Windows For Warships Nearly Ready 387
mattaw writes "The Register is carrying the sanest and balanced article on Windows deployment in UK warships that I have read to date in the public domain.
As an ex-naval bod myself we have long considered that this is potentially a REAL problem. The main issues are the huge amount of unrelated code that is imported with the kernel and the need for incredibly fast response times."
USS Yorktown & Blue Ridge (Score:5, Interesting)
Two years after that, the Navy had still not learned their lesson. The flagship of the seventh fleet, the USS Blue Ridge, was deployed in 1999 with Windows-based Command and Control systems [linuxtoday.com]. The result? The ship was infected with the Melissa Macro Virus. (Source - Section 12.4 [packetstormsecurity.org])
I'm sorry, but when you're taking men into combat, you want equipment that has been designed to do what needs to be done, not pretty features that let the GIs open their email attachments. There's a reason why the current military setup in the US is for the crew to have their own laptops for personal use. Using a consumer OS in a battle-critical system is nothing but a recipe for disaster. It's too bad that Her Majesty's Navy has failed to learn from the mistakes of others.
Re:Sortof a Microsoft fanboy, but... (Score:5, Interesting)
I think you're missing the point. These are systems that control nuclear weapons. Not to mention, perserve the lives of sailors in both combat and non-combat situations. They've kept the existing systems because they work, not because they impress anyone. The prudent solution is to upgrade these systems cautiously, with an eye toward a zero possibility for failure. Which not only excludes the use of Windows, but excludes the use of Linux, Mac OS X, FreeBSD, or just about anything else that the military hasn't either built themselves or gone over with a fine-tooth comb.
Consider the case of NASA. The Space Shuttle still runs on IBM's AP-101 computer systems from the 1970's. The only upgrade was a move from TTL circuitry to a semiconductor design. (The AP-101S.) Astronauts still pull out the flight manual and punch in program codes to execute computer-controlled flight maneuvers. More sophisticated systems are available today, so why hasn't NASA upgraded the computers?
The answer is "because it works". The shuttle actually has 5 AP-101 computers, four of which are redundantly in sync to catch failures, and one which runs software written by a completely different team. Should any of the computers start giving different answers, NASA will immediately take measures to determine what is wrong, why, and how they can fix or work around it in whatever time window is available to them. (Obviously, some situations are tight on available time, and may require that manual control be established.) Just try getting that sort of reliability out of a Windows-based flight computer!
I know this is Slashdot, where nerds like their OSes. But there are times when the best solution for the job does not involve your favorite OS, hardware, or even your design philosophy. People's lives are on the line. It's best that the right choice be the one that provides the absolute best chance of preserving those lives rather than taking the chance (however infinitesimal) in exchange for some pretty buttons to click on.
I'm not saying that Her Majesty's Navy shouldn't upgrade her systems to ones with better combat effectiveness, but I am saying that Windows-based systems are not it. Not the software, not the hardware, and not the overall design. It's the wrong solution to the problem. I can only pray that it doesn't get someone killed.
Re:Sortof a Microsoft fanboy, but... (Score:1, Interesting)
I think an embedded(or even non-embedded) Windows solution would be fine for low-performance systems that aren't driven to the needle's edge hardware-wise. They're certainly more practical for secure development on the available frameworks.
Whoever mentioned that these systems would be driving nuclear weapons is really looking at this the wrong way. The nuclear weapons console will not be in anyway networked to the navigation system- unless they're insane. They're likely using high-performance embedded RTOS for that.
I heard it from reading (Score:3, Interesting)
Do you really want to play that game? (Score:3, Interesting)
Specific vulnerabilities would depend on function, but if you're designing a backdoor, you can certainly find a way to trigger it that doesn't depend on a network connection. Particularly if you have access to the device drivers and stuff at the same time, you could figure out a way to trigger the backdoor through a device that's not normally assumed to be a security threat.
It's just not the sort of thing you'd want to bet on; you're letting somebody else, presumably untrustworthy, write and compile the kernel code that runs on the bare metal. From that point onwards, you can't trust anything that the computer does. Unless you're keeping it inside a walled VM and inspecting every bit of data that it gets passed, you're vulnerable (and even then, you're just pitting yourself against the people trying to pass it some specially-crafted data to trigger the exploit).
Re:Software is far more dangerous than machinery. (Score:4, Interesting)
And for what it's worth, if I were the CIA in the U.S., you'd bet I'd be leaning on Microsoft to seriously backdoor every piece of software that it sold for military purposes abroad.
You might do that, but that's not all you'd do. If I were the CIA, I'd be sure that at least a dozen or so CIA agents with impeccable references applied for jobs at Microsoft, and had back doors in the code and smuggled private stuff out for analysis and all kinds of similar work. I'd also do that if I were the FSB, or Mossad, or any other government intelligence agency. But as Microsoft is in the USA, I'd figure the CIA has an easier time of it.
I'd also have agents at Sun, and Apple, and IBM, and Xerox. This isn't a Microsoft rant; this is just pointing out that "good spy agencies have good spies anywhere machines are made that process important information".
Two things (Score:3, Interesting)
2) All the training and whatnot still doesn't change the fact that you can only get parts from US suppliers for US hardware. Iran is in that situation with the F-14s the US gave them back in the day. They have very few that are operational as they've had to strip them for parts since they can't buy replacements.
Re:Oh Come On... (Score:3, Interesting)
Britain tends to support the unionists who want NI to stay part of the UK. The US tends to support the republicans who want NI to become part of a united Ireland.