According to The Wall Street Journal, the U.S. government is looking into whether Rockwell Automation (NYSE:ROK) is exposing critical U.S. infrastructure, military, and other government assets to a potentially serious cyberattack.
The WSJ report states, citing U.S. officials and documents it has seen, that the Biden administration is looking into the potential vulnerability through one of Rockwell's China-based facilities.
The investigation is said to be focused on employees based at the company's facility in Dalian, China, with the probe, according to documents, including various officials, including the Energy Department and Defense Department inspectors general, as well as the Justice Department's Commercial Litigation Branch.
In addition, investigators are assessing potential vulnerabilities that could allow access from China to critical U.S. government and industrial infrastructure and computer systems, according to a memorandum of investigative activity, which is dated January 24 and details testimony from a whistleblower interviewed by government investigators, the WSJ stated.
A Rockwell spokeswoman told the WSJ that the company hasn't been notified of any investigation related to its work in Dalian.
The investigation is said to be in the early stages and could result in no action against Rockwell, which is down over 1% following the report on Wednesday.
In a statement Wednesday, a Rockwell spokesperson told Street Insider that the "security of our products is our top priority, and we have strong practices and protocols to protect the integrity of the Company’s software development."
"There has been no report or other indication that these practices and protocols have been breached or that any of our products have been intentionally compromised," they added. "We have not been notified by any U.S. agency of any investigation regarding the Company’s work in China."
The company spokesperson continued that they would fully cooperate should they receive a notification. "Following the Journal inquiry, we proactively reached out to government officials and offered to provide information or answer any questions they may have," they stated.
"Our software development work in China is limited and largely focused on sustaining a small number of mature products that have been in the market for a long time and have undergone multiple years of development and testing. Development for the embedded software in our controllers (PLCs) is not done in China, and all penetration testing for our software is done in the United States."
Rockwell does not expect the matter to have a material impact on its business.