From zdnet.com
Removal storage and USB thumb drives are a serious security incident waiting to happen, new research suggests.
When we consider threats to our industrial systems, specifically crafted malware, such as the Industroyer strainwhich cut off the power to the city of Kiev in Ukraine for an hour, often comes to mind.
Industrial players have a problem. Many of the operating systems, controls, and equipment used to power these facilities have legacy components which were never designed for over-the-air (OTA) updates or cybersecurity at all — and due to memory, size, and hardware limitations may not be suitable for direct protection.
A way to mitigate these risks is to implement strong perimeter defense, but if a USB key is directly connected to an industrial system, these protections can easily be circumvented.