"we are less susceptible to cyber than most.”
Most what? Warships? Banks? Pensioners?
The Royal Navy’s brand new £3.5bn aircraft carrier HMS Queen Elizabeth is currently* running Windows XP in her flying control room, according to reports. Defence correspondents from The Times and The Guardian, when being given a tour of the carrier’s aft island – the rear of the two towers protruding above the ship’s main deck …
Less vulnerable than most other systems. Somehow I don't think warships are connected to the Internet, so sneaker net is the only way viruses can be spread. But since everybody is trained not to plug anything in from home, even that risk is very low. Generally speaking (no pun intended), on defense equipment the CD-ROM drives and USB ports are disconnected to prevent potential infection. Finally, it's possible they're running Windows XPe, which will have fewer vulnerabilities since a lot of the services in XP don't ever load.
I just bought brand new pieces of test equipment that use Windows XP. I assume it's the embedded version. And they even have Ethernet ports on them. In the past we have used embedded XP devices on our network all the time and have never been infected.
Somehow I don't think warships are connected to the Internet
The SS Yorktown in 1998 was not connected to the Internet, but a rogue packet in the ship's intranet took the MS Windows XP machines down and it needed to be towed back to port.
Maybe the Royal Navy wants to shows that it is also capable of gross cock up ?
Also, it was in '97 not 98.
"On 21 September 1997, a division by zero error on board the USS Yorktown (CG-48) Remote Data Base Manager brought down all the machines on the network, causing the ship's propulsion system to fail.[5][6]"
https://en.wikipedia.org/wiki/USS_Yorktown_(CG-48)
This post has been deleted by its author
They won't be permanently connected. But it's highly probable they will have Welfare services for the crew, so non operational type services, which the crew will use for contact with home via the communications satellites. It's almost certain they will be able to send and receive email. Send the right attachment and if the crew open it, then that could cause infection, unless they block attachments.
@Bob Camp
"Somehow I don't think warships are connected to the Internet, so sneaker net is the only way viruses can be spread. But since everybody is trained not to plug anything in from home, even that risk is very low. Generally speaking (no pun intended), on defense equipment the CD-ROM drives and USB ports are disconnected to prevent potential infection."
In this day and age, complex IT based systems are not just useful, but necessary for the operation of modern equipment. When you get to the point of human interface, it's often cost effective to use systems that they are familiar with, which is something that both MS and Apple have attempted to exploit since the dawn of desktop computing (to varying degrees of success). It's also often good to have (hopefully encrypted) satcomms so that staff who require information access can use live, interconnected systems for document management, configuration control, etc. etc.
The HMS QE isn't the first military transport that I've heard of that uses a Microsoft desktop product in this way (nor even the first that may or may not still be using XP). I'd be careful about assuming that the risk is low of casual insertion of USB devices though. Quite a few operational systems require more than casual data transfers of system health monitoring data, and there's always the frequent dog watch shifts at 3am where everything is quiet, the boss is asleep, and a maintenance crew member happens to have the latest <insert TV episode or blockbuster movie of choice> in a thumbdrive in their pocket.
"we have absolute confidence in the security we have in place to keep the Royal Navy’s largest and most powerful ship safe and secure.”
MoD, Today
"we have absolute confidence in the security we have in place to keep the UK’s largest and most powerful shits safe and secure.”
House of Commons yesterday - before KGB / GRU / FSB Russian cyber attack.
As long as these Windows XP devices go nowhere near a network or any removable media we'll be absolutely fine.
I was once told the Panavia Tornado used audio cassettes for their stored programs, which may have been useful for spares when practicing for WWIII, but also brought to mind that final scene from Escape from New York. I'm sure that was a perfect complement to their "Blue Circle" radars.
I watched a video last week about the Tornado, looking at it, I would say it must have been made during the early 1980s. They talked about mission data being downloaded by tape, and for the brief moment they showed the cassette tape being inserted, it did look like a standard C90 ! But then there wasn't much else available in those days, you couldn't use the large multi-track tapes that were the mainstay of mainframes, far too big to put that into a small fighter. Magnetic bubble memory didn't come along until I think a few years later when the aircraft was in operational service, so probably not worth the cost of upgrading all the aircraft.
