My biggest headache is vulnerability management in Operational Technology. We have HMIs running on Windows XP because the specialized software won't run on anything newer. We can't reboot for updates without stopping production, which costs thousands per hour. How are other OT managers handling the risk of unpatched critical vulnerabilities in "always-on" systems?
3 answers
In OT, "compensating controls" are often more practical than direct patching. Since you can't reboot, you must wrap that legacy Windows XP box in layers of protection. Use virtual patching at the network level with an Industrial IPS (Intrusion Prevention System) that can detect exploits targeting those specific vulnerabilities. Additionally, strictly limit the traffic to that HMI using a whitelist approach. If the device only needs to talk to one specific PLC, block every other port and IP. This "virtual shielding" buys you time until the next scheduled maintenance shutdown when you can finally perform hardware upgrades.
Have you tried using application whitelisting tools like Carbon Black or Stellare to ensure that even if a virus gets on that XP machine, it simply cannot execute?
If the hardware is that old, you should consider a "swing" migration strategy where you prepare new hardware in parallel and swap them during a tiny 15-minute window.
Jennifer, we’ve used that "blue-green" style deployment for our controllers before. It’s stressful but far better than trying to fix a bricked legacy system mid-production.
Michael, we've looked into it. To answer your question, those tools are great but can be heavy on resources for older hardware. We found that a lightweight "lockdown" mode on the network switch was a more stable way to prevent unauthorized execution without crashing the old HMI software.