Slashdot Mirror

← Back to Stories (view on slashdot.org)

Britain's Newest Warship Runs Windows XP, Raising Cyber Attack Fears (telegraph.co.uk)

Posted by BeauHD on from the outdated-operating-systems dept.

Chrisq shares a report from The Telegraph: Fears have been raised that Britain's largest ever warship could be vulnerable to cyber attacks after it emerged it appears to be running the outdated Microsoft Windows XP. A defense source told The telegraph that some of the on-board hardware and software "would have been good in 2004" when the carrier was designed, "but now seems rather antiquated." However, he added that HMS Queen Elizabeth is due to be given a computer refit within a decade. And senior officers said they will have cyber specialists on board to defend the carrier from such attacks.

25 of 302 comments (clear)

  1. Makes sense to me by alvinrod · · Score: 5, Funny

    It makes sense to me. Where else are they going to get minesweeper?

  2. Cyber specialists by manu0601 · · Score: 5, Insightful

    they will have cyber specialists on board to defend the carrier from such attacks

    They are supposed to defend unsupported proprietary software. The right name is not cyber specialist, but rather priest.

    1. Re:Cyber specialists by NotInHere · · Score: 4, Interesting

      This is the most ridiculous part of the whole story. They think that some people at the board of the carrier can fend off attacks. They believe that it can be solved by like a local scale problem, like aircraft attacking the carrier. So they think they can solve it by people on board specialized to protect you, like they probably have someone on board to operate the anti aircraft cannon.

      These attacks aren't local scale though. They are global scale. Vulnerabilities in Windows XP get discovered by someone at the other side of the globe and get used against you. Similarly, a patch to fix a vulnerability in Windows XP can be developed once and then applied locally. And in the case of a total and complete hack during the heat of a battle, even the best team on board won't help them to get the systems back up before the battle finishes.

    2. Re:Cyber specialists by Gravis+Zero · · Score: 4, Funny

      The right name is not cyber specialist, but rather priest.

      Oh please, don't be an idiot. The government isn't dumb enough to rely on just some priest. For the money they are paying out, they are going to at least demand a cyber priest. ;)

      --
      Anons need not reply. Questions end with a question mark.
    3. Re: Cyber specialists by LostMyBeaver · · Score: 3, Interesting

      The systems are very likely DoD (or at least) connected for remote maintenance. There will be a minimum of 3 encryption black boxes before satellite uplink.

      Switching OS is nice. But the US government pays for Windows XP support and updates.

      I'm far more concerned about software which actually requires XP. The entire ship should be running NSA Secure Host Baseline (https://github.com/iadgov/secure-host-baseline).

    4. Re: Cyber specialists by Anonymous Coward · · Score: 3, Insightful

      The systems are very likely DoD (or at least) connected for remote maintenance. There will be a minimum of 3 encryption black boxes before satellite uplink. Switching OS is nice. But the US government pays for Windows XP support and updates. I'm far more concerned about software which actually requires XP. The entire ship should be running NSA Secure Host Baseline (https://github.com/iadgov/secure-host-baseline).

      Why would we want the Americans to control the software?
      Did you read the article? Do you think we trust your president?

    5. Re:Cyber specialists by Darinbob · · Score: 3, Insightful

      It's outright scary that they would consider using a Windows of any version. Can you see them on Windows 10 and just as they engage with the enemy all the computer screens say "Restarting to Install Advertising Update. Please Do Not Power Off Your Computer."

    6. Re:Cyber specialists by Jamu · · Score: 3, Insightful

      I'm sure you're mistaken, Michael Fallon, Conservative MP, drunk driver, and graduate in Classics and Ancient History, says they're properly protected.

      --
      Who ordered that?
    7. Re:Cyber specialists by deek · · Score: 4, Funny

      They need someone there to change the lightbulb to red, whilst a cyberattack is in progress.

    8. Re:Cyber specialists by Xest · · Score: 4, Informative

      They don't just take an off the shelf copy of Windows XP and install it on the ship, companies like BAE systems have agreements with Microsoft over source code access and provide hardened versions to their customers.

      Thus, the unsupported and proprietary elements of consumer Windows XP are entirely irrelevant - they both pay for bespoke extended support from Microsoft, and they have source code access themselves.

      Whilst there are legitimate questions about using Windows XP for a brand new ship, it's not quite as bad as "OMG they use Windows XP lol" type headlines and comments make out. The reality is that they have support for and source code access to perhaps the single most tried and tested OS in the world. Lines of communication and inputs into the systems are both limited and restricted, and thus any vulnerability discovered against XP in the real world will likely be fixed and patched on a ship well before anyone can find a way of getting the exploit onto the ship's systems.

    9. Re:Cyber specialists by aberglas · · Score: 5, Informative

      Tell that to the Iranians.

      Their centrifuges were not attached to the Internet. Physical security. But Stuxnet got them anyway.

  3. And the navigation... by Vylen · · Score: 4, Funny

    ... control system is assisted by Clippy.

    1. Re:And the navigation... by mjwx · · Score: 5, Funny

      ... control system is assisted by Clippy.

      Imagine the timers.

      Missile incoming! Impact in:
      5 seconds.
      2 seconds.
      132 seconds.
      1 second.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
  4. HMS Brixit by Anonymous Coward · · Score: 3, Funny

    "And senior officers said they will have cyber specialists on board to defend the carrier from such attacks."

