Operations room in HMS Queen Elizabeth.
Summary: The computer hardware, software and infrastructure on Britain’s latest aircraft carrier, HMS Queen Elizabeth is quite inappropriate and completely out of date already. It is another example of just how wasteful the Ministry of Defence is in purchasing armaments to fight the last war, remaining blissfully unaware that warfare in the 21st-century will be very different. Aircraft carriers and other capital ships will survive for the shortest amount of time given modern anti-ship weapon systems. The fact that our aircraft carriers will be so out of date technically before they even enter service is very concerning.
The pride of the British Navy has just sailed out from Rosyth dockyard in Scotland. Like so many of the MoD procurement programmes , this spanking new aircraft carrier is already greatly flawed and largely inappropriate for the 21st-century. You can read more about this here: http://outsidethebubble.net/2017/03/16/britain-defenceless-in-the-21st-century/. What we really should be doing now to make us safe in the future has been discussed here: http://outsidethebubble.net/2017/04/10/defence-in-the-21st-century/. However this piece is principally about the on-board computer hardware and software and the way it is worryingly insecure.
Our Defence Secretary, Michael Fallon, is very bullish about his lovely new aircraft carrier but many experts have been surprised to discover that it is using Windows XP as an operating system on some of the on-board computers.
Windows XP was released in 2001 and by the time that HMS Queen Elizabeth is in service Windows XP will be 20 years old. Mr Fallon assures us that it is a very secure system and one might be forgiven for thinking that because it is on board a ship it will be very easy to protect. Sadly that completely misunderstands where cyber insecurity comes from. It is seldom from hardware, much more often a consequence of what has been done by real people.
Windows XP works fine and is even reasonably fast for many operations. Michael Fallon probably understands computer security being that outside cyber attacks will be blocked. It may indeed not be easy to hack into the system from outside but of course there are to be 1600 individuals on board.
Each of them may well have been security vetted but what has happened to them since that vetting? Has any of them got into some kind of trouble, debt or perhaps having an affair outside marriage? Surely these are the sort of things that could lead to an individual being blackmailed into compromising security on board.
All we need is an agent of a potential enemy to find one of the 1600 servicemen on board who can be “persuaded” just pop something into the computer for a moment. No visible damage will be done, no clues will be left.
The worst sort of cyber attacks are not the ones that have brought down the National Health Service in recent weeks (also because they were using Windows XP-based computers). The much more worrying cyber attacks come from the Stuxnet type computer worm. These are injected into a computer and sit quietly, in principle for years, before they are activated. All they do is replace a small piece of operating system code which may be activated on a specific date or when certain events happen such as loading a live guided missile into its launching tube.
All one needs to do is to place into a computer port a simple, apparently innocuous variant on the USB stick that most of us have. The picture above shows computers with their USB ports visible. Anybody with any degree of access to that area could carry this out. Modern operating systems like Windows 10 have very substantial capacity to block unauthorised USB-type hardware and that is why it is so important for most organisations to get rid of Windows XP as a matter of urgency. It would only take a minute for the necessary software to be downloaded into the machine and embed itself invisibly for future use.
At some time in the future that downloaded malicious virus can be activated which could cause the ship simply to stop, or to sail at full speed in a circle or in reverse. Or it could be driven onto the rocks not much can be done about it.
The Ministry of Defence’s claimed that the software systems in HMS Queen Elizabeth are fully protected is simply preposterous. The final worrying statement is that there will be a computer refit within a decade implies that hardware and software will be nearly a quarter of a century old. Does anybody remember just how dreadful and slow computer hardware was 25 years ago? This wouldn’t be Windows XP or Windows 95 but equivalent to us running Windows 3.1 today. The MoD should be planning a computer refit right now to bring the hardware and the software up-to-date. Computer technology is advancing at an ever increasing speed. The difference between Windows XP and the latest software in 10 years time will be like night and day.
Attempting to upgrade systems after such a long period of time is anyway very difficult and likely to be expensive. Hardware becomes incompatible and software very difficult to maintain because old languages and operating system commands are no longer being developed and maintained. The amount of effort will be substantial particularly as the key hardware is that which connects the computers to the various systems on board. Even getting hardware compatibility starts to become a real problem.
Today, 17 July 2017, it is revealed that the data networks within the carrier are also very slow, and are capable of running at only 8 Mb a second. We must remember that modern weapon systems generate very large amounts of data because it takes a lot of data to describe a rapidly changing battle environment. And don’t forget that 8 MB/sec is not available for everyone simultaneously. In reality it is available for one task at one moment and another task has to wait until data bandwidth is available. 8 MB per second is barely fast enough to watch a DVD and yet a £3 billion aircraft carrier has got to make do with that! This is and inadequate speed for a cottage in the Lake District or North Norfolk but not in a state-of-the-art fighting machine for the 21st-century
Domestic bandwidths are these days up to 300 Mb per second. Gigabit bandwidth is now commonplace in commercial environments in the UK and overseas. The report in today’s Times newspaper explains that the obscenely expensive jets that are being purchased for the UK simply cannot communicate data back to other aircraft and to the surface support ships adequately without revealing the position of those jets.
Sadly this is another example of massive procurement incompetence at the Ministry of Defence. Vast sums of money are being wasted on things simply couldn’t survive a 21st-century war and are therefore an extraordinary waste of money.
