Reports claim the vulnerable Windows XP has been seen on the HMS Queen Elizabeth – but the Ministry of Defence has denied that it is being used.
The UK’s new £3.5 billion aircraft carrier has set sail from the Rosyth dockyard. The colossal vessel is 280 metres long and 70 metres wide, can carry 36 state of the art F-35B fighter jets, and is equipped with scores of modern technology.
However, questions have been raised about the computer systems the ship is running on, with allegations it is running outdated operating software that may be vulnerable to cyberattacks. Reports from both the Times and the Guardian say when reporters were invited to tour HMS Queen Elizabeth before it set sail, Windows XP was seen on a computer screen inside its control room.
The ship is not fully operational until 2026, and the MoD has already made a point of saying how up to dates its systems will be. However, the sighting has raised fears that the ship could have its systems targeted by hackers since the operating system is no longer supported by Microsoft and was taken off sale in 2008/2009. The software has consistently been popular with hackers and remains vulnerable to a large number of security issues.
Mark Deller, the commander air on the Queen Elizabeth, told the Guardian the ship is “well designed” and it is “less susceptible to cyber than most”. He added: “If you think more Nasa and less NHS you are probably in the right place.”
The Ministry of Defence (MoD) told WIRED it doesn’t comment on the “specific systems” its ships use but says it has “absolute confidence in the security we have in place” for the HMS Queen Elizabeth.
In December 2015, the Register reported a clip from a BBC News report about the ship showing a potential view of Windows XP on an employee’s desktop. However, it later reported that the image was just a screenshot on the employee’s desktop. “The MoD can confirm that Windows XP will not be used by any onboard system when the ship becomes operational,” a Ministry of Defence spokesperson told the Register at the time. At present, HMS Queen Elizabeth is not operational (this is planned for 2026) and is undergoing sea trials.
Windows XP was closely linked to the WannaCry malware that infected thousands of computers around the world in May. WannaCry works by exploiting Microsoft software vulnerabilities and encrypting files that are stored on an infected computer. The files were only able to be accessed following technical procedures, or by paying the requested ransom.
In the UK, the ransomware locked computers at more than 40 NHS Trusts and had an impact on patient care for multiple days. In the aftermath, the government’s National Cyber Security Centre was called in to help deal with the issues and politicians were accused of not providing enough funding for NHS computer systems to be upgraded.
During the spread of the ransomware, Microsoft took the unusual move of releasing a new patch for the XP operating system, which it stopped widespread support for in 2014.
While Windows XP remains largely unsupported by the tech giant and is vulnerable to cyberattacks, it emerged the WannaCry malware didn’t have as much impact against it as was first believed. Following the spread of the ransomware, multiple security researchers have claimed Windows 7 was the most infected operating system. Kaspersky Lab and BitSight have both claimed that more than 90 per cent of the infected machines were running Windows 7 and the number of machines running XP was “insignificant”.
This story has been updated to add comment from the Ministry of Defence.