Industrial automation company Honeywell Process Solutions (HPS) has developed cybersecurity software to protect industrial facilities from USB-borne threats.
‘Removable media’ like USBs are part and parcel of operations in industrial facilities. Often used by workers to patch, update and exchange data with industrial control systems, the problem is that USBs bring with them the threat of destructive malware.
USB sticks are known to have infected the Gundremmingen nuclear power plant near Munich, Germany in 2016, while two power plants in the United States were taken offline completely in 2013 due to malware picked up from USBs.
“Industrial operators often have hundreds or thousands of employees and dozens of contractors on site every day,” said Eric Knapp, cybersecurity chief engineer at HPS. “Many if not most of those rely on USB-removable media to get their jobs done. Plants need solutions that let people work efficiently, but also don’t compromise cybersecurity and, with it, industrial safety.”
In response, a number of plants have resorted to banning USBs altogether, a rule that HPS says is not only difficult to enforce but also reduces productivity. Other plants use traditional IT malware scanning solutions, which again HPS says are difficult to maintain and provide limited protection.
‘These solutions fail to protect process control networks against the latest threats, and offer no means to address targeted or zero-day attacks,’ the company said in a press release.
Honeywell SMX
Honeywell’s answer to the problem is called the Secure Media Exchange (SMX).
Developed by the company’s cybersecurity engineers, SMX provides multi-layered protection for managing USB security.
It works via an SMX Intelligence Gateway, which can be installed, for example, at the front desk in reception on a tablet device. When contractors or employees arrive at the plant, they are prompted to ‘check-in’ their USB drive, by plugging it into the tablet, which analyzes its contents for threats.
SMX incorporates Honeywell’s Advanced Threat Intelligence Exchange (ATIX), a hybrid-cloud threat analysis service, and SMX client software installed on a plant’s Microsoft Windows devices, which controls which USBs are allowed to connect to the system, prevents unverified USB drives being mounted and stops files being accessed.
The system, which is managed directly by Honeywell, supposedly provides plant managers with continually updated threat information and advanced analytics to help detect advanced, targeted, and zero-day malware.
Read more: Remote monitoring in oil and gas: a new path to profitability?
Challenges three-fold
Clive Longbottom, an industry analyst at Quocirca, told Internet of Business that this technology can already be done on most sites, and that scanning USB drives should be the first layer of defence for all organizations that have the capability.
Sadly, this does not seem to be the case, but Longbottom suggested there would even be at least three challenges for Honeywell with its SMX product.
“First, ensuring that all devices do go through the system,” Longbottom said. “If as many people are coming and going as they say and is USB ports are so prevalent, making sure that no one port is ever used by a device that hasn’t gone through the preliminary environments will be difficult.
“Secondly, making sure that this works with all existing systems at the lowest possible cost and with the least possible economic and usability impact.
“Thirdly, does Honeywell have the background, which is currently based far more on proprietary or semi-proprietary systems, to be able to identify and deal with all the possible attack vectors that could be introduced this way?
“Overall, if it is a semi-open system, my advice would be to superglue every USB port so that it cannot be used and enforce software updated via a central console where full security can be applied. If this isn’t the case, then put in place the correct policies that all engineers and other staff that could have access to the devices should not be able to carry USB sticks around with them unless they have been checked in, scanned and authorized by the company through a centralized system.
“Finally, any company that is allowing the unfettered use of USB drives in this way is unlikely to take such a Honeywell model anyway – they would seem to be happy carrying horrendous risk. Anything that happens to these companies is a set of problems that they have brought on themselves.”
Read more: Cybersecurity attacks on IIoT infrastructure expected to increase this year