Cybersecurity remains a top concern among process manufacturers around the globe. In a recent Process Engineering article, Weak spot, the article opens:
Last month marked the end of technical support for Microsoft’s Windows XP operating system. Robert Smith investigates the security risks for process plants running control systems on the XP platform.
He notes:
Emerson’s Bob Huba, DeltaV Product Manager and System Security Architect, whom you may recall from many cyber security-related posts, is quoted:In the past, when a vulnerability was detected on Windows XP, Microsoft would issue system patches to protect PC users and their data.
This type of technical support is still available through Microsoft’s supported OS platforms, such as Windows 7 and 8.
However, for those who continue to run Windows XP, Microsoft will not provide any support for any new vulnerabilities that are found, which could lead to an increase in hacking and system exploitation.
A company’s security vulnerability situation depends very much on how their systems have been installed.
I followed up with Bob to ask him more about this. He explained that it appeared that some people think that no internet access means no external network connections which is incorrect. When people say that systems are not connected to the internet, what they mean is not directly connected.
These days most systems do have connections to external plant LANs but this connection must be designed and protected so that the control system computers are not allowed to create a direct connection to the Internet. External connections should be setup using a point-to-point connection strategy that prevents direct access from either inside or outside the system.
For DeltaV users, you can read more about best practices in the whitepaper, DeltaV System Cyber-Security. You can also follow and interact with Bob and other DeltaV security professionals in the DeltaV track of the Emerson Exchange 365 community.