How to Mitigate Potential XP Vulnerabilities

Monday, May 19, 2014 @ 02:05 PM gHale

Editor’s Note: This is an excerpt from the Practical SCADA Security blog at Tofino Security.
By Mike Miclot
On the eve of April 8, Microsoft retired support for the Windows XP operating system (OS) – leaving millions of Windows XP users susceptible to accidental and deliberate security issues. Though the retirement had been long planned and with fair warning, industrial network users are just beginning to comprehend the ramifications.

And it’s not that Windows XP will no longer work – it’s that Microsoft will no longer provide patches, security updates or infrastructure support, leaving industrial networks vulnerable to production disruptions and system downtime.

Practical SCADA Security
NIST Cybersecurity Framework: What it Means
DPI Firewalls Could be Industry Bright Light/
DNP3 Vulnerabilities: Intruder Just Walk In/

Even more concerning? Windows XP is the most popular OS for industrial users. It can be found in ruggedized PCs performing mission-critical tasks, such as control, safety and asset management, as well as embedded in thousands of devices used in factory automation and process control operations.

Those responsible for protecting critical industrial processes and networks are left with few options. And a system upgrade isn’t as simple as it may seem – one upgrade can trigger a lengthy “domino effect.”

Domino Effect Explained
Ultimately, upgrading to a new version of Windows will be necessary, but it’s not a quick project.

An upgrade will come with a long list of strings attached. It means migrating from an operating system that includes a variety of applications, hardware and software programs. And upgrading isn’t a one size fits all solution – it requires time, hefty costs, and risk associated with network downtime and operational productivity.

The domino effect triggered by an operating system upgrade involves a number of steps, including:

• Upgrading the operating system
• Purchasing and installing:
— New PC hardware and/or automation devices
— New software for the new equipment
— New communication drivers for the new software
• Ensuring automation devices work with the new software and drivers
• Conducting system integration work (since the mission-critical applications on your network may behave differently)
• Deploying modified applications
• Performing extensive testing on the new systems
• Executing user training and support for the new systems

Now, imagine completing that process for every Windows XP install you have, and you can see how a “simple” operating system upgrade can take several man years of effort.

Update on Your Own Schedule
Not everyone is ready to change the way they operate. For those who prefer to continue running on Windows XP – and tackle the upgrade of their OS on their own time – security becomes an even higher priority. Along those lines, one of the layers of defense could be install industrial firewalls.

There is no domino effect for enforcing industrial firewalls – essentially offering immediate peace-of-mind while securing your network from potential security incidents – from internal accidents to cyberattacks.
Mike Miclot is vice president at Belden Americas Group Industrial Solutions Division. Click here to read the full version of the Practical SCADA Security blog.

Leave a Reply

You must be logged in to post a comment.