HMS White Effalump

[Ed P]

The Great White Effalump (Sorry HMS Queen Elizabeth)  has sailed away for trials with its Command & Control system based on a completely hackable XP operating system (link). Its a good job that its squadron of Flying Turkeys will not be fit to operate for years (if ever) so all the ship will be called on to do is act as a floating gin palace for official visits – let us just hope that no-one brings any usb sticks on board, or a laptop using SMB1.

Score yet another ‘win’ for the MOD and TBLiar!

[Dave Rice]

I ran the office desktop IT on this project for a couple of years, but not the onboard systems (although I worked with people who did).

Come on Ed, give them some credit. Do you seriously think that there is no endpoint protection in place that restricts and monitors the use of the USB (and every other) port and shed-loads of similar defenses? You don’t just rock up to a naval ship of the line with a laptop and plug it in somewhere. It’s pretty hard to do that in the design office! This isn’t just a box from PC World plugged into 13 amp and RJ45 sockets on the bridge.

Corporates like BAE have been fighting off cyber attacks for a long, long time. They even sell their services in this area at nation state level.

[The Duke]

This isn’t your normal xp install, iirc it’s built on 2000 also. We swapped over to this system in the mid 2000s it controls our whole navel and nuclear fleets plus trident.

I doubt it is an off the shelf disk, but still xp!

[Wheels-Of-Fire]

BAE Systems. Had to laugh a few years ago when their MD failed to get away with the usual bottom line and bugger off trick. It works like this. By hook or by crook get yourself installed as MD of a medium sized company then put your CV out. You are looking to get hired by a mediun size PLC that has not been making the returns its share holders would like. You take a 5 year contract but only intend to stay for 3 at the most. Once installed you call for the books and stop all spending on R and D. During your first year you announce a streamlineing program, make people redundent and sell off some minor assets. The resault is a much better bottom line at the end of your first year. In the second year you pull your master stroke by announcing you are going to concentrate on “core buisness”. This allows you to sell off large chunks of the company and having studied the books you know the most valuable one’s to sell. The outcome is a fantastic bottom line at the end of your second year. In your third year you are looking for a new job and you will get one because of your last 2 years performance. So you bugger off to the new company with a large bonus and probably a golden handshake to start the whole thing again. When your gone your old share holders wonder why they now have no company but who cares right ?

[Ed P]

Unfortunately there are still a raft of XP zero days still at large, courtesy of the NSA. To be relatively safe for the medium term the C&C system would need to be air-gapped from any insecure networks such as those providing Internet to the crew or management updates to the Officer’s laptops

As Steve said, this IS XP and afaik M$ have not made any moves to provide patches for the exploits not so far publicly released by ShadowBrokers. If any of these exploits follow the Stuxnet example they are aimed specifically at the sort of air-gapped Management Control systems employed on the Effalump.

However maybe the MOD have had the wisdom to do a separate update/patch deal with the NSA and M$!!

[Bob Williams]

The decision to build these carriers was made at a time when the carrier-based aircraft strike force was thought to be king. Well before they were half-finished, they were obsolescent, if not obsolete. The whole project hinged upon the use of one aircraft, Ed’s aptly-named Flying Turkey, and the original deal between BLiar and Bush, which has seen UK and Us defence procurement bodies, allocating more and more billions to get the project off the ground. Pun intended. This deal has been slavishly adhered to by successive UK governments.

Meanwhile, the French, having departed from the Eurofighter/Typhoon project, developed a very good aircraft of their own, the Dassault Rafale:    https://tinyurl.com/y7664e5l

This has evolved to become a really good multirole aircraft. It sells across the world: the Indian Navy is the latest to place an order. The Naval Rafale would be an ideal replacement for the F-35, which is showing all the signs of being a failed project, a fact apparently being completely ignored by the UK government. Not for the first time, our leaders are myopic when it comes to following the directions of US defence manufacturers, who have millions invested in a failing defence item which has nothing to offer UK defence, except massive outlay which means stripping and/or cancelling other defence projects.

Why did we not cancel any further use of the turkey, and either adapt the Typhoon (as the French adapted the Rafale) or buy the Rafale instead? I have no doubt that we could build the Rafale under licence, possibly using Rolls Royce engines. There is relatively little UK manufacturing input into the F-35.

