Boatnotes The Royal Navy is running Windows ME – and XP, and even an early version of Apple Macintosh. But all is not as alarmingly obsolete as it may appear.
Your correspondent, during a few days embedded aboard seabed survey ship HMS Enterprise, asked the crew what systems were in operation aboard the ship’s networks. The answer was a real mixture.
“We’re 5-10 years behind the rest of the world,” said one, only half-joking. Enterprise was built in 2003 and most of the IT infrastructure aboard her dates back to then, with new OSes and mission software installed and patched as required.
Enterprise, being a survey ship, largely runs civilian off-the-shelf systems, other than the expected Secret-level stuff necessary for her commanders to talk to Navy HQ in the UK. Her internal network, the Defence Information Infrastructure (DII – with a logo suspiciously similar to the old Intel Inside graphic), boasts, among other things, Windows 7, Windows XP and Windows ME boxes – though, as another one of the hydrographers off-handedly shrugged when asked why this was: “Because it works.”
Windows ME reached the end of its extended support period in 2006. XP officially died in 2014, though the usual pay-if-you-want-it extension applied for another few years after that. Windows 7 has just been given three years to live by Microsoft.
There’s nothing IT-wise on Enterprise that wouldn’t look out of place to a sysadmin poking round a corporate branch office whose IT needs had been forgotten about for a decade. With that said, all the IT kit aboard, regardless of age, is there because it works reliably when required – and, crucially, all of it is air-gapped (or rather, water-gapped).
“It’s all standalone, not connected to the outside world,” Petty Officer Parry from the ship’s weapon engineering department told me.*
“All USB ports are locked down,” added PO Parry. The usual network policies to stop people from doing IT-related things they shouldn’t are all enforced here; almost nobody has access to the ship’s CD/DVD-RW drives, while the different networks aboard do not talk to each other and personnel are ordered not to try to move data from, say, the DII network to the maritime survey equipment network. While the survey data onboarding point in the ship’s Baltic Room is networked to the survey chart office just off the bridge, it doesn’t talk to the Warship Electronic Chart Display and Information System (WECDIS) navigational software.
While there is Wi-Fi aboard for personal devices, this is a relatively new thing that was only installed a year ago. The router for that talks purely to a satellite dish, which in turn functions like any other internet gateway. If you wanted to compromise it, in all honesty you probably could – though all you’d achieve is the silencing of the ship’s very readable Twitter feed and discovering that the wardroom’s internet history is just like any other group of millennials (and confused Generation X 1st lieutenants trying to work out what the cut-off age for a millennial is).
Infosec at sea, outwardly at least, doesn’t seem half as difficult as infosec on land. ®
Keep an eye out for The Register's Boatnotes stories over the coming week. Our man spent four days aboard HMS Enterprise, at the kind invitation of the Royal Navy, absorbing as much as he could about naval IT, data-crunching and life at sea aboard a British warship at the end of a major NATO exercise.
* “Weapon engineering”, in Royal Navy-speak, mainly refers to any system that isn’t needed to sail the ship from A to B or keep the crew alive and well. As well as guns and missiles, this also covers communication and information systems – known as CIS, in the inevitable military acronym.