HMS Queen Elizabeth 'runs on vulnerable Windows XP'
Britain's largest ever warship could be at risk of cyber attacks

Britain's newest aircraft carrier, the 3.5 billion HMS Queen Elizabeth, appears to be running the outdated Windows XP operating system, and is likely vulnerable to the same style of cyber attack that hit the NHS.
The HMS Queen Elizabeth, which is Britain's largest ever vessel, left its dockyard in Rosyth earlier today to begin its first trials at sea, marking the culmination of a nearly decade-long project to build two brand new aircraft carriers.
However, an extraordinary discovery was made during a tour of the warship, as photos published by The Telegraphtaken inside a control room onboard seemed to show computer screens displaying a Windows XP login screen.
The same OS was targeted by the WannaCry ransomware attack in May, which paralysed 300,000 computer systems across 150 countries, including some of the NHS's machines.
Officers on board the aircraft carrier said that there are teams of cyber specialists onboard to deal with any security threats against its systems. Mark Deller, commander on the Queen Elizabeth told the Guardian: "I would say compared to the NHS buying computers off the shelf, I would think we are probably better than that. If you think more Nasa and less NHS you are probably in the right place."
"When you buy a ship, you don't buy it today, you bought it 20 years ago. So what we put on the shelf and in the spec is probably what was good then," added Deller. "The reality is, we are always designed with spare capacity, so we will always have the ability to modify and upgrade. So whatever you see in the pictures, I think you will probably find we will be upgrading to whatever we want to have in due course. It might have already happened but I can't tell you."
The initial order for a new aircraft carrier came in 2007, at a time when Windows XP was still Microsoft's flagship operating system. However construction did not begin until 2009, more than two years after the release of Windows Vista, while Microsoft retired Windows XP in 2014.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Defence Secretary Sir Michael Fallon told BBC Radio 4's Today programme: "I want to reassure you about Queen Elizabeth, the security around its computer system is properly protected and we don't have any vulnerability on that particular score."
However, with the operating system out of date and vulnerable to hackers, questions remain as to whether the warship is fit to operate at a time when nation state cyber attacks are on the rise.
David Emm, principal security researcher at Kaspersky, said that a naval warship running an outdated Windows XP OS is a "scary prospect".
"There is no such thing as 100% security. Software, written by humans, will invariably contain vulnerabilities - code that can be manipulated in ways that the writers didn't realise," he said.
Main image: Bigstock
Dale Walker is a contributor specializing in cybersecurity, data protection, and IT regulations. He was the former managing editor at ITPro, as well as its sibling sites CloudPro and ChannelPro. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.
-
HackerOne names Nidhi Aggarwal as its new chief product officer
News The former Google and Tamr executive will lead the cyber security vendor's product strategy as it doubles down on AI
-
Google pins weekend outage on "unexercised" feature
News Google Cloud outage impacted a wide range of customers last week after new feature wreaked havoc
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabs
News An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
It's been a bad week for ransomware operators
News A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Everything we know about the Peter Green Chilled cyber attack
News A ransomware attack on the chilled food distributor highlights the supply chain risks within the retail sector
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?
News The Scattered Spider group has been highly active in recent years
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reported
News Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the last
News Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackers
News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.