You’ll know the scenario. I’m in France at the moment, but had a similar experience before Christmas in Ireland. It happens when I need to travel between unfamiliar places without enough time or inclination to properly research the best mode of transport.
Last week, what should have been an easy journey of just 8km turned into a saga lasting several hours thanks to missed buses and failed connections. I’d literally have been better off walking!
Repeating the experience in (yet) another place made me think... it’s not the main journey, but the much shorter transfer that often causes problems. The same is true when it comes to transferring data. Most of my clients have robust processes in place for updating their systems, migrating large amounts of historical data or remotely connecting to their control systems. However small, incidental, transfers often slip under the radar:
- Capturing screenshots to email to a support engineer
- Importing a new company logo to update the HMI
- Extracting a one-off alarm report
In the short-term, ensuring individuals are aware of how to reduce the risks associated with USB sticks is a good start. Longer-term your procedures need to provide a quick and easy way to move 'incidental' data or you encourage people to work around them.
The NCSC have a lot of guidance on this, much will be overkill for smaller control systems:
An architecture pattern for safely importing data into a system from an external source
The best solution for you will (as always) depend on the output of your risk assessment:
Want a hand with this stuff?