Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

US Probing Cybersecurity Risks of Rockwell Automation’s China Operations: Report

US government investigating whether the Chinese operations of industrial giant Rockwell Automation pose a cybersecurity risk to critical infrastructure.

Rockwell Automation vulnerabilities

Several departments of the US government are involved in an investigation focusing on the potential cybersecurity risks posed by the Chinese operations of American industrial giant Rockwell Automation, according to The Wall Street Journal.

Information obtained by the publication from documents and officials showed that the focus of the investigation is Rockwell’s facility in Dalian, China, where employees might have access to information that could be used to compromise the systems of the company’s customers. 

China could see Rockwell Automation as a valuable hacking target considering that the company’s products are widely used in critical infrastructure, government, military, and energy sectors in the United States. 

The Journal reported that investigators from the Defense Department, Energy Department, and Justice Department are looking into potential vulnerabilities that could allow China to access systems in the US. 

The investigation is in early stages and Rockwell told WSJ that it has not been made aware of the probe. The industrial giant says it’s willing to fully cooperate in case it’s notified of a probe.

A memorandum related to the investigation cites a whistleblower claiming that employees working at the Chinese facility are responsible for developing code, offering support, and creating patches for vulnerabilities found in Rockwell products.

Advertisement. Scroll to continue reading.

There has been some concern that those employees could find security holes in Rockwell software and use them in zero-day attacks aimed at systems in the US. The information obtained by WSJ made no mention of any particular vulnerabilities. 

The memorandum also references discussions between Rockwell Automation and energy company Dominion Energy over contract renewals. Discussions reportedly stalled when the energy firm asked for provisions related to data breach reporting, third-party security assessments, and restrictions on services from countries such as China. 

Rockwell reportedly told Dominion at the time that all code written in China is checked for vulnerabilities by US employees. 

An analysis conducted by SecurityWeek shows that CISA has published and updated over a dozen security advisories describing Rockwell Automation vulnerabilities in the past year. CISA’s advisories inform organizations about more than 30 vulnerabilities affecting Rockwell products, including many flaws that have a ‘critical’ or ‘high’ severity rating. 

Researchers have warned in recent years that the exploitation of some vulnerabilities found in Rockwell Automation products could have serious consequences

Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 23-26, 2023 | Atlanta
www.icscybersecurityconference.com

Related: New Vulnerabilities Allow Stuxnet-Style Attacks Against Rockwell PLCs

Related: Several DoS, Code Execution Vulnerabilities Found in Rockwell Automation Controllers

Related: Flaws in Rockwell Automation Product Expose Engineering Workstations to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.