Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday June 28 2017, @01:07PM   Printer-friendly
from the tried-and-tested dept.

Recently launched and not yet operational, the HMS Queen Elizabeth's computers are running Windows XP.

The ship's officers defend this, claiming that the ship is secure, but the phrasing of their comments suggests that they really don't have a clue:
"It's not the system itself, of course, that's vulnerable, it's the security that surrounds it.
So the security is vulnerable?

"I want to reassure you about Queen Elizabeth, the security around its computer system is properly protected and we don't have any vulnerability on that particular score."

Apparently, where you buy your computers makes Windows XP more secure:
"The ship is well designed and there has been a very, very stringent procurement train that has ensured we are less susceptible to cyber than most."

He added: "We are a very sanitised procurement train. I would say, compared to the NHS buying computers off the shelf, we are probably better than that. If you think more Nasa and less NHS you are probably in the right place."

Didn't they learn from recent events how even air-gapped computers can be compromised?

Also covered at The Register, The Times, and The Guardian.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Insightful) by bradley13 on Wednesday June 28 2017, @02:17PM (2 children)

    by bradley13 (3053) on Wednesday June 28 2017, @02:17PM (#532443) Homepage Journal

    I worked in military procurement, back in the Stone Age, and the parent comment is pretty sane and correct.

    That said, aside from sticking to the tried and true, military procurement faces two enormous, intertwined problems: bureaucracy and politics.

    When you are awarding $huuuge contracts, politicians cannot resist the opportunity to see that some of that money flows to people who will, in their turn, support the politicians. Call it "crony capitalism", or just flat-out "corruption". It's not a surprise that most Congresscritters (in the US) and most members of Parliament (in the UK) are millionaires. If they aren't when they arrive, they generally quickly figure out how to fix the problem.

    The same corruption hits the bureaucracy, for example, with the revolving door problem. I'll make sure that your company gets this contract; you offer me a nice job in a couple of years. Who knows, maybe I'll go back to government service after that - at a higher level, of course, due to my "industry experience". Rinse and repeat.

    Finally, as the icing on the cake, you get all the regulations that the government has put in place, because politicians can't resist pandering to special interest groups. The rules about awarding some percentage of contracts to woman- and minority-owned businesses are part of this. You get these shell companies that are 51% owned by some figurehead, that do nothing but take government contracts and pass them on to other subcontractors that can actually do the work. After skimming a percentage off the top, of course.

    What does this have to do with obsolete technical stuff?

    It makes the contracting process incredibly cumbersome. You chop a project up into enough little pieces that you can place at least one subcontract in every important political district, locate those shell companies and ensure they pass their contracts through to someone who can actually do the work, and find workarounds for all of the incompetent subcontractors you cannot get rid of (because of politics, revolving doors, minority status, whatever). By the time you have this whole wobbly contractual edifice actually teetering on the edge of stability, despite a constantly changing political landscape, the last thing you want to hear is that some actual technical component might require you to start all over again.

    Ok, I'm cynical. Worse...I'm not sure there's a better alternative.? If you remove politicians from the process, and just hand $100 billion to some contractor, all you'll do is privatize the corruption. With so much money in play, too many people cannot resist temptation. Greed is part of human nature. With pseudo-democratic governments, we can force some degree of transparency, which at least limits the damage.

    That military procurement works, sort of, despite all of this - that's the real surprise. At least the end products usually work, which is better than what happens elsewhere (ref [worldbank.org], ref [sciencedirect.com]), where corruption often leaves projects barely started, when all the money has been sucked out of them.

    --
    Everyone is somebody else's weirdo.
    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Interesting=1, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 2) by Justin Case on Wednesday June 28 2017, @02:22PM (1 child)

    by Justin Case (4239) on Wednesday June 28 2017, @02:22PM (#532447) Journal

    So, if I'm following you correctly, we should probably trust governments to do what's best for the people because government people have none of the character flaws of those goddamn capitalists.

    • (Score: 2) by bradley13 on Wednesday June 28 2017, @02:49PM

      by bradley13 (3053) on Wednesday June 28 2017, @02:49PM (#532472) Homepage Journal

      I don't think that's what I said, no... Capitalism didn't enter into my comment anywhere.

      We're talking about military procurement, which is the government handing out money. More specifically, about really big projects, like the HMS Queen Elizabeth. The problem that needs addressed is this: How does a government handle a big project like that?

      My experience in military procurement (in the US) is pretty much as I described: A horrible, unwieldy, politically driven contracting process. The wonder was that anything useful came out of the other end.

      But: how else do you do it? The government can't just hand out gazillions of dollars without oversight. But with government oversight, you automatically get politics, and bureaucrats, and all the problems described.

      So I'm grousing, without having an answer...

      --
      Everyone is somebody else's weirdo.