
HMS Queen Elizabeth is 'running outdated Windows XP', raising cyber attack fears - neverminder
http://www.telegraph.co.uk/news/2017/06/27/hms-queen-elizabeth-running-outdated-windows-xp-software-raising/
======
Jaruzel
It takes millions of pounds and several years to develop military systems. The
computers running the systems (everything from heating/cooling, to engine
management) are integral parts of these systems, and explicitly configured to
do these specific tasks. These task-orientated units would have be designed
down to the nth degree, complete with extensive operating/troubleshooting
manuals and config guides, including approved 'gold images' to rebuild them
easily if required. Swapping out the base OS needlessly (if it's still capable
of performing its duties) would require an extensive rebuild of the system
concerned, again taking years to get through all the admin, testing, and sign
off hoops.

I very much doubt when it says 'running XP' it means the general purpose
computers for end-users to use.

Obviously, if these XP machines are not air-gapped, or behind hardware
firewalls (with very restrictive rulesets) away from the general internet,
then that's insane. Cynical as I am, I still have a hard time believing that
these XP machines would be remotely accessible from outside the ship in
question.

Edit: I've zoomed in on the image in question. Yes that's a Windows XP lock
screen (the header of the dialog is blue, if it was Windows Server 2003, it'd
be grey) However it's in 'classic theme' mode. As it's on the lock screen,
then that's a 'system wide' setting, which infers that the themes service is
disabled. If they've disabled the themes service, then it's safe to assume
that lots of other parts have been disabled or locked down also. This doesn't
make XP safe, but it does at least a) mitigate the risk somewhat, and b)
indicate that steps _have_ been taken to secure the OS.

~~~
adrianN
For the requirements you correctly identified - very long service times, very
strict reliability requirements, etc, I think it's insane to rely on a closed
source operating system in the first place. With open source you can always
hire some programmers to fix bugs. With Windows you're at the mercy of
Microsoft.

~~~
dom0
> With open source you can always hire some programmers to fix bugs.

That might work for changing the text on a web site running Drupal 6 ten years
later, but thinking that this sentence makes _any_ sense when you're talking
about a huge distributed system ported from probably some commercial Unix-like
or even bare-metal Ada or whatever to NT then that's just a very naive
sentiment.

~~~
adrianN
It's expensive, sure, but it's at least possible.

~~~
maxxxxx
Possible maybe, but highly unrealistic.

------
timthelion
I cannot think of many reasons to run RHEL and pay Redhat, but if I was
building a warship for 3.5 billion, I'd install RHEL on it and pay to have my
version of the OS maintained indefinitly.

~~~
TallGuyShort
My understanding from an engineer who worked on UK military projects and UK
satellites (not sure if there was overlap there) was that RHEL was far less
willing to enter extremely long-term support contrtacts than Microsoft, and
THAT was the one requirement that allowed even Vista to trump RHEL for some
mission-critical systems.

~~~
digi_owl
Wonder if that has changed recently as i swear i read about a new destroyer or
something that would get a RHEL based "datacenter" installed.

~~~
TallGuyShort
Could be the different use cases, too. Also been a few years since I was up to
date, but Windows certainly used to dominate the control systems market a bit
more than the server market.

~~~
digi_owl
And i have long wondered if the real push behind Wayland is not that X is
"broken" but that X is a bad fit on IVI and similar uses, because of various
overheads.

------
dsfyu404ed
I used to work for a defense contractor. MS does offer continued support for
XP if your pockets are deep enough. The US Navy has deep enough pockets IIRC.
I dunno about anyone on the wrong side of the pond but it's possible they
shelled out for it. A different commenters mentioned paying to have an OS
maintained indefinitely. That's probably exactly why they're running XP.

Systems like this have the same "we proved it worked correctly once, do you
really want to screw with it?" factor as the space shuttle. Proper
functionality has been verified with those systems using XP. That goes out the
window if you do a major upgrade. All the layers of security you need to
implement elsewhere because the OS is fundamentally outdated and insecure is
still easier than upgrading the OS. Finally, if an attacker can manipulate
those systems then you've already lost. Defense in depth is important but
serious defense at these levels is like a "no trespassing, police take notice"
sign on the inside of your bank vault above a pile of gold bars.

