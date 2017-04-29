Follow Slashdot stories on Twitter

 


Some Of The Pentagon's Critical Infrastructure Still Runs Windows 95 And 98 (defenseone.com) 38

Posted by EditorDavid from the clinging-to-the-Start-button dept.
SmartAboutThings writes: The Pentagon is set to complete its Windows 10 transition by the end of this year, but nearly 75% of its control system devices still run Windows XP or other older versions, including Windows 95 and 98. A Pentagon official now wants the bug bounty program of the top U.S. defense agency expanded to scan for vulnerabilities in its critical infrastructure.
DefenseOne raises the possibility of "building and electrical systems, HVAC equipment and other critical infrastructure laden with internet-connected sensors," with one military program manager saying "A lot of these systems are still Windows 95 or 98, and that's OK -- if they're not connected to the internet." Windows Report notes that though Microsoft no longer supports Windows XP, "the Defense Department is paying Microsoft to continue providing support for the legacy OS."

  • Yeah. Tons of stuff is old (Score:1)

    by Anonymous Coward

    You wouldn't beleive the crap that gets implemented. In the last three years I've seen new control systems implemented in windows 2000 pro because that's what the government agency mandated. It's all over the place but fortunately in most cases it's not ever internet connected.

    Posting ac of obvious reasons.

    • You think that's bad? They still use 8" floppies to control the Minuteman nuclear missiles.

  • ...we still run Windows 3.0 with dialup Internet.

  • Wow (Score:4, Funny)

    by Patent Lover ( 779809 ) on Saturday April 29, 2017 @03:04PM (#54325851)
    They should really upgrade to Vista.

  • Hopefully they realize that means more than "there's no Ethernet cable connecting this computer to the network", since it sounds like these ancient systems may be connected in various ways to other equipment.

    • Hopefully they realize that means more than "there's no Ethernet cable connecting this computer to the network"

      That a piece of equipment is connected to a network via an Ethernet cable does not mean it's connected the The Internet.

  • We're living in a time where we're building critical infrastructure expected to last decades and integrating it with IT equipment with a lifespan of a few years. So the options are to perform major infrastructure upgrades every few years (which is expensive) or run seriously outdated software (possibly dangerous).

  • Especially if you consider that almost two-thirds of US navy planes can't fly. [defensenews.com]

    Hope this administration can deliver on their [campaign] promise.

  • you really have to wonder

    1 the source would be available so they never have to worry about obsolesence.
    2 in runs on all sorts of hardware so they could maintain very nice consistency across many processor/platforms
    3 the NSA is working on secure linux, and could certainly help to harden military grade linux
    4 to get work done, they could fund open-source efforts. the work would help the military and the country alike.

    probaly makes too much sense. much better to have a closed-source, proprietary system that

  • Our heating system is run by Win 95 Big deal (Score:4, Interesting)

    by jfdavis668 ( 1414919 ) on Saturday April 29, 2017 @03:38PM (#54325945)
    I work in a building where the heating system is controlled by a Windows 95 machine. Big deal. It's not network connected, and runs like a champ. It only changes the configuration of the system, it doesn't run the system minute by minute. If it goes down, we can recreate it easily. Worry about business critical infrastructure, not old hardware that works.

  • So does that mean the DoD can run Windows XP on Ryzen?

  • If they're critical, don't connect them to the internet. See, that was easy, wasn't it.

    Connecting critical infrastructure to the internet is like putting a top secret next gen nuclear bomb on display in the middle of LA and expecting nobody to try and fuck with it... But I can all the wannabe IT "professionals" out there saying "but a proper firewall and vpn along with continuous monitoring will keep things safe"... no, it won't, you fucking retard... firewalls, vpns, and monitoring systems aren't much b

  • since they are not getting forced updates

