WEBVTT

1
00:00:00.000 --> 00:00:01.320
In this lesson,

2
00:00:01.320 --> 00:00:02.550
we will learn about

3
00:00:02.550 --> 00:00:06.930
Characteristics of Specialized and Legacy Systems.

4
00:00:06.930 --> 00:00:10.590
The characteristics of specialized and legacy systems

5
00:00:10.590 --> 00:00:13.530
include being obsolete, unsupported,

6
00:00:13.530 --> 00:00:16.920
unable to secure, or highly constrained.

7
00:00:16.920 --> 00:00:19.500
These attributes make them challenging

8
00:00:19.500 --> 00:00:22.350
to protect against modern threats.

9
00:00:22.350 --> 00:00:24.780
Obsolete systems are outdated

10
00:00:24.780 --> 00:00:27.660
and may lack the latest security features,

11
00:00:27.660 --> 00:00:29.760
making them vulnerable to attacks

12
00:00:29.760 --> 00:00:32.190
that exploit known weaknesses.

13
00:00:32.190 --> 00:00:35.220
Unsupported systems no longer receive

14
00:00:35.220 --> 00:00:37.380
security updates or patches

15
00:00:37.380 --> 00:00:39.780
increasing the risk of exploitation

16
00:00:39.780 --> 00:00:43.980
by attackers who target these unpatched vulnerabilities.

17
00:00:43.980 --> 00:00:47.520
Next, systems that are unable to be secured

18
00:00:47.520 --> 00:00:51.660
are those that due to design limitations or age

19
00:00:51.660 --> 00:00:53.670
cannot be adequately protected

20
00:00:53.670 --> 00:00:55.920
with current security measures.

21
00:00:55.920 --> 00:00:58.530
Finally, highly constrained systems

22
00:00:58.530 --> 00:01:02.640
have limited processing power, memory, or connectivity,

23
00:01:02.640 --> 00:01:04.800
restricting their implementation

24
00:01:04.800 --> 00:01:07.530
of standard security protocols.

25
00:01:07.530 --> 00:01:09.720
Let's learn more about obsolete,

26
00:01:09.720 --> 00:01:12.060
unsupported, unable to secure,

27
00:01:12.060 --> 00:01:16.410
and highly constrained specialized and legacy systems.

28
00:01:16.410 --> 00:01:21.210
First, we have obsolete specialized and legacy systems.

29
00:01:21.210 --> 00:01:25.530
Obsolete systems are those that are no longer up to date

30
00:01:25.530 --> 00:01:27.990
with modern technology standards.

31
00:01:27.990 --> 00:01:30.480
These systems, while functional,

32
00:01:30.480 --> 00:01:32.610
were designed using technologies

33
00:01:32.610 --> 00:01:36.600
that have since been replaced or significantly improved.

34
00:01:36.600 --> 00:01:39.570
For instance, an organization may still use

35
00:01:39.570 --> 00:01:42.570
a computer system from the early 2000s

36
00:01:42.570 --> 00:01:44.460
for inventory management.

37
00:01:44.460 --> 00:01:46.200
Even though the system works,

38
00:01:46.200 --> 00:01:49.440
it lacks the capabilities of modern software

39
00:01:49.440 --> 00:01:53.970
such as cloud connectivity or real-time data analytics.

40
00:01:53.970 --> 00:01:57.570
The main issue with these types of obsolete systems

41
00:01:57.570 --> 00:02:00.540
is that their architecture is not compatible

42
00:02:00.540 --> 00:02:03.210
with current technological advancements,

43
00:02:03.210 --> 00:02:07.380
making it hard to integrate them into modern workflows.

44
00:02:07.380 --> 00:02:10.710
Another characteristic of obsolete systems

45
00:02:10.710 --> 00:02:12.690
is that they are typically slower

46
00:02:12.690 --> 00:02:16.080
and less efficient than their modern counterparts.

47
00:02:16.080 --> 00:02:19.290
They may require more manual intervention

48
00:02:19.290 --> 00:02:21.210
or have a higher failure rate

49
00:02:21.210 --> 00:02:24.330
leading to operational inefficiencies.

