We all remember the fiasco with WannaCry and how it was inextricably tied to the usage of the Windows XP operating system. While patches were rolled out for the antiquated OS in hopes of preventing a major incident; it simply was not enough. One of the takeaways from the massive attack should have been the realization that upgrading to a modern OS is vital. This especially goes for the many public sector organizations, such as hospitals, that were obliterated in the WannaCry debacle thanks to their vulnerable networks as a result of running XP.
It appears that the lesson has not been learned, however, as a Freedom of Information (FOI) request has revealed England’s second-largest police force is running a staggering number of machines with XP. As reported by BBC News, the police force of Greater Manchester has more than 1,500 machines functioning with Windows XP. This is roughly, according to the BBC’s estimates, 20 percent of the total machines within the GMP’s network.
A spokesperson for the Greater Manchester Police defended the results with the following statement:
The remaining XP machines are still in place due to complex technical requirements from a small number of externally provided highly specialized applications... work is well advanced to mitigate each of these special requirements within this calendar year, typically through the replacement or removal of the software applications in question.
This is an incredibly dangerous game that the GMP is playing, but they at least seem to recognize the danger to a certain extent. Elsewhere in the BBC News report the GMP stated that it is “continually” reducing the usage of machines with Windows XP. The FOI request revealed that the GMP is not the only UK police force running XP, but the difference is that the usage is far less by comparison. The report notes that Cleveland (of England) police have 0.36 percent of their PCs running XP and the Police Service of Northern Ireland (PSNI) has a percentage of .005 PCs on XP.
The Metropolitan Police Service, which is London’s force, refused to partake in the FOI reveal citing (in my opinion) bogus security reasons. However, recent speculative reports suggest that around 10,000 desktop PCs of the MPS are still running Windows XP, a substantial number indeed.
The takeaway here is that government entities with sensitive data and vital services, such as law enforcement, are not taking the threat of antiquated operating systems seriously. Even with the most recent patches as a result of the massive security compromises due to WannaCry, the UK’s most vital services are not up to speed with security protocols. I can only hope they rectify this before another massive incident.
Another incident will occur. It is simply a matter of when.
Photo credit: Microsoft