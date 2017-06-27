from the tried-and-tested dept.
Recently launched and not yet operational, the HMS Queen Elizabeth's computers are running Windows XP.
The ship's officers defend this, claiming that the ship is secure, but the phrasing of their comments suggests that they really don't have a clue:
"It's not the system itself, of course, that's vulnerable, it's the security that surrounds it.
So the security is vulnerable?
"I want to reassure you about Queen Elizabeth, the security around its computer system is properly protected and we don't have any vulnerability on that particular score."
Apparently, where you buy your computers makes Windows XP more secure:
"The ship is well designed and there has been a very, very stringent procurement train that has ensured we are less susceptible to cyber than most."
He added: "We are a very sanitised procurement train. I would say, compared to the NHS buying computers off the shelf, we are probably better than that. If you think more Nasa and less NHS you are probably in the right place."
Didn't they learn from recent events how even air-gapped computers can be compromised?
Also covered at The Register, The Times, and The Guardian.
(Score: 0) by Anonymous Coward on Wednesday June 28, @01:20PM
What could go wrong?
I realize that for some reason (cough *kickbacks* cough) they chose Windows, but couldn't they use something that was a little more current? Windows 7 was released eight years ago. Surely they had enough time during the years of planning and construction of this ship to figure out how to use an OS released within the last decade.
(Score: 0) by Anonymous Coward on Wednesday June 28, @01:21PM
Blah blah blah, Blue Screen of Death.
(Score: 0) by Anonymous Coward on Wednesday June 28, @01:21PM (1 child)
The Chinese likely are still running their cyber on CP/M, so our cyber beats their cyber!
(Score: 2) by realDonaldTrump on Wednesday June 28, @01:41PM
They say that Windows XP makes this ship less susceptible to cyber. Smart move! I like ships that are less susceptible to cyber. Checking into getting Windows XP for #USA's Ford class of aircraft carriers. So the EMAILS system, the catapult, can't be hacked. Very important for when we fight China & Korea! #MAGA
(Score: 3, Informative) by WizardFusion on Wednesday June 28, @01:26PM (1 child)
Taken from Reddit (https://www.reddit.com/r/sysadmin/comments/6js5ab/britains_largest_warship_uses_windows_xp_and_its/djgnkp5/)
So … lots of opinions and absolutely no facts. While I cannot go into specific details in the HMS Queen Elizabeth, I can speak to the OS of choice and why something outdated is used on a new ship.
Before all that, my understanding and experience comes from working for a defense contractor with joint United States and U.K. ships and systems updates and operations to include new ship design and manufacture as well as integrated ship systems.
One of my tasks while working was to develop a universal database structure that could be ported to all ships of a specific class in fleet with strict limitations on software that could be used. My reference material was an approved (by both U.S. and U.K. military services) list of software. Most of the software was outdated and had no original design elements to properly allow us to design, distribute, and update the database.
In all cases, the specific versions of software were tested and certified by the combined militaries, which is often a years long approval process. My desire was to use open source software (MySQL and PHP) as the backbone, though the native approved support of software, while approved, wasn't supported on all systems on the ship. Therefore, we ended up using older Microsoft Access DB software.
The reality of the military and military used software is, first, it doesn't get updated often or for no reason. Literally, if it ain't broke, don't fix it. Since there are multi-million dollar maintenance and support documentation contracts for all systems, the cost is more than just a software patch or upgrade as it includes entirely new, step-by-step documentation and testing before anything can be rolled out. Even then, all updates are rolled out on a schedule and only after (often) years of testing, updates, training, and approval across many different groups.
Second, while it's true Microsoft doesn't update XP or other software for the public, it's not true that Microsofts contract with the combined militaries allows the company to stop updating the ship systems. Those systems are patched and updated, even 20 years on.
Also, in all cases most ship systems are literally firewalled from outside access and may as well exist as air-gap systems. Yes, there is some ability on ships to email and use the internet, though that's severely limited and exists on different internal network systems than the core, mission critical aspects of the ship.
While it's nice to assume old software isn't being updated or old programmers aren't working the same bits of software, that's also false as most everything in the hierarchy of defense software updates and contracting has both a lifecycle and handoff procedures. Yes, in some cases some software can be orphaned, the mission critical software is named, numbered, tracked, tested, and verified at least yearly and often more often than that.
The purpose in all of this is to ensure any sailor can pick up a manual and do any job (literally step-by-step down to the smallest action and what is looked at and when) and that the software and hardware continue to work as planned, designed, developed, and promised.
So, Windows XP while old is still safe and secure and updated as well as supported, tested, and developed against until the military finds an alternative and starts to work that into new ship systems, designs, and deployment.
Which is the case, but not in ways the public will see in the immediate future.
tl;dr, software has to be approved, it's still supported under contract, people are still developing for it, newer software takes many years to get approved. Ship is still safe.
Source: worked as a defense contractor in documentation and database development covering both legacy and next-gen joint US and U.K. ship design and deployment.
(Score: 2) by kaszz on Wednesday June 28, @01:39PM
So why don't they get started with approving some BSD or Linux? and for database there is postgresql.
(Score: 0) by Anonymous Coward on Wednesday June 28, @01:46PM
If we get really really antiquated with out technology, perhaps going backwards is the best defense against new age attacks. Ever seen a binary DOS attack? I think not!
(Score: 2) by Justin Case on Wednesday June 28, @01:50PM
I'm pretty sure when WXP came out, MS said "this is the most secure version of Windows ever".
If you're Muslim, you're welcome. But if you want to impose sharia law on others, please leave Europe and the Americas.
