Sometimes you'd just rather not have to press CTRL-ALT-DEL

, 21. December 2008     0 comment(s)
Charly Salonius-Pasternak
Senior Research Fellow - The Global Security research programme

Sometimes when a situation feels too serious, the only thing to do is laugh – think Cold War and Dr. Strangelove. Sometimes even this doesn’t help. This morning I wanted to reach for something stronger, as I read that the British Royal Navy had completed installation of a new computer system in its nuclear submarine fleet: Windows. Next up, it's newest destroyers.

The use of COTS (Commercial of the Shelf) kit has increased in the past two decades, and has resulted in real savings and efficiencies for the world’s militaries, so in principle I have no problem with it. Especially in a submarine environment, many of the issues related to Windows can be mitigated through good planning and implementation. Also, as I understand, even winning a game of minesweeper will not give Midshipman Janus the launch codes.

However, what continues to bother me is that one of the most explicit reasons for using Windows seems to have been that it would save taxpayers £22-25 million in support costs, over ten years! That’s about two million per year, which is what fraction of a percent of the nuclear submarine fleet’s operating costs?

If the Win 2000/XP based system was genuinely the best, wonderful! I’d like that kind of stability on my current desktop. If the system was chosen based on potential future cost savings, with the cost component weighing heavily, then I’m less sanguine about the news. The reason is two-fold:( 1) the potential cost savings quite often do not materialize, for reasons I’ll describe below, and (2) there many things where cost should only ever come into play if all other things are roughly equal.

First, support costs tend to increase as a product gets older, is less up-to-date with current advances, and fewer organizations are around to support it. In effect, a COTS product that had cheaper support costs initially, because many firms (theoretically) could be brought in to do support, ends up costing just as much as a bespoke system, once it reaches ‘legacy’ status. Moreover, since those providing support need to pass stringent security standards, the actual number of firms that can support military-grade COTS products is quite low, even lower if the COTS product was initially tailored. So, COTS products or software may be cheaper to acquire, but without effective market mechanisms there is no reason to believe that support of the products or software is over time cheaper.

Second, from the news it seems that estimated cost savings were a significant selling-point. In an environment where the blue screen of death could turn out literally to mean just that, I wonder how much cost was weighted in the evaluation. Hopefully nowhere as much as 80%, the percentage used to give a cancer testing contract to a private firm in Finland – quality or accuracy wasn’t a real consideration – with dire results: increased incidence of cervical cancer. At some point security and quality have to be the decisive factors, not price.

Like the significant majority of Finns, I have great faith in the people working in the Defence Forces and the Ministry of Defence. Accordingly, I hope that when anyone suggests achieving minuscule savings in line with the government efficiency program, by using a semi-tailored COTS package for a mission critical application, the person is met with an answer in the form of a question: “Do you really want to press CTRL-ALT-DEL and wait for some minutes when a cruise missile is homing in on Parliament?”

Texts reflect the opinions of the individual authors

Discuss the topic

Personal information