Several departments of the US government are involved in an investigation focusing on the potential cybersecurity risks posed by the Chinese operations of American industrial giant Rockwell Automation, according to The Wall Street Journal.
Information obtained by the publication from documents and officials showed that the focus of the investigation is Rockwell’s facility in Dalian, China, where employees might have access to information that could be used to compromise the systems of the company’s customers.
China could see Rockwell Automation as a valuable hacking target considering that the company’s products are widely used in critical infrastructure, government, military, and energy sectors in the United States.
The Journal reported that investigators from the Defense Department, Energy Department, and Justice Department are looking into potential vulnerabilities that could allow China to access systems in the US.
The investigation is in early stages and Rockwell told WSJ that it has not been made aware of the probe. The industrial giant says it’s willing to fully cooperate in case it’s notified of a probe.
A memorandum related to the investigation cites a whistleblower claiming that employees working at the Chinese facility are responsible for developing code, offering support, and creating patches for vulnerabilities found in Rockwell products.
There has been some concern that those employees could find security holes in Rockwell software and use them in zero-day attacks aimed at systems in the US. The information obtained by WSJ made no mention of any particular vulnerabilities.
The memorandum also references discussions between Rockwell Automation and energy company Dominion Energy over contract renewals. Discussions reportedly stalled when the energy firm asked for provisions related to data breach reporting, third-party security assessments, and restrictions on services from countries such as China.
Rockwell reportedly told Dominion at the time that all code written in China is checked for vulnerabilities by US employees.
An analysis conducted by SecurityWeek shows that CISA has published and updated over a dozen security advisories describing Rockwell Automation vulnerabilities in the past year. CISA’s advisories inform organizations about more than 30 vulnerabilities affecting Rockwell products, including many flaws that have a ‘critical’ or ‘high’ severity rating.
Researchers have warned in recent years that the exploitation of some vulnerabilities found in Rockwell Automation products could have serious consequences.
Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
October 23-26, 2023 | Atlanta
Related: New Vulnerabilities Allow Stuxnet-Style Attacks Against Rockwell PLCs
Related: Several DoS, Code Execution Vulnerabilities Found in Rockwell Automation Controllers
Related: Flaws in Rockwell Automation Product Expose Engineering Workstations to Attacks