The State of South Dakota continues to move away from
Windows XP to Windows 7.
When and why is this happening?
- As of April 8, 2014, Microsoft will no longer provide support for Windows XP.
When support ends, Microsoft will no longer provide security
and other updates for computers running Windows XP. Without these updates, any
computer (at work or at home) running Windows XP, will be vulnerable to
cyber-attacks, even with firewalls and antivirus in place.
What does this mean for the end user?
- Microsoft will not provide updates and fixes for security issues in Windows XP, but hackers will still continue to research and exploit any holes they can find, leaving your computer and all of its data vulnerable.
Hacking, data harvesting, and cyber exploitation have become
big businesses, with personal data, social security numbers, credit card
numbers and more having prices fluctuating alongside the price of gasoline.
While an individual computer may not store any of this valuable information, it
does have access to our internal network and systems that do contain a plethora
of treasured digital data. A breach on a single machine becomes a stepping
stone in a cyber-criminal's journey towards their ultimate goal of harvesting
private data from our state network.
Do you recall the recent Target breach?
The events surrounding the credit card breach at Target
during the 2013 holiday season perfectly displays the "snowball
effect" possible in a single machine breach. By breaching a single
computer, hackers gained access to the entire backend infrastructure of the
Target register and purchasing system. Millions of credit card numbers, account
numbers, and related information were compromised, costing untold billions of
dollars in tangible and unknown future costs to citizens today and tomorrow.
- This single compromised machine was running Windows XP, and did not have the security updates applied to it necessary to be connected to the Internet.
The citizens of South Dakota entrust us daily with mounds of
sensitive information necessary to conduct state business: names, addresses,
dates of birth, social security numbers, financials, account numbers and more.
We have a responsibility to take whatever actions are necessary to safeguard
their data, and ultimately their livelihoods.
What is BIT going to do?
- As of February 14, 2014, BIT began removing all Internet access via network policies to all Windows XP machines.
Any known Windows XP computer will no longer have Internet
access after this date, but we need your agency's help. We can't possibly know
about the old Windows XP laptop sitting in a case under your desk that is used
once a year for travel, or if you have a Windows XP desktop powered off that
you need for an older, un-updated piece of software. Please survey your offices
and ensure that no computer continues to run Windows XP.
- If you do find computers still running Windows XP, or are unsure if they are, DO NOT plug them into the network. Ask the BIT Help Desk for assistance.
- Computers running Windows XP need to be either updated to Windows 7 or replaced.
Any computer running Windows XP that has, could, or will
connect to the state network puts the state at risk of being compromised. The
usernames and passwords stored therein can be discovered, compromised, and
abused once that computer reconnects to any Internet or network connection.
These compromises can take minutes and even second and would allow the
bypassing of all our cyber defenses.
BIT staff will help evaluate existing Windows XP computers,
determine if the software running on the computer can run on Windows 7, and
provide options to go forward, including the costs of the necessary licensing
to upgrade to Windows 7.
What impact does this change have on my home computer?
- If you, your family, or friends are still running Windows XP at home and access the Internet on that computer, you need to start looking at upgrading fast.
Private information such as your online banking account details,
credit card information, any/all of your personal passwords, and literally
every keystroke you type can end up in the wrong hands within minutes. The
trickle-down effect from compromised financials, exposed health records, and
damage to your reputation would take years to repair.
While a situation like this has never occurred before, the
seriousness of the situation cannot be overstated.
For more information, please visit:
http://bit.sd.gov/security/xpeol.aspx.