control Systems Security Program (CSSP). The purpose of the ICSJWG is to facilitate the collaboration of control systems stakeholders to accelerate the design, development, and deployment of more secure control and legacy control systems. Forum participants include international stakeholders from government, academia, industry users, owner/operators, systems integrators; and the vendor community. As stated by DHS, "The ICSJWG provides a vehicle for communicating and partnering across all Critical Infrastructure and Key Resources Sectors (CIKR) between federal agencies and departments, as well as private asset owner/operators of industrial control systems."

  • Global Security Compliance
    Rockwell Automation is also a Technical Member of the newly formed ISA Security Compliance Institute (ISCI). In the ISCI, industry leaders from a number of major control system users and manufacturers are investigating the feasibility of creating an organization to establish a set of well-engineered specifications and processes for the testing and certification of critical control systems products. The mission of the proposed organization is “to decrease the time, cost, and risk of developing, acquiring, and deploying control systems by establishing a collaborative industry-based program among asset owners, suppliers, and other stakeholders to:
    • Facilitate the independent testing and certification of control system products to a defined set of control system security standards;
    • Use existing control system security industry standards, where available, develop or facilitate development of interim standards where they don't already exist, and adopt new standards when they become available;
    • Accelerate the development of industry standards that can be used to certify that control systems products meet a common set of security requirements.
    The standards, tests, and conformance processes for control systems products will allow the products to be securely integrated. An ultimate goal is to push the conformance testing into the product development life cycle so that the products are intrinsically secure."
Have a security concern? E-mail us with your question or comments.

To address specific concerns, or to report issues you may have with Rockwell Automation products as employed in larger systems, you can contact us at secure@ra.rockwell.com.

Communicate securely with us using our PGP Public Key Block.
Learn more about Pretty Good Privacy (PGP) and Asymmetric Key Cryptography.

Tools
 

Related Products

Security Alerts

  • Zero-Day Vulnerability Claim against RA Software product - 20 November 2012

    On November 20, 2012 Rockwell Automation learned of a security researcher’s claim of isolating a new vulnerability in an unnamed Rockwell Automation software product. Details have not been shared with Rockwell Automation, including product, version, vulnerability or methodology. We have contacted the researcher and requested details relating to this purported discovery.

    Once we know more about the researcher's claim we will work to identify details about the researcher’s findings to validate them, identify affected product(s), determine potential scope of impact, and recommend ways that customers can mitigate associated risk. We share their concerns for potential risks from any security vulnerability that may impact their industrial control systems.

    Rockwell Automation’s product security incident response team regularly works closely with appropriate government agencies and reputable third parties. We take proactive and prudent measures to communicate and mitigate potential risks to the safe, secure and reliable operation of industrial control systems. We also maintain open and publicly available communications channels to accept information relating to potential security vulnerabilities that may affect Rockwell Automation products and systems.

    Independent of facts and details relating to these new claims, Rockwell Automation always recommends that customers remain vigilant. Specifically, we advise them to use proven defensive measures in control system design and operation to enhance their network security.

    To learn how to strengthen a network security program and mitigate risks to industrial control systems please see:

Security Advisories

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 8.1

mQGiBEiqv+IRBAD4IOVtn0sj1j/Rqfkz81hq3d0kmarubOvEip37YKR3IEMdyzcc
xZqDqzBAXRFqGetsC73juYTIIBbu+k4Sg9TI6iQZY2xCoduJRAZW0VdDHKF32PlP
IYFt1iarU4IXxB4MWzFQ7Osm9LI+b/WTfuLNGNYVQ9LxHXq45ztcvtTmUQCg/2aB
i2iI9c11HwYve/97aQiMYeMEAK+rpvfOXkbaIzSCIkIB7tuyZYAyRNvrjMpTW/Dq
farVhO1CDNprB0CxyCy60aq+WhqXrAYs0PHhuYwe6V9IpoDPfLw6mzPlHJPyBojy
/rnYhq0ZQxBNbrKVG0uViD+XiveIJxMVCDqsBXuQlHeKKBNYjZowGYtVZiX0EKwa
4q6FBADEYUjsTxsDnuq9LNKw9om++MrqxTbp2JF88UXyRUlpheervXHhRwujFHah
f13AIvaOwB2xblX4+v0em6DM+EcMkIR+U41UNTKDDOQcokMAv2sVy/XTTQnxnYtn
rhyN+6uV1Rm4AVxDELgpw9+uL6LmAK0W3F1W5xVRV/I+dYZ/ibQ/Um9ja3dlbGwg
QXV0b21hdGlvbiBTZWN1cml0eSBUYXNrZm9yY2UgPHNlY3VyZUByYS5yb2Nrd2Vs
bC5jb20+iQBdBBARAgAdBQJIqr/iBwsJCAcDAgoCGQEFGwMAAAAFHgEAAAAACgkQ
jPlW7Od6dm7/lwCfSA369hF2yGofHT54i5Qo8QE1+8UAoJydiJJqMFP5AVoVzpSh
iiynCsw3iQBGBBARAgAGBQJIqsAfAAoJEE4tZ6uikLB3Z/IAoPVxgVanAaukDFdn
2bmkSxyRVIbTAJ9h4UNOysZddsBXNs9ufNOh2CVs1rkCDQRIqr/iEAgA9kJXtwh/
CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4
DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/
Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUd
D3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGx
KUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkm
uquiXsNV6TILOwACAggApo5M2weDQOSRfAnN08GX3XmM1R+qiE8DNiylJA/q67oD
Vk+sPcicWSK3vjxZMPaw0yaZVk809ZqdI1mXhioSj+kfBnvY+2FUWmS7onxAIhZP
XKIGLSnY5JRV2OMSJG7whD3O5RmyetOP9MRszfqAdkGY7AeJQ3Dxn6vBMXHmT1C4
zxhV8QBELIFDgh4Wxi9cf9PFOEjGGvqbAiB6sP1F4uNGlH0DbFpC98zvmmG3HjeK
M0Dmj7DaHqjHqh6vclvQOze2GGTiMIXdD0diAfd3/6oFF2CDXQEKoKCGeeMdN/0F
Br85lzsVfcld9meGZjlUB7GzM2aZesPkh2jD/TR4xokATAQYEQIADAUCSKq/4gUb
DAAAAAAKCRCM+Vbs53p2bhMyAKDmNuGyawVRgzXYjzBJKJcgvscB7QCfREOG6cOg
XKXCn4GV0LDUwL/388c=
=izYb
-----END PGP PUBLIC KEY BLOCK-----