End-of-life for XP support not raising many red flags in critical infrastructure environments, where patching is the exception.
Microsoft may have officially retired its Windows XP operating system this week, but that doesn't mean power plants and other critical infrastructure networks are dropping the now-unpatchable OS.
While there is no official public data on the number of XP systems running in ICS/SCADA environments, experts in that area say it's well represented, as are even older versions of Windows. Running insecure OSs may seem counterintuitive in such sensitive environments as power, gas, and oil industry networks, but it's a matter of priority: Patching remains rare in these networks for practical reasons, experts say.
So, on top of not really performing red teaming exercises, national power, gas and oil plants also use outdate and uber-vulnerable Windows XP on their controllers.
Did I mention that it takes an average of 20 seconds to pawn a Windows XP machine?