State must pay €3.3m security bill after missing Windows XP deadline
The government has agreed to pay €3.3m in extra fees to Microsoft for emergency IT security cover due to a missed deadline for upgrading its IT systems.
The extra cost has been agreed as the Government admits that it will not upgrade its old computer systems in time for an April 8 deadline when Microsoft cuts off most security support for its older Windows XP computer operating system. A spokesman for the Department of Public Expenditure said that the €3.3m cost will have to be paid by individual government departments.
"The Office of the Government Chief Information Officer has signed a memorandum of understanding with Microsoft whereby affected organisations can get access to priority security bug fixes for 12 months from April," said a spokesman for the Department of Public Expenditure and Reform.
Microsoft has been warning its customers for several years about the April 8, 2014 cut-off deadline for Windows XP support.
After that date, the IT giant will discontinue security support for the system.
"After April 8, 2014, Microsoft will no longer provide security updates or technical support for Windows XP," according to Microsoft's website. "Security updates patch vulnerabilities that may be exploited by malware and help keep users and their data safer. PCs running Windows XP after April 8, 2014, should not be considered to be protected."
The Windows XP shutdown has left some large companies, banks and government bodies requiring emergency IT support to tide the organisations over until they switch to a more modern Microsoft operating system.
"Given the initial baseline information, the cost of each organisation sheltering under individual agreements for 12 months would have been €14.2m," said a spokesman for the Department of Public Expenditure and Reform. "Following discussions surrounding a cap on cost, the overall cost was negotiated down to €3.3m for 12 months including some Microsoft technical inputs. This is a value-for-money solution to a global issue."
The spokesman said that the cost will not be paid from any central fund or additional voted allocation, but will fall to individual departments and organisations with the sectors covered by the interim IT security arrangement.
The spokesman identified four main sectors covered by the memorandum of understanding, including departments of Health, Justice, Environment and Education. The spokesman also said that the interim IT deal would also cover "associated entities" to these government departments.
The spokesman said that several Government organisations had already upgraded from Windows XP to "more modern versions of the Microsoft products or found alternative solutions". These included the Department of Public Expenditure and Reform, the Department of Social Protection and the Department of Agriculture, said the spokesman.
According to recent figures from Statcounter, at least 10pc of Irish computers still use the outdated operating system. Windows XP is 12 times more insecure than Windows 8, according to Microsoft.