Windows for Warships

[Edge]

Reported by the UK's Channel 4 News:

Windows warfare
Defence

Published: 09-Oct-2004
By: Julian Rush

It runs most of our office and domestic computers - but should it be trusted with matters of life and death?

The Ministry of Defence has chosen the Windows operating system for the war-fighting computers of the Royal Navy's latest destroyers.

But a combat-systems expert from the company designing the technology says `Windows 2000' is neither reliable nor secure enough for the job.

The Type 45 is the Royal Navy's newest destroyer. The first of six, HMS Daring, is due in service in 2007.

Her role - to defend naval task forces against air attack.

And to help her crew make split second decisions under fire, she's to be equipped with a state-of-the-art computerised Combat Management System.

Its screens will give the captain and crew a second-by-second picture of the battle around them. It's absolutely critical to modern war fighting - without it, the ship is blind and defenceless.

For the first time, the Type 45's will run on Microsoft Windows.

"My concern, as a whole, is that the use of windows for warships puts at risk the safety of ships at sea and the defence of the Realm"
Gerald Wilson, former combat systems designer

Gerald Wilson is a former employee of the company designing the system, who'd raised the concerns of a group of software engineers that Windows wasn't reliable enough or secure enough for such a critical military system.

Most computer users put up with it when Windows occasionally crashes. They've learned how to cope with virus attacks.

Only now has he decided to go public, after all his efforts to alert the defence establishment privately were rebuffed.

"If you are engaged in combat, or in a situation in which combat might occur, it is vitally important that your command systems stay up and don't crash, run slow or have to reboot themselves."

The system is being built by AMS - a British Aerospace joint venture with an Italian company. Under pressure from the Ministry of Defence to adopt commercial products where possible to cut costs, they chose Windows two years ago.

Gerald Wilson is adamant there is an alternative that's just as cheap. Unix, not Windows, is mainly used to power the internet because it's more reliable, more secure; AMS were already using it in existing combat systems.

He suggested using what's called open source software - which comes with the source code so the designers could re-programme it to simplify the system - always a good way to reduce risks.

"By contrast, if you take the Windows operating system, it comes in a shrink-wrapped box and it's very difficult to configure out of it certain parts or certain functions. Therefore it seems to me quite impossible to take such a system and use it as a foundation for something like a command system, where you must be able to predict reliably how the system is going to behave, in order to ensure its safety, security and reliability."
Gerald Wilson

"General purpose systems are just that: they're general. Most highly secure systems have specialist solutions. If you are guarding Fort Knox, you don't use a Yale lock."
Professor Ian Angell, Professor of Information Systems, LSE

Because of bugs and security flaws, Microsoft has to release frequent security fixes and patches. Only this week the headline in the leading trade magazine,

Computer Weekly, warned:
"users face five years of patching pain as security flaws keep rising."

Microsoft says the product to be used - Windows 2000 - is accredited to international standards for both security and upgrading. It is, they told us:
"as reliable as Unix, as secure as Unix, if not more so."

Neither British Aerospace nor the Ministry of Defence would be interviewed. But in statements, both said the the decision to use Windows had been subject to an independent review and they were satisfied
'a proper engineering approach had been taken to safety and security'.

The review, though, was an internal one, by staff of the MOD's Defence Procurement Agency, albeit ones not connected with the Type 45 project.

If it all works, there are plans to use Windows for the command system on the submarines that carry Britain's nuclear deterrent.

"It's one thing having and anti-aircraft destroyer running on Windows; it's quite another matter when we are talking about Her Majesty's nuclear threat. Because it inconceivable that we could allow the possibility of accidental release of nuclear missiles."
Gerald Wilson

An accidental launch is an extremely remote possibility. But it must surely be right to ask that nothing be compromised to prevent it.

...could give a whole new meaning to "blue screen of death"

[Avatar]

...could give a whole new meaning to "blue screen of death"

--A

[matrixman]

Sigh...I guess in the face of this absurdity, all I can do is laugh, though it's a laugh of derision bordering on hysteria.

I am apalled out of my mind that they would entertain the thought of using Windows on their nuclear submarines. If those missiles start firing because Windows felt like rebooting spontaneously, Bill Gates is going to have a hell of a lot of explaining to do.

It's Dr. Strangelove all over again. Kubrick was right. Humanity is a big joke. We're doomed.

(cue closing shots of movie: nuclear bombs going off as we hear strains of "We'll meet again someday...")

[Avatar]

...Kubrick was right. Humanity is a big joke. We're doomed.

You may well be right. I'm usually of the opinion that Life itself is a joke, it's just a question of how good we are at noticing the punch-lines.

