Windows XP Cyber Time Bomb set for April 8, 2014
By Bill Lydon, Editor
The huge installed base of automation software running on Windows XP will be vulnerable to cyber-attacks with the end of Windows XP support April 8, 2014. Windows XP accounts for more than 30 percent of all operating systems deployed, according to Net Applications.com. The implication is that the computers running XP will be more vulnerable to cyber-attacks. Among all the discussion of cyber security issues and protection methods, the end of Windows XP support is potentially the largest single event to accelerate increased automation system downtime due to viruses and malware. More than 12 years old, Windows XP is the longest supported version of Windows ever and therefore is the most used in industrial automation systems.
Windows 7 Virtual XP Mode
Some companies are using the Virtual Windows XP mode in Windows 7 to improve performance and keep legacy software running. The code of the Virtual Windows XP Mode is on the same support lifecycle timetable as Windows XP and will also be ending April 8, 2014. For more info, see the Windows lifecycle fact sheet. Microsoft notes that the Virtual Windows XP Mode was primarily designed to help businesses move from Windows XP to Windows 7 and has limitations, including some hardware that might not be detected or work in Windows XP Mode. Windows 7 and 8 software drivers for older industrial automation protocols are already a problem becasue they block upgrades. Windows 7 Mainstream support ends January 13, 2015 and extended support ends January 14, 2020.
The Microsoft site has a page that discusses the Why? - What? - How? about the end of XP. Here is a summary of the information:
Why? - The site states, “Windows XP SP3 and Office 2003 will go out of support on April 8, 2014. If your organization has not started the migration to a modern desktop, you are late.”
What? – “It means you should take action. After April 8, 2014, there will be no new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates. Running Windows XP SP3 and Office 2003 in your environment after their end of support date may expose your company to potential risks…”
How? – This section describes information sources, services, and resources for migration to new or Microsoft operating systems. Microsoft notes that regarding upgrading newer operating systems, “Based on historical customer deployment data, the average enterprise deployment can take 18 to 32 months…”
There has been a trend to run Windows XP-based industrial automation software on virtualized platforms, but these are just as vulnerable. The Windows XP operating system code run in the virtualized environment is the same and will not be supported. In this environment the XP operating system software still communicates with virtual and real networks, exposing them to attack. The notion of harmful cyber code “living” in a virtual environment probing for ways to get at the other software in that computer represents significant threat potential. Virtualized systems are relatively new but are under cyber-attack. For example, VMware has released a number of patches that fix vulnerabilities in a number of its products. If you keep running XP in this environment, you’re increasing the support burden to configure, manage, and secure these images while being exposed to increased cyber risk.
What are your options?
Ignoring the issue increases the risk, since no new security patches for vulnerabilities will be available. It is obvious that the “bad guys” are always learning how to exploit software, and the ongoing patches to “plug holes” will no longer be available. In most applications, isolating applications running on Windows XP is not practical. The most sensible but costly thing to do is upgrade software to run on Windows 7 or 8.
Have you factored Windows XP migrations into your budgets?
- Posted in:
- Related Portals:
- Automotive, Building Automation, Chemical, Cyber Security, Embedded Automation, Factory Automation, Food & Beverage, HMI & Operator Interfaces, Machine Tools, CNC & DNC, Manufacturing Execution Systems (MES) Software, Manufacturing Operations Management, Material Handling, Oil & Gas, Packaging, Pharmaceutical, Power & Energy, Process Automation, SCADA & RTU, Water & Wastewater
Solving Food Manufacturing Labor Shortages Through Robotic Automation
By Maria Ferrante, PMMI
PMMI had a chance to speak about new technologies and trends in automation with Don Wickstrum, president and owner of...
CIA Exploits of IoT Devices: What lessons can we learn?
By Alan Grau, Icon Labs
Recent WikiLeak documents allege that the CIA developed, or sought to develop, or even “borrowed”, cyberattack...
The IoT Impact on Business Models: What Should Manufacturers Do First?
By Bill Lydon, Editor, Automation.com
The availability of many new technologies has provided the building blocks for dramatic changes in the...
Solving the 7 Most Common Tank Gauging Problems to Improve Safety
By Ulf Johannesson, Emerson
Many terminals and tank farms struggle with tank gauging because they use outdated equipment. However, modern tank...
Identifying Cyber Security Pitfalls in Manufacturing
By Jonathan Wilkins, EU Automation
With new strains of ransomware and other vulnerabilities created every week, what should manufacturers look...
Seeq to present with Bristol Myers Squibb and Devon Energy at OSIsoft User Conference
The presentations will speak of the benefits Seeq customers are realizing in the oil & gas, pharmaceutical, chemical, energy, mining, food and...
Rockwell Automation to showcase smart packaging, recognize Best Future Machines at interpack 2017
At interpack 2017, May 4 to 10 in Düsseldorf, Germany, visitors to the Rockwell Automation stand (hall 6/stand A61) will see the next generation...
SME Education Foundation partners with NASA Hunch to advance high school manufacturing education
This new collaboration is designed to attract and introduce more high school students to career opportunities in the industry and prepare them to...
Microscan partners with Lakewood Automation to demonstrate MicroHAWK capabilities at Advanced...
MicroHAWK, in combination with the browser-based WebLink user interface, allows users to adjust reader settings remotely and to monitor results in...
Hanel's automated storage unit boosts logistics at North Carolina high school.
Hänel offered two Rotomats to the Material Handling Institute (MHI), and Western Guilford was one of several schools to apply for the donation....