I agree they probably should have been based on a unix system from the
beginning but a lot of these hardware/software system passed the point of no
return for the OS portion of their design a decade or more ago when XP wasn't
an insane choice. The industry is slowly coming around.

edit: There are a lot of people in here who need to realize that you know very
little about the hardware, performance and software requirements of the
system. Just because you can write code in the trendy language of the day and
use docker to cover up systemic reliability issues that would cripple a LAMP
stack does not make you qualified to armchair engineer a software stack that
people's lives depend on. This article should make you wonder what set of
constraints resulted in them running XP. They did it for a reason. Nobody runs
an OS that old without a really good reason.

~~~
Mekkanox
Indeed. Anecdote: Several years ago I worked on a U.S. GOSS (Government Open-
Source Software) project that was a web app that allowed different apps
running on different domains to function as "widgets" and allowed cross-domain
communication between these apps in a drag-and-drop window environment in the
browser. The intention was small apps could be composed into larger apps by
allowing them to communicate with each other in this environment.

It supported multiple browsers, including IE7 in as late as summer 2014,
because end-users in the U.S. Navy had machines that only had IE7. Countless
man-hours (and U.S. taxpayer dollars) were spent to ensure all features worked
in IE7, including drag-and-drop and responsive UI.

That project was the single biggest driver for me to get the hell out of the
government contracting world and into the "truly" private sector. At least at
a startup I can say more or less "if it works in Chrome, it works."

------
qubex
It's a bit disingenuous to say that a ship is ’running’ an OS. It isn't like a
computer that is entirely managed by a given software system. Here computers
are but one component of an integrated system, and I'm presuming these systems
are air-gapped and not connected to public networks. I'd be very surprised if
these machines were reachable by public networks, or indeed any network at all
that originates beyond the confines of the ship itself.

And by God doesn't it irk me to hear mentions of ’cyber’ as if it were an
object.

~~~
overlordalex
Just because they're only a part of a system doesn't mean they're not
crucial[1]. Also its alarming how many systems you would presume are air-
gapped but actually aren't, and air-gapping doesn't prevent PEBKAC errors (eg
stuxnet being spread by flashdrive)

[1] See
[https://en.wikipedia.org/wiki/USS_Yorktown_(CG-48)](https://en.wikipedia.org/wiki/USS_Yorktown_\(CG-48\))
where a divide-by-zero error brought down the ships propulsion for almost 3
hours.

~~~
dsfyu404ed
You've got it backwards. That situation happened because a "more technology
because computers and buzzwords and shit" resulted in political pressure to
get stuff done and the end result was an OS jammed into a place it shouldn't
have been without more testing and 3hr of downtime. That's why we run software
that's been verified to work even if it's old.

------
seesomesense
''Despite the concerns of some engineers, SMCS-NG was created as a port to
Microsoft Windows of the SMCS infrastructure and applications, a move which
some commentators have termed "Windows for Warships".

The UK's Defence Ministry later gave assurances, through questions in the UK
parliament, that this is a low risk use of Microsoft Windows. However, some
other suppliers have taken a different path.

The console for the new Sonar 2076 supplied by Thales Underwater Systems for
the Astute class submarines, and which may be retro-fitted to other classes,
are built as PCs running Linux rather than Windows.''

------
keithpeter
[https://www.theregister.co.uk/2015/12/18/windows_for_warship...](https://www.theregister.co.uk/2015/12/18/windows_for_warships_not_on_queen_elizabeth_class_aircraft_carriers/)

There was an MOD denial some years ago but the phrase 'when the ship becomes
operational' was used. So possibly 'Windows for warships' during trials.

------
wyager
Maybe I'm being myopic here, but is there any sane (as opposed to red-tape
based or political) reason to use Windows in an application like this? HMS
Queen Elizabeth wasn't ordered until 2008, and construction didn't even begin
until mid-2009, so there's not even the excuse that some Linux or BSD
distribution wasn't production-ready. I really can't think of a single
advantage that XP has here that some more open, safer operating system
doesn't, and I can think of plenty of disadvantages with XP.