    ALL UNPLUG FULL!

    Answering all unplug full aye!

  5. This is crazy by El+Cubano · · Score: 5, Interesting

    Every military appears subject to the same idiocy. Seriously, you are spending literally billions of USD, GBP, or EUR (I tried to use the actual symbols for GBP and EUR, but I forgot about Slashdot and unicode). You can't spring a few million for a custom built or customized (e.g., based on OS/2, QNX, VXWorks, Linux, etc.) OS that has all the networking and other non-essential components removed? Then you can allow network access via a very tightly controlled and well audited interface.

    The main reason, I think, for this conundrum is that there are two competing objectives: 1) extremely rigorous system engineering processes with the attendant configuration control; 2) use more COTS and fewer custom components. For instance, those decisions were definitely made over a decade ago and any change to them would require tons of paperwork, additional certification, and also add to the cost and delay the schedule. It's no wonder they just stuck with what was already approved.

    That said, I simply cannot believe that one or more of the big defense firms (e.g., BAE, Lockheed-Martin, Boeing) has not come up with something better than slapping Windows on it.

    Now, I know (or rather, I truly hope) that things like navigation, fire control, and other critical ship functions are not dependent on any Windows (or other consumer OS). However, I know that some years ago the US Navy had a "Windows-power ship" end up dead in the water and had to have it towed back to port. That was the result of a divide by zero bug in some piece of software but Windows did not handle it gracefully, if I recall correctly.

    Either way, they will be lucky if they don't end up with some very serious problems along the way. It seems like it is just not possible to keep ransomware out of any decently sized network. And I can imagine a major world power's flag ship being a tempting target.

  6. As opposed to... by xlsior · · Score: 4, Insightful

    ... Windows for Warships? (Seriously, that exists) Anyway: despite windows XP's age Microsoft will still actively support it for organizations willing to send them a boatload of money, and the rates only go up the more time passes. But when you're talking about the operating costs of a large warship, the cost for continued xp support is only a rounding error in the total.

  7. That's depressing, it's such old news by Anonymous Coward · · Score: 4, Interesting

    The last time I recall the Navy being concerned about running Windows was maybe 15 years ago. The LinuxBIOS project attracted a lot of attention from some Navy guys because of its rapid reboot capability.

    At LANL, LinuxBIOS researchers could reboot a small (1K diskless compute nodes connected via Myrinet) scientific computing cluster in 3 seconds, ready for work. So, theoretically, one could change from a Linux cluster to a Windows cluster, but no one ever wanted to.

    Whatever became of that technology?

  8. Is there even a word for this level of stupidity? by JustNiz · · Score: 5, Insightful

    The die-cision to use anything from Microsoft in a mission-critical environment, let alone a 16+ year old OS with a giant list of known exploits goes so far beyond amazingly stupid I can't even find the words.

  9. That's not all. by Gravis+Zero · · Score: 4, Interesting

    The Register in 2009

    According to the Ministry of Defence (MoD), HMS Montrose has now entered a planned docking and refit period during which BAE Systems plc will replace her original DNA(1) gear with DNA(2), said to be "based on the system being fitted to the Royal Navy's powerful new Type 45 Destroyers". This means it will be based on fairly everyday hardware running legacy Windows OSes - people who have worked on these programmes inform us that both Win2k and XP will be in use across the fleet.

    --
    Anons need not reply. Questions end with a question mark.
  10. Armageddon Clippy by Snufu · · Score: 4, Funny

    It looks like you are trying to turn the surface of the earth into glass. Would you like help?

  11. Re:Heh, thanks to me by toadlife · · Score: 4, Informative

    If they ran Linux on the ship it would be Linux from back when the ship was designed, full of potential vulnerabilities just like whatever flavor of XP they're running. With giant systems like this, there is a much higher potential risk when introducing changes to the systems and given the fact that the systems are not connected to the outside world, the reward for keeping software up to date can be very little to none.

    --
    I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
  12. Re:Windows for warships by Anonymous Coward · · Score: 4, Informative

    It makes sense when the divide by 0 error in userland takes down the entire ship.

    "On 21 September 1997, a division by zero error on board the USS Yorktown (CG-48) Remote Data Base Manager brought down all the machines on the network, causing the ship's propulsion system to fail."

    https://en.wikipedia.org/wiki/USS_Yorktown_(CG-48)

  13. The MoD has lied ! by Mosquito+Bites · · Score: 5, Interesting

    This is serious !

    Back in 2015 the MoD declared that this vessel would be 'Windows-XP Free'

     Read the article below if you do not believe ---

    https://www.theregister.co.uk/...

    1. Re:The MoD has lied ! by stealth_finger · · Score: 3, Funny

      However, he added that HMS Queen Elizabeth is due to be given a computer refit within a decade.

      What's the fuss about? In 2027 this warship will be up-to-date with bleeding edge Windows 10. Oh wait...

      Until it decides to update in the middle of a battle.

      --
      Wanna buy a shirt?
      https://www.redbubble.com/people/stealthfinger/shop?asc=u
  14. Can't wait for the headlines by nospam007 · · Score: 4, Funny

    "Warship sunk by fat Russian boy on the couch of his mother's basement."