System Integrators play an important role in helping manufacturers benefit from industrial automation technologies. They design and implement sophisticated control systems and their expertise, project management skills and manpower help companies achieve advances that cannot be realized with internal resources.
If your company is a System Integrator or Control System Integrator then you have likely been building up your expertise in the area of industrial cyber security as demand for services related to this topic has grown.
In fact today I am participating in a webinar for the Control System Integrators Association. It’s about how to help companies reduce the operational risk created by the end of service (EOS) for the Windows XP operating system. The webinar is at 11am EST today, and you can still register for it. If you miss the webinar, this article provides an overview of what I will be saying.
Windows XP EOS is a BIG Opportunity
Windows XP has been the workhorse operating system for factories, energy facilities and many critical infrastructure systems around the world. The operating system runs important manufacturing, process and production applications on the plant floor, in the field as well as in control rooms and engineering offices. It is also embedded in thousands of devices that control many factory automation and process control operations.
With Microsoft ceasing to provide the security updates and “hot fixes” that were routinely available before April 8, 2014, computers and other devices are more vulnerable to security risks and viruses. The EOS of Windows XP places industrial users in a very uncomfortable position.
The risk of security issues and resultant downtime will steadily increase over time. Yet the cost of upgrading or replacing Windows XP-based systems, and particularly the cost of the associated disruption to operations, is often prohibitive.
The EOS of Windows XP puts industrial manufacturers in a difficult position. They need to navigate securing industrial applications and also get a a massive operating system upgrade project off the ground.
When you consider the fact that 70% of Microsoft’s security bulletins in 2013 affected Windows XP, this is a troubling development for those running mission critical applications.
To the alert system Integrator, this situation presents a significant opportunity for your company to talk to existing and potential clients about industrial cyber security without a specific project as the driver. You simply need to open a conversation along the lines of:
“We know you have Windows XP; we know migrating away from it is a huge job; we can help you navigate more effectively through this migration, and secure your systems now and into the future.”
The Way Forward Does Not Include Windows XP
The first piece of advice you can give clients is to stop implementing Windows XP systems, either in computer systems (e.g. HMI’s) or embedded into devices. In fact, many of your clients may be surprised to find that Windows XP is extensively deployed as Windows XP Embedded – a componentized version of Windows XP – and utilized in most industrial devices (e.g. controller, PLC’s, DCS, etc).
You can help identify these Windows XP assets and provide your client a comprehensive transition plan. This creates a dialogue about not perpetuating the problem and allows you to demonstrate your value add.
For existing Windows XP installations and unavoidable new ones, your conversation will likely cover using industrial firewalls as a way to “compensate” for Windows XP vulnerabilities. More information on this topic is available in the white paper available for download below.
But the cyber security discussions can be broader than that. For example around doing a risk assessment and complying with security standards such as NERC CIP 5 or IEC 62443.
Reference and Repeat
Once you work with one company on mitigating Windows XP risk, you will hopefully get a reference that will help you get more. As replacing Windows XP is going to be a multi-year project for most organizations, this expertise is a way to grow your business.
It also creates a trusted advisor relationship which helps with client “stickiness” or the ability to gain a deeper relationship with your client on a broader scale than you might on a per project basis.
Assisting clients with industrial cyber security issues and helping them upgrade away from Windows XP creates a “trusted advisor” relationship.
Belden Resources to Help You
Belden can help you in a number of ways. First, we have information about the practical options for securing industrial applications given the EOS of Windows XP in document and video format. Don’t forget to return to this blog on a regular basis for additional ideas and materials.
We also have pre-sales system engineers to help you with specific client projects. To access them, call 1-800-BELDEN1 (1-800-235-3361) or visit the Belden North America or Belden Europe contact webpages.
Next our line-up of industrial firewalls, including the EAGLE One Security Router and the EAGLE Tofino Industrial Firewall are the best in the business (of course I am biased so check them out for yourself). You can find information about them on this website or use the same contact information as above.
Cyber security is just one part of a good industrial Ethernet infrastructure design. We have a unique program called the Belden Certified Industrial Network Provider Program that trains and certifies partners in the best practices in this area. It allows you to offer networks backed not just by your company, but also by Belden. It also enables you to offer extended warrantees for Belden products. To find out about the program, see the video and brochure about it.