50
00:02:24.330 --> 00:02:26.850
An example would be a hospital

51
00:02:26.850 --> 00:02:30.030
still using an outdated patient record system

52
00:02:30.030 --> 00:02:33.900
that cannot communicate with newer medical devices

53
00:02:33.900 --> 00:02:36.180
or other hospital systems.

54
00:02:36.180 --> 00:02:39.240
The outdated software requires staff

55
00:02:39.240 --> 00:02:41.790
to manually transfer patient data,

56
00:02:41.790 --> 00:02:44.460
increasing the chances of errors

57
00:02:44.460 --> 00:02:47.820
and slowing down life-saving processes.

58
00:02:47.820 --> 00:02:52.200
So obsolete systems can create bottlenecks in operations

59
00:02:52.200 --> 00:02:55.440
and increase the time it takes to complete tasks

60
00:02:55.440 --> 00:02:57.840
impacting business performance.

61
00:02:57.840 --> 00:03:01.560
Finally, obsolete systems are often not designed

62
00:03:01.560 --> 00:03:04.560
with modern cybersecurity threats in mind.

63
00:03:04.560 --> 00:03:05.760
How could they be?

64
00:03:05.760 --> 00:03:07.770
When these systems were created,

65
00:03:07.770 --> 00:03:12.390
the current landscape of cyber threats simply did not exist.

66
00:03:12.390 --> 00:03:15.390
Meaning obsolete systems lack protections

67
00:03:15.390 --> 00:03:19.380
against the sophisticated attacks that are common today.

68
00:03:19.380 --> 00:03:22.830
For example, an outdated point of sale system

69
00:03:22.830 --> 00:03:24.510
in a retail environment

70
00:03:24.510 --> 00:03:27.720
may still function for processing transactions,

71
00:03:27.720 --> 00:03:31.320
but it is more likely to be vulnerable to data breaches

72
00:03:31.320 --> 00:03:33.870
because it doesn't have the encryption standards

73
00:03:33.870 --> 00:03:36.750
or other security updates necessary

74
00:03:36.750 --> 00:03:39.810
to protect sensitive customer information.

75
00:03:39.810 --> 00:03:42.180
This poses a significant risk

76
00:03:42.180 --> 00:03:46.230
to organizations still using obsolete systems.

77
00:03:46.230 --> 00:03:51.090
Second, we have unsupported specialized and legacy systems.

78
00:03:51.090 --> 00:03:54.480
Unsupported systems referred to technologies

79
00:03:54.480 --> 00:03:56.760
that no longer receive updates,

80
00:03:56.760 --> 00:03:58.980
patches, or technical support

81
00:03:58.980 --> 00:04:02.190
from the original vendor or manufacturer.

82
00:04:02.190 --> 00:04:05.940
Over time, vendors stop supporting older versions

83
00:04:05.940 --> 00:04:07.050
of their products

84
00:04:07.050 --> 00:04:10.530
because it is not cost effective to maintain them.

85
00:04:10.530 --> 00:04:14.280
For businesses still relying on these older systems,

86
00:04:14.280 --> 00:04:18.660
this can be a major issue as any security vulnerabilities

87
00:04:18.660 --> 00:04:21.840
discovered after the vendor's support has ended

88
00:04:21.840 --> 00:04:24.150
will remain unaddressed.

89
00:04:24.150 --> 00:04:28.050
For example, a manufacturing company might still use

90
00:04:28.050 --> 00:04:32.370
a custom built software platform to manage its supply chain,

91
00:04:32.370 --> 00:04:35.640
but the vendor has discontinued support.

92
00:04:35.640 --> 00:04:39.600
Any new threats or bugs in the system will not be fixed,

93
00:04:39.600 --> 00:04:42.630
leaving the company vulnerable to attack.

94
00:04:42.630 --> 00:04:45.060
In addition to security concerns,

95
00:04:45.060 --> 00:04:49.170
unsupported systems can lead to operational challenges.

