Connect with us

Hi, what are you looking for?



US Probing Cybersecurity Risks of Rockwell Automation’s China Operations: Report

US government investigating whether the Chinese operations of industrial giant Rockwell Automation pose a cybersecurity risk to critical infrastructure.

Rockwell Automation cybersecurity

Several departments of the US government are involved in an investigation focusing on the potential cybersecurity risks posed by the Chinese operations of American industrial giant Rockwell Automation, according to The Wall Street Journal.

Information obtained by the publication from documents and officials showed that the focus of the investigation is Rockwell’s facility in Dalian, China, where employees might have access to information that could be used to compromise the systems of the company’s customers. 

China could see Rockwell Automation as a valuable hacking target considering that the company’s products are widely used in critical infrastructure, government, military, and energy sectors in the United States. 

The Journal reported that investigators from the Defense Department, Energy Department, and Justice Department are looking into potential vulnerabilities that could allow China to access systems in the US. 

The investigation is in early stages and Rockwell told WSJ that it has not been made aware of the probe. The industrial giant says it’s willing to fully cooperate in case it’s notified of a probe.

A memorandum related to the investigation cites a whistleblower claiming that employees working at the Chinese facility are responsible for developing code, offering support, and creating patches for vulnerabilities found in Rockwell products.

There has been some concern that those employees could find security holes in Rockwell software and use them in zero-day attacks aimed at systems in the US. The information obtained by WSJ made no mention of any particular vulnerabilities. 

Advertisement. Scroll to continue reading.

The memorandum also references discussions between Rockwell Automation and energy company Dominion Energy over contract renewals. Discussions reportedly stalled when the energy firm asked for provisions related to data breach reporting, third-party security assessments, and restrictions on services from countries such as China. 

Rockwell reportedly told Dominion at the time that all code written in China is checked for vulnerabilities by US employees. 

An analysis conducted by SecurityWeek shows that CISA has published and updated over a dozen security advisories describing Rockwell Automation vulnerabilities in the past year. CISA’s advisories inform organizations about more than 30 vulnerabilities affecting Rockwell products, including many flaws that have a ‘critical’ or ‘high’ severity rating. 

Researchers have warned in recent years that the exploitation of some vulnerabilities found in Rockwell Automation products could have serious consequences

Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 23-26, 2023 | Atlanta

Related: New Vulnerabilities Allow Stuxnet-Style Attacks Against Rockwell PLCs

Related: Several DoS, Code Execution Vulnerabilities Found in Rockwell Automation Controllers

Related: Flaws in Rockwell Automation Product Expose Engineering Workstations to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Risk Management

In this virtual summit, SecurityWeek brings together expert defenders to share best practices around reducing attack surfaces in modern computing.