HMS Queen Elizabeth 'a security risk' because it's running on Windows XP

HMS Queen Elizabeth, one of two new aircraft carriers for the Royal Navy, is pulled by tugs under the Forth Rail Bridge in the Firth of Forth on Monday night (PA)

The Government has insisted that HMS Queen Elizabeth, the largest vessel ever built for the Royal Navy, is not vulnerable to a cyberattack, despite using the same outdated operating system as the NHS.

Screens inside a control room on the ship reportedly display Microsoft Windows XP, which proved vulnerable to a major WannaCry ransomware attack last month, which affected 300,000 computers in 150 countries.

Windows XP is no longer supported by Microsoft, meaning it does not receive updates to protect users from constantly evolving types of cyber attacks.

In an interview on Radio 4’s Today programme this morning, the Defence Secretary, Sir Michael Fallon, appeared to confirm that the software used on the £3.5billion aircraft carrier was the same version of Windows.

“It’s not the system itself, of course, that’s vulnerable, it’s the security that surrounds it,” Sir Michael said.

“I want to reassure you about Queen Elizabeth that the security around its computer system is properly protected and we don’t have any vulnerability on that particular score,” he added.

However, Alan Woodward, professor of computing at the University of Surrey told The Times that, “if XP is for operational use, it is extremely risky,”

“Why would you put an obsolete system in a new vessel that has a lifetime of decades?” he added.

Throughout the interview, Sir Michael repeatedly referred to “using cyber” when talking about accessing the internet. He also erroneously said the WannaCry ransomware attack occurred because of weak passwords.

“The problem in parliament, I think, and indeed with the NHS, was the sloppy use of passwords,” he said. “I think we all have a responsibility, in government, in business, and in the military, to make sure the way we use cyber is fully up to date.”

Sir Michael was also pressed on whether it was “awkward” that he was giving a speech on cyber security today when the Houses of Parliament had been victim to an attack this week.

MORE: Military Technology: HMS Queen Elizabeth Aircraft Carrier To Launch In Britain—Here’s What It Can Do
MORE: UK’s biggest warship HMS Queen Elizabeth sets sail on maiden voyage

He agreed: “Yes, we all have a responsibility to keep our cyber work secure,” he said.

“I think only a small number of parliamentary emails were actually hacked. It’s important to be reminded that we have to be vigilant.”

He said the British government had been using ‘offensive cyber’ against Isis and would be pooling cyber capabilities with Nato. He added that in Mosul, Iraq the technique had been success in disabling computer networks.

Following the cyberattack on NHS, Jeremy Hunt was accused of ignoring “extensive warning signs” about using the outdated system.

The shadow health secretary, Jonathan Ashworth, said concerns had been flagged repeatedly.

In a letter to Mr Hunt, he wrote: “As secretary of state, I urge you to publicly outline the immediate steps you’ll be taking to significantly improve cybersecurity in our NHS.

Sir Michael Fallon

“The public has a right to know exactly what the government will do to ensure that such an attack is never repeated again.”

“NHS trusts have been running thousands of outdated and unsupported Windows XP machines despite the government ending its annual £5.5m deal with Microsoft, which provided ongoing security support for Windows XP, in May 2015,” Ashworth wrote.

Elsewhere in the interview, Sir Michael spoke about reports that Bashar al-Assad was planning chemical attacks in Syria.

“We’re aware that the United States, as everybody else is, is monitoring what’s happening in Syria. They haven’t [given us] any specific evidence… but we’re absolutely clear what our position is, that the Syrian regime using chemical weapons is absolutely abhorrent.

He added that the British government “fully supported” the last US strike on a Syrian airbase and would support further strikes.