One strategy for the passing of Windows XP

Cyber security expert offers advice for finding one silver lining in the passing of support for Microsoft Windows XP. It might get companies to face larger realities.


Flash is required!

Matt Luallen offers advice on Windows XP as he gets ready for his class at DePaul University.

Matt Luallen offers advice on Windows XP as he gets ready for his class at DePaul University.Microsoft has allowed Windows XP to move onto the too-old-to-support list, and the world is still turning and those computers still work. There are many industrial users that still depend on XP, just as there are many business-IT systems that have never upgraded.

XP continues to work but its obsolescence means that Microsoft will cease offering patches for vulnerabilities in the program. (The fact that vulnerabilities are still being found after all these years is an interesting point in itself.) Some vulnerabilities may prove to be exploitable by cyber criminals, and there will be no mechanism to fix them in the actual code. Zero-day vulnerabilities become forever-day vulnerabilities. (Read an earlier article on different types of vulnerabilities.)

In the video, Matt Luallen points out that in a typical industrial environment, there are potentially many cyber assets that share this problem. There are all sorts of devices that are not patched or cannot be patched. The key to dealing with those devices and platforms, and now XP is added to the list with all the earlier versions of Windows that are also still running in many environments, is minimizing their exposure. Keep what you need, and get rid of everything else. This advice is nothing new. It’s part and parcel of performing a vulnerability assessment, and you should be doing this sort of thing regularly. (Read an earlier article on vulnerability assessment.)

Will this situation cause companies to face up to what’s really happening and launch a more complete cyber security assessment? Let’s hope so. If you’re trying to make this happen within your own company, it’s something you can use as leverage.

Matt Luallen has prepared a comprehensive video course on cyber security for Control Engineering.

Peter Welander,

Anonymous , 04/17/14 12:03 PM:

Though this topic is only superfically addressed in this article It is valuable in that it gives one a "heads up" to the fact that certain vulnerbilities may lurk in our systems. It may be time to do a bit of "house cleaning".
Anonymous , 04/17/14 12:14 PM:

One aspect in the do I upgrade or not that is often overlooked is the availability of spare PC parts. Especially for systems with dedicated function cards, getting a replacement can be a problem. This often drives the question beyond the security space to include the overall reliability and supportability of the system.
Anonymous , 04/21/14 12:42 PM:

The Stuxnet virus attack should have raised concerns in the industrial world, but was met mostly with inaction. This is typical. Until there is an immediate crisis or government regulations, upper management sees no problem to solve. Windows is such a "house of cards" that it is hard to know what services running are essential or where they even came from.

This "we see no problem" mentality has led to some significant historical slap-downs. The Three Mile Island incident happened shortly after the movie China Syndrome, almost per script, after assurances from managers it could never happen. Fukushima's loss of diesel generators was similar. Industrial attacks can be as devastating as any bombings of populations. What would happen to America's sprawling suburbs without gasoline and transportation?
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Robot advances in connectivity, collaboration, and programming; Advanced process control; Industrial wireless developments; Multiplatform system integration
Sensor-to-cloud interoperability; PID and digital control efficiency; Alarm management system design; Automotive industry advances
Make Big Data and Industrial Internet of Things work for you, 2017 Engineers' Choice Finalists, Avoid control design pitfalls, Managing IIoT processes
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Big Data and bigger solutions; Tablet technologies; SCADA developments
SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
click me