Dutourdumonde - Fotolia
The Metropolitan Police Service (MPS) still uses Windows XP on more than 18,000 computers, putting the force at risk of cyber attacks, the Greater London Authority (GLA) has been warned.
Although the MPS is in the process of updating its operating systems, XP remains the most-used operating system across the police force with 14,000 devices running on Windows 8.1 while more than 18,000 still use XP, for which Microsoft no longer provides support.
The warnings come from London Assembly member Steve O’Connell following the WannaCry ransomware attack, which affected more than 200,000 computers in 150 countries. The information on Met Police Windows use was obtained by O'Connell after a written question to the London Mayor.
In the UK, the attack caused major disruption across the NHS as it affected 48 trusts in England, including hospitals, GP surgeries and pharmacies, as well as 13 NHS organisations in Scotland.
Failure to update to the Windows operating system was cited as one of the main reasons the organisations were vulnerable to the ranomware attack, which targeted a known vulnerability in Windows. Microsoft has issued a security patch, however, many organisations have not yet updated their software.
The Information Commissioner's Office (ICO) recently performed an audit of the MPS which found that without “critical Windows XP security updates, there is a residual risk to personal data”.
“There are currently weaknesses relating to removal of access to MPS applications and buildings once no longer required. The MPS are aware of these risks and are working to replace systems to mitigate the risk of unauthorised access to buildings,” the audit said.
O’Connell, the GLA Conservatives’ spokesman for policing and crime, said the recent cyber attacks “show what a serious matter this is”.
“The Met is working towards upgrading its software but in its current state it’s like a fish swimming in a pool of sharks. The recent patch issued by Microsoft and the ICO audit shows there is significant industry concern,” he said.
“It is vital the Met is given the resources to step up its upgrade timeline before we see another cyber-attack with nationwide security implications.”
Another global ransomware attack was spreading this week, exploiting the same vulnerability as Wannacry.
Read more about Met Police IT
The Met Police command and control system contract with Northrop Grumman was cancelled as there was “no prospect of a finished product being delivered” in time
The Metropolitan Police aimed to cut 700 IT jobs under a plan to outsource software development and IT services in its Digital Policing arm