Under fire Japanese utilities giant Tokyo Electric Power Company (Tepco) has been criticized by an independent auditor for delaying a major Windows XP migration program in order to save money.
The firm, which runs the ailing Fukushima nuclear power plant, was hoping to save around ¥3.6 billion ($30 million) by continuing to run 48,000 computers on the unsupported Microsoft operating systems until 2018.
However, Japan’s Board of Audit – usually tasked with holding wasteful government departments to account – warned Tepco it had to move forward those plans and upgrade as soon as possible.
“Upgrading the operating system must be done as swiftly as possible, and the firm must not push it back, given the security risks,” it said, according to AFP.
The delay in upgrading is understandable considering the huge outlay Tepco is facing in its clean-up of the Dai Ichi plant, after its meltdown following the earthquake and tsunami of 2011.
Tepco received a multi-trillion yen government bailout via the Nuclear Damage Liability Facilitation Fund, with some experts claiming the sum could even end up reaching 11 trillion yen ($137 billion).
The utility’s interpretation of events differs somewhat from reports, with a spokesperson telling AFP that it made a decision to move forward the XP upgrade deadline “on its own initiative.”
Windows XP has been unsupported for almost exactly a year.
Experts say that those still running the operating system will be a much more attractive target for cybercriminals now that system patches are no longer available.
To soften the migration blow slightly, Microsoft has said it would extend updates to its anti-malware signatures and engine for Windows XP products until July 2015, including the consumer-focused Security Essentials.
David Flower, EMEA managing director of Bit9 + Carbon Black, argued that migration off XP should be the goal, in order to reduce an organization’s risk exposure and especially the threat from zero day attacks.
“However, there are still compensating controls that those still using XP should have put in place to help keep themselves secure,” he told Infosecurity.
“Having always-on, continuous monitoring and recording of the endpoint environment is an essential capability. This not only allows organisations to detect breaches faster, but the replay will allow them to track the ‘kill chain’ left by successful attackers, to better understand the level of risk exposure and defend against future threats.”