The weakness in government IT has been horribly exposed over the last few days. Everything from Trident to many hospitals run on Microsoft operating systems that the company no longer properly supports. There are, however, good reasons for that. Windows XP does all that the operations in question require. The industry has moved on to meet the demands of boys for toys, but in the real world where most people use IT the demands are pretty basic. Email, a word processor, maybe a spread sheet, access to the web where the demands are not that high, and the ability to run pre-programmed database operations linked to a file server. That is pretty much it.
Does that require enormous computing power? The evidence of my phone, which can do all of those things and is very far from top end, is that in current terms it does not.
The evidence from most office workplaces is, I am sure, exactly the same. Most hospitals, GP surgeries, tax offices, MoD installations and the vast majority of business offices need something that is clutter free, simple to use, and functional. Google have the idea with Chrome but I would not wish to run the government on Google.
So we need a functioning business IT system for use by the UK government that would happen to be of considerable commercial significance. It could back end with Linux servers: many of the best systems do.
It might front end with Linux too: with investment there is no reason why not. But it has to be secure, dedicated, integrated and come with the systems to make it user friendly in real life. And that will cost money.
Do you want to know why we need a National Investment Bank? This is why. This is exactly the sort of thing it should be funding.
I am not saying for a moment that it should start from scratch. I suggest partnerships with the open source world. I suggest hardware relationships. I like the idea that a commercial training element of this could be linked to the BBC, which had its own computer once upon a time, of course.
What I believe is that the country that developed Raspberry can now develop a low risk, high security IT system dedicated solely to business use that could be of enormous value not just to the NHS and others but around the world. And it should be built for updating: obsolescence has to be designed out.
Because let's get real: barring elimination of the key board and its replacement with voice commands (which is already largely possible, but actually quite irritating, which is why I don't usually use it any more than I do voice activation on a phone) there's not a lot more any of us are really going to demand from business IT. For most people it has hardly advanced for a decade or more now. So there is a real need here.
And post Brexit we could do this.
And build a more sustainable world at the same time where obsolescence was not built in.
So which party is going to propose this? Because it's not going to happen without state support.
Thanks for reading this post.
You can share this post on social media of your choice by clicking these icons:
You can subscribe to this blog's daily email here.
And if you would like to support this blog you can, here:
It’s great to see your expertise covering the area of IT as well. Good ideas, states that have a clue like China and neighbours are trying to get out from under the rent of Microsoft by doing their own operating systems to give the people what they should have. All these new technologies locking people in for no reason. Although I should say your phone is probably more powerful than a PC when XP came out so we need a state OS there as well to protect us all.
Agreed
The NHS attack might be seen as a double protection demand:
1. Microsoft, from 2010: “We’re leaving your systems unsupported in five years. Pay up, or face the consequences”.
2. Hackers, last week: “We’ve stopped your systems working. Pay up, or face the consequences”.
I’m not in any way suggesting a connection between (1) and (2). There are some further disanalogies, in that Microsoft is reputable and legitimate, and the hackers aren’t.
However, there is a question of how this arises in the first place. As you suggest, the best strategy for the government would be to take critical IT infrastructure in-house (i.e. to not rely on an overseas vendor). In practice, this would mean a custom Linux distribution. However, the lead time for such a system is not insignificant — for example, the health service would need to create and test interfaces with proprietary systems (e.g. whatever clinical hardware is running — probably a Microsoft system). We’re talking many years of work.
From a cost perspective, it’s probably cheaper in this instance to outsource. But that means actually paying the support contracts. And, given that the country has locked itself into a single vendor (Microsoft), there’s not much room for maneouvre in negotiations over such contracts.
The Tory spin on this has taken a while to reach coherency (e.g. Hunt was AWOL yesterday). It seems that they’re going with shift of blame — Rudd said yesterday that Hunt didn’t recommend NHS services run unpatched systems, but merely shifted the responsibility onto NHS managers. In other words, NHS managers could use their dwindling funds to patch the systems, or to treat patients and pay staff. Unsurprisingly, many chose the latter.
