Charlotte Stonestreet
Managing Editor |
Home> | IIot & Smart Technology | >Cyber Security | >Safeguarding legacy equipment |
Safeguarding legacy equipment
20 October 2023
Jeremy Wittingham highlights the cybersecurity vulnerabilities associated with outdated technology and provides manufacturers with insights on mitigating risks
MANUFACTURERS FREQUENTLY face a significant reliance on legacy systems and aging equipment. This dependency stems from various factors, including limited budgets, compatibility challenges and vendor lock-in. These constraints often hinder the adoption of modern technologies. However, this reliance on outdated equipment puts organisations at risk of cybersecurity vulnerabilities. The need for technological advancements becomes evident, yet many manufacturers continue to operate with ageing infrastructure. This situation leaves them susceptible to potential breaches and cyber threats. Finding a balance between cost-effective solutions and the necessity to upgrade is a critical challenge that manufacturers must navigate to enhance their cybersecurity posture and safeguard their operations against evolving risks.
Legacy equipment frequently relies on outdated operating systems and software that have reached the end of their vendor support. Consequently, manufacturers using such equipment face a significant challenge in terms of security. Without vendor support, critical security updates and patches are no longer provided, leaving the equipment exposed to known vulnerabilities. This creates an attractive target for hackers who actively exploit these weaknesses to gain unauthorised access or disrupt manufacturing processes. The absence of security updates increases the risk of successful cyberattacks, potentially resulting in data breaches, production disruptions, or even physical harm to workers.
Limited processing power
However, the limitations of ageing equipment extend beyond the lack of vendor support. Another challenge arises from their limited processing power, which can impede the implementation of modern security measures. Advanced encryption algorithms, robust threat detection systems and other sophisticated security technologies often demand substantial computing resources that older equipment may struggle to provide – hampering the ability to fortify systems against evolving cyber threats. Furthermore, older hardware may lack built-in security features that are now commonplace in newer devices. These features, such as secure boot mechanisms or hardware-level firewalls, provide an added layer of protection against unauthorised access and data theft.
Manufacturers can address cybersecurity challenges related to aging equipment by conducting regular risk assessments and maintaining an updated inventory. These assessments help identify vulnerabilities and prioritise necessary upgrades or replacements based on criticality. By understanding the security risks associated with specific systems and equipment, manufacturers can allocate resources effectively and focus on addressing the most critical areas.
Developing a well-defined plan for phasing out legacy systems and upgrading to modern technology is also crucial. Businesses need to consider the cost-benefit analysis of investing in newer equipment versus the potential risks and impact of a security breach on production processes — especially when the average cost of data breaches in the industrial sector was £3.5 million in 2022. By strategically prioritising upgrades, manufacturers can minimise disruption while gradually enhancing their cybersecurity posture.
Strengthening the overall cybersecurity approach involves implementing robust security measures. Regular patch management is essential to ensure that ageing equipment receives necessary updates. Strong access controls, including strong passwords and multi-factor authentication help protect against unauthorised access. Encryption can be applied to sensitive data and communications, adding an additional layer of protection and network segmentation helps to isolate critical systems, limiting the potential damage of a breach. Manufacturers should also explore modern security solutions specifically designed to protect legacy systems if available, further enhancing their cybersecurity defences.
Education is key
Educating employees about the risks associated with ageing equipment and promoting adherence to security protocols is crucial. Training and awareness programs should emphasise the importance of cybersecurity practices, such as recognising phishing attempts, reporting suspicious activities and regularly updating passwords. By fostering a culture of cybersecurity awareness throughout the organisation, manufacturers can empower employees to remain vigilant against potential threats and actively contribute to maintaining a secure environment.
By taking these proactive steps, manufacturers can protect their critical assets, maintain operational resilience and ensure the integrity of their production processes. Embracing technological advancements while addressing the challenges of aging equipment will enable manufacturers to navigate the evolving cybersecurity landscape and safeguard their operations against potential breaches and cyber threats.
Jeremy Whittingham is industry consultant and member of the Advanced Engineering team
Key Points
- Legacy equipment often relies on outdated operating systems and software that have reached the end of vendor support
- Cybersecurity challenges related to aging equipment can be mitigated by conducting regular risk assessments
- Regular patch management is essential to ensure that ageing equipment receives necessary updates
- Open Forum programme announced
- The countdown to Advanced Engineering 2018
- UK’s largest annual gathering of OEMs & engineering supply chain professionals
- The UK's largest advanced engineering show
- Advanced Engineering gains momentum
- An event not to be missed
- Interact with the latest industry innovations
- UK’s advanced engineering SMEs and multinationals to debate Brexit
- Advanced Engineering 2016 adds IMechE to line-up
- A celebration of innovation
- Protect your ICS from cyber-attacks
- Secure data handling
- Cyber security wake-up call
- Serial-to-Ethernet server
- How secure is your ERP system?
- Malware targets industrial safety systems
- Protects controllers from manipulation
- Cyber inventory solution
- Network rental scheme
- Security flaws found in power grid systems