Get FinancingHoneywell Research Shows USB Device-Related Cybersecurity Threats Targeting Industrial Sites
In a statement concerning Honeywell’s recently released “Honeywell Industrial USB Threat Report,” Eric Knapp, Honeywell Industrial Cyber Security director of strategic innovation, says researchers long suspected USB threats targeting industrial operators were real. Honeywell collected data that confirmed this, Knapp says, but the data also showed “much more serious threats” than previously believed. Moreover, Honeywell found that numerous threats it discovered were “targeted and intentional.” Overall, the report shows that removable USB media devices “pose a significant—and intentional—cybersecurity threat to a wide array of industrial process control networks.”
Refineries Included
Honeywell’s research, in part, included poring over data that its SMX (Secure Media Exchange) technology collected by scanning and controlling USB drives and other removable media at 50 customer facilities. Honeywell found 44% of the facilities “detected and blocked at least one file with a security issue.” It also discovered that 26% of the detected threats had the ability to cause a significant disruption, including “causing operators to lose visibility or control of their operations.”
Honeywell says the threats targeted “a wide variety of industrial sites,” including global refineries, chemical plants, and pulp-and-paper manufacturers. The threats also ranged in severity, with roughly one in six targeting industrial control systems or IoT (internet of things) devices. “What is surprising is the scope and severity of the threats, many of which can lead to serious and dangerous situations at sites that handle industrial processes,” Knapp says.
High-Profile Threats
Many of the threats Honeywell’s research turned up involved high-profile, well-known threat entities, such as Triton malware, the Mirai botnet, and variants of the Stuxnet worm. Moreover, Honeywell says in comparative tests, up to 11% of the threats discovered “weren’t reliably detected by more traditional anti-malware technology.” While “customers already know these threats exist,” Knapp says, many believe their companies aren’t targets. "This data shows otherwise, and underscores the need for advanced systems to detect these threats,” he says. Besides user training, Honeywell suggests operators combine process changes and technical solutions to mitigate USB-related threat risks across industrial facilities.
Source: Honeywell