Rockwell Automation, an American industrial control systems (ICS) specialist, is advising users worldwide to disconnect their equipment from the public internet due to increasing threats from threat actors targeting its hardware through known vulnerabilities. This warning is supported by an alert from the US Cybersecurity and Infrastructure Security Agency (CISA). Rockwell is urging customers to assess whether their devices are connected to the public internet and to remove that connectivity if they are not specifically designed for it. By taking this proactive step, users can reduce the risk of unauthorized cyber activity. Rockwell is also emphasizing the importance of addressing seven known vulnerabilities in various products. Ken Dunham, director of cyber threat at Qualys Threat Research Unit (TRU), highlighted the significance of this warning for critical infrastructure, which is often targeted by adversaries. Forescout research vice president Elisa Costante stressed the need for comprehensive risk assessments and network-centric defense strategies to mitigate threats to operational technology and secure all devices. This warning coincides with the growing concerns over state-backed espionage operations and the use of operational relay box (ORB) networks by Chinese threat actors. ORB networks pose challenges for defenders due to their constantly changing nature.
Rockwell emphasizes the importance of disconnecting ICS equipment
