Look out … an USB drive!

We all know that using USB drives is not without risk. When working with OT systems, that monitor and control the critical infrastructure of energy production, we definitely do not want that our control system get infected. USB drives from vendors are therefore most of the time banned from the OT environment. Only approved USB drives from ourselves are used. On this topic we have reached consensus for some time. Maybe not always executed very well and the USB drives are not always protected against Bad USB[1], but that is for another article.

USB drives are still widely used. That is not a bad thing obviously and it is often very handy. However, USB drives could sneak in via unexpected routes. For example, an USB drive attached to a product that your have purchased for a project. All the tools, manuals and software to install the product, is available using this USB drive. This very innocent looking USB drive can be quickly connected to your laptop. It is part of your own project, so what can happen? Are you still following the USB drive procedures to safely copy the files to the OT environment?

In these situations, it can be easily forgotten that this USB drive also contain a risk to get infected. The picture shows a device with an USB drive attached to it, that drew my attention. Make sure you always think clear and detect any USB drive before accidentally insert it in your laptop or OT environment. The USB drive is still unknown and could potentially infect your OT systems. Follow the procedures to safely scan and copy the data to your OT environment. Use approved USB drives within your OT environment and only for your OT environment.

[1] https://en.wikipedia.org/wiki/BadUSB