Product Security Incident Response Framework
Cybersecurity in Industrial Control Systems
The Rockwell Automation Incident Response Framework is comprised of the following phases:
- Assessment & Containment
- Remediation, Incident Post-mortem and Improvement Plan
This process supports customers and partners in instances where they may be potentially affected by a cybersecurity incident or breach.
When product security vulnerabilities are reported, we have a cybersecurity incident response process to investigate, determine appropriate mitigations and communicate timely information with our customers. We also actively work with research communities to identify and resolve vulnerabilities. We work with national response organizations, such as ICS-CERT, to communicate and notify the broader community.
Notification: The affected party should contact the Rockwell Automation Product Security Incident Response Team (RA PSIRT) via email at firstname.lastname@example.org.
Assessment & Containment: The Incident Response Coordination Call serves to assess and assign the priority of response, which aids in determining the relevant response actions.
Remediation, Incident Post-mortem and Improvement Plan: Until the incident is remediated, RA PSIRT will coordinate additional calls with the affected party and regional persons of contact (POCs) every six to 24 hours for status updates.