So quite probably FSK modulation in the audio band on to an audio cassette tape. Nowt wrong with that.
far too big to put that into a small fighter
I would agree that there might not be much space available, but have you ever been up close to a Tornado? Small is not a word that would spring to mind, though they are slightly smaller than an F15 but bigger than an F16 most of these war machines are more of 50 feet long and 20 feet to the top of the fin. About half the size of an A320
It was a standard tape and it was used to load mission (navigation) data. In flight, it could be used to play music through the intercom. However, given the musical tastes of Navigators, it rarely was for long!
Blue Circle radar was applicable only to the F2/F3 Air-Defence version; the ground-attack/strike version radar was much simpler and worked well from day one.
Not only does the Tornado use standard cassettes for loading navigation data, but the same tape player can also deal with audio cassettes as well, which apparently comes in handy on long flights when the crew want a bit of background music.
(Here's the nav info being recorded onto cassette, and later being loaded into the aircraft)
Fizzle,
All military kit is old fashioned. As the chappie said, you order this stuff 10-20 years before you get it. Often from a spec that was mostly written before that. Every time you try to change that spec during the build process, the price goes up and the delivery time gets further away. So you tend to plan regular upgrades instead, and deal with the problem while the unit is in service.
So for example, Lewis Page of this parish spent many a happy article complaining about the Eurofighter Typhoon. But the design work for that started sometime in the 70s - where they were trying to guess what aircraft the Soviet Union would be operating by the 1990s, and then build something to be capable of dealing with them. The design work got serious in the 80s, and it was ordered by the mid-80s, just in time for the Cold War to be about to end. At which point who needed a pure air superiority fighter?
But cancelling it meant burning all the money already spent, and sacking all the people involved, plus possibly knackering the companies. So it was considered cheaper to keep going, then modify it to be more multi-role when they'd finished it. Also the price shot up, asl the various nations buying it chose to have fewer aircraft, thus spreading production and R&D costs over fewer units.
Was this mess anyone's fault? Well not really. They had to order way into the future when they thought the Cold War was a serious problem. The only alternative was to buy from someone else - which obviously has less risk. But that means your stuff won't be state-of-the-art by the time you get it, and that you lose the skill and ability to produce your own, should someone ever refuse to sell to you.
These carriers are such large and complex systems, that there'll probably be some bit of kit changed, updated or in testing every couple of months.
"How long would it take a hostile operative to gain control of all the key computer systems?"
If you've got a hostile operative onboard on in-service navy ship then the whole ship is compromised and effectively dead in the water. The chances of this happening - one hopes due to security at the dock and personnel vetting - are insignificant. A far more likely attack vector is The Idiot. The Idiot will pull out a vital cable accidentaly, plug in his usb stick containing a load of ripped mp3s from a pirate site, give the wrong information at just the wrong time etc...
This IMO is rather more likely.
"If you've got a hostile operative onboard on in-service navy ship then the whole ship is compromised and effectively dead in the water. The chances of this happening - one hopes due to security at the dock and personnel vetting - are insignificant."
I'm sure the chances of Edward Snowden happening were considered insignficant as well.
@tony2heads
It could have been even worse: it could have been Windows 10...
The laugh about the OS is that ALL current OS's will be out-of-date decades before the ship is decommissioned. So on that basis what is an appropriate OS for something like HMS QE or a nuclear power station?
> So on that basis what is an appropriate OS for something like HMS QE or a nuclear power station?
one that you can upgrade from earlier than 8 years after its mainline support ends, worst case, before its extended support ends
if they couldn't predict that the OS won't be supported ("predict" as in read the effing manual) by that time, what other kind of things they are "absolutely confident" about?
I had a tour around a nuclear power station some years ago, and was able to gaze into the control room from the gallery. Nuclear power stations run on bespoke code written some time in the 1960's and not modernised much since. They just stuck a new console with a modern monitor in a retro style case at the end of the desk for the modern trendy stuff.
An approach which should have been followed with the QE class carriers, given that they have a design life of 50 years and might last longer than that if the government in around 2060 decides to do a relatively cheap life extension program to allow them to spend more on vote buying schemes instead of a relatively expensive replacement program.
