Don't Host Critical SCADA Applications on an Insecure Infrastructure

On July 14, 2015, Microsoft will end extended support for its Windows Server 2003 operating system. That means Microsoft will not develop or release any updates for the Windows Server 2003 platform.

Why is this important? Microsoft released 37 critical updates for Server 2003/R2 in 2013. Since security flaws could still be exploited in the soon to be unsupported Server 2003 platform, you should strongly consider your options for migrating to a supported operating system.

Maintaining legacy systems can also be costly and in terms compliance with industry standards. Over time, it becomes harder to support (or find) the hardware to run legacy software.

Running legacy systems might also cost your company in terms of compliance with industry standards.  Standards like NERC CIP already address systems security management. Deliberately choosing to remain on an unsupported, potentially exploitable operating system like Windows Server 2003 may not be appropriate mitigation of risk exposure called out in the standard.

Options for moving forward

Fortunately, there are quality options for replacing your existing Windows Server 2003 infrastructure. Just as Windows XP was replaced by Windows 7 and 8.1, Server 2003 has been replaced by Windows Server 2008/R2 and Windows Server 2012/R2.

According to the IDC whitepaper, “Windows Server 2003: Why You Should Get Current”:

Windows Server 2012 R2 offers relatively good application compatibility with Windows Server 2003. Although Windows Server 2012 R2 is delivered as a 64-bit operating system, most 32-bit applications that have no 16-bit code segments should install and run on Windows Server 2012 R2 through Windows on Windows 64 (WoW64) technology. The main exception to this compatibility story is for applications that operate in kernel mode rather than user mode. Security applications and some system utilities such as backup and management agents are among the applications that are likely to need an upgrade as part of a migration to Windows Server 2012 R2.

Lastly, since Windows Server 2008 is slated for end of mainstream support in January 2015, the whitepaper also recommends that customers looking to upgrade their Windows Server 2003 systems upgrade directly to Server 2012 R2.

Options for Wonderware users

Though operating system upgrades can be pricey and migrating applications can be time-consuming, there are certainly some perks that come from upgrading software.

The latest versions of Wonderware products (2014 and 2014R2) offer many new features. Here are a few you may want to explore:

·        Content-Aware Script Editor: A comprehensive new “Auto-Complete” behavior in the Script Editor anticipates the engineer’s next move and provides intelligent choices that match the likely intent. InTouch 2014 consolidates all scripting work within one development environment and helps shorten script engineering time by 40%.

·        Alarm Management tools: Improved alarm management minimizes nuisance alarms while enhancing operator focus on critical alarms through the use of alarm shelving, new alarm client symbols, and plant-based alarm suppression.

·        Situational Awareness Graphics Library: Situation Awareness Library symbols are designed to enhance an operator’s situational awareness of current process conditions using a variety of visual techniques.

To learn more about what the end of support for Windows Server 2003 could mean for your company, please visit http://www.microsoft.com/en-us/server-cloud/products/windows-server-2003/ or check out Microsoft's Windows Server 2003 Migration datasheet.

Clint Schneider

Tech Services at Logic, Inc. 

P: 316-693-8805

E: clint@logic-control.com