HMS Windows XP: Britain's newest warship running Swiss Cheese OS

Spotted on carrier control room screens - reports

Updated The Royal Navy’s brand new £3.5bn aircraft carrier HMS Queen Elizabeth is currently* running Windows XP in her flying control room, according to reports.

Defence correspondents from The Times and The Guardian, when being given a tour of the carrier’s aft island – the rear of the two towers protruding above the ship’s main deck – spotted Windows XP apparently in the process of booting up on one of the screens in the flying control room, or Flyco.

“A computer screen inside a control room on HMS Queen Elizabeth was displaying Microsoft Windows XP – copyright 1985 to 2001 – when a group of journalists was given a tour of the £3 billion warship last week,” reported Deborah Haynes of The Times, accurately describing the copyright information on the XP loading screen.

Similarly, the Guardian’s Ewen MacAskill (who also worked on the Edward Snowden NSA revelations in 2013) noted: “During a tour of the carrier, screens were spotted using what appeared to be the outdated 2001 Windows XP operating system.”

Windows XP Professional. Copyright 1985-2001 Microsoft Corporation

The loading screen for XP Professional features the copyright info

The Ministry of Defence assured El Reg two years ago that the carrier would not be running XP, saying, when our eagle-eyed readers spotted the iconic XP default background on a techie’s laptop during a documentary about the ship: “The MoD can confirm that Windows XP will not be used by any onboard system when the ship becomes operational,” adding that this applied to sister ship HMS Prince of Wales.

Today, however, one of the minions in the ministry’s inventively named Main Building told us: “While we don’t comment on the specific systems used by our ships and submarines, we have absolute confidence in the security we have in place to keep the Royal Navy’s largest and most powerful ship safe and secure.”*

Flyco, the flying control room, aboard HMS Queen Elizabeth seen while under construction in December 2016. Crown copyright

Flyco, the flying control room, aboard HMS Queen Elizabeth seen while under construction in December 2016. Crown copyright

The carrier’s Commander (Air) – head of flying, in naval parlance – Commander Mark Deller, evidently caught on the hop by the alert press pack, was quoted by the Guardian as saying: “The ship is well designed and there has been a very, very stringent procurement train that has ensured we are less susceptible to cyber than most.”

“When you buy a ship,” added Cdr Deller, “you don’t buy it today, you bought it 20 years ago. So what we put on the shelf and in the spec is probably what was good then. The reality is, we are always designed with spare capacity, so we will always have the ability to modify and upgrade. So whatever you see in the pictures, I think you will probably find we will be upgrading to whatever we want to have in due course.”

El Reg has not been able to identify the picture Cdr Deller refers to, but hopefully it’s not this screencap from a BBC documentary two years ago, as mentioned above:

Windows XP screensaver on deck of new Royal Navy aircraft carrier

Windows XP inside: The Aircraft Carrier Alliance is the conglomerate that built the two carriers for the Royal Navy

We have asked informed sources whether commonly used air traffic control software depends on Windows XP to run. HMS QE took a decade to build and fit out – and five years ago NATS, the UK’s air traffic control firm, ditched its Windows XP-based software in favour of private cloud-based remote desktop services for air traffic controllers. It is superficially plausible that “state of the art” air traffic control software in use prior to 2012 was specified for QE and has since been installed, despite XP being an ancient Swiss cheese.

As world+dog also reported, large chunks of the NHS were running Windows XP when it was struck down with the WannaCrypt ransomware earlier this year - though many failed to note that the operating system was not the attack vector used by the miscreants.

Though the British public sector keeps bunging Microsoft ever larger sums of cash to keep up extended XP support, you can only flog the dead donkey for so long. The MoD insisted that it has lots of folk worrying about cyber security so there's no need to worry.

On the bright side, things could be worse aboard QE in software terms. Flyco could have been running Windows 3.1, like Paris Orly International Airport was in November 2015. ®

*Updated at 1437 UTC 27/06/17 to add: While this would appear to be at odds with what we were told back in 2015, the Royal Navy has been in touch to say: "For clarification, the MOD line from 2015 stated 'The MoD can confirm that Windows XP will not be used by any onboard system when the ship becomes operational'; we are following a programme towards delivering a carrier Strike capability – ie, operational - for the UK from 2020."

Other stories you might like

  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022