to volume overview

Does Windows XP still run on British SSBNs?

HMS Vanguard returns to it´s base at Faslane-on-Clyde from a patrol. Photo: Tam McDonald – Defence Imagery OGL

Towards the end of December 2016 various digital media published Articles saying that Windows XP is still in use on the four British submarines with ballistic missiles (SSBN), which have also been covered in Flotsam July 2016. This is said to pose an enormous security risk since Windows XP has passed out of support in 2014 and Microsoft no longer offers security patches closing security holes. PCs still running Windows XP after that are to be considered unprotected, Microsoft says.

The official Name of the British SSBN´s operating system is Submarine Command System Next Generation (SMCS-NG). It was also unofficially called Windows for Submarines or Windows fo Warships during it´s implementation. Evolving from a cooperation between the royal navy, BAE Systems, the second biggest defense group worldwide, and the American Microsoft corporation, it is largely based on Windows XP. The only alternative being discussed beforehand was Linux-based Systems, which installed on numerous warships throughout the world.

With SCMS-NG´s implementation, a ten-year service service contract was signed, technical support and security updates are contractually fixed at least until December 2018.

In the article “World War Three, by Mistake” published in the American magazine “The New Yorker” by American journalist and author Eric Schlosser, the former U.K. Minister of Defense Des Browne is quoted: “It is shocking to think that my home computer is probably running a newer version of Windows than the U.K.’s military submarines.”

It is quite likely that Des Browne´s private home computer is running a newer version of Windows than the Royal Navy´s SSBNs, the same will be true for many viewers of this pages. This fact maybe is less shocking but more an indication that the marketing strategy of a big American corporation has worked out. Microsoft did not suspend technical support for the SCMS-NG at all but still monitors and services the software contractually. The SSBN´s internal network is not connected with the internet. Their operating system´s purpose is not communication via the internet, like it is the case with the off-the-shelf Windows version running on Des Browne´s computer, but system and plant control and thus is unlikely to even contain the specific parts of software, for which security updates become necessary. By the fact, that the SSBNs are not connected to the internet, software updates itself pose a risk of infection with malware which has to be balanced with the expected increase in security.

Would a Linux-based system have been chosen instead of Windows-based, there would have been no support by major software company from the outset. The British SSBN´s “Trident”-missiles cannot be launched only by software.

Like any other computer systems, the British SSBN´s system are at risk of being infected with malware and thus being compromised. Also here, complete and comprehensive security cannot be achieved. There seems no specifically increased risk of starting a nuclear war by mistake through SMCS-NG compared to other risks in past and present described in the magazine article. The overall risk of a nuclear war started by mistake still persists and could possibly increase, looking at the latest developments in global politics, like the article and also it´s author´s book “Command and Control” descriptively point out.