Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] OSS torpedoed: Royal Navy will run on Windows for Warships,


die Amis haben da schon was zu Thema im Wasser. Die Fregatte musste allerdi=
ngs schon mehrfach in den Hafen geschleppt werden :)


OSS torpedoed: Royal Navy will run on Windows for Warships

OSS torpedoed: Royal Navy will run on Windows for Warships
By John Lettice
Published Monday 6th September 2004 13:15 GMT

Almost three years ago the naval systems arm of major UK defence contractor=
 BAE Systems took the decision to standardise future development on Microso=
ft Windows. an immediate effect was to commit BAE's joint venture CMS subsi=
diary, AMS, who specialise in naval Combat Management Systems, to implement=
ing a Windows 2000-based CMS system for the new Type 45 Destroyer. But this=
 prompted strong internal opposition from some of AMS' engineers, who had a=
 sound background in Unix and who had, despite resource starvation and a co=
mpanywide policy to standardise on Windows, been investigating open source =
alternatives as a foundation for future combat systems.

They lost. Acting as spokesman for the concerned engineers Gerald Wilson co=
mpiled a 50 page dossier detailing the unsuitability of Windows as a founda=
tion for a naval command system, and arguing that BAE's Unix history and ex=
pertise made open source UN*X a logical and viable way forward. The company=
 then made him redundant. In May of this year Wilson reiterated his concern=
s to the board of BAE Systems at the company's AGM, pointing out that Windo=
ws is "proprietary technology owned by a foreign corporation", has "many an=
d continuing security flaws", and is not even warranted by Microsoft itself=
 for safety-related use. Why then, he asked, is AMS "shunning established e=
ngineering practice" by developing the Type 45's CMS on Windows.

But in July of this year AMS announced, claiming as it did to be 'encouragi=
ng' open systems development, that Windows 2000 was "the current baseline c=
onsole" for Type 45 development. AMS supports this with copious documentati=
on on the AMS approach to open systems, which can be summarised as open, so=
 long as it uses Windows. Earlier AMS had announced the deployment of Windo=
ws on submarine HMS Torbay, together with plans to retrofit Windows to Vang=
uard class and other attack submarines.

And in case you're wondering, the Vanguard class boats carry the UK's Tride=
nt thermo-nuclear intercontinental ballistic missiles. So some people think=
 that's a heap of responsibility for Windows to carry.

As The Register has noted in previous pieces on BAE's interesting Windows p=
lans, this is no trivial matter. Whereas most previous naval deployments of=
 Microsoft Windows worldwide have been overhyped, and have dealt largely wi=
th non mission-critical, non-lethal installations, AMS really is committing=
 the Royal Navy to Windows-based command, control and combat management sys=
tems. Having spoken up and lost his job for his pains, Gerald Wilson has no=
w contacted The Register. What follows is his story, in his own words.

Gerald Wilson writes: I used to work for BAE Systems, within the division w=
hich developed Command Systems for naval warships. Four years ago, I spurre=
d active debate about the future software foundations for these systems. As=
 a long-time assessor of innovative technology, I advocated investigation o=
f, and adoption of, open source UNIX foundations, such as BSD and GNU/Linux=
. Given that the companys command system products had already been successf=
ully migrated to run on proprietary UNIX, I viewed this as a natural strate=
gic evolution, expected to be low in cost and risk. However, BAE had underg=
one several structural changes. One consequence was that computer resources=
 were owned and controlled by BAEs outsourcing partner (Computer Sciences C=
orporation). CSCs published policy was to standardise BAEs computers to use=
 only Microsofts proprietary software.

Deprived of equipment, it was difficult to investigate open source UNIX as =
an alternative technology, despite BAE touting Innovation and Technology as=
 one of the companys core business values; ultimately, the only recourse wa=
s to buy equipment from private funds. The enforced conformance to Microsof=
t Windows influenced Engineering. In New Year 2002, it was decided that the=
 Combat Management System, for the new Type 45 destroyer, would run on Micr=
osoft Windows. Many of us raised in the discipline of software engineering =
were alarmed, even shocked, to learn this, but lacked strong grounds for sp=
eaking against it; that is, until April. In April 2002, Bill Gates, acting =
as Microsofts Chief Software Architect, gave extensive testimony under oath=
 to the US Courts. Gatess testimony included description of the current str=
ucture of Microsoft Windows. Snubbing fifty years of progress in computer s=
cience, the current structure of Windows abandoned the accepted principles =
of modular design and reverted instead to the, much deprecated, entangled m=
onolithic approach. Paragraphs 207 to 223 are particularly revealing about =
Microsofts chosen approach (paragraph 216 is difficult to believe!). Anyone=
 with elementary knowledge of computer science can see that Microsoft Windo=
ws, as described here by Gates, is inherently insecure by design. If this i=
s a flagship Operating System, then Dijkstras life was in vain.

