Kevin Coleman is a senior fellow at SilverRhino and former chief strategist at Netscape. (File)
Guest post by C4ISRNet blogger Kevin G. Colman, senior fellow at SilverRhino.
Microsoft’s April 8 deadline for stopping all support of Windows XP is fast approaching. The question is – are we ready? That day will come and go and there will still be desktops, laptops and other equipment that run XP in operation. A recent poll of IT professionals found that more than 30 percent plan to leave at least some of their existing XP systems in place after the April deadline. One estimate actually projected that 20 percent of the world’s PCs will still be using XP after Microsoft stops support. Let’s do the math! By one count there are 1.1 billion computers in the world and only half of them are running Windows. If 20 percent of that half continue to run on XP, that means there would be 110 million computers running XP. Wow -- now that would be a bot-net!
A March 11 discussion with a critical infrastructure provider was cause for increased concern. He disclosed that they have approximately 4,000 PCs still running XP and a fair amount of specialized pieces of equipment that has XP as their operating system. In discussion with the specialized equipment vendor about this rapidly approaching issue, the vendor’s answer was it can’t be upgraded so you have to buy new equipment!
So you have the cost of new hardware, new software licenses, updating custom developed software applications, installation, testing. That is a big number that is not in the budget. Now consider the time it takes to procure all of this and the budgetary and legal approvals, when you add all of that up it is clear they are not going to come close to making it by the April deadline. The issue is not so much the traditional computer (PC and laptop), but equipment with embedded computing capabilities that use XP. Even simple process controllers can be a risk. The answer is NOT to go out and buy a new piece of hardware, because you have the same software, system modification and testing issues with these devices.
Dennis Brandl, an automation consultant in manufacturing, added another dimension to this problem: We don’t have the quantity of proper training resources to address this issue in the short-term! Available people are especially important in validation required industries where just any changes to the system may require a complete system validation.
If this is anywhere close of an accurate representation of the status after April 8, does that risk rise to the level of a national security threat?