IMPORTANT NOTICE: Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet to Protect from Cyber Threats

IMPORTANT NOTICE: Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet to Protect from Cyber Threats

Due to heightened world tensions and negative cyber activity, Rockwell Automation suggests customers take IMMEDIATE action. Customers should check if they have devices facing the public internet. If so, remove that connectivity for devices not designed for public internet connectivity.

Rockwell Automation has guidance for all devices not specifically designed for public internet connectivity. Users should never configure their devices to be directly connected to the public-facing internet. Removing that connectivity as a proactive step reduces the attack surface. This can immediately reduce exposure to unauthorized and malicious cyber activity from external threat actors.

Rockwell Automation and CISA (Cybersecurity and Infrastructure Security Agency) provide more information on attacks on public-internet-exposed assets. This includes information on how to identify exposed assets and disconnect them from the public internet.

• Rockwell Automation | Advisory on web search tools that identify ICS devices and systems connected to the Internet [login required]
• CISA | NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems
• CISA | How-to Guide: Stuff Off Shodan
• Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity

Rockwell Automation suggests customers follow the security best practices if disconnection is not possible: Rockwell Automation | Security Best Practices [login required].

Customers should be aware of the following related CVE’s and ensure mitigations are in place.