~~~
k-mcgrady
>> so there's not even the excuse that some Linux or BSD distribution wasn't
production-ready

Possible there's a lot of custom software used across the navy which is only
support on Windows XP. Maybe too costly to rewrite than for another system and
have it interoperate with other ships etc. on the old (current) system.

~~~
toyg
More likely, the manufacturer simply couldn't be arsed to use anything better.
This sort of contract is rarely decided on features - it's settled by long-
winded political process (where will the ship be built? What country will
supply parts? Etc etc) between a very small array of suppliers (if there is an
array at all, more often it's a single company in each country), where OS
choice is probably the lowest priority. In fact, UK Navy upper echelons might
have even _preferred_ XP because it didn't require any extra training for
their existing workforce.

~~~
moftz
That's it exactly. The software was already written to run on XP and the crew
trained to use those versions of the software. As long as the ship's
hardwired-only network is secured from the outside and physical access is
limited (disable USB ports, lock down BIOS, locked cabinets, sealed ethernet
conduits, etc), you won't have any problems with typical malware and people
will have less opportunity to infect systems. Additionally, you can run
whitelists to limit what files can even exist on the system or be run. As long
as the firewall is strong, network access is restricted to need based, and any
servers are fully patched, the various clients on the ship don't need any
additional protection from attacks.

------
seesomesense
The UK Trident strategic nuclear submarines also run Windows XP.

[https://mspoweruser.com/uks-nuclear-submarines-runs-
windows-...](https://mspoweruser.com/uks-nuclear-submarines-runs-windows-xp-
submarines/)

[http://www.popularmechanics.com/military/weapons/a19061/brit...](http://www.popularmechanics.com/military/weapons/a19061/britains-
doomsday-subs-run-windows-xp/)

------
Radle
"And senior officers said they will have cyber specialists on board to defend
the carrier from such attacks."

Well then everything is fine I guess...

~~~
gnu8
Here's a video of their cyber specialists defending the ship against a cyber:
[https://www.youtube.com/watch?v=u8qgehH3kEQ](https://www.youtube.com/watch?v=u8qgehH3kEQ)

------
kelchm
Here's a very interesting link I came across from December of 2015, which
claims:

“The MoD can confirm that Windows XP will not be used by any onboard system
when the [HMS Queen Elizabeth] becomes operational,” the spokesman added.
“This also applies to HMS Prince of Wales.”

[https://www.theregister.co.uk/2015/12/18/windows_for_warship...](https://www.theregister.co.uk/2015/12/18/windows_for_warships_not_on_queen_elizabeth_class_aircraft_carriers/)

------
kitd
From last year:

[https://ukdefencejournal.org.uk/no-our-new-aircraft-
carriers...](https://ukdefencejournal.org.uk/no-our-new-aircraft-carriers-
dont-run-on-windows-xp/)

If a mirky shot of a login screen is the only thing informing this article,
it's poor journalism IMO.

The Royal Navy have a specialisd version of Windows, and I'm happy to believe
they didn't spend a lot of time tarting up the login screen.

~~~
dx034
It sounds to me as if it's still a version of Windows XP (or 2000)? That means
that although it's adapted, it likely still has problems that appear in
Windows XP.

If you use a specialised, highly adapted version of an OS, why not base it on
Linux? Wouldn't that be easier than paying Microsoft to be able to change the
kernel of XP?

~~~
dom0
> If you use a specialised, highly adapted version of an OS, why not base it
> on Linux?

Why not something that isn't made of "swiss cheese"? With an old Linux system
you have _exactly the same problems_ as with an old Windows, probably even
more.

Sticking "Linux" and "Open Source will save this" into it does not tangibly
improve the situation.

(There _are_ operating systems with a very good maintenance, stability and
security track record that _could_ be used for _some_ of these cases, but
_seemingly_ aren't)

~~~
dx034
You could potentially patch the kernel without support from another company.
If Microsoft never gave them the source code, could they fix a bug with no
help from Microsoft?

~~~
PeterisP
It's reasonable to assume that they have access to Windows XP source code and
also the extended non-public support for Windows XP by Microsoft itself; MS is
known to provide such services to defence contractors.

~~~
dx034
But can you build the kernel by yourself? Aircraft carriers are designed for
several decades, so you need to make sure that you could fix a bug in 2035.
Wouldn't rely on a contract there. Especially if it's a company in another
country (even for allies).

------
Cryptoboss
Well some of the US Navy computers still use DOS 6 and Windows NT4. Can't say
which ones but they are not connected to any network and still use 3.5
floppies.

------
eklavya
Sometimes truth really is stranger than fiction. This is not an old computer
producing colours in a paint shop. This is on a war machine, can't believe it.

~~~
MichaelGG
Between XP and it's pathetic ramp, it really has an image problem eh?

~~~
eklavya
What do you mean? Am I wrong in thinking weapon systems should not be running
known (extremely?) vulnerable systems?

~~~
MichaelGG
You're right. I was also alluding to the fact that they don't have catapult
system, but instead a lame-looking ramp on the end. So not only does it
visually look pathetic, but it is also running Windows XP which can't help its
rep either.

------
JamesBaxter
While clearly it's not ideal for them to be using XP wasn't the British
government one of the purchasers of extended XP support? Has that ended now?

~~~
EvilGrin
Yes that ended in April 2015. The then Government decided to end the contract
under the guises of austerity.

[https://governmenttechnology.blog.gov.uk/2015/05/22/update-o...](https://governmenttechnology.blog.gov.uk/2015/05/22/update-
on-the-customer-support-agreement-for-windows-xp/)

I don't think it work out as a cost effective saving of course, as the NHS was
badly hit by WannaCry as we all know.

------
laretluval
I thought this was going to be about the queen herself :(

~~~
kijin
You might have been correct if the title had said "HM" instead of "HMS".

------
briane80
This will be a special version of windows XP with all the rubbish taken out
and only the required services running etc. We used a similar version of XP as
a base OS for a security camera control device.

It will have been security validated to the extreme and to assume it is
anything like the commerical version is wrong

~~~
dx034
Does it feature the bugs that WannaCry utilised? When you were tested those
bugs were probably not known yet, so what if they are in the specialised
version as well? I guess a security camera is connected to a network?

------
richardknop
To be honest Windows XP was probably the most solid operating system Windows
have ever released. It was very efficient and reliable.

It got progressively worse with every SP pack installed but the original
system was very well engineered.

I hope these computers are air gapped and USB ports are removed / disabled
though.

~~~
toyg
_> probably the most solid operating system Windows have ever released_

That's damning with faint praise...

 _> It got progressively worse with every SP pack installed _

Well, SP2 removed craptons of exploitable scenarios. Anything before that was
a security nightmare, and that includes my beloved Windows 2000.

 _> I hope these computers are air gapped and USB ports are removed_

That's optimistic. At some level, there will be some sort of port for
servicing requirements anyway. Chances are that it will be an USB.

~~~
richardknop
Btw, how do you use italics?

~~~
throwanem
Asterisks on either side of the text to be italicized. See also, via the FAQ:
[https://news.ycombinator.com/formatdoc](https://news.ycombinator.com/formatdoc)

------
w8rbt
Don't worry... they have an air gap ;)

------
maxxxxx
I know a lot of people think that choosing XP is crazy but I did an evaluation
of an operating system for a video processing system around 2003. I was sure
that Linux would win easily but after looking at support options, long term
maintenance, software availability and a few other factors Windows XP Embedded
actually came out ahead.

I probably would have gone with Linux anyway but if you have to do a "neutral"
vendor assessment Windows doesn't look that bad. You can't just put "Windows
sucks" into your report.

EDIT: I wonder why this is being downvoted.

~~~
RobAley
I think it's because it's XP, not Windows, being used on a ship that won't
even be deployed for several years yet, not for one that was deployed back in
2003.

~~~
maxxxxx
I know the article is about XP but a lot of the commenters here were more
about the choice of Windows in general.

~~~
benchaney
So? That has also changed a lot since 2003.

