Aged Windows XP spotted aboard brand-new $3.8bn aircraft carrier
A brand-new £3bn ($3.8bn) aircraft carrier is reportedly running Microsoft’s 16-year-old Windows XP.
The obsolete and out-of-support OS was spotted on a computer in the operations room on board the HMS Queen Elizabeth, a 65,000-tonne UK warship that launched yesterday.
The military’s reliance on legacy software and appliances often results in armed services operating systems after they stop being patched against malware. In 2015, it emerged that the US Navy had agreed to pay Microsoft $9m to continue updating Navy systems running XP, Office 2003, Exchange 2003 and Server 2003 until 2018.
The Ministry of Defence (MoD) wouldn’t comment on whether a similar custom support deal was in place in the UK, but a cross-government deal with Microsoft ended in 2015.
Since that deal finished, departments have been advised to take a number of steps to mitigate any risk, and the MoD said the ship’s operational systems are not connected to the internet.
However, a spokesman refused to answer further question on security grounds.
The use of XP on the Queen Elizabeth has been painted as a risk in some quarters, with David Emm, principal security researcher, Kaspersky Lab referencing the recent Wannacry ransomware attack that took computer systems offline in the UK’s National Health Service (NHS).
“Just weeks after the NHS attack, discovering that HMS Queen Elizabeth ‘appears to be running outdated Windows XP’ is a scary prospect,” he said.
However, the chances of XP systems falling victim to Wannacry seem remote, particularly since, while Windows XP was technically vulnerable to Wannacry, in practice the ransomware often caused XP machines to crash before it could encrypt any files.
While the MoD won’t reveal exactly how it is securing any XP systems aboard the Queen Elizabeth, a spokesman said: “We have absolute confidence in the security we have in place to keep the Royal Navy’s largest and most powerful ship safe and secure.
“We take cyber security extremely seriously and the UK has doubled its cyber investment to £1.9 billion.”