ICS / SCADA Devices Security - USB Control
Securing SCADA Devices from Unauthorized USB is an important aspect of SCADA Networks Protection. Removable storage and portable devices may contain malware that can infect the operating system.
Malware exploits can affect the HMI, shared-database or communication infrastructure and ultimately make the Supervisory System lose Control of the machinery being managed causing process upsets and put personnel and/or environment in danger.
Distributed Control Systems (DCS) and Supervisory Control and Data Acquisition (SCADA) Servers, Workstations and Laptops typically use Windows Operating Systems. They can be found across ICS infrastructure fulfilling different roles such as Engineering Workstations, Operating Stations (HMI), OPC Servers, Historian Servers, SCADA Servers, Maintenance/Service laptops and more.
While IT Device Control software mainly focus on the data-loss prevention aspect of network security and Antivirus Software code-analysis, sandboxing, data-mining, and signature updates continue to increase the load on computer system resources. Protecting ICS DCS/SCADA Devices Networks from unauthorized USB requires the use of tools that are light on system resources, and that function decisively to ensure the Integrity and availability of the Process Control Systems.
USB-Lock-RP™© SCADA Network Security Software provides Centralized (On-Prem) Management over portable devices access to a broad range of windows operating-systems (from Windows NT5.1 to NT10), Securing DCS or SCADA Network Systems Servers and Workstations found at Levels 2/3/4 of the ICS. Its Data loss prevention effectiveness is the result of its decisive design to prevent Systems Infection incoming from Removable storage USB, and other Portable devices, including eSATA and Firewire drives, mobile phones, Smart Cards, Compact discs, and Wireless transceivers.
"USB-Lock-RP is licensed by top-notch organizations to secure Supervisory/Control Computers."
USB-Lock-RP Port blocking and device authorization functions take into account machines and devices hardware identifiers, Not user-account privileges. This allows for effective protection even if computers are running under elevated credentials or administrator user-accounts.
Since Stuxnet it has been clear that antivirus software remains ineffective in stopping Zero-day USB-based exploits, and that USB storage such as flash drives, and other portable devices are a probable entry point for new or known exploits.
Signature-based detection fails in preventing USB-Based Zero-day exploit attacks and more so if the network is air-gapped as updating virus and malware signatures could be further delayed.
Antivirus software attempt to prevent such attacks by code-analysis have limitations, as code-analysis detection puts heavy demand on operating system and hardware resources. Its effectiveness will vary depending on the amount of resources the system has to offer and how much of this resources are realistically available at intrusion attempt time.
More so, code-analysis detection requires accessing the device which even under sandboxing could be dangerous. By complementing antivirus software with this software, blocked devices don't need to be accessed by antivirus as they won't be present. (Only authorized devices would).
USB-Lock-RP approach when dealing with unauthorized removable storage connections is to deny access to USB Port by redundant means. Even specifically authorized flash drives or mobile phones need to be re-plugged after being identified to function. This approach is effective in preventing both systems infection and data loss.
Regarding HID interface: Since version 10.1 USB-Lock-RP detects changes in usb keyboard and mouse enumeration to neutralize maliciously modified firmware BadUSB such as USB Rubber Ducky that impersonate HID keyboards to inflict keystroke injection attacks by sudden release of embedded malicious payloads.
Any change in keyboard/mouse enumeration will trigger an automatic assessment to neutralize the threat if present. This events as any other insertion attempt events at endpoint clients are reported to the Central Control in near real-time.
The Central Control application and Client Service are light on system resources consumption, and have minimum dependencies and component requirements and are even capable of running on embedded OS.
USB-Lock-RP Port security software is used extensively to secure DCS/SCADA Windows based Servers and Workstations in: offshore & onshore Oil drilling, pipelines, and production operations, electric grids, chemical plants, water treatment plants and facility-based critical ICS infrastructure networks in general.
Commitment to ICS DCS/SCADA Security:
Since 2004 when USB-Lock-RP development started, the Advanced Systems International team is dedicated to licensing and upgrading this software solution and today in 2020 our commitment is stronger than ever to never drop compatibility to legacy (older Windows OS) as many Industrial Networks supervisory computers, are still running on those OS, and to always protect the latest windows operating systems from unauthorized use of ordinary and emerging technology portable devices. USB Lock RP provides straightforward Portable Devices Access Control, to both Operational Technology (OT) ICS DCS/SCADA networks but also IT networks, nevertheless it is also our commitment to remain a machine-level protection tool and not to compromise ICS systems security by favoring user-based protection on future upgrades, as the software primary objective is to Systems integrity and availability being the confidentiality aspect and data loss prevention (DLP) a valuable consequence of its function.