Unfortunately, the threat is real. Attacks on control systems have increased dramatically in recent years. It’s not just the infrastructure risk of attack from nation-states. Today’s threats include hacktivists, cyber criminals, and disgruntled employees.
A comprehensive cybersecurity strategy includes cybersecurity hygiene — asset inventory to understand what you have, controlling physical and digital access, segmentation, system configuration and other actions. It also includes adoption of NIST CSF to identify, protect, detect, respond and recover from cyber-attacks.
It also requires that ICS providers, like Rockwell Automation, constantly test products and review applications to identify and remediate vulnerabilities in products. Disclosing remediated vulnerabilities through patch and version management helps protect ICS users from cyber-attacks.
It is part of an ethical, comprehensive cybersecurity strategy to help verify our customers’ security and safety. While not actually new, the increased focus on security in recent years, and the more frequent disclosures may seem surprising to some.
To others that have worked closely with IT, it will seem natural and expected. To all, it should be welcomed as a clear focus on supporting the safety and security of industrial control systems.
For more information on security, please check out the following resources:
- Product Security Vulnerabilities FAQ (PDF)
- Converged Plantwide Ethernet (CPwE) Design and Implementation Guide (PDF)
If Assistance is Needed
Rockwell Automation and our partners provide scalable, tiered level assistance services based on the stage of the user in the cybersecurity risk management implementation. Use the following list of resources when your customer is requiring assistance: