Navy battle software unsafe

 

[Source: Article by Neil Mackay, Investigations Editor, *Sunday Herald*

(Scotland), 10 Oct 2004]

 

The Royal Navy's new, state-of-the-art destroyer has been fitted with combat

management software that can be hacked into, crashes easily and is

vulnerable to viruses, according to one of the system's designers who was

fired after raising his concerns.

 

Gerald Wilson, who has 25 years' experience designing naval software, worked

for Alenia Marconi Systems (AMS) in a joint venture with Bae Systems and the

Italian company Finmeccanica on the combat system for the Type 45 destroyer,

which will rely on Microsoft Windows 2000.  System failure in action, he

says, would leave the ship blind, defenceless, and as good as sunk.

 

Dismissed after voicing his fears to the Ministry of Defence and the Defence

Procurement Agency (DPA), Wilson wants to give evidence to the parliamentary

defence select committee about the software.

 

Last night he told Channel 4 news that "the use of Windows For Warships puts

the ship and her crew at risk, and the defence of the realm".

 

There are also plans to install a similar Microsoft Windows-based

computerised command system on Britain's nuclear submarines. Wilson said:

"It is inconceivable that we could allow the possible accidental release of

nuclear missiles. The people who survived such an exchange, if any, would

certainly regard such a thing as a crime against humanity. And I can't help

feeling that even planning to deploy such systems on Windows, with its

unreliability and lack of security, is itself some sort of crime in

international law."

 

Windows was chosen by AMS in order to cut costs, as the DPA has been

encouraging a switch to off-the-shelf systems. Wilson says the Navy should

stick to its current operating system, Unix, which is said to be more

reliable. Designers can also customise Unix, which would allow unnecessary

components to be removed to reduce risk.

 

A navy spokesman said: "Bae Systems, as the prime contractor for the Type

45, is responsible for ensuring that the warship meets the requirements

placed on it by the DPA. Using Microsoft Windows within combat management

systems was the subject of an independent review commissioned some while ago

by the DPA. "The review found a proper engineering approach had been taken,

both from a security perspective, as the system middleware isolated Windows

from the remainder of the mission-critical systems, and from a safety

perspective.

 

Comprehensive hardware mechanisms will be put in place where necessary to

avoid any potential Windows-derived compromises. "We are satisfied that the

solution recommended by the contractor will meet our requirements, as it has

been subject to an independent review. This review was conducted by a team

at the DPA who are independent of the Type 45 team."