--A

[aTOMiC]

I can't argue that Windows has its problems and Microsoft deserves its reputation with its customers. However I've been a long time user/administrator of windows since windows 3.1/Dos 6.0 and I have to mention one thing. Windows, when properly installed and maintained (especially W2K) can be a very stable OS. Most of the errors and BSODs I've encountered have been caused by some routine or software or action that is beyond the normal operation of the PC. We all sit and run commands, listen to music, browse the internet, type text, allow antiviruses to run etc. etc. etc. and are shocked when the PC suddenly locks up when you open a new screen or seemingly perform a function you've done thousands of times and the computer spontaneously reboots. There are generally reasons for these occurrences. My point is that it is very likely that the Royal Navy will not permit a Seaman who is manning the fire control system to listen to mp3s through winamp during a crisis. "Sir! The system rebooted in the middle of the battle. It wasn't my fault. Everything was fine. I didn't do anything I don't usually do. When the first missiles appeared on the radar I checked my email and fired up some Pink Floyd to calm my nerves. I do this every time and nothing bad ever happened before. I didn't do anything wrong. Its this stupid computer and stinking Microsoft!" Do any of you IT guys find this familiar in any way? Having said all of that I still think military software should run on a unix system. Why take a chance?

[Avatar]

...Do any of you IT guys find this familiar in any way?

Aah, the ubiquitous ID10T error. You've got a good point Tom, but I agree...Why take chances?

--Avatar

[matrixman]

Good post, TOM. I see your point.

I duly admit that Windows (at least the NT-based versions) can be a very solid platform. For instance, Windows XP has been on my PC for almost a year and a half now, and has run smoothly all that time. As you say, when it's been properly installed and well-maintained, Windows can indeed be very stable.

Of course, the difference between me and the Royal Navy is that nobody dies if my computer has a hiccup while playing video clips of SRD at Elohimfest.

I certainly don't dispute that Windows NT-based systems handle mission-critical applications with aplomb at many businesses, large and small. However, the task of overseeing nuclear weapons systems is a FAR more serious mission-critical operation than maintaining the agendas of Fortune 500 companies, though the IT departments at such companies may fervently believe that the fate of the universe depends on them.

To be fair, the article suggests that the Royal Navy will give Windows 2000 a shakedown on its destroyers first to make sure everything runs okay before putting the OS in charge of the nuclear fleet.

But the question posed by the article won't go away:

It runs most of our office and domestic computers - but should it be trusted with matters of life and death?

(cut to scene of Dr. StrangeGates in the War Room with the President, planning for the apocalypse: "Mister President, I have a vision...a copy of Windows for every survivor, so we can remake the world...sure, all the world's computers are radioactive dust right now, but we can work through that...it just means a delay in the Service Packs...")

[aTOMiC]

At the end of the day, MM I heartily agree with you. Frankly relying on any computer to safeguard human lives is worrisome to me. When I think of advanced fighter planes that rely on a series of computers to manage the flight controls it gives me chills. Computers? Keeping an aircraft from plowing into a hillside? Computers? The same troublesome machines I've been working on for the past 15 years? Uh....I don't think so. Frankly I'd rather stake my safety on a plane with a big plastic propeller and a giant brown rubber band.

[Avatar]

Computers? Keeping an aircraft from plowing into a hillside? Computers? The same troublesome machines I've been working on for the past 15 years? Uh....I don't think so.

I pretty much agree. I've been quoting Heinlein a lot recently, (must be that thread) but in Friday, one of the characters says something along the lines of Computers not caring, or even being able to care, about whether the people on board live or not. (O.k, he was talking about artificail, non-human intelligence, but the concept remains the same.)

A human pilot, will at least do his utmost, even when all available data points to failure. The computer will believe the data. GIGO.

--Avatar

[Nav]

At the end of the day, MM I heartily agree with you. Frankly relying on any computer to safeguard human lives is worrisome to me. When I think of advanced fighter planes that rely on a series of computers to manage the flight controls it gives me chills. Computers? Keeping an aircraft from plowing into a hillside? Computers? The same troublesome machines I've been working on for the past 15 years? Uh....I don't think so. Frankly I'd rather stake my safety on a plane with a big plastic propeller and a giant brown rubber band.

Well, our skies are soon to be defended by the superb (and oft maligned) Eurofighter, a plane so advanced that it cannot be without computer assistance. I can just see one, tumbling end over end through the air whilst the pilot opens task manager and struggles against the g-forces to click on 'Eject user: Flt. Lt. Smyth'.

[matrixman]

Ah, the Eurofighter. I've heard the name. It's both a funny and a frightening scenario, isn't it? "Must...GASP...click...GASP...or...die.."

Computers are marvels of technology, and I have fun tinkering around with Windows like a number of Watchers here, but again, nobody dies if I screw up. So I can only hope for the sake of the Royal Navy that whoever is "customizing" Windows 2000 for the fleet knows what they're doing.

[Avatar]

Is it funny because it's frightening?

Or frightening because it's funny?


--A