If your job mandate includes maintaining uptime then network security is an area you can’t afford to ignore. In the industrial space the biggest risk comes from accidental network introductions, such as a virus introduced by a supplier or an employee via a USB drive. Once that happens, your manufacturing or process control operations could be in jeopardy.
In the two videos in this article I explain how cyber security risk is different in the industrial environment than in the IT or office environment. I then zero in on how risk has been increased with the end of service for Windows XP and I explain how industrial firewalls can help.
Preserve Uptime by Minimizing Industrial Cyber Security Risk
Cyber security for industrial networks focuses on preserving uptime by guarding against accidental introductions of viruses or malware. (1:10)
Control networks are particularly susceptible to accidental introductions of malware. This is because the PCs in many plants run for weeks or months without any security updates, and some even operate without any anti-virus tools. The Windows XP end of service, discussed below, intensifies this problem.)
In addition, there are many pathways through which cyber security threats can enter manufacturing facilities. Besides infected USB keys, supplier laptops, remote access activities, project files or email attachments could be malware vectors.
Finally, many ICS networks are still often implemented as large 'flat'networks, with no isolation between unrelated subsystems. This means that if a problem does occur in one part of the plant, it can spread very quickly to other unrelated subsystems and even to remote plant sites.
Windows XP End of Service Increases Cyber Risk
The recent end of service for Windows XP increases the risk of downtime from network problems related to malware. This is because:
The Windows XP operating systems is pervasive in industry. Besides white box PCs on the plant floor and in control rooms, it is also present in:
• computers in engineering offices and remotes sites,
• as ruggedized PCs running production processes and
• it is embedded in many devices that control factory automation and process control operations.
Microsoft is no longer providing fixes, updates or online technical support for Windows XP, yet the operating system was impacted by 70% of Microsoft’s security bulletins in 2013.
The end of service for Windows XP increases cyber risk and creates a domino effect of upgrades and projects. Industrial firewalls are a simple way to protect uptime now and upgrade away from Windows XP on your own schedule. (7:40)
Perhaps you have never implemented any Windows XP patches over the last 10 years and you don’t recall having a serious problem with computers, devices or applications over the time the operating system has been in service.
However, you’ve probably seen a few situations where a computer or an application had some unexplained problem. Resolving them required a call to Microsoft or a software vendor to provide a patch, new driver or some other software reload to return your system to normal.
Now, you need to decide if the risk of an incident and having no support available is a situation that fits with your operation’s uptime requirements.
Industrial Firewalls Are an Easy Way to Protect Uptime
The good news is that industrial firewalls are available that:
Are simple to install and configure quickly
Require minimal staff time, training and support to implement
Do not involve upgrading or replacing other systems
Are designed from the ground up for rugged industrial environments
Are an easy solution that allows you to protect systems today while creating your own timeline for migrating away from Windows XP.
Finally, industrial firewalls make sense when evaluated from a total cost of ownership perspective.
- Blog: Manufacturing IT: Separate the Industrial Network from the IT Network
- Blog: ICS Security: How Your IT Dept. Can Help
- Blog: Windows XP End of Service – What it Means for Industrial Applications, Part of 1 of 2
- Blog: Windows XP End of Service – Triggering a “Domino Effect” of Industrial Network Upgrades, Part 2 of 2
- Webpage: Security Capabilities
- Webpage: EAGLE One Security Router
- Webpage: EAGLE Tofino Industrial Firewall/VPN Router Systems