Protecting removable storage devices

Jon Lawson

For businesses that use removable storage devices, the threat of cyber-attacks on industrial control systems can be greatly reduced by ‘sheep dipping’ your external storage devices before they even enter the building or production plant, says Tim Ricketts

For almost 200 years, the practice of plunge dipping has been used by farmers worldwide.

By bathing their sheep in chemical compounds, they are protected from outside parasites – saving the farmers their flocks, livelihoods and businesses.

In 2005, a British farmer realised he, together with exterior sources, could protect his flock, save £600 a year and streamline sheep dipping for everyone simply by preventing the virus from entering the farm altogether – all for just £0.25 per animal.

Five years later, some 4,000 miles away, a malicious worm known as ‘Stuxnet’ was released onto a network in a nuclear facility in Iran, spreading like wildfire across the globe.

Targeting industrial control systems and intending to cause major devastation, the worm infected over 200,000 computers and caused 1,000 machines to physically degrade.

But just how did one of the world’s most sophisticated worms become an overnight international threat?

Stuxnet was unknowingly passed around thousands of networks via USB flash drives by employees and the general public alike.

Cyber security experts claimed the attack could have caused a nuclear disaster to surpass Chernobyl – all because nobody was ‘sheep-dipping’ their storage devices.

Consider a farmer introducing a new sheep into his flock without dipping him first. He may be clean and free of infection, but what if he isn’t?

What if the parasites spread through the whole flock faster than the farmer can react?

Without a healthy flock, his business will suffer – but without his business, how will he pay for treatment? How can he stop the infected sheep re-infecting those who have already been treated?

This entire scenario can be applied to your industrial control system. Your infrastructure is as important to you as the sheep to his farmer. Just one case of malicious code on a USB drive can infect your entire system, and anti-virus software can only do so much damage control.

Just like the British farmer, your goal should be to stop the virus in its tracks before it even gets into your system – and just like the farmer, you should be sheep dipping any external storage devices before they even enter your building or production plant.

Understandably, this may sound easier said than done. Prohibiting storage devices or monitoring their use can be impractical and difficult to manage, and your efforts can easily go unrewarded by those who manage to infiltrate and infect your network regardless of your policy.

The Blue Coat ICS USB Scanner is an essential device for any business that holds security, reliability and customer satisfaction at the forefront of its operations.

Offering Industrial Control Systems Protection (ICSP), this scanner solution enforces consistent security compliance to guard your site regardless of its size, complexity or environment, in instances where removable storage devices must be used.

So, how does it work?

Back-end

A blank USB drive is plugged into the scanner and checked for viruses.

Once proven clean, a malware cleaner and end-point driver package will be installed onto the flash drive, which can then be plugged into your human machine interface panels.

The device will then, in turn, scan the HMIs for malicious content and install the driver package.

The drivers are cryptographically linked to the scanner – ensuring only your specific scanner station can digitally sign storage devices – and prohibit any device without the signature.

Front-end

Prior to entering the facility, the personnel will need to scan their removable storage devices for viruses and will be presented with one of three outcomes:

* If clean, the device will receive its electronic signature to enable its use on the company machines and will pass as validated.

* If an error occurs during processing, it will be partly validated – that is, the files that failed to scan will be inaccessible, but the rest of the drive will be scanned.

* Any detected viruses can be cleaned, deleted or ignored.

A digital signature will be granted if the virus is cleaned or deleted, but, if ignored, the device will be unable to connect to any onsite HMI.

Blue Coat ICS USB Scanner provides the following features:

* All-in-one, ruggedised, IP64-compliant computer.

* Front-facing access to USB ports.

* Resistive touchscreen.

* Stand, wall or flush mounting.

* Supports Windows XP SP2 and above.

* Single or dual anti-virus scanning.

* Always-on connection to the Internet that receives updates every 15 minutes.

* Includes five end-point agents, with options to upgrade in bulks of 15, 50 or 100.

Sadly, cyber attacks are now a very real threat to manufacturing firms and technology industries, which will stay with us well into the future.

Network violations are only going to become more destructive and harder to prevent.

Businesses therefore deserve the most cutting-edge, resilient products on the market. Blue Coat’s scanner may be a true solution from the future, but finding inspiration in a humble agricultural practice from the 1800s may provide you with the reassurance and the confidence you need to give sheep dipping a go for yourself.

Tim Ricketts is Director of MAC Solutions