As many as 1,518 PCs, or one in every five PCs, used by the Greater Manchester Police in July were still running the decade-old Windows XP operating system.
The London Metropolitan Police Service and the Greater Manchester Police have the highest concentration of PCs running Windows XP operating system.
A Freedom of Information request filed by the BBC has revealed the state of internet security enjoyed by police forces across the country. The request was aimed at gaining an insight into the number of PCs powered by the decade-old Windows XP operating system still being used by police forces.
Information obtained by the BBC suggests that a lot of improvement have been made as far as updating or replacing legacy systems is involved. On the bright side, Gwent Police, North Wales Police, Lancashire Constabulary, Wiltshire Police and City of London Police are presently not using any systems running Windows XP. This suggests that these forces are now immune from potential WannaCry-like attacks that exploit vulnerabilities in older operating systems.
At the same time, Cleveland Police, the Police Service of Northern Ireland and the Civil Nuclear Constabulary are using fewer than 10 computers running Windows XP. Going by the pace in which they have updated their systems, they should be able to bring down the number to zero by next year.
However, the London Metropolitan Police Service and the Greater Manchester Police continue to remain as the two forces employing the largest number of PCs running Windows XP. Replying to the FoI request, the Greater Manchester Police said that it is still using 1,518 PCs that run Windows XP.
Even though the London Metropolitan Police Service refused to divulge information to the BBC citing that it would reveal potential weaknesses and vulnerability, the force had confirmed earlier in June that it was still using over 10,000 PCs running Windows XP.
Even though the number of legacy PCs used by the Met is the highest among police forces in the UK, the force has been able to reduce the number of PCs running Windows XP from 35,640 in October 2015 to 10,000 in June 2017.
According to the Greater Manchester Police, the 1,518 PCs running Windows XP are still being used by the force ‘due to complex technical requirements from a small number of externally provided highly specialised applications’.
‘Work is well advanced to mitigate each of these special requirements within this calendar year, typically through the replacement or removal of the software applications in question,’ said a spokeswoman for the Greater Manchester Police.
When Windows 10 was first introduced, Microsoft had offered a year-long window for organisations across the world to update their PCs to the latest version of Windows for free. Despite such a large window being offered, a large number of police forces, NHS trusts and other government organisations were still using legacy operating systems after the window closed.
Following the WannaCry ransomware attack in May, Microsoft released security patches for as many as 16 vulnerabilities that remained in older versions of Windows. The software giant said that the patches would help organisations guard against ‘potential attacks with characteristics similar to WannaCrypt.’ It remains to be seen how many of legacy systems used by police forces in the UK were updated after the patches were released.
‘“The challenge faced by the police illustrates a much more widespread problem across the public and private sector,’ said Mat Clothier, CEO, CTO and Founder of UK software business, Cloudhouse.
‘Thousands of applications and millions of users are vulnerable to these serious risks on a daily basis, but the “complex technical requirements” often cited as the reason for still using Windows XP in this way is itself an outdated view which is slowing progress to a solution,’ he added.
Clothier adds that organisations using legacy systems should take advantage of readily available solutions based on container technology that offer a solution without the need for expensive, time consuming software re-writes.
Research from Top10VPN.com has also revealed that the use of legacy systems by police forces is also a major cause of concern for the general public. According to a survey conducted by the firm, 33% of Brits are worried that the police could be singled out for attack by hackers, ahead of other critical public services and infrastructure.
At the same time, almost half of all Brits are sure that the Government would pay any ransom to minimise disruption if the police were hacked.