Microsoft will stop supporting Windows XP on April 8th of this year. It is funny that I was just reminded of this impending deadline by a OSIsoft Technical Support Bulletin that I received in my email while I am working with a client to replace an old Windows 2000 box running a PI interface.
There are way too many ICS systems running with Windows XP, with no plans yet for an upgrade. I’ve spoken about the chronic shortage of talent and resources in this area. Every company that I work with seems to run on the fewest number of engineers that they can squeeze by with. Even when they try to expand their staff, they find it very difficult to find qualified people.
One day there is going to be that Black Swan type event. It is going to expose how vulnerable all of these ICS systems are, and how haphazardly they are usually strung together. It takes a lot of time and effort to properly plan and test these systems, and with the minimal staffs, nobody is really doing that. They are constantly fire fighting, getting things to work, and then moving on to the next problem. They always intending to go back and lock it down, but never have the time to do it.
There are way too many XP systems sitting on ICS networks out there, and I imagine it will be that way for quite some time. Just remember that every new security patch that comes out for the newer Windows versions keys hackers into a possible attach vector for these older systems.