USB Threats to Cybersecurity of Industrial Facilities

Industrial facilities cybersecurity is very critical for the national security of every state and comes once more into focus following the recent Honeywell’s Industrial USB Threat Report.

With increasing pressure to limit network access to industrial control systems, industrial plant dependence upon USB removable media to transfer information, files, patches and updates has been greater than ever. At the same time, past research into USB threats has shown that portable USB drives are one of the top threat vectors impacting industrial control systems. USB represents an even greater threat than spreading malware: a USB device can be used to attack systems directly, using the USB interface as a powerful attack vector. Ever since the Stuxnet attack used a USB flash drive to obliterate any semblance of an air gap in an Iranian nuclear facility, industry has been well aware of the vulnerability that USB devices can introduce to their operations.

When we consider threats to industrial systems, specifically crafted malware, such as the Industroyer strain which cut off the power to the city of Kiev in Ukraine for an hour, often comes to mind. Many of the operating systems, controls and equipment used to power industrial facilities have legacy components which were never designed for over-the-air (OTA) updates or cybersecurity at all and due to memory, size, and hardware limitations may not be suitable for direct protection. A way to mitigate these risks is to implement strong perimeter defense, but if a USB key is directly connected to an industrial system, these protections can easily be circumvented.

In 2017, Honeywell introduced its Secure Media Exchange technology that is designed to manage USB security by giving users a place to plug in and check devices for approved use. Through this capability, Honeywell has been able to gather the data derived from (Read more...)