Britain's Newest Warship Runs Windows XP, Raising Cyber Attack Fears

Chrisq shares a report from The Telegraph: Fears have been raised that Britain's largest ever warship could be vulnerable to cyber attacks after it emerged it appears to be running the outdated Microsoft Windows XP. A defense source told The telegraph that some of the on-board hardware and software "would have been good in 2004" when the carrier was designed, "but now seems rather antiquated." However, he added that HMS Queen Elizabeth is due to be given a computer refit within a decade. And senior officers said they will have cyber specialists on board to defend the carrier from such attacks.

Makes sense to me

[alvinrod]

It makes sense to me. Where else are they going to get minesweeper?

Cyber specialists

[manu0601]

they will have cyber specialists on board to defend the carrier from such attacks

They are supposed to defend unsupported proprietary software. The right name is not cyber specialist, but rather priest.

Re:Cyber specialists

[aberglas]

Tell that to the Iranians.

Their centrifuges were not attached to the Internet. Physical security. But Stuxnet got them anyway.

This is crazy

[El+Cubano]

Every military appears subject to the same idiocy. Seriously, you are spending literally billions of USD, GBP, or EUR (I tried to use the actual symbols for GBP and EUR, but I forgot about Slashdot and unicode). You can't spring a few million for a custom built or customized (e.g., based on OS/2, QNX, VXWorks, Linux, etc.) OS that has all the networking and other non-essential components removed? Then you can allow network access via a very tightly controlled and well audited interface.

The main reason, I think, for this conundrum is that there are two competing objectives: 1) extremely rigorous system engineering processes with the attendant configuration control; 2) use more COTS and fewer custom components. For instance, those decisions were definitely made over a decade ago and any change to them would require tons of paperwork, additional certification, and also add to the cost and delay the schedule. It's no wonder they just stuck with what was already approved.

That said, I simply cannot believe that one or more of the big defense firms (e.g., BAE, Lockheed-Martin, Boeing) has not come up with something better than slapping Windows on it.

Now, I know (or rather, I truly hope) that things like navigation, fire control, and other critical ship functions are not dependent on any Windows (or other consumer OS). However, I know that some years ago the US Navy had a "Windows-power ship" end up dead in the water and had to have it towed back to port. That was the result of a divide by zero bug in some piece of software but Windows did not handle it gracefully, if I recall correctly.

Either way, they will be lucky if they don't end up with some very serious problems along the way. It seems like it is just not possible to keep ransomware out of any decently sized network. And I can imagine a major world power's flag ship being a tempting target.

Is there even a word for this level of stupidity?

[JustNiz]

The die-cision to use anything from Microsoft in a mission-critical environment, let alone a 16+ year old OS with a giant list of known exploits goes so far beyond amazingly stupid I can't even find the words.

The MoD has lied !

[Mosquito+Bites]

This is serious !

Back in 2015 the MoD declared that this vessel would be 'Windows-XP Free'

Read the article below if you do not believe ---

https://www.theregister.co.uk/...

Re:And the navigation...

[mjwx]

... control system is assisted by Clippy.

Imagine the timers.

Missile incoming! Impact in:
5 seconds.
2 seconds.
132 seconds.
1 second.