Wait a Minute – How Many People Are Still Using XP?

I’m going to admit it. I’m probably the only one ever to do it, but here goes.

I’ve always been a little freaked out by the XP-end-of-support page on Microsoft’s website.

First, there’s the dramatic headline – Windows XP support has ended – looming over the rest of the page’s copy in large black 44 pixel font. The sentence itself is lost amid an expansive, desolate pale-blue background.

It’s…unsettling.  Support is over, done, complete.  There’s no support.

And it doesn’t get better.

Just below the major header is a sentence you can’t possibly ever say to yourself without getting the smallest tinge of sadness:

Why is this happening?

I hope I’m not going too far when I say that the above phrase doesn’t necessarily lend itself to copy used for “software usage.”

It just sounds better suited for, well, moments on considerable frustration. Perhaps in what could be referred to as a “trying time.”

Try this for an exercise: Google “Why is this happening?”. There’s a lot there and not a lot of it is…nice.

[su_list icon=”icon: chevron-circle-right” icon_color=”#990000″]Related Reading


All dramatic embellishment aside, the page effectively states what has been known since XP’s creator made it official in April 2014 – Microsoft no longer supports the 13-year-old operating system.

No more security patches and updates. What Microsoft had been warning for quite some time had come true.

In no uncertain terms, Microsoft gives users two options:

  1. Keep using Windows XP – unprotected
  2. Upgrade

So if you don’t upgrade, at the very least, there’s the security risk — one that some say is being exploited now.  Toby Wolpe, a writer for ZDNet, says in an article that Windows XP is at the center of recent cyber security attacks, “predominantly targeting US banks.”

The only thing more unsettling than the risk is the amount of people that haven’t heeded Microsoft’s warning. Sure, some have, but certainly not all.

About 24% of the World’s PCs are Still Running Windows XP

According to NetMarketShare, 23.87% of all PCs are still running Windows XP.

In other words, nearly a quarter of the computers in the world are still running an operating system that Microsoft slapped end-of-lifed over six months ago.

That’s not all. The reason we know that 23.87% of computers are still running XP is because they are connected to the internet.

digital-map-1442178-mWhat about the computers we don’t know about? What about the PCs sitting behind government firewalls?  An estimated 10% of the several million of government PCs were still running XP by the cut-off date.

There’s a bigger population of systems to factor into the equation as well – non-PCs and embedded systems, which number in the billions.

So what exactly constitutes as a non-PC that runs Windows XP?

Well, it’s something you use every day and as it turns out, like, say, an automated teller machine.  And it’s probably running an outdated version of XP.

95% of All ATMs in the US Still Run XP

The next time you walk up to an automated tell machine think about this: You’re probably giving your bank card and PIN number to a machine that is running an operating system deemed “unprotected” by its very distributor.

According to the latest research, nearly all (that’s 95%) ATMs run XP.

broken-cash-point-16312-mThis is no secret.

Hackers have recently started injecting malware into ATMs to drain the machine’s cash – all without a card or a PIN number.

On Oct. 7, 2014, Kaspersky Labs’ Global Research & Analysis Team released news of a cyber-criminal attack involving malware “that allowed attackers to empty the ATM cash cassettes via direct manipulation.”

There have so far been four reports of hacked ATMs in the US. According to Kaspersky Labs, “the malware affects ATMs from a major ATM manufacturer running Microsoft Windows 32-bit.”

75% of Water Utilities Still Use XP

The simple idea that three-fourths of the nation’s water and wastewater utilities are running an unsupported, over-10-year-old operating system, speaks for itself.

So, let’s not belabor the point. Instead, let’s ask, what’s going on here? What’s keeping water facilities from making the switch?

utility-covers-1394418-mLast May, Matt Wells, general manager of automation software at GE Intelligent Platforms, told Forbes.com that said many utilities have a “if it’s ain’t broke, don’t fix it” approach to networks.

The machines that run huge utility plants are expensive and have lifespans of 30 years or more, Wells said. New applications can be added without touching the underlying operating system.

Additionally, plant managers worry about taking a system offline for upgrades. The switchover, Wells said, could drive up costs.

But then there’s the security issue. Specifically, the matter that parts of the critical infrastructure are using a system that, left unprotected, is five times more vulnerable to security risks and viruses.

This comes in a time when security firm Kaspersky Lab calls targeted attacks on computer industrial control systems (ICS) the biggest threat to critical national infrastructure.

There’s still a significant amount of businesses, plants, and utilities, running XP. Are you running XP? Have a plan for moving on? Not sure what to do next?

Get in touch with us and let us know if we can help.

The Internet of Things and All That Jazz

Hyperbole about the ‘Internet of Things’ — or IoT —  is omnipresent.

