OT/ICS Security – USB Storage Devices are Still a Universal Threat to Industrial Operations

USBs, those innocuous looking little portable storage devices, while useful in utility are still dangerous for utilities. These devices that are practical for transferring legitimate files and documents are equally functional for transferring malware into and out of production OT/ICS networks – including air-gapped environments. In the Honeywell Industrial Cybersecurity: USB Threat Report 2022, Honeywell’s Cybersecurity Global Analysis, Research, and Defense (GARD) team once again looked at the increasing threat caused by these modest devices. Honeywell’s unique perspective of threats emanating from USB removable media reveals the threat continues to become more prominent, more potent, and impacts all critical infrastructure sectors defined by CISA.

It’s amazing that USBs still represent a significant threat, let alone continue to increase. According to GARD, threats designed for USB exploitation have risen to 52% from 37% last year (and 19% the year before). The findings indicated that trojans were the most detected malware proliferated by USBs and threat actors continue using malware capable of providing remote access or remote control as initial attack vectors.

Unfortunately, abolishing USB storage devices is not practical, even in air-gapped OT environments. While adhering to strict policies are crucial for reducing risk, USB security must include stringent technical controls. Honeywell recommends:

• Clear USB security policies
• Close the Mean Time to Remediation (MTTR)
• Additional scrutiny on files, documents, and other digital content.
• Outbound network connectivity from process control networks must be tightly controlled and enforced by network switches, routers, and firewalls.
• Patching and hardening of end nodes.

Access the full report at Honeywell Forge.