The British Library - the UK's National Library - was devastated in October 2023 by a ransomware attack [0] which had a massive knock-on effect on academic institutions, students and also 20,000 authors who derive income from Public Lending Rights.
One of the reasons that services still haven't been restored is that the Library relied heavily on ancient bespoke software running on old versions of OS. New IT is being installed that is more proof against modern cyber attacks, but the older library software simply doesn't run in modern environments. So they can't simply restore from backup, they have to port / reimplement some of their operational software.
This is why factories run airgapped networks -- tons of mission critical software only runs on really, really old platforms (think warehouse management systems running on a PDP9/11, or assembly machine control software that's been unsupported since Windows NT4).
It's a shame the same passion for porting old video games doesn't exist for library software. If we can get doom to run on a refrigerator surely we can get a less computationally intensive software to run - if only in a virtual machine on a more modern OS.
Library operations are simple CRUD, a competent engineer could replace most library systems with a webapp in a week. Running webapps on machines immune to ransomware is a solved problem.
These organizations are simply incompetent and are now paying the price for being run by fools who don’t know what they’re doing.
Not the ones that manage royalties payments to 1000s of authors depending on data collected by a national system of library IT, or the Secure (!) electronic delivery service that makes more than 100 million items available to researchers worldwide. See [1] for a full list of the massive range of non-trivial services operated by the National Library.
> These organizations are simply incompetent and are now paying the price for being run by fools who don’t know what they’re doing
Well Information Management is literally what some of their staff are trained in, but the National Library is publicly funded, so can't update software on its own terms.
I said most. The complex ones could be replaced by a small team and a month or two. It’s not a hard app.
Public funds should never be used to support such brittle and idiotic institutions, regardless of how noble their mission may be.
Running windows at scale off a read/write drive by untrained staff is negligent and has been for at least 5-10 years now. Putting windows in the hands of people who aren’t expert-level at data security without your own medium-sized IT security team to file off all of the rough edges and foot guns is like handing a pistol to a toddler. It’s your fault, not theirs. Of course they got ransomwared.
Give them a webapp and some iPads or Chromebooks. Stop pretending Windows endpoints for non-engineer staff is sane or reasonable. It’s absolutely not unless you have a dozen+ full-time dudes layered on top whose only job is to make it so. What works for Google doesn’t work for you, and what works for JPMChase and Boeing doesn’t work for you.
I've built library systems before - "simple CRUD" is just being naive at the complexity of not just some workflows, but the politics of library staff not wanting to change how they've done things for 20 years.
One of the reasons that services still haven't been restored is that the Library relied heavily on ancient bespoke software running on old versions of OS. New IT is being installed that is more proof against modern cyber attacks, but the older library software simply doesn't run in modern environments. So they can't simply restore from backup, they have to port / reimplement some of their operational software.
[0] https://en.wikipedia.org/wiki/British_Library_cyberattack