EXCL: HMRC ‘monitoring exposure’ to Windows 7 as end-of-support looms

Written by Sam Trendall on 5 December 2019 in News
News

Department reveals it has almost 1,800 PCs still running on ageing operating system

Credit: PA

With the end of support for Windows 7 little more than a month away, HM Revenue and Customs has revealed it still has almost 1,800 PCs running on the operating system – and no date set for upgrading.

Data released by the department to PublicTechnology under the Freedom of Information act reveals that HMRC owns 12,185 desktop computers and 29,282 laptops and tablets. 

The department has close to 60,000 full-time equivalent staff, and its FOI response indicated that “the rest of our estate is made up of leased tablet devices”.

Of the computing devices owned by the tax agency, a total of 1,577 desktops and 204 laptops still run on Windows 7 – support for which ends on 14 January 2020. 

This equates to 4.3% of the overall total of 42,167 machines. 

When asked about its plans to migrate these machines to Windows 10, the latest version of Microsoft’s flagship operating system, the department revealed that it has no definitive date for doing so. But officials will be keeping an eye on the situation in new year.


42,167
Number of PCs owned by HMRC


1,781
Number that still run on Windows 7
 

14 January 2020
End-of-support date


22 October 2009
Public release date of Windows 7


“We have no set upgrade deadline in place,” it said. “However, we are actively monitoring the additional exposure caused by the end of support on 14 January 2020.”

The 1,781 Windows 7 licences still in operation across in HMRC’s estate are, at least, the oldest in the department: none of its machines run on a version of Windows that predates the 10-year-old OS.

FOI tussles
From 14 January, Microsoft will no longer provide free technical help with the product, nor any updates to help protect against new threats. Extended support is available until as late as 2023 – although this will require payments that will escalate over time.

Monthly data from StatCounter reveals that an estimated 17.72% of all PCs in the UK still run on Windows 7.

As of June 2019, this included 1.05 million machines run by the NHS – which represent the majority of the 1.37 million PCs in use across the health service.

PublicTechnology research into Windows 7 usage across the public sector – more of which will be published over the next two weeks – has also found that a number of government agencies are still reliant on the decade-old software.

An FOI response from the Office for National Statistics revealed that 5,089 of its 8,570 PCs run on Windows 7. The organisation has set 31 March 2020 as its upgrade deadline.

The Information Commissioner’s Office, meanwhile, plans to migrate away from Windows 7 by the end of this month. The regulator will be upgrading the vast majority of its machines: 927 out of a total of 1,037.

Others, including the Cabinet Office, the Crown Prosecution Service, and the Department for Business, Energy and Industrial Strategy, have already completed this process.

Between them, the three agencies have moved a total of 21,793 PCs onto Windows 10, FOI data revealed.

However, In response to FOI requests from PublicTechnology, the majority of central government bodies refused to not only disclose information on their use of operating systems, but even confirm or deny whether they held such information in first place. 

Numerous public sector agencies – particularly central government bodies – cited FOI exemptions allowing non-disclosure in cases where an increased vulnerability to crime outweighs the public interest in transparency.

Several of these have gone through or are currently undergoing an internal review on our request, and a complaint lodged with the ICO about HM Land Registry’s repeated non-disclosure has been deemed “eligible for further consideration” and is currently being looked at by one of the regulator’s caseworkers.

HMRC also initially refused to confirm or deny whether it held the information requested. But this decision was overturned following an internal review.

Responding to PublicTechnology’s request for this review, it said: “Your email… challenges the view that knowing which operating systems are in use by a specific department makes that department susceptible to cyberattacks. Having reconsidered your original request, we agree that telling you about our operating systems would not in itself increase the risk to our systems. We have, therefore, looked at your request again and answered each question.”

 

About the author

Sam Trendall is editor of PublicTechnology

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

GDS annual programmes cost £5m less than expected
6 August 2020

Cabinet Office annual report shows digital agency also brought in more than £2m in extra revenue

The coronavirus ‘infodemic’: truth and conspiracy online
15 September 2020

The spread of online misinformation during the Covid-19 pandemic has exacerbated a public health crisis. PublicTechnology digs into a recent parliamentary inquiry to find out...

Personal data of all Welsh coronavirus cases compromised in breach
15 September 2020

Public Health Wales says leak that affected more than 18,000 people to have tested positive was attributable to ‘human error’

Related Sponsored Articles

Intelligent Spend Management in the Public Sector
24 September 2020

SAP Concur says it's time for the public sector to embrace more efficient invoice management technology

Digital inclusion is vital during the COVID-19 accelerated channel shift
22 September 2020

Accessibility requirements aren’t restrictions that need to be overcome - they’re guidelines to improve online experiences for everyone, says Jadu VP Richard Friend

IT Resilience: The Key to a Successful Digital Transformation
22 September 2020

Steve Blow, tech evangelist at Zerto, explains why digital transformation efforts could be futile if local authorities don’t address and improve their IT resilience