Story image

Honeywell launches USB security solution for industrial control systems

18 Apr 17

The humble USB device has been a tool of portability and convenience when it comes to transferring files, however there are also major security implications as they are shared from one computer to another.

In industrial control systems, USB devices and malware hiding within them were the second-biggest threat to systems last year, according to research by BSI publications. 

Uncontrolled USB devices, initially used by employees and contractors to patch, update and exchange data, have played parts in taking down power plants and turbine control workstations.

Industrial cybersecurity provider Honeywell Process Solutions (HPS) has recognised the need for better security against USB-borne threats and has developed a new Secure Media Exchange (SMX) solution.

Eric Knapp, HPS’ cyber security chief engineer, says hundreds or thousands of contractors could be on site every day.

“Many, if not most, of those rely on USB-removable media to get their jobs done. Plants need solutions that let people work efficiently, but also don’t compromise cyber security and, with it, industrial safety,” he says.

The company states that many plants outright ban USB devices or use traditional malware scanning solutions. However, those methods don’t protect against the latest threats and don’t address targeted or zero-day threats.

Honeywell developed its SMX application in conjunction with cybersecurity experts and User Group customers, the company states. 

“For most plants, the proliferation of removable media and USB devices is unavoidable, but the security risks they bring don’t have to be. We know our customers have limited resources to maintain another system, so Honeywell manages SMX for them. SMX never connects to our customers’ process control networks. From a system administration perspective, it’s like it’s not even there,” Knapp explains.

Users plug in their USB device through an SMX Intelligence Gateway. The gateway then analyses the device for threats. In addition, customers can also use SMX client software to control when and where USB devices are mounted. 

Honeywell also partners with Microsoft, Intel Security and Palo Alto Networks to continue developing industrial threat detection techniques. 

Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.