Just like countless businesses and individuals, the US government is finding it hard to let go of Windows XP. Even though its had more than six years to get ready for D-Day, when Microsoft finally ends its technical support for the OS, over ten percent of government PCs are still believed to be running the decade-old operating system, says The Washington Post.
The problem lies in the fact that much of the government’s computing infrastructure was designed specifically to be used with Windows XP, and that’s apparently held up a transition process that began around two years ago. The Washington Post says that thousands of government PCs will still be running XP when Microsoft stops supporting the product. This comes after a warning from the U.S. Computer Emergency Readiness Team last week that says that PCs running XP after the April 8 cutoff date will pose a major security risk.
“Once XP goes out of support and is no longer patched, you’ve just raised the vulnerability significantly on the whole Windows platform in your organization if you haven’t moved off XP,” said former Department of Homeland Security Chief Information Officer Richard Spires to the Washington Post.
This might be technically true, but as I pointed out yesterday this seems to be a bit of an overreaction. What’s more true is that most government computers are already highly vulnerable to hackers right now, and have been so for years. That Microsoft is bring the curtains down on its support doesn’t really change anything.
For all of the fuss that government officials have made in recent months over “cyberattacks”, “cyberwar”, and “cybersecurity”, it seems odd that they haven’t placed getting their own house in order at the top of the agenda. General Keith Alexander, the outgoing NSA chief, has claimed on more than one occasion that the reason he needs greater access to private networks is to defend against foreign hackers, yet he doesn’t seem at all bothered by reports that all kinds of classified documents are stored on rusty old XP computers.
The Washington Post notes that this includes thousands of PCs belonging to military and diplomatic networks, and while these might have stronger defenses, the fact they hold highly sensitive material raises the stakes if a breach should occur.
One would think that, given how sophisticated the NSA is when it comes to infiltrating computers, it might also be a bit more proactive in helping to shore up our own defenses too, by ditching Windows XP for a start.
Sadly it hasn’t seen fit to do that, and officials have been reduced to begging Microsoft to extend its support deadline – a plea that Microsoft flatly refused.
Instead, Microsoft has turned around and offered “custom support agreements” (for a price, naturally), that The Washington Post says wouldn’t be as comprehensive as its previous security updates anyway.