Study finds USB drives are a security threat to process control systems

Honeywell research finds exposure through portable USB drives can cause serious disruption to process facilities through unsecure or malicious files.

By Honeywell November 2, 2018

Research from Honeywell indicates of the most convenient data transfer devices—the portable USB drive—pose a significant risk to control system security. Honeywell’s study that found 44% of the USB drives scanned by Honeywell software at 50 customer locations contained at least one unsecured file. In 26% of those cases, the detected file was capable of causing what company officials called “a serious disruption by causing operators to lose visibility or control of their operations.”

“The data showed much more serious threats than we expected, and taken together, the results indicate that a number of these threats were targeted and intentional,” said Eric Knapp, director of strategic innovation, Honeywell Industrial Cyber Security, in a press release. “This research confirms what we have suspected for years—USB threats are real for industrial operators. What is surprising is the scope and severity of the threats, many of which can lead to serious and dangerous situations at sites that handle industrial processes.”

The threats, detected through Honeywell’s Secure Media Exchange (SMX) technology, were aimed at a number of process manufacturing sites, including chemical, pulp and paper, and refineries.

“Customers already know these threats exist, but many believe they aren’t the targets of these high-profile attacks,” Knapp said. “This data shows otherwise and underscores the need for advanced systems to detect these threats.”

The research was presented in the Honeywell Industrial USB Threat Report. Among the research recommendations were to improve training and upgrade technical solutions at process facilities and other manufacturers that use the USB drives to convey data.


– Edited from a Honeywell press release by CFE Media.