Are the UK's borders being compromised by legacy IT systems?

Editor in chief

My sources suggest that the IT problems that affected UK airports and sea ports earlier this week were related to Warnings Index, the ageing system that sits at the heart of the UK’s border controls.

Travellers into the UK faced long delays through immigration on Wednesday 30 April as a result of the glitches. Airports including Gatwick, Heathrow, Luton, Stansted and Birmingham were affected, as well as Dover and Southampton docks.

Warnings Index (WI) is the common link between passport scanners, border control gates, and the systems used by border authorities. To ensure maximum resilience, every major port keeps a local copy of the WI database in case there is a problem with the central system.

If both the central system and the local databases were affected – as seems likely – it suggests a major flaw somewhere in Warnings Index or its underlying infrastructure.

We will never know for sure – the Home Office has a policy never to comment on anything to do with Warnings Index, such is its sensitivity and importance for UK border security.

WI is used to check travellers against lists of known criminals, terrorists or others that the government considers should be excluded from the UK or flagged upon entry.

The Warnings Index system, provided by Fujitsu, is understood to be nearly 20 years’ old. Previous parliamentary investigations have shown the data it contains to be poor quality, often out of date, and badly managed.

A report last year by John Vine, the independent chief inspector of borders and immigration, said Warnings Index contains “critical system vulnerabilities”.

If those vulnerabilities were related to the latest glitches, then Vine’s warnings cannot be heeded quickly enough.

But the planned replacement for WI continues to be delayed.

The Home Office’s latest plans to replace Warnings Index were vetoed by the Cabinet Office last year. The new Border Systems Programme (BSP) went before the Cabinet Office for approval in summer 2013, but was rejected because it did not conform to the guidelines issued by the Government Digital Service (GDS).

The project was subsequently reviewed and a new approach was initiated that conforms more closely to the agile and digital principles established by GDS, using in-house software developers to build a prototype system.

It was the second time plans to replace Warnings Index have run into problems.

BSP also aims to replace another critical border system known as Semaphore, which was developed by IBM in 2004 and intended to be only a pilot project before the wider e-Borders programme was put in place.

The original e-Borders programme was terminated last year and merged into BSP, four years after a £750m contract with Raytheon was cancelled. The current systems also do not support additional functions promised by the government, such as exit checks, which are needed to track people moving in and out of the country.

My sources also suggest that only a handful of people remain in government who have the skills and knowledge to support Warnings Index (a situation not uncommon to a lot of legacy government IT).

So the UK is a left with an ageing IT system, containing known vulnerabilities, with scarce supporting expertise, that has now been shown to have the ability to effectively close the UK’s borders if it fails.

A project may be underway to replace Warnings Index at last, but this week’s glitches demonstrate that until that is finally completed, there is a very real risk that UK border security could be compromised by its legacy IT systems.