Protect Your Operational Technology Network from Outside Threats with a Proprietary USB Drive Format

Sep 23, 2022

Article

While most people think of hacking as an attack on network-connected computers or devices, the reality is that any computer-based hardware can be compromised, internet-connected or not. After all, if a device runs software, the device has the potential of being manipulated for unintended purposes.

What is Operational Technology?

Operational Technology (OT) is hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment and processes.

Examples of Operational Technology:

  • Programmable Logic Controllers (PLCs)
  • SCADA/HMI Systems
  • CNC Machines
  • Other Embedded Systems

Reference for above: Wikipedia

An increase in USB drive-based threats

GCN published an excellent article highlighting the fact that, in 2021, 52% of operational technology (OT) cyber threats were designed to use USB drives, referencing a recent cyber security report from Honeywell Forge.

The interesting part? This is up from 37% in 2020, continuing a trend that’s been on the rise for years.


Cheap and convenient, but on the upswing as a delivery vehicle for malware and ransomware


At first glance it seems counterintuitive – with the prevalence of cloud-based IT infrastructure, why are USB drives being targeted as an ideal delivery solution for malware? With ever-increasing internet speeds and with cloud services being integrated with many popular technology products and services, it seems plausible that a large majority of USB drives are doomed to spend their remaining days relegated to the back of a desk drawer or bottom of a box of cables.

Data access in isolated networks

When it comes to OT systems, however, a constantly connected, easily accessed state is not always ideal. Keeping technology systems critical to business stability – like manufacturing control systems and financial management networks – away from the prying eyes of the internet is an excellent mechanism for enhanced security. This process is referred to as “air gapping” and refers to networks that are either disconnected from the internet entirely, or on a separate network from that of a company’s primary network.


Control networks are often “air gapped” to isolate critical systems from network access


So, when a series of computers aren’t accessible to outside systems, how does data make its way onto these devices? USB drives work very well for this application and are a quick and easy solution for data transfer to isolated networks or computers. With wide availability, low-cost, and essentially no technological barriers, it makes sense that off-the-shelf USB drives continue to thrive across a host of computing environments, especially in isolated industrial systems not connected to the outside world.

The problem with the classic USB drive

But herein lies the problem – since USB drives can be purchased practically anywhere, they’re literally used everywhere. And this isn’t a good thing from an IT standpoint.

The GDN article mentions how air-gapped systems are commonly serviced by vendors and contractors using USB drives. With these drives frequently moving between devices and networks, the potential for malware infection significantly increases with each connection.


In OT networks, the workflow of contractors and vendors often involves the use of USB drives for file transfer


The transfer of ransomware and other malware is usually unintentional, of course, but occurs easily as users are more focused on their work tasks rather than system security.

After a computer on an air-gapped network is infected a variety of things can occur, from ransomware taking hostage devices on an isolated network, to a previously inaccessible subnetwork gaining the ability to be remotely accessed. Operational technology takeover situations are of particular concern, as the role of OT systems are often critical to business continuity and comprised systems can be extremely detrimental to company stability. An inoperable OT network is a massive liability to any company.

So, how are OT systems best kept safe? The GDN article reiterates that IT policies and procedures must address USB drives (and the files on these drives) to help control the devices and data moving between systems. We’d like to add, however, that this policy can be enforced with additional measures…

A physically different alternative to the USB thumb drive

We’ve written about this before but want to say it again ­– an easy method of restricting USB drive use on a computer network is by altering the form factor of the drives used for data transfer. Because USB Type A drives and connections are so ubiquitous, simply replacing the Type A receptacle on a network device with a product like our RUGGEDrive token receptacle – which plugs directly into a motherboard’s USB port connection – physically blocks the insertion of standard USB drives.


The RUGGEDrive receptacle connects directly to an onboard USB port


The host computer recognizes the RUGGEDrive receptacle as standard USB drive, ensuring system compatibility, while limiting data transfer options to only proprietary RUGGEDrive tokens.


A RUGGEDrive incorporated into an industrial control computer


With the OT system only able to accept the proprietary tokens, the use of USB drives from home and other locations is eliminated, practically eliminating the chance of inter-system infection from drive swapping.


Limit drive access by only allowing RUGGEDrive tokens for data transfer


Compatibility and availability

And while security is paramount, there is still a need for compatibility. A secure workflow may be transferring data from a good, known PC to an OT network-based air-gapped device via RUGGEDrive token. You could either hardwire a RUGGEDrive receptacle into the source PC, or alternatively connect the token to the PC via a UFX PC adapter, which plugs into a PC’s USB Type A port.


The UFX PC adapter allows a RUGGEDrive token compatibility over a Type A USB port


Note that none of these items - including the tokens, receptacles, and USB adapters - are publicly available. All RUGGEDrive products have controlled availability, meaning they simply can’t be purchased online, nor can they be purchased through the large electronic component distributors.


RUGGEDrive products have controlled availability through Datakey or an authorized distributor


IT assets are often safeguarded through software means – antivirus software, built-in OS-based defenders, firewalls – and all of these are fantastic and absolutely required in any modern IT infrastructure. But simple, physical-layer solutions to IT security can also go a long way. Locks on doors, cabinets, and cases have long been standard fare in most IT operations. Now – take your network security a step further by limiting the types of devices that can access the computers on your network. By controlling the physical input and output systems, you have an additional layer of control of what devices can access your data and interface with your essential equipment.

Secure your Operational Technology networks

To learn more about our RUGGEDrive USB memory tokens and how they can enhance data transfer security on your systems, feel free to contact us. Datakey products are used in military, government and industrial applications. Let us put our experience in this arena to work for you. You can also download datasheets, read case studies of Datakey product integrations, or check out our support documentation for RUGGEDrive and related products.