The U.S. National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence (NCCoE), finalized a guide to help organizations protect their industrial control systems (ICS) from cybersecurity threats when using removable media devices. The document recognizes that portable storage media, such as USB devices, are convenient, but their usage poses cybersecurity risks for operational environments. Procedural, physical, and technical controls are important for minimizing the likelihood of a cyberattack from portable storage media usage.
Portable storage media devices, like USB flash drives, are commonly used to transfer data between computers. However, using them in operational technology (OT) environments and industrial control systems, such as those used in power plants or manufacturing facilities, can pose a cybersecurity risk. If a USB (universal serial bus) device is infected with malware, it can spread to the ICS and cause problems, such as disrupting operations or compromising safety.
Titled ‘NIST Special Publication (SP) 1334, Reducing the Cybersecurity Risks of Portable Storage Media in Operational Technology…
