What Does 'Sheep Dip' Mean in Cyber Security?

Several UK-based vendors and experts recommend "sheep-dipping" removable storage devices – USB drives, hard drives, memory cards, etc. – in order to prevent malware outbreaks. But what does "sheep dip" mean?

Origin of the Term 'Sheep Dip'

The term "sheep dip" originally comes from sheep-raising farmers. To keep parasites and diseases from spreading among a herd of sheep, farmers would treat any sheep they were adding to the flock with disease-killing chemicals. By sheep-dipping their livestock, they did not have to wait for disease to break out to take action – they could preemptively keep diseases from spreading.

Sheep-Dipping in Cyber Security

The situation for critical infrastructure environments – industrial facilities, power plants, and other sites with closed-off, secured networks – is actually similar to the farmer's situation. These facilities have networks that they need to keep secure and free from malware infections.

To prevent new "sheep" – new data, new files, new devices – from infecting the network, it is best to scan files and devices for infections ahead of time, before they are connected to the network, much like how sheep are treated for infections before they are introduced to a new flock.

If infections are detected on a new device, the infection should be removed if possible, and if not possible, then the device should be quarantined.

USB drives especially should receive this treatment. Threats may be hidden on portable media on purpose, or, as is all too common, without the user's knowledge. To prevent potentially infected USB drives from contaminating the rest of the network, they should be plugged into an external terminal and scanned first.

What happens if you don't sheep-dip USB devices?

USB Drives

The Stuxnet infection is a widely cited example of an instance when infected portable media led to not just a malware infection, but physical damage to a critical infrastructure facility.

But Stuxnet is far from the only such example. In 2008, a USB flash drive containing malicious code was plugged into a laptop that was connected to United States Central Command. It took the U.S. Department of Defense over a year to remove the resulting outbreak.

In 2012, two U.S. power plants were infected by malware that was introduced to the network accidentally via a USB drive. The BBC reported that "ICS-CERT said it expected a rise in the number of similar attacks."

In 2016, Bloomberg reported that hackers were increasingly targeting critical infrastructure facilities using infected USB drives (non-paywall summary via Gizmodo).

Non-sheep-dipped USB devices leave organizations exposed to attacks like these.

MetaDefender Kiosk 'Sheep-Dipping': Not Just Scanning, But Threat Removal as Well

For nearly a decade, OPSWAT has offered "sheep-dipping" through our MetaDefender Kiosk product. It sits outside a secure network and processes all USB drives before they enter it.

MetaDefender Kiosk does not just scan all portable media devices for malware – it also sanitizes all files via data sanitization, effectively removing and neutralizing potential infections hidden in common file types.

Instead of just alerting users to infections, it is able to remove many kinds of malware as well for true sheep-dipping.

Learn more about MetaDefender Kiosk here.

Sign up for Blog updates
Get information and insight from the leaders in advanced threat prevention.