Claims of transformative powers are greatly overstated and hypotheticals about how these data will be used equally far-fetched.

There are some serious implications and real opportunities and the IoT trend has serious bottom-line impacts for businesses.

Still, the IoT trend  can have some serious implications, real opportunities, and honest bottom-line impacts on businesses.

To capture the potential value in IoT, industrial firms are carefully weighing the infrastructure requirements to justifying these investments.

Large numbers of early adopters are leveraging energy efficiency investments within warehouses to implement IoT strategies.

Other IoT applications maintain the quality and consistency of manufacturing processes by using networked sensors, cameras, lasers, and continual data processing; identifying the current condition of a machine part.

[su_pullquote align=”right”]Although it may seem a bit of science fiction, some imminent applications of IoT are already permeating the landscape. [/su_pullquote]

Smart parking via IoT is monitoring parking spaces available and the building’s structural health is evaluated by monitoring vibrations and material conditions in buildings, bridges, and historical monuments.

IoT is creating intelligent highways with warning messages and diversions based on climate conditions as well as accidents or traffic congestion.

On Gartner’s Radar

Patrick Thibodeau, recently reported in Computerworld that Gartner’s annual list of strategic technologies in 2015 includes IoT.

Gartner analyst David Cearley at the firm’s annual Symposium/ITxpo, focused on merging the real world with the virtual one, what that means for analytics and the type of IT that has to emerge to deal with it.

Cearley’s advice to IT managers is to experiment, get ideas going and empower individuals in IT organizations to develop uses for connected devices and sensors.

Cearley believes IoT has enormous potential to deliver value to businesses, and said even small sensors that can detect problems in equipment before failure occurs, can save a business thousands of dollars.

Similarly, Ben Rossi at Information Age stressed the important role that IT service management will play in the future of the Internet of Things, especially since a recent foundational technology for IoT is a good proxy to illustrate the enormity of the most significant market disruption since the dawn of the Internet – IPv6.

With IPv6, everything can have a unique number or IP address, making it easier and quicker for devices and data to find their way around the Internet.

[su_pullquote align=”right”]In comparison to IPv4’s 4.3 billion IP addresses, IPv6 can assign about 340 trillion addresses and corresponding devices. [/su_pullquote]

Gil Press, a Forbes contributor, shared that Gartner released its latest Hype Cycle for Emerging Technologies.

Last year, Big Data reigned supreme, at what Gartner calls the “peak of inflated expectations.” Press said, “Big Data has moved down the ‘trough of disillusionment,’ replaced by the Internet of Things at the top of the hype cycle.

In 2012 and 2013, Gartner’s analysts thought that the Internet of Things had more than 10 years to reach the ‘plateau of productivity’ but this year they give it five to ten years to reach this final stage of maturity.”

All this velocity of data is driving big names in business to monetize the opportunity.

GE & The Predix Platform

General Electric just announced alliances with enterprise technology leaders using its Predix platform, designed to add intelligence to various Internet of things end points.

GE will deliver more than $1 billion in incremental revenue from a menu of more than forty industrial Internet services. GE currently monitors and analyzes 50 million data points from 10 million sensors on $1 trillion of managed assets daily.

From Oracle to Cisco to Intel to thousands of Industrial Software companies, everyone is working to capture a piece of the IoT pie.

Gartner reported that IoT-connected physical objects will grow to 26 billion units by 2020 (excluding smartphones, tablets, and laptops), and IoT products and service suppliers will generate incremental revenue of more than $300 billion in 2020.

With all the recent breeches in security — Target and Home Depot well-known credit card data appropriation — there is more caution needed in the technology infrastructure through which all these data are floating in the cloud.

Just because we can put sensors on a machine does not mean those data are useful, meaningful, or efficacious.

Undoubtedly the real value of IoT is several years away and must prove more helpful than parking space vacancies.

What does this mean to you? Are you trying to take advantage of what the Internet of Things has to offer? Let us know!

In the mean time, contact us to learn how we fix complex data problems in all industries.

[su_button url=”http://www.graymattersystems.com/CTA/blog/” target=”blank” background=”#990000″]Contact Us[/su_button]

3 Ways to Protect Your Industrial Control System against Cyber Security Attacks

Just in case you missed it, here’s the most powerful thing you’ve heard all week:

There are two kinds of big companies in the United States. There are those who’ve been hacked by the Chinese, and those who don’t know they’ve been hacked by the Chinese.

That’s a quote from FBI Director James Comey’s interview on 60 Minutes on October 5, 2014. It was Comey’s first major interview and if you missed it, you can check it out here.

Talk about a powerful statement.

