Rumsey Menu

Spectre and Meltdown – What to Do?

Datacomm/Networking
Automation & Controls
Cybersecurity
Tripwire

Spectre and Meltdown – What to Do?

As our manufacturing and control systems become more sophisticated, security has begun to take a position in the forefront of everyone’s mind.  At the start of 2018, this was no different. On January 3rd researches announced a new set of identified vulnerabilities that affect all modern-day microprocessors; these vulnerabilities are known as “Meltdown” and “Spectre.”

This vulnerability is not industry specific, nor Rockwell or PLC specific, but affects generations of processors and CPUs. Since hundreds of articles are already available on the details of how the vulnerability can be exploited; instead of detailing that, we wanted to provide you with some quick links on just what to do about it.

For those concerned, we would like to refer you to several articles and/or knowledge documents. 

Specific to Rockwell Automation Control Products this is Rockwell’s statement on the issue:

If you have already patched or are considering patching, you should know that potential impact to the performance of Industrial Control System Software has also been reported post patch. This too is larger than Rockwell but RA has detailed the anomalies experienced after patching in the following article:

  • Knowledge Base Article #1071234: “Microsoft Updates for Meltdown/Spectre Vulnerabilities Impact” – Anomalous Behavior after updates

Much is still unknown about the best remediation action and the RA Patch Qualification team is working expeditiously on their validation process for all security updates relative to these vulnerabilities. Given this, we anticipate these articles to be updated numerous times in the coming weeks. The easiest way to stay in tune with this and on top of it is to subscribe to updates for those specific articles.  Here is a link on just how to do that: Article #1068584

In addition, ICS-Cert, the government agency that works specifically on industrial control systems cyber emergency response has also released the following alert that provides details relevant to most major ICS system suppliers:

Finally, protecting your manufacturing systems starts with having a security strategy and taking the initial steps of implementation. You may have often hear me say– “some action today is better than no action,” and I continue to stand by that. Please let the team at Rumsey know if we can be of any assistance with defining a strategy for your facility and those first few steps. We have teamed with industry leading Cybersecurity solution providers like Tripwire, Cisco and Rockwell to ensure we have the solutions and expertise to help you build your defense-in-depth strategy.

Additional References:

All information provided is for informational purposes only.

Published January 18, 2018
Julia Sontogatta, Director of Networking, Automation, & Information Solutions
Julia Santogatta is the Director of Networking, Automation, & Information Solutions at Rumsey. She has spent 15+ years working with customers in industrial manufacturing, system integration and machine building. Prior to joining Rumsey she spent 10 years with Rockwell Automation and five years with the Belden cable and networking brands – Belden, Hirschmann, Tofino and GarrettCom.