Dutourdumonde - Fotolia

Met Police vulnerable to cyber attacks due to Windows XP use, GLA warned

The Greater London Authority fears the Metropolitan Police is vulnerable to cyber attacks after figures reveal more than 18,000 devices in the force still run on Windows XP

The Metropolitan Police Service (MPS) still uses Windows XP on more than 18,000 computers, putting the force at risk of cyber attacks,  the Greater London Authority (GLA) has been warned.

Although the MPS is in the process of updating its operating systems, XP remains the most-used operating system across the police force with 14,000 devices running on Windows 8.1 while more than 18,000 still use XP, for which Microsoft no longer provides support.  

The warnings come from London Assembly member Steve O’Connell following the WannaCry ransomware attack, which affected more than 200,000 computers in 150 countries. The information on Met Police Windows use was obtained by O'Connell after a written question to the London Mayor.

In the UK, the attack caused major disruption across the NHS as it affected 48 trusts in England, including hospitals, GP surgeries and pharmacies, as well as 13 NHS organisations in Scotland. 

Failure to update to the Windows operating system was cited as one of the main reasons the organisations were vulnerable to the ranomware attack, which targeted a known vulnerability in Windows. Microsoft has issued a security patch, however, many organisations have not yet updated their software. 

The Information Commissioner's Office (ICO) recently performed an audit of the MPS which found that without “critical Windows XP security updates, there is a residual risk to personal data”. 

“There are currently weaknesses relating to removal of access to MPS applications and buildings once no longer required. The MPS are aware of these risks and are working to replace systems to mitigate the risk of unauthorised access to buildings,” the audit said.

O’Connell, the GLA Conservatives’ spokesman for policing and crime, said the recent cyber attacks “show what a serious matter this is”.

“The Met is working towards upgrading its software but in its current state it’s like a fish swimming in a pool of sharks. The recent patch issued by Microsoft and the ICO audit shows there is significant industry concern,” he said.

“It is vital the Met is given the resources to step up its upgrade timeline before we see another cyber-attack with nationwide security implications.”

Another global ransomware attack was spreading this week, exploiting the same vulnerability as Wannacry.

Read more about Met Police IT

The Met Police command and control system contract with Northrop Grumman was cancelled as there was “no prospect of a finished product being delivered” in time

The Metropolitan Police aimed to cut 700 IT jobs under a plan to outsource software development and IT services in its Digital Policing arm

Read more on IT for government and public sector