It is a well-known fact that legacy equipment shall continue to play a crucial role in the continuity and stability of critical infrastructure, especially in industrial control systems. A recent Center for Digital Government survey found that 70% of respondent agencies depend on legacy infrastructure for their operations.

Another recent report from Deloitte and MAPI, “Cyber risk in advanced manufacturing,” underscores the importance of protecting the legacy control systems. As per the report, modern industrial control systems are considerably easier to secure than their predecessors. It follows a survey of more than 200 manufacturing enterprises, of which 40 percent reported they were affected by cyber incidents in the preceding 12 months. The report highlights the facts that the greatest risk exists in legacy industrial control systems.

So what exactly is legacy infrastructure? Why does it need protection?

In contrast to the latest and advanced equipment used in modern smart industries such as smart grids or smart factories, legacy equipment is generally dated and in some cases 20, 30 or even more years old. This equipment still works and is often not replaced, sometimes owing to the enormous capital expenditure required for an upgrade. At times, such equipment does not even understand IP (Internet Protocol), as the communication protocol and may use some proprietary communication mechanism. Here the task of updating becomes ever-daunting, as what’s required is to overhaul not only the control system equipment but the network infrastructure, as well.

Another big challenge with some of these dated control systems is they run old and sometimes outdated versions of operating systems or application software that are no longer supported by their manufacturers or even by the software development community. Such systems leave vulnerabilities unpatched, making them insecure to attacks and exploits. To add to it, these at times (Read more...)