(TLP:CLEAR) New NIST Guide for OT Environments – Protecting ICS Against Portable Storage Media
Created: Thursday, October 2, 2025 - 13:13
Categories: Cybersecurity, Federal & State Resources, Security Preparedness
Summary: The National Cybersecurity Center of Excellence (NCCoE) has developed the draft two-pager NIST Special Publication (SP) 1334, titled “Reducing the Cybersecurity Risks of Portable Storage Media in OT Environments.” The cybersecurity considerations in this two-pager are intended to help OT operators and manufacturers use Universal Serial Bus (USB), and other portable storage media devices securely.
Analyst Note: Portable storage devices, such as USB, while useful to utilities pose cybersecurity risks and are still dangerous in OT environments. Unfortunately, abolishing USB storage devices is not practical, even in air-gapped OT environments. While adhering to strict policies are crucial for reducing risk, USB security must include stringent technical controls. This risk can be reduced by implementing secure physical and logical controls on the access, storage, and usage of these devices.
Original Source: https://csrc.nist.gov/pubs/sp/1334/ipd
Additional Reading:
- OT/ICS Security – USB Storage Devices are Still a Universal Threat to Industrial Operations
- NIST Publishes Guide for Protecting ICS Against USB-Borne Threats
Related WaterISAC PIRs: 6, 10, 12