Nearly 30,000 London Metropolitan police computers are still using Windows XP, raising eyebrows among cyber-security experts who point out that XP no longer receives security updates from Microsoft.
The Met arrived at this number after upgrading 8000 computers to Windows 8.1, slashing the number of XP reliant computers from 35,000 last year to 27,000. The final migration of Met computers was, according to The Register, supposed to be completed in March this year.
The contention was raised by London councillor Andrew Boff, a Conservative member of the Greater London Assembly (GLA).
Boff addressed the GLA saying, “Operating systems age more like milk than wine, and Windows XP is well past its sell-by date.”
Boff went on to say that the fact 27,000 Met police computers are still using the OS is “worrying”. Of principal concern is the security of Londoner's data on such an old OS.
Not only did XP suffer from a number of security problems in its lifetime, but Microsoft also ceased supporting it as far back as March 2014.
It was at that point, however that the Met extended its support contract with Microsoft until April 2017, at a cost of £1.65 million, which, according to the service “means we have no security concerns as a result of our continued use of XP”.
“Most organisations have less than half a dozen Windows XP computers, or none at all,” said Justin Harvey, CSO at Fidelis Cybersecurity. “Even with Microsoft creating the occasional patch, Windows XP has proven to be extremely insecure and should be replaced with Windows 10 with haste.”
“I would also advise the Met Police to ‘assume compromise,' which means that with this amount of legacy systems, there stands a very high probability that it's been breached. Until the Met Police gets all of its Windows XP systems upgraded, I would also recommend doubling down on monitoring the network and hunting for threats as a possible mitigation strategy.”
A spokesperson for the Met police told SC,“The MPS is undergoing a complete refresh of its information technology processes, infrastructure, and equipment – including its desktop computers.”
However, he added: “The upgrade programme is not as simple as it would be for many other organisation due to the amount of specialist legacy software upon which parts of the MPS still rely.”
With the recent upgrade of 8000 machines, the Met plans to replace many computers with laptops and tablets. Another 6000 will be upgraded by December, leaving 21,000 machines languishing in the senile grip of XP.
Boff was however sceptical of that decision too: “This is neither the newest version of Windows nor the most used version of the software. Staff are likely to be more familiar with Windows 10, but most importantly it will be supported further into the future.”Boff did not respond to requests for comment.