By the time they certify all of the programs for WinX then that'll probably be out of support irrespective of the "WinX will be supported forever" thing from Microsoft. Unless you think that WinX is still going to be in support in 50 years aka 2067. Put into perspective, VAX-11/VMS was released 40 years ago, five years before a little company called Microsoft was formed.
Makes one wonder how useful it is to use commodity items - whether operating systems, computers or fork handles - for a military contract. Specifying something more exactly tends to result in the $200 hammer that NASA or the US army is blamed for. But using off the shelf items means updating software, procedures and connected systems when they're changed by the supplier.
tbh, not an easy choice. Paying through the nose to support an outdated OS isn't that stupid in all circumstances. Better to use in-house maintained software, but politicians are keen on stopping that.
"Specifying something more exactly tends to result in the $200 hammer that NASA or the US army is blamed for."
As I understand it, the $200 hammer is more an accounting trick for when the military acquires hodgepodge. As one of them put it, the $200 hammer sounds bad until you also learn the $200 jet engine acquired in the same lot.
one that you can upgrade from earlier than 8 years after its mainline support ends, worst case, before its extended support ends
Now we are getting somewhere! I suggest there is a very good reason why there are currently systems running Windows for Warships (based on XP) on QE!
Aircraft carriers are big ticket items and don't get commissioned very often. I suspect given the level of co-operation between the UK and US, the QE's systems are based on systems from a previous aircraft carrier (Ford class for which construction started in 2005?).
It would make sense to re-use/build upon existing software, however as noted elsewhere MS really want XP to die, so this platform doesn't have a 50 year future. Also Windows 10 is far too recent for any meaningful (military) applications development to have occurred on it.
So I suggest what has happened is that development to date has largely been focused on XP ie. what is deployed on other carriers, QE provides an opportunity to migrate such software to a new platform. However, to ensure consistency etc. it would be advisable to run both the old and new systems in parallel and compare output - something that can fairly readily be undertaken in the coming years as QE undergoes trials.
So to the causal observer (ie. any one without the relevant security and project clearance) they could see some systems runnng XP and some running something else - without such obvious branding and jump to the wrong conclusion.
Hence I'm more interested on what is seen on QE when she finally enters service in 2020.
Which raises another question, given the lifecycle of Windows 10, it is unlikely to be a Windows 10 derivative, given version 1703 (Creators Update) goes EoL in 2025.
Is there an exploitable vulnerability to report here? I seem to remember that warships are staffed with armed personnel, and not generally seen dangling Cat-5 cables, offering free wifi access or having a public internet cafe. I may be wrong here, feel free to correct me.
So, yes, it's an old OS - but does it really matter?
So long as there's no connection to public networks, no usable USB ports or optical drives, and that the network cabling and core services are physically secure and accessed solely by trusted personnel with active monitoring of users then there's no real problem.
Plus, you don't need a computer network to arm and launch aircraft. Well, that's the idea. We managed without for many decades...
These ships have Satcom links. So it could get infected. However, the Windows XP that the military use is not exactly the same as the Windows XP that ordinary mortals use - it is hardened and penetration tested and likely running on top of VMware ESX.
Cmon, it's fun to post this sort of article.
Can't speak for the flight ops, but other parts are XP embedded, and no USB. The equipment was designed some 20 years ago, FAT tested and handed over quite a few years back. We then start talking upgrades, but they're not going to get installed before the systems are pretty well tested. If you're lucky what might be used is Win7 by the time the ship is operational. It certainly won't be anything later.
Nice article though. Just the right mix of panic and smugness.
Cloud-based may be fine for an airport control tower, but defense systems are very averse to having internet-facing/remotely accessible hardware. And I suppose that cloud-based/internet-reliant solutions would be especially problematic if you are out in the middle of the Atlantic Ocean, operating in a low EM emission profile. We have many U.S. defense customers at our company, and they want mostly airgapped software solutions (which is throwing a little bit of a wrench into getting our offerings fully onto subscription, internet-updated solutions).
That being said, with XP you can always call MS tech support if you get hit with Wannacry for Warships. "Thank you for calling Microsoft Support! My name is Sanjay...er, Larry!"
Considering that the fighters are not flying yet, and the helicopters don't have a working datalink back to the ship, then maybe the RN is sticking with the on-prem solution because they don't want to make Fleet Air Arm look bad?