This spin doesn’t really work. The reason is, the government would have got a better deal with Microsoft by negotiating collectively than for NHS services to do it individually. Centralisation would also further conferred a saving on negotiation time, since only one negotiation is needed, not many. So, with the initial spin, Hunt is negligent (although, newspapers might not provide enough information for readers to ascertain this fact).
A further spin is also attempted. Fallon was just on the Marr show, claiming a spend of £50m to protect the NHS from attack. This is a reference to the GCHQ budget. The problems here are (a) the defense didn’t work; (b) paying Microsoft £5m would have worked, and would have been an order of magnitude less expensive.
The hacking scenario was foreseeable from around 2008 onwards. When the XP systems were commissioned (early 2000s), cyberattacks were not yet a major problem, Linux was immature, and Microsoft’s OS was dominant and an obvious choice. By 2008, it was clear that Microsoft was struggling with their roadmap, and that the future might lie elsewhere. However, there was little urgency, since XP was supported for the foreseeable future. This would have been a great time to commission a system (as I recall, an attempt was made but later aborted, at high cost).
When the Cameron administration took over, addressing NHS IT systems should have been a priority. But, we all know the story behind the Conservative approach to the NHS. As a stopgap, a responsible government would have at least set up a transition using Microsoft’s upgrade path (i.e. to Windows 8). This isn’t great, but at least kicks the can down the road a bit.
Failing to even pay Microsoft’s support costs is simply negligent. There’s no way around it. In a just world, this government IT failure should provide all the evidence anyone needs to throw the Tories out of office at the general election.
Oh, what a surprise, the party of ‘personal responsibility’ is, as usual, trying to shift the blame for the consequences of their policies onto somebody/anybody(?) else.
I’ll paraphrase what you have just said from a market fundamentalist POV so that it is more in line with what is really going on:
‘If you want a decent privatisation of the NHS, what you do is under invest to the point where you make it under perform so badly that the people lose faith in it and private ownership seems reasonable and the best way forward to them when you suggest it to them’.
Agreed
Its not about money its about being computer savy and not using operating systems that are no longer supported by their manufacture for the internet
I still use XP on an old desktop i have for, as you say, word processing and spreadsheets.
But i stopped using it to access the internet many years ago.
I’m posting this comment via the tweaked, 12 year old, discarded XP laptop I currently use exclusively online,
I did max the ram @ 2gb, fitted a 500gb HD and found a 3.06Ghz P4 cpu on ebay for £5,
my vintage pcmcia wireless adapter card facilitates actual 20Mbps download rates,
this optical usb mouse I’m using came from the charity shop last week for £1.50
I have succeeded in finding workarounds for every obstacle Microsoft has created to try and kill off XP,
my personal cyber security suite is cobbled together from stuff freely available on the web and is selected based on simpliciy, effectiveness and minimal resource footprint,
the end of support came as a relief, towards the end the support seemed more like sabotage attempts,
I’ve disabled the updating executable as it was maxing out the cpu trying to gather nonexistent updates to the windows help definitions, this was freezing up the laptop like a virus,
to go online I use Firefox as a browser, DuckDuckGo as a search engine and AdBlockPlus to disable the myriad of intrusive and resource hogging unsolicited connections foisted on us by modern web pages,
I have purged my system of anything remotely connected to Google!
the combination of ABP’s malware blocking list and Spybot Search & Destroy’s browser immunisation plus commonsense when opening emails or downloading stuff has kept me free of any infections for years,
I’ve helped out plenty of friends and aquaintances with newer and supported Microsoft operating systems when they’ve picked up infections through neglect or carelessness,
my only limit seems to be my puny 64mb of embedded graphics memory, I either revert html5 video to flash with a browser extension or download video and watch it with opensource MediaPlayerClassic,
it’s not really what you’ve got, it’s what you do with it, I find stretching XP’s lifespan instructive, educational, economical, amusing and satisfying!
XP is dead… long live XP!
