The Royal Navy and BAE Systems plc were pleased as punch yesterday to announce that their implementation of Windows for Submarines™ is complete ahead of schedule. Windows boxes on Ethernet LANs are now in control of the UK's nuclear-propelled and nuclear-armed warship fleet.
The programme is called Submarine Command System Next Generation (SMCS NG), and uses varying numbers of standard multifunction consoles with two LCD screens, hooked up on an internal Ethernet network installed on each sub. Initial reports as the programme developed suggested that the OS in question would be Windows 2000, but those who have worked on it have since informed the Reg that in fact it is mostly based on XP.
BAE and the Navy say the project has completed early, as many of the systems were installed extremely fast. The entire command system of HMS Vigilant, a Trident nuclear-missile submarine, was apparently replaced with the SMCS-NG Windows LAN in just 18 days, according to BAE. The use of commercial-off-the-shelf technology is expected to save the taxpayer as much as £22m in support costs over the next ten years - a bit more than £2m a year, or about a thousandth off Trident's running costs.
“This is a fantastic achievement," said Captain Pat O'Neill. "From speaking to operators and maintainers, I know how much they like SMCS NG. BAE Systems' work is proof that we can get commercial off the shelf technology to sea quickly and support it affordably."
Many in the software community have viewed the Royal Navy's wholesale move to Windows-based command systems with concern, feeling that the savings are not such as to justify possible losses in security, reliability and assurance. In addition to the existing nuclear submarine fleet, the RN will use similar equipment to handle its new Type 45 destroyers (http://www.theregister.co.uk/2007/11/27/hms_diamond_launches_ouch_ouch/) in combat, and versions of SMCS-NG will also lie at the core of the upcoming Astute-class subs.
Here on the Reg naval desk, we'd go relatively easy on submarine worries - even the Trident boats - as sub command LANs are by their nature very isolated and physically secure, and submarines almost never need to give their command systems autonomous firing authority.
By contrast, however, an air-defence destroyer like the Type 45 - if it is to be much use - will fairly often have to give its collection of Windows boxes the ability to loose off a sheaf of Aster missiles without human authorisation. Shooting down the possible supersonic sea-skimmers of tomorrow will be even more impossible with the delays of having humans in the loop.
Just to add to the slight feeling of nerves, a destroyer LAN will need to be connected to other networks off the ship as a matter of routine, and physical access to a destroyer is hugely easier than to a sub as well.
So we aren't really looking at Windows boxes triggering nuclear armageddon if something goes wrong here. But we just might, if things go wrong, be looking at a computer snag causing another USS Vincennes airliner shootdown disaster (http://news.bbc.co.uk/onthisday/hi/dates/stories/july/3/newsid_4678000/4678707.stm) in coming years. Or, of course, at British sailors of the future staring helplessly at what would shortly be literally a blue screen of death, as the shipkillers bored in without response. ®