Securing Industrial Automation Devices – Key Recommendations from Rockwell Automation
Cybersecurity in industrial networks is a critical component of the operational reliability of automated manufacturing. Rockwell Automation regularly publishes security advisories and recommendations that reflect current cyber threats and define best practices for protecting control systems.
This article responds to the latest published security advisory – Security Advisory No. SD1771, the full text of which is available here: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1771.html .
Note: Links in this article point to technical documentation from Rockwell Automation, which is accessible to logged-in users only. To follow the links, please sign in with your user account at https://www.rockwellautomation.com/.
Rockwell Automation Recommendations (SD1771)
Do Not Expose OT Network Devices to the Public Internet
OT devices such as PLCs, HMI panels, or control servers should not be exposed to the public internet, as they are not designed to withstand direct confrontation with external threats. Internet accessibility of such devices can lead to unauthorized interference with process control, modification of production processes, production downtime, equipment damage, or in extreme cases even endangerment of operator safety.
Access to these devices should be implemented through controlled and secured layers.
Network Segmentation, Firewalls, IDMZ
For industrial network architecture, the following is recommended:
- Segmentation into zones (ISA/IEC 62443)
- Separation of IT and OT
- Controlled communication between zones
- Use of industrial firewalls
- Deployment of IDMZ (Industrial Demilitarized Zones)
Guidelines and recommended practices for industrial network architecture can be found in the following documents:
Defense-in-Depth Strategy (Layered Protection)
The use of multiple security layers simultaneously is recommended, such as segmentation + access control + monitoring. More about the Defense-in-Depth strategy can be found in the document:
Communication Security – CIP Security
To protect communication between devices in an industrial network, it is recommended to use CIP Security technology, which extends the EtherNet/IP standard with security mechanisms.
CIP Security enables:
- Device authentication
- Communication encryption
- Trust management between individual nodes
More about CIP Security technology can be found here:
Access Control and Security Features
In addition to securing communication, it is also critical to control who can access the system and in what manner. Rockwell Automation recommends using identity and access management tools in combination with native controller functions.
- FactoryTalk Security
- Role-based access control (RBAC)
- Controller configuration and program protection
A detailed description of the FactoryTalk Security system is available here:
Specific Recommendations for Individual Control Systems
Security Advisory SD1771 supplements general recommendations with links to documentation for specific controller product lines, where available security features and their configuration are described.
Logix (ControlLogix / CompactLogix)
For the Logix platform, references are made to specific security documentation for configuring control systems and the Studio 5000 environment.
Key areas:
- Controller security configuration
- Access rights management (FactoryTalk Security)
- Logic protection (source protection)
- Controller access security
- Logix 5000 Controllers Security Programming Manual (1756-PM016)
- Logix 5000 Controllers General Instructions Reference Manual (1756-RM018)
Micro800 (Micro820 / Micro850 / Micro870)
For the Micro800 controller series, security features are described directly in the user manuals and their correct configuration is essential for risk mitigation.
Recommendations include:
- Proper communication configuration
- Access restriction
- Utilization of available security features
Additional General Resources from Rockwell Automation
