OPSWAT Announces FileScan.IO Asset Acquisition. Read More

How the Energy Sector Can Power-Up Portable Media Security

Originally published on February 21, 2022.

How the Energy Sector Can Power-Up Portable Media Security

The energy sector frequently reports some of the highest rates of cyber incidents because of its critical nature, with portable media presenting security challenges on multiple fronts. From Operational Technology (OT) and Information Technology (IT) isolation to compliance regulations, the energy sector needs to effectively address these challenges and the subsequent threats, or consequently face the risk of a cyberattack that could incapacitate every other industry.

A Divergence of Technology

A Divergence of Technology

Most of the energy sector is in the process of undertaking IT/OT convergence projects. Industrial control systems (ICS), SCADA systems, and programmable logic controllers (PLCs) all incorporate elements of IT. And that means that they need to be managed and protected just like an IT asset. Most OT environments are deployed on air-gapped networks or demilitarized zones (DMZ) to harden the security of ICS, but this approach introduces its own challenges. Organizations may struggle to update anti-virus engines, patch systems, monitor and log system events, and otherwise manage isolated systems and devices – challenges that can be solved by portable media, such as USB and external drives.

Internal and External Threats

Internal and External Threats

External threats range from nation states to financially motivated cybercrime, and both look increasingly similar. Other threats may emerge as insider attacks, a careless employee may become an unforeseen source of risk, or a vulnerable software update may enter through the supply chain. Whether internal or external, removable media can serve as an attack vector and contain malicious hardware/firmware, malware in hidden partitions, as well as infected files.

Compliance Regulations

Compliance Regulations

The North American Electric Reliability Corporation (NERC) requires all bulk electric systems (BES) to comply with its Critical Infrastructure Protection (CIP) framework. NERC CIP spans a dozen standards, from NERC CIP 003-7 that discusses transient cyber assets and removable media, to NERC CIP 010-4 that provides regulations for managing, authorizing, and mitigating the risk of transient cyber assets and preventing the propagation of malware into operational systems.

How OPSWAT Can Help

The use of portable and removable media has increased data mobility and overall productivity within IT, OT, and SCADA infrastructures worldwide. OPSWAT MetaDefender Kiosk is easy to set up, manage, and use and enables secure, audited, authorized, authenticated, and controlled use of media within your most critical infrastructure and scans for malware, vulnerabilities, and sensitive data. Check out our whitepaper to learn more about how OPSWAT can enable secure portable media use within the energy sector.

For more information, please contact one of our cybersecurity experts.

How OPSWAT Can Help

How the Energy Sector Can Power-Up its Portable Media Security

How the Energy Sector Can Power-Up its Portable Media Security

Download the Whitepaper
Sign up for Blog updates!
Get information and insight from the leader in advanced threat prevention.