Computerworld

The US Navy's warfare systems command just paid millions to stay on Windows XP

Windows XP and other obsolete systems remain critical to the Navy's operations
The guided-missile frigate USS McClusky transits to a formation of U.S. and coalition forces during Rim of the Pacific 2010 exercises.

The guided-missile frigate USS McClusky transits to a formation of U.S. and coalition forces during Rim of the Pacific 2010 exercises.

The U.S. Navy is paying Microsoft millions of dollars to keep up to 100,000 computers afloat because it has yet to transition away from Windows XP.

The Space and Naval Warfare Systems Command, which runs the Navy's communications and information networks, signed a US$9.1 million contract earlier this month for continued access to security patches for Windows XP, Office 2003, Exchange 2003 and Windows Server 2003.

The entire contract could be worth up to $30.8 million and extend into 2017.

The first three of those products have been deemed obsolete by Microsoft, and Windows Server 2003 will reach its end of life on July 14. As a result, Microsoft has stopped issuing free security updates but will continue to do so on a paid basis for customers like the Navy that are still using those products.

The Navy began a transition away from XP in 2013, but as of May this year it still had approximately 100,000 workstations running XP or the other software.

"The Navy relies on a number of legacy applications and programs that are reliant on legacy Windows products," said Steven Davis, a spokesman for the Space and Naval Warfare Systems Command in San Diego. "Until those applications and programs are modernized or phased out, this continuity of services is required to maintain operational effectiveness."

Davis wouldn't provide more details about the systems or their use, citing cybersecurity policy, but an unclassified Navy document says the Microsoft applications affect "critical command and control systems" on ships and land-based legacy systems. Affected systems are connected to NIPRnet, the U.S. government's IP network for non-classified information, and SIPRnet, the network for classified information.

"A plan for migrating to current and supported capabilities has been developed and is being executed," Davis said.

Continuing to use the obsolete systems without the Microsoft contract would be risky.

"Without this continued support, vulnerabilities to these systems will be discovered, with no patches to protect the systems," the Navy document says. "The resulting deterioration will make the U.S. Navy more susceptible to intrusion ... and could lead to loss of data integrity, network performance and the inability to meet mission readiness of critical networks."

The Navy isn't alone in still relying on Windows XP. Approximately 10 percent of desktop PCs accessing websites using the StatCounter traffic reporting service during the current month were running Windows XP, giving it a market share just above that of Apple's OS X. Data from Net Applications puts XP's current share at just over 14 percent.

Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is martyn_williams@idg.com