Last Friday, the Federal Energy Regulatory Commission issued an order requiring physical protection of major substations and other facilities of electric utility companies, in the wake of a sniper attack on a San Jose, Calif., PG&E Corp. substation. Regulators are trying to identify serious threats to the operation of the U.S. electric grid. A standards-writing organization will work with utilities “to determine which sites are essential, define threats and develop physical-protection standards,” according to The Wall Street Journal.

But the more imminent threat to the security of electric utility operations may be a lot less sinister than a sniper: Microsoft Corp.’s plan to end support for the Windows XP operating system next month. The Wall Street Journal says Windows XP “is widely used on workstations in nearly all of the electric and gas utilities in the United States,” and the loss of vendor support could make those workstations easier to hack.

electric transformer Windows XP security

When Microsoft stops providing security updates or technical support for Windows XP, on April 8, “it will be easier for cyberattackers to create malicious software that could take advantage of the unpatched OS to create regional blackouts or industrial accidents,” the WSJ quoted  Michael Assante, former vice president and chief security officer for the North American Electric Reliability Corp., as saying.

Security experts are particularly concerned about XP’s use on workstations in utility control centers that supervise operational conditions in the field, like the amount of pressure in a particular gas line.

Why are electric utilities three generations behind with their Windows operating system? Upgrading to Windows 7 or Windows 8 would cost a utility company more than $100 million and take years, partly because of customization and partly due to the need to ensure that the upgrade works with legacy systems. In the past, when electricity plants weren’t as well connected to networks as they are today, an outdated operating system was not as big a security risk.

Microsoft will continue providing updates to its “antimalware signatures and engine for Windows XP users through July 14, 2015,” according to the software giant, but “antimalware solutions on out-of-support operating systems [are] limited.”

According to Netmarketshare, as of February 2014 Windows XP was running on 29.23 percent of all the desktops the U.K. group detected online.

Source: Windows XP in Utilities Could Mean Big Security Problems – The CIO Report – WSJ

Photo: Trekphiler, Wikimedia Commons, CC BY 3.0

, , , , ,

2 responses to “Reliance on Windows XP Poses Threat to the Grid”

  1. A recent FERC study points out that the US could suffer a nation-wide blackout if nine of our 55,000 substations were disabled.

    Even the Wall Street Journal has reported this recently.

    While there was a lot of profit made by the investor class as the Energy Sector became an oligopoly over the last few decades, it might be time to consider enforcing the Sherman Anti-Trust Act and redesign the power grid to be less centralized and build in more redundancies – as if National Security and not just profit depended on it.

  2. Microsoft should continue to support XL at least for the grid and other government applications. The withdrawal of support is a marketing tool and really not necessary for most people and companies. At least forego the increased sales on vital economic and national security applications. I am not generally in favor of Government intervention but this is a security situation and Microsoft should be required to continue support.

Leave a Reply

Your email address will not be published. Required fields are marked *