Honeywell Reports Risk of USB Threats to Industrial Operations Has Doubled Over 12 Months

July 15, 2020 by Alessandro Mascellino

A new report by Honeywell has revealed the risk of USB threats to industrial control systems has doubled in the last 12 months.

The industry leader recorded an increase from 16 to 28% in the past year, with the number of threats capable of disrupting operational technology systems rising from 26 to 59. The new report was based on data collected from 50 industrial facilities across four continents and industry types.


The Honeywell USB Threat Report 2020

In order to compile this report, Honeywell utilized its proprietary security platform called Secure Media Exchange (SMX). Through this tool, which is designed to analyze USB devices used in industrial facilities, Honeywell gathered anonymous data from companies in the following sectors:


  • Oil & Gas, Energy, Chemical
  • Manufacturing
  • Pulp & Paper
  • Other industrial manufacturing facilities


The Honeywell USB Threat Report 2020 does not include any detail related to region or industry, to preserve data anonymity, but the company said the data was collected from companies in the US, South, America, Europe, and the Middle East.


Data from the Honeywell USB Threat Report 2020. Image courtesy of Honeywell.


Using USB interfaces as Attack Vectors

Dangers related to USB devices derive from the fact that they can be used to attack systems directly. Increasingly stringent limitations to network access to industrial control systems and industrial plants have escalated reliance on USB devices to transfer information, files, patches, and updates. This happens in an industrial scenario where USB drives are one of the top threat vectors impacting industrial control systems, according to the report.


Data from the Honeywell USB Threat Report 2020. Image courtesy of Honeywell.


The new research document also describes some type of malicious USB devices specifically crafted to attack computers via the USB interface that malicious actors can simply purchase online. Another prominent threat to industrial systems would be BadUSB, a technique that turns USB devices such as fans and charging cables into potential attack vectors.

Of all the threats discovered by Honeywell, 26% of them had the potential to impact industrial control environments, and 16% were specifically targeted against the same environments.


Exposing Valuable Information

Successful USB attacks on industrial facilities can provoke a series of negative consequences for companies, from facility malfunctioning to leaking of sensible data. Ransomware is another serious threat to industrial facilities, and such an attack shut down a US natural gas pipeline for two days earlier this year.

After detailing more data on the specific types of malware transferred via USB devices, the Honeywell USB Threat Report 2020 concludes by noting that, while the overall amount of malware carried by inbound USB devices was relatively small, the types of threats discovered on them were more serious than the research team anticipated.


Data from the Honeywell USB Threat Report 2020. Image courtesy of Honeywell.


To combat these attacks, the Honeywell document says, industrial companies should work on enhancing their USB security hygiene, which the new data has noted to be generally poor. The report surmises a few points to do so, such as including technical controls and enforcement in USB security policies and strictly monitoring and controlling outbound network connectivity from process control networks.

Interested in knowing more about the report? You can read the document in its entirety.


Is your company taking the necessary measures to mitigate these threats?