If your job mandate includes maintaining uptime then network security is an area you can’t afford to ignore. In the industrial space the biggest risk comes from accidental network introductions, such as a virus introduced by a supplier or an employee via a USB drive. Once that happens, your manufacturing or process control operations could be in jeopardy.
In the two videos in this article I explain how cyber security risk is different in the industrial environment than in the IT or office environment. I then zero in on how risk has been increased with the end of service for Windows XP and I explain how industrial firewalls can help.
Preserve Uptime by Minimizing Industrial Cyber Security Risk
Cyber security for industrial networks focuses on preserving uptime by guarding against accidental introductions of viruses or malware. (1:10)
Control networks are particularly susceptible to accidental introductions of malware. This is because the PCs in many plants run for weeks or months without any security updates, and some even operate without any anti-virus tools. The Windows XP end of service, discussed below, intensifies this problem.)
In addition, there are many pathways through which cyber security threats can enter manufacturing facilities. Besides infected USB keys, supplier laptops, remote access activities, project files or email attachments could be malware vectors.
Finally, many ICS networks are still often implemented as large 'flat'networks, with no isolation between unrelated subsystems. This means that if a problem does occur in one part of the plant, it can spread very quickly to other unrelated subsystems and even to remote plant sites.
Windows XP End of Service Increases Cyber Risk
The recent end of service for Windows XP increases the risk of downtime from network problems related to malware. This is because:
The end of service for Windows XP increases cyber risk and creates a domino effect of upgrades and projects. Industrial firewalls are a simple way to protect uptime now and upgrade away from Windows XP on your own schedule. (7:40)
Perhaps you have never implemented any Windows XP patches over the last 10 years and you don’t recall having a serious problem with computers, devices or applications over the time the operating system has been in service.
However, you’ve probably seen a few situations where a computer or an application had some unexplained problem. Resolving them required a call to Microsoft or a software vendor to provide a patch, new driver or some other software reload to return your system to normal.
Now, you need to decide if the risk of an incident and having no support available is a situation that fits with your operation’s uptime requirements.
Industrial Firewalls Are an Easy Way to Protect Uptime
The good news is that industrial firewalls are available that:
Finally, industrial firewalls make sense when evaluated from a total cost of ownership perspective.