Thanks for that Matt, I’ve copied your post for future home use myself. Very informative.
Gareth
It is about money in my view.
Money that has not been spent because it is simply not there.
Those home users on here who have inventively got around XP then good for you but you must take into account the huge amount of data the NHS systems are carrying.
But your point about being IT savvy is relevant too.
We do need to get away from the established providers who have spent so much money trying to invent other things for their software to do in order to create ‘market differentation’ at the margins and too little on basic stuff like security.
I wish to remain anonymous for obvious reasons, but I work in an NHS IT department.
The case against using WinXP is clear, but in our trust and in many others it is unavoidable because of the applications and embedded systems that were written for XP and which have not been upgraded by the manufacturers. Normal “office workers” in the NHS generally do have recent versions of Windoews on their machines, with Microsoft support and reasonably recent versions of desktop appl8ications.
The systems that still run XP are the systems that are still running on the same hardware (or a near replacement in the same box) on which they were originally installed. Upgrading them would generally require updating a whole lot more than the PC/embedded system to maintain compatibility, or would require a rewrite of the application software.
In short, having an NHS Linux distro sounds like a great idea, and LibreOffice would go a long way to covering the reuirements of MS Office users, but all of the other NHS applications (and there are many) would need to be replaced or rewritten.
That is why the sensible solution is to pay Microsoft for ongoing support at less than £4/year per NHS employee.
Thanks for saying so
And that was negligently not done
So all doors lead back to Mr Hunt
Doesn’t the fault lie with Micro$oft’s software? They patched later versions on Windows to correct/mitigate the defect and presumably it would have been easy for them to have done the same for XP – bearing in mind the reasonable foreseeability of the magnitude of the likely consequences.
Some of us were surprised when Micro$oft won the anti-trust case against them at the start of the 21st Century, see: http://law.justia.com/cases/federal/appellate-courts/F3/253/34/576095/
P.S. I should have pointed out that following the attack Micro$oft released a security update for XP, see: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Thank you for that! I think the point here is that Hunt and his ilk found money for opening questionable homeopathy clinics under the NHS but not for simple IT maintenance. An inquiry should be set up and hunt should be taken to the courts.
As for windows or not, its best not to rely on microsoft where possible. They have unfortunately become mere rentiers and will not have the NHS’s best interests at heart. Should also protect them from attacks targeted at common and widespread software. The sheer might of the NHS should be used to contribute to open source software even for custom applications.
The fault lies with the it backup structure and a good data recoovery structiure i.e son, father, grandfather structure. Son daily father weekly grandfather monthly so always a level of recovery is possible. No one so far has even hinted at any recovery program of such vital data.
I did suffer from this type of attact a year or so ago via firefox but because all my data is in dropbox and dispite the daily crupted locked data being uploaded to drop box the company keeps timly backups, so giving them the date of my attack they restored my data from the previous day . I formatted my machine installed windows reloaded my data all in one morning. So no loss of information.
If the it departments are not backing up data then they should be sacked. It also apears that the government it providers, tory owned company, refused to pay microsoft for the continued support. So a secure backup structure saves you srtess.
Todays’s Times letters page covers this subject. A professor at Swansea uni hightlights that is not a question of money but of NHS employees being computer savy. Another letter suggests rather draconiengly criminalising any NHS employee that opens an attachment from an unknown source.
Obvious really, if you are still using XP use it off line only.
If you need to be on line, use amother OS system that it supported by its manufactured, regularly patched, firewalled and anti virused
I use Ubuntu (linux) as do most of my friends after I advised them I wouldn’t support their constant virus problems any more. I’m prepared to bet nobody using Ubuntu has had a problem with this “universal” malware attack. Ubuntu automatically updates every day in the background unless you disable this.
Even without a special version, Ubuntu is already more secure than WinXP, and has been for many years. Also, it’s not difficult to use. The layout is intuitive, and even my most “naive user” friends have no problems at all. Nervous at first, within a couple of days they’re using it as easily as they used to use Windoze.
And it’s free.