Has the Met Police learnt nothing from the failures of the NHS in the aftermath of the WannaCry attack?
A shocking 18,000 police computers are still running the decommissioned Windows XP operating system, raising fresh cyber security fears for the Metropolitan Police.
Information obtained by London Assembly member Steve O’Connell has revealed that 18,293 police force devices and computers still use the old software.
The latest figures come in the aftermath of the widely publicised WannaCry ransomware attack, with Windows XP a key component of why the attack was so successful.
When the initial exploit was first leaked in April, Microsoft issued a security patch, but as is standard did not include legacy Windows XP in the update. The NHS, another key public service, was denounced for its continued use of the old software and paid a hefty price – 40 NHS hospitals were knocked offline and computer access was cut for 24 trusts nationwide in the attack.
Microsoft then took the unusual step of issuing a new security patch for the decommissioned software over fears a glitch made it susceptible to hackers.
However, history may repeat itself with the latest figures revealed by Mr O’Connell.
The figures show the dated-XP remains the most-used operating system across the Met’s IT portfolio despite repeated warnings it is no longer fit for purpose. Although the Met Police is making slow progress in updating its systems – 14,450 computers have been updated to Windows 8.1, and a further eight to Windows 10 – the risk of cyber attack is increasing. Furthermore, a recent audit by the Information Commissioner’s Office said use of the software could affect the secure handling of personal data.
“The recent cyber-attacks on Parliament and the NHS show what a serious matter this is,” said Assembly Member O’Connell.
“The Met is working towards upgrading its software but in its current state it’s like a fish swimming in a pool of sharks.
“The recent patch issued my Microsoft and the ICO audit shows there is significant industry concern.
“It is vital the Met is given the resources to step up its upgrade timeline before we see another cyber-attack with nationwide security implications.”