HMS Queen Elizabeth 'runs on vulnerable Windows XP'

published 27 June 2017

Britain's newest aircraft carrier, the 3.5 billion HMS Queen Elizabeth, appears to be running the outdated Windows XP operating system, and is likely vulnerable to the same style of cyber attack that hit the NHS.

The HMS Queen Elizabeth, which is Britain's largest ever vessel, left its dockyard in Rosyth earlier today to begin its first trials at sea, marking the culmination of a nearly decade-long project to build two brand new aircraft carriers.

However, an extraordinary discovery was made during a tour of the warship, as photos published by The Telegraphtaken inside a control room onboard seemed to show computer screens displaying a Windows XP login screen.

The same OS was targeted by the WannaCry ransomware attack in May, which paralysed 300,000 computer systems across 150 countries, including some of the NHS's machines.

Officers on board the aircraft carrier said that there are teams of cyber specialists onboard to deal with any security threats against its systems. Mark Deller, commander on the Queen Elizabeth told the Guardian: "I would say compared to the NHS buying computers off the shelf, I would think we are probably better than that. If you think more Nasa and less NHS you are probably in the right place."

"When you buy a ship, you don't buy it today, you bought it 20 years ago. So what we put on the shelf and in the spec is probably what was good then," added Deller. "The reality is, we are always designed with spare capacity, so we will always have the ability to modify and upgrade. So whatever you see in the pictures, I think you will probably find we will be upgrading to whatever we want to have in due course. It might have already happened but I can't tell you."

The initial order for a new aircraft carrier came in 2007, at a time when Windows XP was still Microsoft's flagship operating system. However construction did not begin until 2009, more than two years after the release of Windows Vista, while Microsoft retired Windows XP in 2014.

Defence Secretary Sir Michael Fallon told BBC Radio 4's Today programme: "I want to reassure you about Queen Elizabeth, the security around its computer system is properly protected and we don't have any vulnerability on that particular score."

However, with the operating system out of date and vulnerable to hackers, questions remain as to whether the warship is fit to operate at a time when nation state cyber attacks are on the rise.

David Emm, principal security researcher at Kaspersky, said that a naval warship running an outdated Windows XP OS is a "scary prospect".

"There is no such thing as 100% security. Software, written by humans, will invariably contain vulnerabilities - code that can be manipulated in ways that the writers didn't realise," he said.

Main image: Bigstock

NHS ransomware: UK government says it's North Korea's fault WannaCry happened Nine in 10 NHS trusts still use Windows XP Ransomware gangs shift focus to big businesses

Dale Walker is a contributor specializing in cybersecurity, data protection, and IT regulations. He was the former managing editor at ITPro, as well as its sibling sites CloudPro and ChannelPro. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.