Rockwell Automation – The Unsung Heroes of Industrial Security: Researchers

PB 25 Rockwell newlogo 400

September 18, 2019

By Megan Samford

When a vulnerability exists in an industrial control system, it’s vital that the good guys discover it first.

That’s why we’re grateful for the work done by the largely unheralded heroes of cybersecurity – researchers.

These folks work diligently to uncover industrial security vulnerabilities. When they do so before the bad guys and alert companies like ours, so we can fix them, they help prevent what could be major security incidents.

At Rockwell Automation, we embrace researchers. We actively work with them as part of our standards-aligned vulnerability handling and coordinated disclosure process. And we make a point to give credit where credit is due by showing them our appreciation.

Testing the System

Outside researchers test industrial control products the same way an adversary does: they look for flaws in systems and communications protocols and try to work their way in.

If a researcher finds a vulnerability in our products, they can notify our Product Security Incident Response Team (PSIRT). We’ll then work with them to identify and resolve a validated vulnerability.

When we disclose the finding in a security advisory, we recognize the researcher who found it as a sign of our thanks. We also send the researcher a personal communication to reiterate our appreciation. It’s a simple token of thanks – but for us an important one. And often, the gratitude goes both ways.

For example, Jacob Baines, a principal research engineer with Tenable, Inc., recently worked with us on a security disclosure. He relayed the following:

“Rockwell Automation PSIRT is one of the most professional security groups I’ve disclosed vulnerabilities to. In my experience, Rockwell Automation responds quickly to disclosure-related emails, and they’ve always taken timelines very seriously, to help ensure the ecosystem is secure.

“Furthermore, whether it be the developer’s progress or planned publication dates, Rockwell Automation does a great job of sharing information. This is key to effective coordinated disclosure. They even share their advisory text in advance. In my mind, the Rockwell Automation PSIRT is a great example of how vendors should work with researchers on coordinated disclosures.”

Making Proactive Security a Priority

Getting ahead of threats is central to what we do in our industrial security work at Rockwell Automation. Working with outside researchers is one way we do that. We also have our own researchers who aggressively test our products to look for flaws. And we take other steps to be proactive.

For example, our Allen-Bradley ControlLogix 5580 controller is the world’s first controller to be certified compliant with IEC 62443-4-2, today’s most robust control system security standard. We also certified our Rockwell Automation Security Development Lifecycle (SDL) to the IEC 62443-4-1 standard.

For us, industrial security isn’t just about securing our products and services. It’s about helping the companies we work with protect their people, productivity and intellectual property.

You can learn more about our industrial security strategy, services and solutions here.

Source

Related Articles


Changing Scene

  • FANUC Canada Celebrates Grand Opening of New Headquarters

    FANUC Canada Celebrates Grand Opening of New Headquarters

    In a grand opening and ribbon cutting ceremony, FANUC recently unveiled its new Canadian Headquarters in Mississauga, Ontario to industry partners, customers and media. The new facility, which will serve as a hub for cutting-edge robotics technology, hosted more than 250 attendees in a celebration that included remarks from company leadership and advanced technology demonstrations. This milestone… Read More…

  • Hammond Manufacturing Welcomes John Eberhart as Territory Sales Manager for Northern, USA

    Hammond Manufacturing Welcomes John Eberhart as Territory Sales Manager for Northern, USA

    Hammond Manufacturing is pleased to announce the appointment of John Eberhart as the Territory Sales Manager for the Northern Midwest region of the United States in their Rack Mounting Solutions division. John’s extensive industry experience will be instrumental in the expansion of Hammond’s market presence and the promotion of business within his territory. John Eberhart… Read More…


Sponsored Content
The Easy Way to the Industrial IoT

The way to the Industrial IoT does not have to be complicated. Whether access to valuable data is required or new, data-driven services are to be generated, Weidmuller enables its customers to go from data to value the easy way. Weidmuller’s comprehensive and cutting-edge IIoT portfolio applies to greenfield and brownfield applications. Weidmuller offers components and solutions from data acquisition, data pre-processing, data communication and data analysis.

Visit Weidmuller’s Industrial IoT Portfolio.


ADVANCED Motion Controls Takes Servo Drives to New Heights (and Depths) with FlexPro Extended Environment Product Line

Advanced Motion Controls is proud to announce the addition of six new CANopen servo drives with Extended Environment capabilities to their FlexPro line. These new drives join AMC’s existing EtherCAT Extended Environment FlexPro drives, making the FlexPro line the go-to solution for motion control applications in harsh environments.

Many motion control applications take place in conditions that are less than ideal, such as extreme temperatures, high and low pressures, shocks and vibrations, and contamination. Electronics, including servo drives, can malfunction or sustain permanent damage in these conditions.

Read More


Service Wire Co. Announces New Titles for Key Executives

Bruce Kesler and Mark Gatewood have been given new titles and responsibilities for Service Wire Co.

Bruce Kesler has assumed the role of Senior Director – Business Development. Bruce will be responsible for Service Wire’s largest strategic accounts and our growing Strategic Accounts Team.

Mark Gatewood has been promoted to the role of Vice President – Sales & Marketing. In this role, Gatewood will lead the efforts of Service Wire Company’s entire sales and marketing organization in all market verticals.

Read More


Tri-Mach Announces the Purchase of an Additional 45,000 sq ft. Facility

Tri-Mach Elmira Facility

Recently, Tri-Mach Inc. was thrilled to announce the addition of a new 45,000 sq ft. facility. Located at 285 Union St., Elmira, ON, this facility expands Tri-Mach’s capabilities, allowing them to better serve the growing needs of their customers.

Positioning for growth, this additional facility will allow Tri-Mach to continue taking on large-scale projects, enhance product performance testing, and provide equipment storage for their customers. The building will also be the new home to their Skilled Trades Centre of Excellence.

Read More


JMP Parent Company, CONVERGIX Acquires AGR Automation, Expanding Global Reach

Convergix Automation Solutions has completed the acquisition of AGR Automation (“AGR”), a UK-based provider of custom, high-performance automation design and systems integration primarily to the life sciences industry.

Following Convergix’s acquisitions of JMP Solutions in August 2021 and Classic Design in February 2022, AGR marks the third investment in Crestview’s strategy to build Convergix into a diversified automation solutions provider targeting the global $500+ billion market, with a particular focus on the $70 billion global systems integration and connectivity segments. Financial terms of the transaction were not disclosed.

Read More


Latest Articles

  • Understanding Industrial Relay Contact Configurations: NO, NC, SPDT, and DPDT

    Understanding Industrial Relay Contact Configurations: NO, NC, SPDT, and DPDT

    Relays serve as the backbone of industrial control systems, enabling the control of high-power circuits using low-power signals. Understanding different relay contact configurations is crucial for designing effective control systems. This article will explore the various types of relay contacts and their applications in industrial automation. Read More…

  • Implementing Functional Safety Requirements

    Implementing Functional Safety Requirements

    The Safety Functional Requirements Specification (SFRS; sometimes referred to as SRS or Safety Requirements Specification) is the plan for the safety controls on a machine and is the second step of the safety lifecycle. The SFRS document serves as a framework for the safety control system design, is informed by prior work done in the… Read More…