In case you were unaware, that’s the FBI’s top boss making a pretty unsettling blanket statement on a Sunday night news magazine about every big business in the country getting hacked.

I may be taking some liberties with my paraphrasing but you get the point.

Comey’s comments came just days after JP Morgan revealed hackers got access to customer information including names, addresses, and emails belonging to 70 million of its clients.

Then there’s the breach at Community Health Systems, which runs 206 hospitals in 29 states. In that attack, hackers gained access to personal data like Social Security number, birthdays, and addresses of 4.5 million patients.

Then there’s the Home Depot breach. And the Target cyber attack. The list goes on.

And it’s not just a question for businesses either.

In case you missed it, President Obama addressed the threat to the nation’s industrial infrastructure when he signed an Executive Order – Improving Critical Infrastructure Cybersecurity on February 12, 2013.

The order states “repeated cyber intrusions into critical infrastructure demonstrate the need for improved cybersecurity”.  To the US Government, cyber threats to critical infrastructure represent “one of the most serious national security challenges we must confront.”

This year, the U.S. Department of Homeland Security responded to a cyber-security incident at a water / wastewater treatment facility.

This instance involved improper access to the control system by a maintenance employee, which resulted in overflow of the system’s wastewater treatment process.

With news of cyber security attacks becoming uncomfortably common and ICS security incidents become more prevalent, it’s worth asking:

What is your cyber security strategy? Is your current plan adequate or out-of-date?

There are plenty of ways to make sure your cyber security strategy is sufficient – contacting an expert is one, or pouring through the pages of Google results is another.

Here’s just a few suggestions for making sure your cyber security strategy is keeping you safe.

Arm Yourself Against Cyber Security Attacks with Education

educationOne of the first – and best – primers for educating yourself about cyber security is 21 Steps to Improve Cyber Security of SCADA Networks, published by the U.S. Department of Energy.

Admittedly, the document was written in 2002 so it’s obviously pretty old.

Still, there are some of the tips that translate into today’s world, especially when pointing out best practices for organizations looking to design a cyber-security strategy.


  • Evaluate and strengthen the security of any remaining connections to the SCADA network.
  • Do not rely on proprietary protocols to protect your system.
  • Establish strong controls over any medium that is used as a backdoor into the SCADA network.
  • Implement internal and external intrusion detection systems and establish 24-hour-a-day incident monitoring.

Each point has supporting info that  goes beyond the bullet point. It’s a worthwhile read.

Another great resource is the resources section for the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT.

ICS-CERT’s Recommended Practices section is an exhaustive source of both light and heavy reading on cyber-security best practices. Downloadable documents include:

  • Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies
  • Creating Cyber Forensics Plans for Control Systems
  • Patch Management for Control Systems
  • Mitigations for Vulnerabilities in Control Systems Networks

Arm Yourself Against Cyber Security Attacks with Training

trainingWhen it comes to cyber security, the Department of Homeland Security says an effective security program is only as good as the people who maintain and execute it. Here’s a few tips for training staff:

Clearly define cyber security roles, responsibilities, and authorities for managers, system administrators, and users.

Organization personnel need to understand the specific expectations associated with protecting information technology resources through the definition of clear and logical roles and responsibilities. Leaving cyber security up to just one person is no good because it leads to inconsistent implementations and ineffective security.

Document network architecture and identify systems that serve critical functions or contain sensitive information that require additional levels of protection.

Develop and document a robust information security architecture as part of a process to establish an effective protection strategy.

Establish a rigorous, ongoing risk management process.

A thorough understanding of the risks to network computing resources from denial-of-service attacks and the vulnerability of sensitive information to compromise is essential to an effective cyber security program.

Establish effective configuration management processes.

A fundamental principle that must be part of any network protection strategy is defense-in-depth.

The ICS-CERT and other organizations have a regular rotation of training classes – both live and web-based – for all levels of learning.

Arm Yourself Against Cyber Security Attacks by Staying Connected

connectingThere are a numerous specialized Information Sharing and Analysis Centers (ISACs) for various industries including:

For instance, the Water Information Sharing and Analysis Center (WaterISAC) is a network of water professionals specifically concerned with security threats.

The WaterISAC maintains a network for water professionals so they can find colleagues, compare practices, and talk about risks facing water and wastewater utilities.

WaterISAC also offers:

  • Vulnerability Assessment Tools
  • Contaminant Databases
  • Security & Emergency Preparedness Materials

The ICS-CERT and all ISACs offer alerts so professionals can stay up-to-date on current security issues, vulnerabilities, and exploits. Staying connected can help teams stay informed on the changing cyber-security landscape.

What else can you do to improve your cyber security strategy? What works, and what doesn’t?