96
00:04:49.170 --> 00:04:50.700
Without vendor support,

97
00:04:50.700 --> 00:04:54.330
organizations have to rely on in-house teams

98
00:04:54.330 --> 00:04:57.870
or third party experts to troubleshoot problems.

99
00:04:57.870 --> 00:05:01.080
This can be costly and time consuming,

100
00:05:01.080 --> 00:05:05.550
especially if the system is proprietary or complex.

101
00:05:05.550 --> 00:05:10.020
For example, a bank using an unsupported financial system

102
00:05:10.020 --> 00:05:12.840
may face difficulties when something breaks.

103
00:05:12.840 --> 00:05:17.010
As finding experts who understand outdated technology

104
00:05:17.010 --> 00:05:19.470
becomes more and more difficult.

105
00:05:19.470 --> 00:05:21.300
The company may also find

106
00:05:21.300 --> 00:05:23.940
that spare parts for a hardware components

107
00:05:23.940 --> 00:05:25.680
are no longer available,

108
00:05:25.680 --> 00:05:29.220
making it even harder to keep the system running.

109
00:05:29.220 --> 00:05:33.720
Finally, unsupported systems present compliance risks.

110
00:05:33.720 --> 00:05:37.080
Many industries are subject to regulations

111
00:05:37.080 --> 00:05:40.800
that require systems to be up to date and secure.

112
00:05:40.800 --> 00:05:45.060
If an organization continues to use an unsupported system,

113
00:05:45.060 --> 00:05:48.030
it may fail to meet compliance standards

114
00:05:48.030 --> 00:05:51.030
leading to legal or financial penalties.

115
00:05:51.030 --> 00:05:53.610
For instance, a healthcare provider

116
00:05:53.610 --> 00:05:57.360
using unsupported software to store patient data

117
00:05:57.360 --> 00:06:00.540
could face fines if it does not comply

118
00:06:00.540 --> 00:06:02.730
with the Health Insurance Portability

119
00:06:02.730 --> 00:06:05.220
and Accountability Act or HIPAA.

120
00:06:05.220 --> 00:06:08.970
Third, we have specialized and legacy systems

121
00:06:08.970 --> 00:06:11.520
that are unable to be secured.

122
00:06:11.520 --> 00:06:14.040
Systems that are unable to be secured

123
00:06:14.040 --> 00:06:17.190
are those that due to their design or age

124
00:06:17.190 --> 00:06:19.110
cannot be adequately protected

125
00:06:19.110 --> 00:06:21.300
with modern security measures.

126
00:06:21.300 --> 00:06:26.100
These systems often predate modern cybersecurity practices,

127
00:06:26.100 --> 00:06:29.820
meaning they were not built with features like encryption,

128
00:06:29.820 --> 00:06:31.860
multifactor authentication,

129
00:06:31.860 --> 00:06:35.070
or secure access controls in mind.

130
00:06:35.070 --> 00:06:39.240
An example of this would be an old supervisory control

131
00:06:39.240 --> 00:06:42.780
and data acquisition system in an energy plant.

132
00:06:42.780 --> 00:06:45.870
This SCADA or supervisory control

133
00:06:45.870 --> 00:06:47.640
and data acquisition system

134
00:06:47.640 --> 00:06:50.910
was designed to manage physical processes

135
00:06:50.910 --> 00:06:52.950
like electricity distribution,

136
00:06:52.950 --> 00:06:56.310
it was not intended to be connected to the internet

137
00:06:56.310 --> 00:06:58.710
or withstand cyber attack.

138
00:06:58.710 --> 00:07:01.230
As a result, securing these systems

139
00:07:01.230 --> 00:07:04.530
with modern defenses is extremely difficult,

140
00:07:04.530 --> 00:07:07.860
if not impossible in some cases.

141
00:07:07.860 --> 00:07:09.900
Another key issue with systems

142
00:07:09.900 --> 00:07:11.850
that are unable to be secured

143
00:07:11.850 --> 00:07:16.080
is that they may rely on outdated communication protocols

144
00:07:16.080 --> 00:07:20.790
or operating systems that no longer support secure features.

