Monday, October 2, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • DEF CON 31 - Andrew Brandt’s ‘War Stories - You’re Not George Clooney, And This Isn’t Oceans 11’
  • Choosing the Right Cybersecurity Awareness Training Solution: Your Ultimate Checklist
  • Google Chrome Heap Buffer Overflow Vulnerability (CVE-2023-5217) Notification
  • Avoid libwebp Electron Woes On macOS With positron
  • A Closer Look at the Snatch Data Ransom Group
Security Bloggers Network 

Home » Security Bloggers Network » USB Threats to Cybersecurity of Industrial Facilities

SBN

USB Threats to Cybersecurity of Industrial Facilities

by Anastasios Arampatzis on December 5, 2018

Industrial facilities cybersecurity is very critical for the national security of every state and comes once more into focus following the recent Honeywell’s Industrial USB Threat Report.

AWS Builder Community Hub

With increasing pressure to limit network access to industrial control systems, industrial plant dependence upon USB removable media to transfer information, files, patches and updates has been greater than ever. At the same time, past research into USB threats has shown that portable USB drives are one of the top threat vectors impacting industrial control systems. USB represents an even greater threat than spreading malware: a USB device can be used to attack systems directly, using the USB interface as a powerful attack vector. Ever since the Stuxnet attack used a USB flash drive to obliterate any semblance of an air gap in an Iranian nuclear facility, industry has been well aware of the vulnerability that USB devices can introduce to their operations.

When we consider threats to industrial systems, specifically crafted malware, such as the Industroyer strain which cut off the power to the city of Kiev in Ukraine for an hour, often comes to mind. Many of the operating systems, controls and equipment used to power industrial facilities have legacy components which were never designed for over-the-air (OTA) updates or cybersecurity at all and due to memory, size, and hardware limitations may not be suitable for direct protection. A way to mitigate these risks is to implement strong perimeter defense, but if a USB key is directly connected to an industrial system, these protections can easily be circumvented.

In 2017, Honeywell introduced its Secure Media Exchange technology that is designed to manage USB security by giving users a place to plug in and check devices for approved use. Through this capability, Honeywell has been able to gather the data derived from (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Anastasios Arampatzis. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/usb-threats-cybersecurity-industrial/

December 5, 2018December 5, 2018 Anastasios Arampatzis ICS Security, Mirai, triton, USB, WannaCry
  • ← DerbyCon 2018, Adam Mathis’ ‘Comparing Apples To Apple’
  • What Cyberstalking Is and How to Prevent It →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Tue 03

Way Too Vulnerable: Uncovering the State of the Identity Attack Surface

October 3 @ 11:00 am - 12:00 pm
Wed 11

ASPM: Leveling the AppSec Playing Field

October 11 @ 1:00 pm - 2:00 pm
Mon 16

Shadow Access: Where IAM Meets Cloud Security

October 16 @ 3:00 pm - 4:00 pm
Tue 17

Securing Cloud-Native Applications Across the Software Development Life Cycle

October 17 @ 11:00 am - 12:00 pm
Wed 18

Live Workshop on ‘SCA 2.0’: Using Runtime Analysis to Find High-Risk SCA Vulnerabilities

October 18 @ 12:00 pm - 1:30 pm
Thu 19

Managing Security Posture and Entitlements in the Cloud

October 19 @ 1:00 pm - 2:00 pm
Tue 24

When Seconds Matter: Real-Time Cloud Security With AWS and Sysdig

October 24 @ 11:00 am - 12:00 pm
Tue 24

Reporting From the Pipeline: The State of Software Security in DevOps

October 24 @ 1:00 pm - 2:00 pm
Thu 26

How to Shift Left the Right Way

October 26 @ 3:00 pm - 4:00 pm
Mon 30

Zero-Trust

October 30 @ 1:00 pm - 2:00 pm

More Webinars

Subscribe to our Newsletters

TSTV Podcast

Most Read on the Boulevard

ZenRAT Targets Windows Users with Fake Bitwarden Site
China-Backed Hacks of Cisco Routers Worry Feds — BlackTech Revenge?
Microsoft Brings Passkey Support to Windows 11
Sysdig Adds Ability to Detect Threats in Real-Time to CNAPP
Exabeam Brings Generative AI to SIEM Platform
Methods To Protect Yourself From Identity Theft
What You Need to Know About the libwebp Exploit
Google LibWebP Arbitrary Code Execution Vulnerability (CVE-2023-5129) Notification
Step on It: What to Know About TISAX Compliance in the Automotive Market
How to Perform an ISO 27001 Risk Assessment

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Industry Spotlight

CISA Rolls Out a HBOM Framework to Secure Hardware Components
Cloud Security Cybersecurity Featured Industry Spotlight Network Security News Security Boulevard (Original) Spotlight Threats & Breaches 

CISA Rolls Out a HBOM Framework to Secure Hardware Components

September 29, 2023 Jeffrey Burt | 2 days ago 0
Lawsuit Filed Against Google, Meta, H&R Block for Sharing Taxpayer Data
Cyberlaw Cybersecurity Data Privacy Data Security Featured Identity & Access Industry Spotlight News Security Boulevard (Original) Spotlight 

Lawsuit Filed Against Google, Meta, H&R Block for Sharing Taxpayer Data

September 28, 2023 Jeffrey Burt | 3 days ago 0
Xenomorph Android Banking Trojan Makes Landfall in US
Application Security Cybersecurity Data Security Featured Identity & Access Industry Spotlight Malware Mobile Security News Security Boulevard (Original) Spotlight Threats & Breaches 

Xenomorph Android Banking Trojan Makes Landfall in US

September 26, 2023 Jeffrey Burt | Sep 26 0

Top Stories

Federal Shutdown Raises Cybersecurity Risks, Experts Warn
Analytics & Intelligence CISO Suite Cybersecurity Featured Governance, Risk & Compliance Incident Response IoT & ICS Security News Security Boulevard (Original) Social - Facebook Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Federal Shutdown Raises Cybersecurity Risks, Experts Warn

September 29, 2023 Nathan Eddy | 2 days ago 0
National Cybersecurity Infrastructure Efforts Bearing Fruit
Analytics & Intelligence CISO Suite Cyberlaw Cybersecurity Data Privacy Data Security Featured Governance, Risk & Compliance Incident Response News Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence 

National Cybersecurity Infrastructure Efforts Bearing Fruit

September 29, 2023 Nathan Eddy | 2 days ago 0
China-Backed Hacks of Cisco Routers Worry Feds — BlackTech Revenge?
Analytics & Intelligence API Security Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Privacy Data Security DevOps DevSecOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response IOT IoT & ICS Security Malware Most Read This Week Network Security News Popular Post Securing the Cloud Securing the Edge Security at the Edge Security Awareness Security Boulevard (Original) Security Challenges and Opportunities of Remote Work Security Operations Spotlight Threat Intelligence Threats & Breaches Vulnerabilities Zero-Trust 

China-Backed Hacks of Cisco Routers Worry Feds — BlackTech Revenge?

September 28, 2023 Richi Jennings | 3 days ago 0

Security Humor

Randall Munroe’s XKCD ‘Book Podcasts’

Randall Munroe’s XKCD ‘Book Podcasts’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.