One strategy for the passing of Windows XP

Cyber security expert offers advice for finding one silver lining in the passing of support for Microsoft Windows XP. It might get companies to face larger realities.


Flash is required!

Matt Luallen offers advice on Windows XP as he gets ready for his class at DePaul University.

Matt Luallen offers advice on Windows XP as he gets ready for his class at DePaul University.Microsoft has allowed Windows XP to move onto the too-old-to-support list, and the world is still turning and those computers still work. There are many industrial users that still depend on XP, just as there are many business-IT systems that have never upgraded.

XP continues to work but its obsolescence means that Microsoft will cease offering patches for vulnerabilities in the program. (The fact that vulnerabilities are still being found after all these years is an interesting point in itself.) Some vulnerabilities may prove to be exploitable by cyber criminals, and there will be no mechanism to fix them in the actual code. Zero-day vulnerabilities become forever-day vulnerabilities. (Read an earlier article on different types of vulnerabilities.)

In the video, Matt Luallen points out that in a typical industrial environment, there are potentially many cyber assets that share this problem. There are all sorts of devices that are not patched or cannot be patched. The key to dealing with those devices and platforms, and now XP is added to the list with all the earlier versions of Windows that are also still running in many environments, is minimizing their exposure. Keep what you need, and get rid of everything else. This advice is nothing new. It’s part and parcel of performing a vulnerability assessment, and you should be doing this sort of thing regularly. (Read an earlier article on vulnerability assessment.)

Will this situation cause companies to face up to what’s really happening and launch a more complete cyber security assessment? Let’s hope so. If you’re trying to make this happen within your own company, it’s something you can use as leverage.

Matt Luallen has prepared a comprehensive video course on cyber security for Control Engineering.

Peter Welander,

Anonymous , 04/17/14 12:03 PM:

Though this topic is only superfically addressed in this article It is valuable in that it gives one a "heads up" to the fact that certain vulnerbilities may lurk in our systems. It may be time to do a bit of "house cleaning".
Anonymous , 04/17/14 12:14 PM:

One aspect in the do I upgrade or not that is often overlooked is the availability of spare PC parts. Especially for systems with dedicated function cards, getting a replacement can be a problem. This often drives the question beyond the security space to include the overall reliability and supportability of the system.
Anonymous , 04/21/14 12:42 PM:

The Stuxnet virus attack should have raised concerns in the industrial world, but was met mostly with inaction. This is typical. Until there is an immediate crisis or government regulations, upper management sees no problem to solve. Windows is such a "house of cards" that it is hard to know what services running are essential or where they even came from.

This "we see no problem" mentality has led to some significant historical slap-downs. The Three Mile Island incident happened shortly after the movie China Syndrome, almost per script, after assurances from managers it could never happen. Fukushima's loss of diesel generators was similar. Industrial attacks can be as devastating as any bombings of populations. What would happen to America's sprawling suburbs without gasoline and transportation?
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Salary and career survey: Benchmarks and advice; Designing controls; Remote data collection, historians; Control valve advances; Hannover Messe; Control Engineering International
System integration: Best practices and technologies to help; Virtualization virtues; Cyber security advice; Motor system efficiency, savings; Product exclusives; Road to Hannover
Collaborative robotics: How to improve safety, return on investment; Industrial Internet of Things, Industrie 4.0: World views; High-performance HMI, Information Integration: OPC and OMG
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.
PLCs, robots, and the quest for a single controller; how OEE is key to automation solutions.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Getting to the bottom of subsea repairs: Older pipelines need more attention, and operators need a repair strategy; OTC preview; Offshore production difficult - and crucial
Digital oilfields: Integrated HMI/SCADA systems enable smarter data acquisition; Real-world impact of simulation; Electric actuator technology prospers in production fields
Special report: U.S. natural gas; LNG transport technologies evolve to meet market demand; Understanding new methane regulations; Predictive maintenance for gas pipeline compressors
click me