Professional responsibility now took hold. Those of us who understood the i=
mplications of trying to use Windows as a foundation for a command system s=
aw the risk. As loyal officers of the company, we were obliged to attempt t=
o convince management about the risk. Acting as spokesman for a phalanx of =
concerned engineers, I compiled a dossier to document the problem. The doss=
ier provided a management summary, reinforced by some fifty pages of detail=
ed analysis and rigorous argument; The dossier explained why Microsoft Wind=
ows could not form a safe and secure foundation for anaval command system; =
and why, given BAEs established use of proprietary UNIX for this purpose, o=
pen source UNIX was a sound successor. The dossier was circulated within th=
e division (now part of BAEs joint venture AMS) in summer 2002, and more wi=
dely within BAE Systems. [For the public record: the dossier was stored und=
er the references JSWT/MRX/379 andJSWT/MRX/471 within the standard electron=
ic filing system used by command system developers. Hence it would be impos=
sible for the company to lose these documents without calling into question=
 its ability to manage project documents of any kind.]

The company's action was swift, but disappointing. Rather than respond to t=
he concerns I had raised, the company terminated my employment. I was disma=
yed. Whatever my failings, sloppiness of thought is not one of them. I felt=
 that I had applied my mind to this issue on behalf of my employer, but tha=
t my concerns had - echoing Mr Justice Sheen - been treated with derision. =
Although not (when written) protectively marked, these documents are, obvio=
usly, commercially sensitive, and remain the property of the company. Conse=
quently I would not be able to publish them even supposing I had copies ava=
ilable. They can only come under public scrutiny if released by the company=
; although, realistically, I would expect the company to be reluctant to do=

Since leaving the company, I have repeated my concerns to various parties: =
to the management ofAMS, to MoD officials, to the heads of professional bod=
ies (the BCS and the IEE), and to the board of BAE. So far, I have been una=
ble to convince anyone to agree with my view. As far as I can tell, BAE rem=
ains wedded to "Windows for Warships", and ignorant about open source alter=
natives. Despite BAEs wishful thinking, this issue will not go away. In the=
 two years since I compiled the dossier, numerous security problems have be=
en discovered in Microsoft Windows and its ancillary programs. Many of thes=
e have arisen precisely because of its non-modular structure, and in partic=
ular because of the complex entanglement between Internet Explorer and the =
rest of Windows. These continual problems demonstrate how, in practice, Win=
dows proves inherently insecure by design. There are many public descriptio=
ns of this issue: but a succinct summary is found here: (Does open source s=
oftware enhance security? - The Register) Although partisan, Greene's analy=
sis is accurate. Greene distinguishes how the structure of Windows (entangl=
ed, monolithic) necessarily compromises its security when compared with the=
 structure of open source UNIX (modular, scaleable). It is simple to infer =
which structure is preferable for building a safe and secure foundation for=
 an engineered system, such as a naval command system. A more recent exampl=
e is this recommendation in a recent security advisory from the Computer Em=
ergency Readiness Team, now part of the US Department of Homeland Security.=
 (US-CERT Vulnerability Note VU#713878, 9th June 2004 Microsoft Internet Ex=
plorer does not properly validate source of redirected frame).

One solution recommended here is use a different web browser:

"There are a number of significant vulnerabilities in technologies relating=
 to the IE domain/zone security model, the DHTML object model, MIME type de=
termination, the graphical user interface(GUI), and ActiveX. It is possible=
 to reduce exposure to these vulnerabilities by using a different web brows=
er, especially when browsing untrusted sites. Such a decision may, however,=
 reduce the functionality of sites that require IE-specific features such a=
s DHTML, VBScript, and ActiveX. Note that using a different web browser wil=
l not remove IE from a Windows system, and other programs may invoke IE, th=
e WebBrowser ActiveX control, or the HTML rendering engine (MSHTML)." (ital=
ics are mine)

CERT's analysis explains why this is a chronic problem. For the time being,=
 CERT limits its advice to that of avoiding use of Internet Explorer, rathe=
r than avoiding Windows as a whole. However: CERT confirms that, as others =
have already found, IE cannot be removed from Windows, and its presence can=
 still leave vulnerabilities in the system even if IE is never used as an a=
pplication showing again how Windows remains inherently insecure by design.=
 In an operating system, the combination of closed source and entangled str=
ucture makes for a deadly cocktail. I am pleased that the US DHS is now rec=
ognising and warning about the risks which I and others have highlighted fo=
r more than two years. However, I shall only sleep soundly once I know that=
 Windows has been banned from the command systems of the Royal Navys warshi=
ps for good.=20


  Pluto   -   SysAdmin of Hades
  Free information! Freedom through knowledge. Wisdom for all!! =3D:-)
  2048/06.03.2002 0x5C838AFE AF91 050C 0CAA 8734 45F5  A3D0 E56A BC53 5C83 =
  Phone: +49-17plutoUDM (+49-..) ICQ: 286852401

Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.