The USB stick in the second drawer on the left
Ask in any production hall how the states of your OT devices are secured. The answer is alarmingly often the same: "There's a stick, somewhere." Sometimes it sits in the control cabinet. Sometimes at the maintenance technician’s home. Sometimes no one really knows anymore.
That may sound like a marginal issue. It is not.
In a company where one hour of production downtime costs 20,000 euros, a missing or outdated device state during a fault is not an organizational problem. It is an economic disaster.
Six scenarios that happen every day
Scenario 1: The stick is gone
Technicians change. The new one does not know where the stick was. The old one has been in another department for three months. The plant is down - and the stick is nowhere to be found.
Scenario 2: The state is outdated
The last backup was eight months ago. Since then, five optimizations have been made to the device. The stick contains the old state. Which one is valid? Who still knows?
Scenario 3: The plant is running, the state is not
The stick was not written after the last change. The technician was in a hurry. The current state of the OT device is stored nowhere - except on the device itself. If it is defective, the state is lost.
Scenario 4: "Was that really the latest state?"
A plant is just being put back into operation. The question arises: is the state on the server - or the stick - really from an hour ago, or from yesterday morning? No one can say for sure.
This hesitation, this uncertainty, is a warning signal. If no one in the room can say exactly when the last backup was created and whether it really reflects the current state of the OT device, then a central element of any serious OT backup strategy is missing: traceability.
Scenario 5: Malware via USB
USB sticks are the most common entry point for malware in OT networks. According to the BSI, uncontrolled use of USB devices in industrial environments is one of the main risk factors for cyber attacks on production systems.
Scenario 6: The audit
An auditor asks for the backup documentation. You present a basket of USB sticks. This is not sufficient proof of NIS2-compliant data backup.
Why this practice is so persistent
USB sticks are convenient, they work - and for many companies the alternative initially seems complicated. There is no central system that needs to be set up. There is no training required. You just plug it in, save, done.
The problem: this simplicity is deceptive. It works exactly until the moment when it really matters.
And in that moment, there is no time for improvised crisis management.
What NIS2 says about USB
The NIS2 directive does not make explicit statements about USB sticks. But it explicitly requires documented, testable backup processes and integrity verification for critical OT systems.
A USB stick meets none of these requirements. It is not documented, not automated, not centrally manageable, not auditable.
Companies that describe their OT backup strategy in an audit as "USB sticks at the maintenance technician" will very likely be required to improve immediately.
The role of service providers: an underestimated risk
In many production environments, not only internal technicians work on OT devices. Service providers - meaning external maintenance service companies, machine manufacturers, or commissioning teams - regularly access systems, make changes, and often leave behind a new, unsecured device state.
The problem: who created a backup after the service intervention? Was it the external technician - on their stick? Or the internal maintenance team - who did not even know about the intervention?
A structured OT backup solution must explicitly cover this case: service provider access must be documented, changes must be traceable, and new device states must be secured immediately - regardless of who made the change.
Checkout & Check-in: version transfer without loss of control
A requirement in OT that is often neglected: what happens when a service technician or an internal employee needs the state of an OT device for maintenance or optimization - and then loads a modified version back?
Without a structured process, this is exactly where the next version chaos arises.
eguide4DATA therefore supports a controlled supplier checkout and check-in process: a defined device state is checked out in a controlled manner, edited, and then checked back in - with full version history, user logging, and traceability.
The structured alternative: centralized OT backup
- Automation: Backups of all OT devices are created cyclically and automatically.
- Central storage: All device states and versions in one place.
- Integrity: Verification of completeness and recoverability.
- Alerting: Notifications in case of errors or deviations.
- Compliance: Audit-ready, complete logging.
This is exactly what eguide4DATA offers. OT devices are centrally recorded, automatically backed up, and fully documented - manufacturer-independent and scalable.
And getting started is easier than expected: it often begins with a pilot project with a few critical systems and is then gradually expanded.
A final thought
The USB stick in the second drawer on the left has probably not caused a problem so far. That is not proof that it never will. It is simply proof that the worst-case scenario has not yet occurred.
See eguide4DATA in action without obligation?
In a personal demo, we show you how eguide4DATA secures your OT infrastructure -
tailored to your machinery and your requirements.
FAQ: USB sticks in OT and secure backups
Are USB sticks prohibited in OT environments?
Not generally - but many security standards (BSI, IEC 62443) strongly recommend minimizing or prohibiting uncontrolled USB use in OT networks. In companies subject to NIS2, a risk assessment of USB usage is mandatory.
How many device states can eguide4DATA manage per system?
There is no fixed upper limit. eguide4DATA is designed for large-scale plants - with version management, archiving, and configurable retention periods.
How is access by service providers handled?
eguide4DATA enables you to document external access and make changes traceable via the checkout/check-in process. This way, you maintain full control over the current device state at all times, even with third-party access.



