"NIST has published a new guide designed to help organizations reduce cybersecurity risks associated with the use of removable media devices in operational technology (OT) environments. NIST Special Publication (SP) 1334 was authored by the National Cybersecurity Center of Excellence (NCCoE) and it focuses on the use of USB flash drives, but also mentions other types of removable media such as external hard drives and CD/DVD drives."
"USB flash drives are often used in OT environments to conduct firmware updates or to retrieve data for diagnostics purposes, but such devices are also often a source of malware infections. While the cybersecurity industry has long warned organizations about the security risks, the use of USB drives in OT environments still poses a significant threat to industrial control systems (ICS) and recent research has shown that while such drives typically carry commodity malware, threats are becoming increasingly sophisticated and targeted at OT."
NIST Special Publication SP 1334 provides a concise, two-page guide to reduce cybersecurity risks from removable media in operational technology environments, focusing on USB flash drives while acknowledging external hard drives and optical media. USB drives are commonly used for firmware updates and diagnostics but frequently carry malware that can infect industrial control systems, disrupting operations and compromising safety. The guide organizes protections into procedural, physical, technical, and transportation and sanitization controls. Recommended procedural measures include procurement, authorization, device management, inventory, personnel restrictions, and treating unknown devices as untrusted. Physical controls emphasize secure storage, inventorying, and labeling of devices.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]