145
00:07:20.790 --> 00:07:24.180
For instance, a factory using an old machine

146
00:07:24.180 --> 00:07:26.580
with a proprietary control system,

147
00:07:26.580 --> 00:07:29.790
might find that it cannot implement firewalls

148
00:07:29.790 --> 00:07:34.410
or secure network connections without disrupting operations.

149
00:07:34.410 --> 00:07:37.680
This leaves the system vulnerable to cyber attack

150
00:07:37.680 --> 00:07:40.020
as there is no straightforward way

151
00:07:40.020 --> 00:07:43.260
to introduce modern security defenses.

152
00:07:43.260 --> 00:07:46.650
These systems are often integral to operations,

153
00:07:46.650 --> 00:07:48.780
meaning that replacing or upgrading them

154
00:07:48.780 --> 00:07:52.710
comes with high costs and operational downtime.

155
00:07:52.710 --> 00:07:55.830
Finally, systems that are unable to be secured

156
00:07:55.830 --> 00:07:57.600
create a unique risk

157
00:07:57.600 --> 00:08:01.050
because they often operate in critical industries

158
00:08:01.050 --> 00:08:04.590
such as healthcare, manufacturing, or utilities.

159
00:08:04.590 --> 00:08:07.440
For example, a hospital might still use

160
00:08:07.440 --> 00:08:10.860
a legacy medical device that cannot be updated

161
00:08:10.860 --> 00:08:13.470
to meet today's security standards.

162
00:08:13.470 --> 00:08:16.650
While the device is essential for patient care,

163
00:08:16.650 --> 00:08:20.550
it is also an easy target for cyber criminals.

164
00:08:20.550 --> 00:08:23.340
The inability to secure these systems

165
00:08:23.340 --> 00:08:26.040
puts not only the organization at risk,

166
00:08:26.040 --> 00:08:29.580
but also the safety and privacy of individuals

167
00:08:29.580 --> 00:08:32.910
relying on these critical infrastructures.

168
00:08:32.910 --> 00:08:35.520
This challenge forces organizations

169
00:08:35.520 --> 00:08:37.950
to adopt compensating controls,

170
00:08:37.950 --> 00:08:41.430
such as isolating the system from external networks

171
00:08:41.430 --> 00:08:45.600
which may only provide a temporary or partial solution.

172
00:08:45.600 --> 00:08:49.080
Fourth and last, we have highly constrained

173
00:08:49.080 --> 00:08:51.990
specialized and legacy systems.

174
00:08:51.990 --> 00:08:56.040
Highly constrained systems are those with severe limitations

175
00:08:56.040 --> 00:09:00.270
in terms of computing power, memory, or connectivity.

176
00:09:00.270 --> 00:09:02.640
These systems are typically designed

177
00:09:02.640 --> 00:09:07.050
to perform very specific tasks with minimal resources,

178
00:09:07.050 --> 00:09:10.110
which means they cannot handle the additional load

179
00:09:10.110 --> 00:09:14.190
of modern security solutions or feature upgrades.

180
00:09:14.190 --> 00:09:17.790
For instance, an embedded system in an older vehicle

181
00:09:17.790 --> 00:09:20.280
designed solely for engine control

182
00:09:20.280 --> 00:09:23.070
might lack the processing power or memory

183
00:09:23.070 --> 00:09:27.840
to support modern diagnostic tools or security features.

184
00:09:27.840 --> 00:09:31.530
These constraints make it difficult, if not impossible,

185
00:09:31.530 --> 00:09:33.840
to implement advanced protections

186
00:09:33.840 --> 00:09:37.020
like real-time monitoring or encryption.

187
00:09:37.020 --> 00:09:40.380
Another characteristic of highly constrained systems

188
00:09:40.380 --> 00:09:43.200
is that they often operate in environments

189
00:09:43.200 --> 00:09:45.390
where performance and reliability

190
00:09:45.390 --> 00:09:47.619
are more important than security.

