The recent announcement that Microsoft has ended its support of Windows-7 may have left many companies with security concerns. While desktop PCs in an office are likely to have been updated long ago, the systems used to run and control CCTV systems and other critical security equipment are often ‘hidden’ away and can be missed from any standard update processes. Steven Bishop, Head of Technology for Fabrication Systems and long-serving member of the IFSEC Installer Advisory Group, offers his opinion on the potential repercussions.
On Monday 13th January Microsoft officially ended its support of the Windows-7 operating system. It is a significant enough event to have received headlines in the mainstream press, and has appeared on BBC TV and radio, demonstrating its importance.
As installers and security engineers, the PCs we look after for clients are the ones hidden in broom cupboards and in locked equipment-machine-rooms – these are the ones that get ignored for most of the year and only get visited when something breaks. Yet, all of these PCs are busy doing important jobs like controlling CCTV cameras, recording streams of video onto stacks of Hard-Disc-Drives, managing the activity of door-access controllers, and handling smart building automation.
Some companies will have already made their plans and completed their major upgrade to the next and greatest version of Windows. Hopefully their upgrade path will have gone smoothly for them. However, many do not always realise that a major upgrade of one piece of equipment or software can often break the links with a number of the other critical components and devices in a network.
It is quite normal to find that a major upgrade of Windows will have knock-on effects that mean your surveillance cameras, video recorders, door-entry systems and other devices stop communicating properly and become unreliable. If a few, or even all of these devices are outside the manufacturer’s warranty period and no longer have on-going software support for this next version of Windows, then you will find yourself with big problems and a big dilemma.
One option is to bite-the-bullet and give the service engineers the go ahead to upgrade everything they think that needs it. This ‘big-bang’ approach will be the most disruptive and the most expensive solution and will require a major effort and cost to re-do all of the system integration.
A second solution is to choose to carefully isolate your system by wrapping it in the strongest firewalls and security software you can buy. This effectively cuts the whole system adrift, stranding it on a desert island. It does, however, make any future maintenance and growth of the system more painful and more costly than it needs to be.
You may have heard the phrase where a system is said to have a ‘technical debt’. This means that there is an array of problems that have been buried until later. It might seem like a good idea to bury the problems on a metaphorical desert island but the mainland shore won’t stay in the same place. Over time, the mainland will head off in a new direction and the gap to the island will grow wider and wider until it becomes so great that the only option left will be to tear down the whole system and rebuild from scratch.
Alternatively, you could take a more considered approach and analyse a complete inventory of equipment and devices to plan precisely what needs to be upgraded, what needs to be replaced and what can be safely managed. Each component needs to be looked at and where it can be upgraded so that it gets placed safely back on the mainland with the minimum of disruption.
Where you have a critical component that can’t be upgraded and can’t be retired, we would recommend building a strong and secure bridge back to the mainland. Ideally, this should have been done with time to spare before the deadline that arrives on Monday 13th January, but whether you tackle this after that date, the problems will remain.
The risks will arguably get bigger if you leave it longer, as the ‘bad guys’ will have had time to discover whatever security holes still remain within Windows-7. Without those regular software patches that Microsoft delivered by “Windows Update” then all of these security holes will still be wide open for attack. So, the decision to do nothing seems risky.
Those PCs sat out on the desks in open-plan offices will all have been seen by the IT department and updated from Windows-7 in plenty of time and well before last Monday’s end-date. The PCs we worry about accidentally leaving on Windows-7 are those that have become buried in cupboards and forgotten about. These are the PCs that the IT department doesn’t want to look after… and it is very easy to miss these.
You can find out more From Steven by visiting www.fabric8n.com and clicking on ‘maintenance’.
