After more than 12 years, Windows XP, a stable and reliable operating system for most manufacturing facilities reached End of Life (EOL) on April 8, 2014. Microsoft will no longer provide automatic fixes, updates or online technical support. While Windows XP will continue to work, security updates or patches will no longer be issued to ensure operating networks are secure. In 2013 alone, 70% of Microsoft’s security bulletins involved Windows XP.
Security breaches are not the only risks of the continued use of Windows XP in industrial plants. Numerous industrial control and supervisory control and data acquisition (SCADA) systems use Windows XP in their operator displays, human machine interfaces (HMIs), engineering laptops, and programming stations.
Prolonged use of Windows XP can lead to communication outages in industrial networks that are designed for mission-critical applications and processes. Studies show that unplanned manufacturing downtime can cost up to $1.6 million per hour in lost revenue and significantly impact safety processes putting the workforce at risk as well.
What Can You Do?
If you have payed Microsoft for extended Windows XP support, then you know that the clock is ticking. Updating a control network can require significant resources and be disruptive for operations, but leaving your assets unlocked isn’t a viable option either. Upgrades require a thorough audit and well-designed plan to avoid disruption and risk to other networked applications.
Communication between the networks and behind security appliances can be locked down to an extreme. Unfortunately, this can cause problems with usability and it still isn’t as secure as modern software solutions. Layering the network so that older networks are nested behind new networks and firewalls is a stopgap option. The problem with older networks is that even with defense in depth, one weak link can break the chain. Real security is baked into a system at every layer. The stopgap solution that uses security appliances gives you time to patch and plan.
Manufacturers know that a software upgrade can result in a cascade of expenses. Software might require new hardware and new hardware might require new connections and new connections might require new programming. But, at some point in the future, you know that everything will need to be upgraded so the time to start planning is now. The time in which manufacturers have to upgrade their networks is actually getting longer with each new operating system release. Developing a migration plan with future End of Life points in mind will enable manufacturers to avoid the sudden loss of support and capability every few years.
Tips for addressing challenges for Windows XP End of Life
Create an inventory of XP and non-XP assets and identify the five areas that usually present the greatest challenges:
- Application compatibility issues
- Time and resources required to effectively perform migration
- User training and support required after migration
- Lost productivity during migration
- Issues with repackaging, remediating and deploying applications
Industrial network security has come a long way since the days of Windows XP. As you build new networks and replace old ones, security is baked into the process. The configuration of these networks are less likely to be upended in the near future. Modern technology and software solutions are easier to update and maintain than their predecessors. Modern networks will last well into the future so eliminate the risk of Windows XP today. Click here to download Polytron’s Network Upgrade case study, Hanging by a Wire.