We are now in the final month of Microsoft offering support for its
Windows XP operating system, which presents a new security challenge for the great
many control systems still running XP. Without support, XP control systems will
not receive regular security updates, making them susceptible to cyberattacks. Control
systems running older versions of XP will of course be no less secure than they
already are.
This shouldn’t be news to any utilities using Windows XP, as
Microsoft is pretty transparent about the Windows lifecycle. (Set your calendars now for April 11, 2017, Windows
Vista users, however few of you are.) Despite knowing that support is ending, laggards
among control system vendors are still shipping new products on Windows XP, demonstrating
an “if it ain’t broke, don’t fix it” attitude. Well, Windows XP is now
officially broken.
Utilities aren’t exactly early adopters when it comes to new
operating systems — and with good reason. With every new operating system comes
a host of bugs and glitches that put reliability-critical and safety-critical
systems at risk. When Windows 8 was released, the control system world watched
and learned as corporate information technology (IT) teams struggled with it while
the kinks were ironed out. Only once a technology is proven and the reliability
risks well-understood do we start seeing industrial customers begin to deploy
the technology. This shaves at least a few years off the lifespan of operating
systems in the industrial world compared with the corporate world.
This has long been a problem with no simple solution and reflects a larger
debate surrounding the issue. Upgrading an industrial control system to the
latest operating system is generally impossible, as the old version of software
generally does not run the same (or run at all) on a new operating system. Regularly
upgrading to new versions of control system software is often cost-prohibitive,
due to the resources needed to test a change that big. The testing cost of installing
regular security updates at all is prohibitive in complex environments with
serious safety and reliability concerns.
For the foreseeable future, and very possibly indefinitely, a great
many control systems will continue to suffer from a very “soft interior”
security-wise. Compensating measures in the form of strong physical security
perimeters and strong cybersecurity perimeters continue to be far more
important in preventing attacks to control system networks than these measures
are important to corporate IT networks. One compensating measure we see being
deployed ever more widely is hardware-enforced Unidirectional Security Gateways,
which allow business-critical industrial data to flow in one direction out of a
protected network, without any chance of an attack getting back in through the
equipment.
The day is upon us. If our control system has a soft interior, we
had better put a hard shell around that interior if we want to stay safe.
Read more about how Unidirectional Security
Gateways can protect critical infrastructures.