|Home » Security
Modding the MoD
Things are coming along. Aren't they?
Not long ago Britain's nuclear sub PCs had 64 KB RAM. Not MB - KB. Kilobytes. Today things are coming along. But are they coming along in the right direction?
Windows for Warships™
Britain's Royal Navy planned long ago to set up most of their fleet with Windows systems, according to British defence expert Lewis Page. The upgrade is part of a £30 million contract awarded back in 2006.
'Anyone like your correspondent who has served at sea in the last ten years will recall the use of embarrassing expedients such as reading endless strings of figures across voice channels (often enough civilian mobile phones or marine VHF) or re-keying them from hardcopy printouts into another machine in the same ship', writes Page.
Page admits there are significant security concerns about moving to wobbly Windows boxes for mission critical systems.
'Many in the software community have criticised the Navy's moves, feeling that Windows cannot offer the sort of guaranteed reliability one might wish to see in computers which will sometimes have direct control of powerful weapon systems - and on which Blighty's fighting matelots may one day depend for their lives.'
Page then adds the following.
'One ought to note that the preceding custom solutions were usually so terrible that a reasonably stable Windows box would actually be a serious improvement.'
Too right, Lew! But the question on everyone's minds has to still be - why choose Microsoft anyway? Microsoft systems can represent an improvement over previous systems but they do not and cannot represent an alternative of choice today, not with so many other systems that don't crash, don't hang, and don't invite the bad guys in through an open barn door.
Given that those responsible reviewed their options in an objective way with only the security of the nation at heart - why choose Windows? How on earth could Windows offer an advantage over other systems?
For there is no advantage in either stability or security. None. The same systems that are universally regarded as unfit for personal use are much more unfit for military purposes. Or to paraphrase Brian Kernighan: 'Microsoft's BSOD can take on a completely new meaning'.
The MoD are making strides - but this is against a background of traditionally not 'getting it' when it comes to security. Only 27% of their systems are compliant with government security standards - and as further Windows boxes are added that figure can actually drop.
Armed forces minister Bob Ainsworth in response to a parliamentary inquiry revealed the following.
- Only 58% of MoD systems have completed the accreditation process.
- Only 27% of MoD systems passed the tests - are considered fully accredited.
- 31% attained conditional/'interim' accreditation and have constraints on their use.
- The remaining 42% are yet to be tested as of 14 January 2009.
Knocked Out by Malware
And as of the day after - 15 January 2009 - malware's crept into the MoD systems, crippling what spokespersons describe as a 'small number' of computers, none of which supposedly are part of the 'Windows for Warships™' project.
But the malware got in somewhere; and the attack vector was without a shadow of a doubt your typical Windows machines; and those Windows machines were in contact with critical systems that could in theory have been infected as well.
The possibility of serious damage was prevalent - otherwise no one would have worried about or mentioned it.
The official MoD statement to Lewis Page was as follows.
Since 6 Jan 09 the performance of the MoD IT systems in a number of areas was affected by a virus. Immediate action was taken to isolate the problem to stop the virus from spreading. This meant some people were without regular IT access. There have been no infections detected on any networks with sensitive information.
A solution to prevent re-infection has been tested and implemented. The majority of systems are working normally. This is an ongoing process which we are working urgently on so for those people who are still offline normal business will resume as quickly as possible.
Otherwise the MoD refuse to discuss details of the malware attack or the countermeasures, citing 'security reasons'.
Windows for Submarines™
The MoD completed their rollout of their new Windows submarine systems last year. As of 15 December 2008 Windows boxes on Ethernet networks are now in control of the British nuclear submarine fleet.
The formal name for 'Windows for Submarines™' is 'Submarine Command System Next Generation' which in turn is appropriately reduced to the acronym 'SMCS NG'. The joke is 'NG' actually stands for 'Not Good'.
According to Lewis Page's sources most of these systems are based on Windows XP.
At What Price?
Part - but certainly not all - of the reason for choosing such questionable solutions seems to be the ability to cut corners. Sources cite savings of £22 million over the coming ten years for British Trident systems. But those £2 million per year still represent only one tenth of one percent (0.1%) of the total costs of the programme.
And 0.1% is insignificant.
Lewis Page wants to downgrade concerns for at least the submarine based systems and one Royal Navy officer called the new systems a 'fantastic achievement' but concerns - and questions - remain.
People are going to want to know how much their national security is really worth - if it's only worth 0.1% of the Trident budget. And they are going to want to know if there were other considerations in choosing the one supplier governments everywhere know must be avoided at all costs.