EXCL: HMRC ‘monitoring exposure’ to Windows 7 as end-of-support looms

Written by Sam Trendall on 5 December 2019 in News
News

Department reveals it has almost 1,800 PCs still running on ageing operating system

Credit: PA

With the end of support for Windows 7 little more than a month away, HM Revenue and Customs has revealed it still has almost 1,800 PCs running on the operating system – and no date set for upgrading.

Data released by the department to PublicTechnology under the Freedom of Information act reveals that HMRC owns 12,185 desktop computers and 29,282 laptops and tablets. 

The department has close to 60,000 full-time equivalent staff, and its FOI response indicated that “the rest of our estate is made up of leased tablet devices”.

Of the computing devices owned by the tax agency, a total of 1,577 desktops and 204 laptops still run on Windows 7 – support for which ends on 14 January 2020. 

This equates to 4.3% of the overall total of 42,167 machines. 

When asked about its plans to migrate these machines to Windows 10, the latest version of Microsoft’s flagship operating system, the department revealed that it has no definitive date for doing so. But officials will be keeping an eye on the situation in new year.


42,167
Number of PCs owned by HMRC


1,781
Number that still run on Windows 7
 

14 January 2020
End-of-support date


22 October 2009
Public release date of Windows 7


“We have no set upgrade deadline in place,” it said. “However, we are actively monitoring the additional exposure caused by the end of support on 14 January 2020.”

The 1,781 Windows 7 licences still in operation across in HMRC’s estate are, at least, the oldest in the department: none of its machines run on a version of Windows that predates the 10-year-old OS.

FOI tussles
From 14 January, Microsoft will no longer provide free technical help with the product, nor any updates to help protect against new threats. Extended support is available until as late as 2023 – although this will require payments that will escalate over time.

Monthly data from StatCounter reveals that an estimated 17.72% of all PCs in the UK still run on Windows 7.

As of June 2019, this included 1.05 million machines run by the NHS – which represent the majority of the 1.37 million PCs in use across the health service.

PublicTechnology research into Windows 7 usage across the public sector – more of which will be published over the next two weeks – has also found that a number of government agencies are still reliant on the decade-old software.

An FOI response from the Office for National Statistics revealed that 5,089 of its 8,570 PCs run on Windows 7. The organisation has set 31 March 2020 as its upgrade deadline.

The Information Commissioner’s Office, meanwhile, plans to migrate away from Windows 7 by the end of this month. The regulator will be upgrading the vast majority of its machines: 927 out of a total of 1,037.

Others, including the Cabinet Office, the Crown Prosecution Service, and the Department for Business, Energy and Industrial Strategy, have already completed this process.

Between them, the three agencies have moved a total of 21,793 PCs onto Windows 10, FOI data revealed.

However, In response to FOI requests from PublicTechnology, the majority of central government bodies refused to not only disclose information on their use of operating systems, but even confirm or deny whether they held such information in first place. 

Numerous public sector agencies – particularly central government bodies – cited FOI exemptions allowing non-disclosure in cases where an increased vulnerability to crime outweighs the public interest in transparency.

Several of these have gone through or are currently undergoing an internal review on our request, and a complaint lodged with the ICO about HM Land Registry’s repeated non-disclosure has been deemed “eligible for further consideration” and is currently being looked at by one of the regulator’s caseworkers.

HMRC also initially refused to confirm or deny whether it held the information requested. But this decision was overturned following an internal review.

Responding to PublicTechnology’s request for this review, it said: “Your email… challenges the view that knowing which operating systems are in use by a specific department makes that department susceptible to cyberattacks. Having reconsidered your original request, we agree that telling you about our operating systems would not in itself increase the risk to our systems. We have, therefore, looked at your request again and answered each question.”

 

About the author

Sam Trendall is editor of PublicTechnology

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

London police to roll out live facial recognition technology
24 January 2020

Critics ramp up opposition as force announces controversial kit will go into live operational use

Conservative manifesto: five tech takeaways
9 December 2019

Rounding up the Tories’ key pledges in the area of digital and data, including a new cybercrime force and tax incentives for investments in cloud computing

Regulators issue warning over police use of facial recognition
27 January 2020

Biometrics and information commissioners remind Met Police that questions remain over both legal footing and public sentiment 

Related Sponsored Articles

Was legendary grand master Yoda using red teaming to evaluate all his defences?
17 December 2019

Take away all the boundaries in security testing, and protect your organisation from the dark side, with red teaming to evaluate your defences and expect the unexpected - BT explains how 

Three best-practice measures in the event of a data breach
3 December 2019

To have the best chance of an effective response and a full recovery, organisations should have a robust incident response strategy in place, says BT