191
00:09:47.619 --> 00:09:52.050
For example, an embedded system controlling a traffic light

192
00:09:52.050 --> 00:09:55.890
might prioritize speed and efficiency over security,

193
00:09:55.890 --> 00:09:59.580
as delays in processing could cause accidents.

194
00:09:59.580 --> 00:10:02.580
However, this trade-off means that the system

195
00:10:02.580 --> 00:10:04.950
may be highly vulnerable to tampering

196
00:10:04.950 --> 00:10:07.980
because these systems are constrained by design,

197
00:10:07.980 --> 00:10:10.560
there is little room to add new features

198
00:10:10.560 --> 00:10:12.360
or layers of security.

199
00:10:12.360 --> 00:10:14.370
Finally, the biggest challenge

200
00:10:14.370 --> 00:10:16.290
with highly constrained systems,

201
00:10:16.290 --> 00:10:19.980
is that they cannot be easily upgraded or replaced

202
00:10:19.980 --> 00:10:23.790
without significant cost or operational disruption.

203
00:10:23.790 --> 00:10:27.270
For instance, consider an old industrial robot

204
00:10:27.270 --> 00:10:29.100
used in manufacturing.

205
00:10:29.100 --> 00:10:30.960
The robot's control system

206
00:10:30.960 --> 00:10:33.900
is highly constrained in its capabilities,

207
00:10:33.900 --> 00:10:36.600
and upgrading it to meet modern standards

208
00:10:36.600 --> 00:10:39.600
would require replacing the entire machine,

209
00:10:39.600 --> 00:10:42.420
which is prohibitively expensive.

210
00:10:42.420 --> 00:10:46.770
This forces organizations to keep using constrained systems

211
00:10:46.770 --> 00:10:48.900
despite their vulnerabilities,

212
00:10:48.900 --> 00:10:52.590
often resorting to isolating them from the broader network

213
00:10:52.590 --> 00:10:54.750
to reduce the risk of exposure,

214
00:10:54.750 --> 00:10:58.260
which is at best only a partial solution.

215
00:10:58.260 --> 00:11:02.370
So remember, specialized and legacy systems

216
00:11:02.370 --> 00:11:04.650
come with significant challenges

217
00:11:04.650 --> 00:11:07.080
especially when they are obsolete,

218
00:11:07.080 --> 00:11:11.700
unsupported, unable to be secured or highly constrained.

219
00:11:11.700 --> 00:11:14.190
Obsolete systems are outdated

220
00:11:14.190 --> 00:11:18.000
and cannot keep up with modern technology standards,

221
00:11:18.000 --> 00:11:22.230
making them difficult to integrate into current workflows.

222
00:11:22.230 --> 00:11:26.670
Unsupported systems no longer receive updates or patches,

223
00:11:26.670 --> 00:11:29.400
which leaves them vulnerable to security risks

224
00:11:29.400 --> 00:11:31.920
and operational inefficiencies.

225
00:11:31.920 --> 00:11:35.250
Next, systems that are unable to be secured

226
00:11:35.250 --> 00:11:37.410
due to their design or age,

227
00:11:37.410 --> 00:11:39.480
cannot be effectively protected

228
00:11:39.480 --> 00:11:41.610
against modern security threats

229
00:11:41.610 --> 00:11:44.220
creating critical vulnerabilities.

230
00:11:44.220 --> 00:11:46.950
And finally, highly constrained systems

231
00:11:46.950 --> 00:11:49.860
face limitations in processing power,

232
00:11:49.860 --> 00:11:51.900
memory or connectivity,

233
00:11:51.900 --> 00:11:54.240
restricting their ability to implement

234
00:11:54.240 --> 00:11:56.580
advanced security features.

235
00:11:56.580 --> 00:12:00.360
Each of these characteristics introduces unique risks

236
00:12:00.360 --> 00:12:03.630
and operational difficulties for organizations

237
00:12:03.630 --> 00:12:06.483
that rely on these systems.