11 December 2018
Removable USB media devices such as flash drives pose a significant and intentional cyber security threat to a wide array of industrial process control networks, according to Honeywell.
In what it says is the “first-of-its-kind” research, Honeywell used its Secure Media Exchange technology to scan and control USB devices at 50 customer locations.
It showed that of the locations, nearly 44 per cent detected and blocked at least one file with a security issue.
It also revealed that 26 per cent of the detected threats were capable of “significant” disruption by causing operators to lose visibility or control of their operations.
Honeywell says the threats ranged in severity and targeted a wide variety of industrial sites, including refineries, chemical plants and pulp-and-paper manufacturers worldwide.
About one-in-six targeted industrial control systems or IoT devices.
Among the threats detected were high-profile, well-known issues such as TRITON and Mirai, as well as variants of Stuxnet, an attack type previously leveraged by nation-states to disrupt industrial operations.
In comparative tests, up to 11 per cent of the threats discovered were not reliably detected by more traditional anti-malware technology.
“The data showed much more serious threats than we expected, and taken together, the results indicate that a number of these threats were targeted and intentional,” says Eric Knapp, director of strategic innovation, Honeywell Industrial Cyber Security.
“Customers already know these threats exist, but many believe they aren’t the targets of these high-profile attacks. This data shows otherwise, and underscores the need for advanced systems to detect these threats.”
Honeywell recommends that operators combine people training, process changes, and technical solutions to reduce the risk of USB threats across industrial facilities.