Rockwell Automation, a leading industrial control systems (ICS) giant, has recently issued a warning to its customers urging them to disconnect their equipment from the Internet due to escalating geopolitical tensions and cyber threats worldwide. This move underscores the growing cybersecurity risks to critical infrastructure and the complex challenges that security teams in this sector are facing.
The US Cybersecurity and Infrastructure Security Agency (CISA) has been raising concerns about the heightened threats affecting various sectors such as water supply organizations, power plants, manufacturing, telecom carriers, military footprints, and more. These attacks are largely orchestrated by advanced persistent threats (APTs) associated with China, Russia, and Iran. Given the volatile environment due to elections and geopolitical tensions, CISA has emphasized the need for increased vigilance among facility teams.
Gary Southwell, the general manager at ARIA Cybersecurity, highlighted that nation-states are targeting critical infrastructure for political and economic motives. Russian-backed attackers are focusing on allies of Ukraine, while China is strategically embedding itself in critical infrastructure to leverage political influence rather than just stealing intellectual property. These cyber threats pose serious risks by attempting to compromise systems and gain control to cause disruptions.
Moreover, the prevalence of security vulnerabilities in online-exposed ICS gear further amplifies the risk of compromise. These vulnerabilities, such as CVE-2021-22681, CVE-2022-1159, CVE-2023-3595, and others, can lead to devastating cyberattacks like denial-of-service (DoS) attacks, privilege escalation, unauthorized access to control systems, and even destructive Stuxnet-style attacks, which can permanently disrupt operations.
In response to these threats, Rockwell Automation advised disconnecting ICS devices from the Internet to reduce exposure to cyber threats. However, many ICS devices were not originally designed for public Internet connectivity, yet they are still exposed online due to legacy installations. This raises questions about the configuration and security practices of these devices, especially when they lack proper expertise for patching vulnerabilities and securing the systems.
The disconnect between IT security staff and ICS asset managers further complicates the security landscape. Organizations often lack coordination in setting up and managing OT devices, contributing to unintended Internet-facing connections. Additionally, the lack of asset management and security controls leaves these devices vulnerable to attacks due to weak authentication practices and ineffective security measures.
To address these challenges and enhance ICS security practices, experts emphasize the importance of disconnecting devices from the Internet and implementing proactive security measures. Establishing strict access controls, limiting online exposure, and applying IT-based asset management practices are recommended steps to secure ICS environments. However, the slow adoption of comprehensive security practices specific to IoT/OT/ICS systems poses a significant risk of disruptive cyberattacks on critical infrastructure.
In conclusion, the urgency to strengthen cybersecurity defenses in critical infrastructure cannot be overstated. With the growing sophistication of cyber threats and the prevalence of vulnerabilities in ICS gear, organizations must prioritize security measures to mitigate risks and safeguard critical systems from potential attacks. Failure to address these vulnerabilities and adopt robust security practices could lead to catastrophic consequences for critical infrastructure.