Let us know what you think.

[su_button url=”http://www.graymattersystems.com/CTA/blog/” target=”blank” background=”#990000″]Contact Us[/su_button]

How Cincinnati MSD is Pushing the Envelope with Technology

Here’s the first thing you should know about the Metropolitan Sewer District of Greater Cincinnati: The people working there are serious about technology.

They have a long history of using cutting edge software to protect public health and the environment, and provide sustainable water reclamation and watershed management. (That’s part of their mission, by the way).

Now the Metropolitan Sewer District of Greater Cincinnati, more commonly known as Cincinnati MSD, is taking it a step further. The only difference is this work isn’t just about improving things for the people of Cincinnati – it’s also about creating a solution that can be replicated to solve problems across the country.

In a September 9 press release, Cincinnati MSD announced its intentions to use new technology to address the city’s wet-weather challenges.  With the help of Gray Matter Systems, Cincinnati MSD will use technology from GE Intelligent Platforms to optimize its wet-weather facilities, equipment and operations, and reduce overflows.

Cincinnati will be able to capture data on excess water produced during periods of heavy rainfall or snowmelt, which can exceed the capacity of the sewer system or treatment plant and result in the discharge of pollutants into nearby streams, rivers or other bodies of water.

Cincinnati prides itself on being at the forefront of using technology to make things better for the community, said Tony Parrott, Director of Water and Sewers.

Embracing new technology to solve problems — like those that arise from Combined Sewer Overflows (CSO) — is the norm for Cincinnati.

[su_box title=”Go In-Depth”]Interested in learning more about Combined Sewer Overflows? Click here.[/su_box]

The exciting part, the thing Parrott calls “powerful,” is how the solutions can be replicated across the country.

“Not only does this enable us to meet our own needs, there’s something to be said about developing new capabilities and solutions to improve water quality that can be leveraged by other CSO communities across the country,” Parrott said. “That’s powerful stuff — we’re not only solving problems here with technology, but nationally as well as others implement similar platforms.”

Powerful Stuff for the People of Cincinnati

First, look at using technology versus doing things the old way.

The traditional way (one of them, anyway) of reducing overflows with wet weather operations is to add infrastructure — literally shoveling dirt, pouring concrete, building bigger pipes, adding storage tanks, etc.

“That’s a significant cost,” Parrott said in the press release. “Wet-weather operational optimization will complement our capital program, allowing us to accelerate water quality improvements and reduce costs with technology.”

If Cincinnati optimizes wet-weather operations using technology, it doesn’t have as many new assets to own and maintain in the future.

“If we’re able to successfully do this — reduce overflows at costs lower than just relying on capital project — then imagine the cost savings for the community and ultimately across the entire wastewater industry,” Parrott said in the press release.

Powerful Tools for Compliance

In addition creating water quality standards, The Clean Water Act of 1972 found the United States Environmental Protection Agency (EPA) outlining the basic structure for regulating discharges of pollutants into the waters across the country.

Among other things, The Clean Water Act made cities responsible for reducing — or in some cases completely stopping — the release of untreated wastewater into the environment through combined sewer overflows and sanitary sewer overflows.

These releases are in no way an everyday occurrence. The EPA says that, most of the time, combined sewer systems transport wastewater to the sewage treatment plant, where it’s treated and released.

The small percentage of the time in which it becomes a problem is during significant rain events or heavy snowmelt and the system is overwhelmed.

Cincinnati MSD will use GE Industrial Automation Solutions to capture data on excess water produced during periods of heavy rainfall or snowmelt. The City will use advanced analytics to find the best ways for manage flows through the system, resulting in the reduction of discharge of pollutants into nearby streams, rivers or other bodies of water.

Powerful Solutions for the Country

The true power of the work Cincinatti MSD is doing is that it’s repeatable, a fact that Parrott tacks onto every sentence in the press release.

The work Cincinnati is doing — addressing an issue with technology in a way that uses existing infrastructure — could do a lot of good for the EPA-estimated 772 CSO communities across the nation.

Cincinnati’s enthusiasm for embracing technology is an indicator of what’s happening in the community as a whole.

There’s always been a passion in the nation’s public sector to improve the lives of the people in the community. At the end of the day, the people that treat wastewater and make drinking water safe have the most important goal in mind: the health and safety of the public.

The only difference is technology now exists that enables people in water/wastewater to make this happen in ways previously thought impossible.

Are you are pushing the envelope with technology? What does this mean to you?

[su_button url=”http://www.graymattersystems.com/CTA/water-waste-water/” target=”blank” background=”#990000″]Contact Us[/su_button]

Contact GrayMatter

Get in touch with us!