The Cybersecurity and Infrastructure Security Agency (CISA) has long warned about threats facing the industrial control systems of critical infrastructure operators in manufacturing, energy, water management, aerospace, and other key public and private sectors. In addition to advising regular backups of all system and configuration data, the agency urges organizations to identify, minimize and secure all network connections to ICS.
A recent report by cybersecurity firm Honeywell Industries takes those warnings a step further by identifying key areas being targeted by cybercriminals. The use of USB removable media, a widely known vector of attack, has become an even greater threat to ICS. Eric Knapp, Honeywell’s director of cybersecurity research, put it this way in the report:
“Being able to quantify actual threats seen over a very specific vector proves what everyone already suspected – that USB-borne malware continues to be a major risk for industrial operators. What’s surprising is that we’re seeing a much higher density of significant threats that are more targeted and more dangerous. This isn’t a case of accidental exposure to viruses over USB, this is a trend of using removable media as part of more deliberate and coordinated attacks.”
Key Findings
Honeywell’s report is based on threats detected by its USB security platform Secure Media Exchange. The platform analyzes USB devices actively used in industrial facilities. Over a 12-month period, Honeywell reviewed devices used in industries that included oil and gas, energy, food, chemical, shipping, building, aerospace, manufacturing, paper and pulp.
USB devices remain a substantial pathway for cyberattacks, with 45 percent of industrial locations reporting at least one attempt. Some 11 percent of threats detected by Honeywell are known to have been developed specifically to target industrial systems. This figure, when combined with elevated ransomware attacks that don’t specifically target ICS but nonetheless are used regularly against industrial systems, that figure reaches 28 percent.
Honeywell’s report also found that 59 percent of threats identified had the potential to cause major disruptions to ICS networks. That represents a twofold increase over previous figures from 2018. Perhaps more disturbing was the fact that 20 percent of identified threats went entirely undetected by major malware detection software systems.
New Focus for ICS Security
CISA outlined a new strategy in 2019 to help critical infrastructure improve security and better mitigate new and emerging cyber threats. The unified approach attempts to coordinate the capabilities and resources of the Federal government with those of the critical infrastructure community and the private sector to create better security solutions for industrial systems.
Part of CISA’s new approach includes making sure that operational technology devices and networks are secure by design. This represents a shift away from a reactive approach to cybersecurity to a more strategic plan that includes choosing the right technology and developing an effective mitigation plan.
Hardening Endpoint Security
Operational technology relies heavily on the use of USB removable media for everything from downloading and implementing software patches to sharing documents and files across process networks. Each of these devices creates a potential entry for malware. Any strategy to mitigate risks to industrial controls must consider these endpoints where devices connect to networks.
SecureData prioritizes endpoint security in its comprehensive data security strategy, along with offline encrypted backups and storage, and remote drive management. Our SecureDrive devices are FIPS-validated for the highest level of data security, and our Remote Management license provides total control over where, when and by whom portable drives are accessed.
But our SecureGuard data loss prevention software gives you maximum control over network endpoints, making it a perfect solution for shielding ICS networks from malware penetration. Accessed through the Remote Management console, SecureGuard limits computer access throughout your organization to authorized USB devices only.
SecureGuard offers always-on protection with USB-blocking functions. With SecureGuard, critical infrastructure organizations can whitelist and blacklist specific USB devices. SecureGuard also blocks access to computers when an unauthorized device is inserted into a USB port.
SecureData has cutting-edge data security solutions designed to mitigate new and emerging threats across all industrial sectors.
.png){kind=small}