Windows XP may have some vulnerabilities but most, if not all affect its use as part of a general-use, connected system.
I occasionally use a PS that still runs XP. I has not been connected to a network (or had updates) for years. Consequently it provides a stable platform to play back sound effects on cue. Although it runs on a re-purposed desktop PC and has start-up errors (the RTC & BIOS battery expired long ago), it is essentially an embedded system in the sound box.
The systems seen in the Flight Control Room of HMS Queen Elizabeth are probably similarly isolated and, consequently just as secure as a fully patched Windows 10 PC. The difference being that it is am older, simpler technology that has stood the test of time - just what you need when a F35B is hurtling toward the end of the flight deck, flying on fumes with only half a wing.
If the wanacrirpt mess proved anything its that your system is only as secure as your incoming internet connection these days.
A piece of kit like that monster will be most probably be vpn'd to the MOD via a satellite connection meaning that it could be running windows 95 more securely than most people could a fully patched windows 10 box on a public WIFI.
..if it was Linux, it would most likely be also a 15 year old version.
What? You've just spent a few billion on a warship, go into battle only to find that that that patch from 6 months ago has rendered the entire firing system useless?
Can you imagine patching this kit then having to test every single bit over and over. It's not like they have a test warship lying around and can throw a few fighters* in the air and hope the landing systems work OK.
*yes, yes, I know.
Well, there you are. The ship is yet some years away from being operational. Apart from anything else she cannot be considered operational wihout an air group, and right now it could be argued that the nearest thing the Navy has to a fixed wing airgroup that could operate off HMS White Elephant are the Swordfish operated by the RN Historical flight...
No -one has preserved a flying Harrier apart from the US Marines afaik. Given what it has cost to preserve the Vulcan thus far, a Harrier might well cost even more, plus the difficulty of finding any qualified and recently experienced pilots to fly one, and getting a UK permit to fly given the complexity of the aircraft. (See also BAC Lightning, Concorde and so on).
Wasn't it only a week or two ago we were talking about how our Trident equipped subs weren't running Windows XP but Windows XP Embedded, which is a similar animal but sectioned off so that it has minimal attack vectors?
So is the complaint that it's XP (which it almost certainly isn't) or that they've stuck an existing warship OS on it with the intention of installing something else before she goes operational? There's a lot of stuff that's not on her yet, or which is on her temporarily while she chugs around the North Sea.
I noticed the other week that a lot of UK rail ticket machines still run Windows XP, along side, Bus Station Departure and Arrival Boards, and ATMs. (All of which had failed in some way and were displaying XP error messages, in the case of the London Midland Ticket Machine, it was stuck in a boot loop)
Thing is, if it does everything you need it too, and it's properly protected, then why change it.
Fair point.
I think "properly protected" is where it get tricky.
But these (essentially) embedded boxen.
How many ports should be open? Practically none?
Stripped down install, no games, nothing but the embedded app they will spend their life running?
But is that how they are actually configured?
@SkippyBing
It's possible that the screen in question was a joke backdrop or that it was a backdrop deliberately placed there for security reasons to obscure what OS is actually being used.
Yeah, security through obscurity doesn't work. But that's the type of thing the MoD does.
No, I'm giving no probability estimates for either scenario above. It's also possible they're really running XP.
"When 7 is bogged down with TrustedInstaller then svchost killing it off, and 10 is just horrid. XP seems like a breath of fresh air."
Recently one of my online XP PCs developed a habit of svchost task grabbing 99% of the cpu. Dug out another one from the spares box - very similar behaviour. Both were fully updated and no sign of unwarranted network activity.
Gave up and went to Linux Mint Mate.
>Recently one of my online XP PCs developed a habit of svchost task grabbing 99% of the cpu. Dug out another one from the spares box - very similar behaviour.
Came across this style of behaviour on a client's XP box last year - took it away and all worked okay on my network, returned it and took a look at the client's Virgin router logs, discovered they had the default RDP port forwarded to the PC and were getting a very high level of connection attempts seemingly from a robot, disabled RDP forwarding and watched the PC revert to normal operation...
I periodically enable RDP port forwarding, last time I looked the robot was still trying to get a connection...