When the Thought Police arrive at your door, think -
I'm out.

[Dave Rice]

“the C&C system would need to be air-gapped from any insecure networks such as those providing Internet to the crew or management updates to the Officer’s laptops”.

For Gods sake Ed, these systems are not designed and implemented by 14 yo kids in their bedrooms. Please stop insulting their intelligence. Even the systems used to design the systems are air gapped. BAE and the Navy do not need to be told how to do IT security by The Telegraph.

Bob – ask yourself which country we are distancing ourselves from and which we are sucking up to.

Our relationship with La France has always been a bit strained. My office was known as the French Room as before our team expanded and took it over it was where they put the visiting French (who were then still heavily involved). They gave them that room as it had no central heating or air con and was used as a short cut. Thales are however still part of the Aircraft Carrier Alliance (and involved with other ships).

[Bob Williams]

Dave as I understand the question you want me to ask myself: I see the UK currently sucking up to the US, whilst distancing ourselves from Europe as a result of Brexit.

I see that as A Very Bad Thing for several reasons. I know that we have a shaky history with the French: I was part of several military exercises involving French troops, in their “non-NATO” days. But they are our closest neighbours and I believe that we should share as much military expertise as possible with them, and with European NATO nations generally. It makes more sense than trying to work with the current US systems and people, governed as they are by a POTUS who has absolutely no idea where most other nations in the world are actually situated, and whose idea of diplomacy is to annoy as many other nations as possible.

When the Thought Police arrive at your door, think -
I'm out.

[The Duke]

Dave, Given that xp is now a running joke, even within the wider population. Post the NHS mess, anything ran by xp is just a cheap headline. Especially if that system fires Nukes. Lol.

I’m sure it’s very secure, and greater minds than most, will be watching it closely.

I must find the story I read a few years ago, on how the US almost Nuked itself on day. I’m sure there is a 100 more we just don’t know about. Iirc it was human error, not software  to related. The human is always the weakest link.

 

[Ed P]

Simple question – who do you distrust the most, the French or the Yanks? My answer is now very different from the one I would have given twenty years ago!

[Dave Rice]

One good by product was we had a couple of embedded MoD bods who were English – French translators. They would be in Paris a couple of times a month at least and always brought back some Tarte aux pommes from the local boulanger-pâtissier.

The farthest away I got was Frimley (north of Farnborough by the M3), but I’ve been in the ship simulator at HMS Collingwood when they were running the Carrier simulation. That was a weird experience. I knew the bridge couldn’t move at all, I’d been around the outside and on the roof when putting the CCTV in, but when they start a rough weather simulation you’d swear the deck was moving.

[Bob Williams]

Not like the Real Thing, Dave! SFX!

When I first went to sea at 16, my first trip was around the Med on an ancient 2,500 ton cargo vessel. I was on 4 on/8off watches, meaning I did 4 hours sea duty and 8 hours off. Being a very junior Deck Hand with no experience, my watches were spent on the Monkey Island:     https://tinyurl.com/zfw44ok

That is where I stayed for 50 minutes of every hour, being spelled by a crewmate for 10 minutes and a big mug of “fortified” cocoa. On that trip, we sailed through the Bay of Biscay in a Force 9 and I climbed up and down that ladder whilst the ship was revolving below me. As I watched from my lofty perch, every one of 12 Bedford trucks meant for Algiers that were wired to the deck, snapped their 2″ diameter steel wire ropes and were washed overboard. I was on the highest point and could see seas washing level with my head, as that old tub struggled up and down some monster waves. Being young, I thought it must always be like that, but I was told by the older guys that it was the worst storm in the Bay for decades. They also told me that I had ” … earned my Sea Legs!”

There was another, worse storm for me in a much bigger ship later, going through the Strait of Magellan (tip of South America) and that was hellish.

The lad who had already been through this trip once in relative calm, was as sick as a dog, whilst I was fine, just soaked to the skin, but actually enjoyed it: too young and daft to be scared, I guess. But no simulator could have given me that experience.

When the Thought Police arrive at your door, think -
I'm out.

[Dave Rice]

No, they don’t come and chuck buckets of water at you?

[Author]

Posts