If a security event occurs, it’s critical you’re prepared to respond immediately to address the threat, which can limit damage and help speed recovery. Building on the expertise of our industrial security services team in networks and security, we will help you develop an action plan that uses proven methods to contain the incident and minimize damage. We are here to help support you throughout such a response.
What is OT Cybersecurity Incident Response?
Join Rockwell Automation and Dragos for a three-part webinar series where we will give you a clear roadmap to a comprehensive security program for your organization. You will hear directly from industry-leading cybersecurity experts who have first-hand experience with remote access, threat hunting, incident response, and more.
Industrial Cybersecurity Incident Response Services
Before, during and after an event
Your top priority, after a security-related downtime event, is to get production back up and running as quickly as possible. Our back-up and recovery services keep near real-time records of your production and application data, allowing you to recover quickly and return to production. Following system recovery, our industrial security services team also investigates the incident to help identify root causes and strengthen your resilience.
Product Security Incident Response Framework
Cybersecurity in Industrial Control Systems
The Rockwell Automation Incident Response Framework is comprised of the following phases:
- Notification
- Assessment & Containment
- Remediation, Incident Post-mortem and Improvement Plan
This process supports customers and partners in instances where they may be potentially affected by a cybersecurity incident or breach.
When product security vulnerabilities are reported, we have a cybersecurity incident response process to investigate, determine appropriate mitigations and communicate timely information with our customers. We also actively work with research communities to identify and resolve vulnerabilities. We work with national response organizations, such as ICS-CERT, to communicate and notify the broader community.
Notification: The affected party should contact the Rockwell Automation Product Security Incident Response Team (RA PSIRT) via email at secure@ra.rockwell.com.
Assessment & Containment: The Incident Response Coordination Call serves to assess and assign the priority of response, which aids in determining the relevant response actions.
Remediation, Incident Post-mortem and Improvement Plan: Until the incident is remediated, RA PSIRT will coordinate additional calls with the affected party and regional persons of contact (POCs) every six to 24 hours for status updates.
The Unsung Heroes of Industrial Security: Researchers
It’s Vital that the Good People Discover Vulnerabilities First
That is why we’re grateful for the work done by the largely unheralded heroes of cybersecurity – researchers.
These people work diligently to uncover industrial security vulnerabilities. When they do so before the bad people and alert companies like ours, so we can fix them, they help prevent what could be major security incidents.
At Rockwell Automation, we embrace researchers. We actively work with them as part of our standards-aligned vulnerability handling and coordinated disclosure process. Outside researchers test industrial control products the same way that an adversary does: they look for flaws in systems and communications protocols and try to work their way in.
If a researcher finds a vulnerability in our products, they notify our Product Security Incident Response Team (PSIRT).