Does raise the question of whether the UK got a source code license from Microsoft and performed their own audit. Seems like the sensible option and I'd hope the bods at GCHQ had sufficient skill to be able to pick it apart (if only to pick out their own exploits for later use).
You'd sort of hope that with a multi-billion pound bit of kit we'd have rolled our own fork and pay Microsoft for source code access to updates too. You'd also like to think that where XP is being used in critical UK services, we could be rolling out our updates if Microsoft prove unable/unwilling. It's not like XP is getting any feature updates. Seems like a good use of the many, many £££ we feed to GCHQ. Probably a bit too much like joined up government though :(
I know there was a stink about us not being able to get the source code for the F-35. There was an agreement in 2006 for UK access, but in 2009 the Americans told us to f**k right off (AFAIK). Wonder if the same applies here.
Windows is OK for playing counterstrike or watching cat videos.
Every government system should be on a Unix variant, owned by the stare and developed by state funded research units like universities - just write a development language and make every supplier meet a set of basic standards. Apple can roll this shit out in a year, it's not beyond the realms of possibility for the government to do it in 5yrs.
It is beyond incompetence to be running Windows in a state function.
Lovely idea, totally inoperable in practice
Firstly anyone who knows about government standards will realize that 5 years is just enough time for the various departments to decide the color of the binders for the requirements spec. When the spec does come out it will be costly, over specified and totally irrelevant to the modern world.
Secondly it is not the OS, but what runs on top of it that is the costly bit. Developments target windows because that is where the market has gone. We think governments spend a lot of money on IT, but this is dwarfed by the commercial sector.
and it is not always easy to port between OS.
Take SCADA. i am sure there will be some SCADA systems running on the QE, and they will be run on some variant of windows. Why? Because the primary protocol for SCADA is OPC and that requires DCOM as its communication back end, which is propriety to windows
Finally, you assume that UNIX variants are immune to cyber attack, where in fact any OS can be targeted with enough money and resources. It is just the that windows popularity makes it the more obvious target.
What is needed is a move to open standards and this is where government can nudge companies. If we have have open standards, porting between OS becomes easier and market can choose based on their needs and priorities. This is happening slowly because firms are wary of vendor lock in
it's not beyond the realms of possibility for the government to do it in 5yrs.
I would suggest that it most certainly is, and I base that on the total lack of competence and success across a huge number of public sector tech projects. I love the idea of the country not being beholden to crappy companies like Microsoft, but I can't see the British public sector ever being capable to maintain the circa ten million lines of code of a significant OS, and presumably the similar number of lines of a Linux office suite.
They need to know that when they press fire it will do what it has been designed to do. It it's not a mature, tested, and understood system then it's difficult to build confidence in it. These systems are incredibly complicated and take many years to develop. You don't want to press FIRE to get a message saying MS has restricted you to one missile in the latest security patch.
Anything involving the MOD takes forever, even small projects take 18+ months.
As it takes so long the software or hardware is out of date when ordered and then has to be updated. They can only order what is available and certified for use. New versions require recertification = time and cost, but the MOD doesn't pick up the cost. That is for vendor or supplier to pick up.
I have searched many websites but I can't find proof. A few months ago Nicola Sturgeon was talking from some sort of Scottish security headquarters and I could see the screen behind her. It really irritated me when I saw the windows XP green start menu button. So much so I mentioned it to my mum who knows nothing about computers. I guess I was a little worried what with the recent Manchester or London attack. Theresa may talks about getting rid of the safe places online to hide but what about tor? I want more details about what gchq is doing with the 40 million they got. If 256bit encryption can be cracked now how can the military be confident this new battleship won't get hacked and shoot down our own aircraft?
So much for the old conspiracy that said the military were 50 years ahead of the general public in terms of technology. I feel capitalists got their hands on it and that's why we advanced so quickly. It's time to switch off the internet (call it a soft shutdown) to prevent the ensuing chaos that would result.
And in a few hours time, the ship will abruptly stop dead in the water as all the terminals start displaying:
"Ooops, your important files are encrypted. If you see this text, then your files are no longer accessible..... To guarantee that you can recover all your files safely all you need to do is submit the payment and purchase the decryption key. Please follow the instructions: 1. Send $300 worth of Bitcoin to...."
