Windows for Warships safe for Royal Navy, says MoD
Getting your blue on blue in early...
Windows 2000 represents the "lowest risk choice of operating system" for Royal Navy destroyer Combat Management, and "any residual risks associated with reliability [are] well understood by the contractor", Armed Forces Minister Adam Ingram told the Commons yesterday.
Responding to a question from Michael Fabricant MP, Ingram said that the selection of a CMS for the forthcoming Type 45 class of destroyer was the responsibility of contractor BAE Systems, but that the decision to use Windows 2000 had been subject to review. This was carried out by the Ministry of Defence together with "specialist representatives" from QinetiQ and the Defence Science Technology Laboratory (DSTL).
As reported here, BAE's CMS subsidiary, AMS, has standardised on Windows for future CMS development, and this effectively means that any Royal Navy vessel BAE contracts for will use Windows. This decision was made in the teeth of vocal criticism from some of BAE's own engineers, and a considerable amount of rolling of eyes elsewhere. Register sources meanwhile claim that the MoD is one of the strongest supporters of Windows in UK government. The MoD effectively opted itself out of the OGC's government-wide deal with Microsoft two years ago, and is alleged to tell would-be contractors that Windows as its desktop standard is 'not negotiable.'
Yesterday Ingram didn't actually answer very much of the question. Fabricant had asked if there had been an external review of the Type 45 decision, and from Ingram's answer we can perhaps infer 'No'. He then asked for a cost comparison between Unix and Windows 2000 as the CMS OS, and Ingram simply said: "The cost of implementing an operating system for the Combat Management System in the Type 45 is a matter for the prime contractor, BAE Systems, and their sub-contractor. The Department does not have, or require, visibility of costs at that level of detail."
Fabricant also asked what systems had been put in place to cope with a failure, and what steps had been taken to ensure the Win2k CMS in the Type 45 was reliable. Aside from affirming that Win2k was "the lowest risk choice" and that BAE was on top of "residual risks" (Are these cookies? Spyware?), Ingram said: "The system design has built-in redundancy, with automatic, and transparent, switch-over to a back-up system if the primary system has a problem. This would provide continuity of operation and ensure that no data was lost. The system design also ensures that comprehensive hardware mechanisms will be in place to avoid any other safety or technical issues."
So we have an internal MoD review with no external validation or public accountability, and we have no information regarding the yardsticks used, or indeed even what was measured. It seems however unlikely that a UN*X alternative as favoured by the old guard BAE engineers was put forward as an option, and it's doubtful whether the MoD will have given (or even been equipped to give) serious consideration to relative costs. QinetiQ and the DSTL could in theory have provided reasonably informed advice, but as we have no idea of the status of their "representatives" or their terms of reference, they quite likely were not given the chance.
One of the justifications for AMS standardising on Windows, incidentally, is that it will be possible to use commodity hardware that can be swapped out easily. While one does not want to be shelling out £1,000 for bespoke spanners, this is perhaps something that's not wholly relevant when considering systems in hardware that costs billions. And UN*X runs on commodity platforms too, plus other stuff that Windows doesn't run on.
BAE, incidentally, was the contractor for the submarines sold to Canada, one of which, the Chicoutimi, caught fire shortly after leaving port. The Canadian inquiry should shed some light on what actually happened, but a series of Parliamentary questions has teased information regarding where the buck might stop from Defence Ministers. Defence Secretary Geoff Hoon (always the charmer) had commented "I think 'buyer beware' is absolutely accurate", but the reality appears to be that the submarine was officially handed over to the Canadians two days before it left port, that the refit was carried out for Canada by the MoD (contracted out to BAE), and that the deal was actually a leasing arrangement running for eight years from 2nd October 2004, with Canada paying a nominal £1 at the end to assume full ownership.
There's no question of the Chicoutimi running Windows, of course, but we'd just like our Canadian readers to know we're keeping an eye on this one. So far it seems pretty clear where liability will lie (not a bad expression for a politician's tombstone, that), if the goods turn out to have been defective.
We're conscious we might have been a little too nice to QinetiQ back there, so just to set the record straight we'll remind people what QinetiQ, formerly the Government-owned Defence Evaluation and Research Agency, was using its Windows desktops to research in 1998. We accept QinetiQ has long-since paid its debt to society, and is now perfectly clean. But we'll be round to check later. (that's enough digressions - Ed) ®
Sponsored: The Nuts and Bolts of Ransomware in 2016