USB devices pose threat to industrial facilities: Honeywell research

The study revealed that more than 25 per cent of the threats can lead to a major disruption to plant operations, and of the 50 industrial locations studied, USB devices endangered nearly half of them
The study revealed that more than 25 per cent of the threats can lead to a major disruption to plant operations, and of the 50 industrial locations studied, USB devices endangered nearly half of them
 
New Delhi, November 14, 2018 – A research study presented in the Honeywell Industrial USB Threat Report, released by Honeywell showed that a wide range of industrial process control networks are in the risk of facing cyber security threats from removable USB media devices such as flash drives.
 
Data derived from Honeywell technology used to scan and control USB devices at 50 customer locations showed that nearly half (44 per cent) detected and blocked at least one file with a security issue. It also revealed that 26 per cent of the detected threats were capable of significant disruption by causing operators to lose visibility or control of their operations.
 
The threats targeted a wide variety of industrial sites, including refineries, chemical plants and pulp-and-paper manufacturers around the world, and the threats themselves ranged in severity – about one in six targeted industrial control systems or Internet of Things (IoT) devices.
 
“The data showed much more serious threats than we expected, and taken together, the results indicate that a number of these threats were targeted and intentional. This research confirms what we have suspected for years – USB threats are real for industrial operators. What is surprising is the scope and severity of the threats, many of which can lead to serious and dangerous situations at sites that handle industrial processes,” said Eric Knapp, Director of Strategic Innovation, Honeywell Industrial Cyber Security.
 
The research marks the first commercial report to focus exclusively on USB security in industrial control environments. It examined data collected from Honeywell’s Secure Media Exchange (SMX) technology, which is specifically designed to scan and control removable media, including USB drives. Among the threats detected were high-profile, well-known issues such as TRITON and Mirai, as well as variants of Stuxnet, an attack type previously leveraged by nation-states to disrupt industrial operations. In comparative tests, up to 11 per cent of the threats discovered were not reliably detected by more traditional anti-malware technology.
 
“Customers already know these threats exist, but many believe they are not the targets of these high-profile attacks. This data shows otherwise, and underscores the need for advanced systems to detect these threats,” Knapp said.
 
The research recommended that operators combine people training, process changes and technical solutions to reduce the risk of USB threats across industrial facilities.
Share post:

Related Stories