Truth, Inspiration, Hope.

Rockwell Automation Rumored To Be Under Investigation For NatSec Breaches at Dalian Facility

WSJ claims documents it viewed show a whistleblower alleging that "Rockwell does its code development, support and patching—updating software to fix vulnerabilities—using only Chinese nationals at the facility in Dalian."
Neil Campbell
Neil lives in Canada and writes about society and politics.
Published: May 16, 2023
Rockwell Automation faces a national security probe from Washington on its Dalian, China facility.
A file photo of the Rockwell Automation Chevrolet NASCAR car during a race in June of 2007. Rockwell Automation, which supplies cybersecurity and software services for the U.S. power grid, federal government, Navy, and Coast Guard, among others, is allegedly under investigation by Washington for potential national security breaches arising from its Dalian, China software facility. (Image: Jerry Markland/Getty Images for NASCAR)

Washington is rumored to be investigating a Milwaukee-based cybersecurity and software company providing services used in America’s power grid, the U.S. Navy, and Coast Guard for a potential security breach involving “access to software codes” by employees at a facility in Dalian, China.

The May 10 article by The Wall Street Journal alleges that “according to U.S. officials and documents reviewed” Rockwell Automation is the subject of a federal investigation “focused on employees based at the company’s facility in Dalian, China, who might have access to software codes that connect with those computer systems.”

WSJ states documents it viewed involve “the inspectors general at the Energy Department and the Defense Department as well as the Justice Department’s Commercial Litigation Branch.”


Specifically, the Journal cites a Memorandum of Investigative Activity dated as far back as Jan. 24 that “details testimony from a whistleblower interviewed by government investigators from the three agencies” surrounding “potential vulnerabilities that might allow access from China to critical U.S. government and industrial infrastructure and computer systems.”

Exact details are very sparsely provided in the article. However, the Journal summarizes the Memorandum as citing the undefined whistleblower as alleging that “Rockwell does its code development, support and patching—updating software to fix vulnerabilities—using only Chinese nationals at the facility in Dalian.”

The outlet was careful to caveat that neither the anonymous officials it spoke with nor the documents viewed “suggest that Rockwell has any current vulnerabilities in its products’ software codes.”

A spokesperson for Rockwell was paraphrased as stating “the company hasn’t been notified of any investigation related to the company’s work in Dalian but would fully cooperate if it receives such a notification.”

Declining to comment was the Energy Department and its Office of Inspector General, while the Commercial Litigation Branch of the Justice Department and the Pentagon’s Office of Inspector General simply did not respond to requests for comment, WSJ stated.

Rockwell’s position in the mainland is not new, dating back to the era of the notorious and now-deceased former Communist Party Chairman Jiang Zemin.

On July 9, 2014, the company celebrated the 20th anniversary of its “software research and development campus in Dalian,” according to a company press release.

In the missive, former CEO and Chairman Keith Nosbusch invoked the Internet of Things and its role in China’s industrial and manufacturing sector. In the process, Nosbusch hinted at the extent to which his company’s software may reach when he stated, “Manufacturers now need to connect smart devices, machines and processes across the whole plant floor, tightly bridge their manufacturing facilities to the rest of the enterprise, and link the entire supply chain.”

“This will require moving from simply automating labor to leveraging information; changing pockets of expertise to global collaboration; and mitigating risk by transitioning systems from open to open-and-secure. We call this vision – The Connected Enterprise,” Nosbusch added.

In coverage on the alleged investigation, USA Today clone Milwaukee Journal Sentinel (MJS) quoted a Rockwell spokesperson as stating it does not expect the investigation to “have a material impact on our business.”

The representative added, “There has been no report or other indication that these practices and protocols have been breached or that any of our products have been intentionally compromised” while pointing to an “insider risk program” Rockwell employs.

MJS summarized the program as “to monitor the movement of sensitive information and identify unauthorized downloads and other violations of its processes, and also partners in a vulnerability disclosure program with the U.S. Department of Homeland Security and other agencies.”

Rockwell stock was primarily unaffected by the news, declining from $278 to $267 the day of the WSJ article before clawing back the majority of its losses, closing on Monday, May 15 at $274.14.

Despite the severity of the implications in the Journal’s exclusive, the story was very sparsely covered in network media. The only major reports were a 188-word rehash issued by the Reuters wire service and an opinion article published by Bloomberg.

Bloomberg columnist Brooke Sutherland penned a piece titled Rockwell Investigation Would Show US Paranoia on China that served as something of a truther informative waxing around the existence of Rockwell’s Dalian facility itself.

Sutherland opened with the thesis: “If a 29-year-old software development facility in China can come under US government scrutiny, the American manufacturing complex is more vulnerable to rising geopolitical tensions than previously thought.”

Citing the very modest decline in Rockwell stock price, which had previously traded inside of a 9.38 percent consolidation range over the 57 days prior to the story, Sutherland regretted, “It’s not helpful that the mere existence of this facility appears to have caught investors and analysts who follow the company closely by surprise.”

Bloomberg paraphrased Rockwell as clarifying, “The company doesn’t use Chinese facilities to develop software embedded in its devices that control the operations of a machine or processes, and it conducts all vulnerability testing in the US. Development for products that are designed for remote access isn’t done in China, and none of the products worked on are cloud-based.”