I thought the last version was Windows 3.11 for Warships ... even if they upgrade to Windows 10, they will be vulnerable next week ... use OpenBSD, seriously ... I do not pay taxes in Britain, but as a British tax payer, I would blow a fuse.
I will repeat once more: Windows has NOTHING to do in production systems, regardless of version; nothing to do in production systems .... AND ABSOLUTELY NOTHING TO DO in defense systems ... if you run Windows in production, I consider you an idiot ... you know where the down-vote button is, if that can help you feel better :D
I'm pretty sure I heard mention of something called "Windows for Warships" many years agp. Sounded frightening then, doubly so now.
There is no excuse for designing Windows into any mission critical system. You might want to use it in the cafeteria cash registers or something like that but the idea of using it in a system that needs to be reliable and extensible is....
Xp is a robust system and as others have said if it goes nowhere near the Internet and isn't fed USB dongles and dodgy CDROMs whats the issue?
XP is probably the only OS that I couldn't manage to BSOD (Even NT wasn't that hard to screw up if you had a dodgy device driver)
Adding more code (and probably more bugs and holes) and making an OS look 'flat' or 'modern' doesn't always equate to better.
I have seen fewer BSOD's on NT4 and 2k combined than on XP, the first NT4 system I saw was in 1998. Had been using 2k until 2006 as secondary Windows Desktop (primary was Linux, of course).
XP would bluesheen when I looked at it weird ... I dunno, it is the PlaySchool user interface that reminded you of PlayDoh or Duplo ? Is that your thing ? I dunno ... compared 2k, any sane person would say that 2k, with the memory requirements was just better ... HELLO, you have two OS', the only difference being USB2 and a fsck'ing FisherPrice ui with 4 times the memory requirements to display a ui in Primary fsck'ing Colors, you are insane ... and you could hack the XP USB2 driver to run on 2k ...
If test s/w is running on XP I don't see what the fuss is about.
Windows 10 is Swiss Cheese
Windows 8.1 is Swiss Cheese
Windows 8 is Swiss Cheese
Windows 7 is Swiss Cheese
Windows Vista is Swiss Cheese
Windows XP is Swiss Cheese
Windows 2k is Swiss Cheese
Windows NT4 is Swiss Cheese
Windows 2016 (all versions) is Swiss Cheese
Windows 2012 R2 (all versions) is Swiss Cheese
Windows 2008 R2 is Swiss Cheese
Windows 2008 is Swiss Cheese
Windows 2003 is Swiss Cheese
Anythings after, between, and before is Swiss Cheese.
Get the picture or need some more ? I could have written Windows is Swiss Cheese, but then you would have stupidly asked "Which version, Windows 95 ?" ....
As I have already written multiple times, I can easily impersonate anybody who is currently logged on to any of those systems, enterprise-wide, with local admin rights ... which I can easily gain with a malformed PDF, Word, Font, flash file ... you name it ... any system a currently logged on user has access to, I can log on to, gain local admin rights and spread ... it is dead easy. This problem is due to the fact MS think because they have proprietary software, hidden API's, they think that user x who has local admin rights on system y has these rights limited to system y, which is not the case, again, I only use standard API's ... If I can convince a domain admin to log on to my system, to troubleshoot an issue I would have created, I own the domain ... any computer in the domain, that has a session open as a user from another domain admin (from another domain) in the forest, I can become domain admin in that domain ... and so forth, here, no exploit needed ... Now, try that on a Linux box in a domain .... won't happen ... ;-)
A zero day, or a gullible domain admin and I own your enterprise. Thing is, MS do not know how I do it, it is dead simple, scriptable, no "exploit needed for the spread" ... I use published API's ... they are dumb enough to publish them ... and have not yet figured out how I do it ... been doing it since Windows 2003 ... and it works from 2k onwards ..., never tested NT4 ... it still works in 2016, i tested it ... ;-)
I can hear the teeth crunch of the many slurp shills on this site who must be calling their devs NOW, on a Saturday, asking them how I could be possibly doing it ... I'm loving it :D ... Remember, I only use PUBLISHED API's, douche bags!
Yours sincerely,
Hans 1
Microsoft MHP
Adobe MHP
Accenture MHP