FOI reference: FOI/17/01556
Date received: 9 June 2017
Date responded: 7 July 2017
- The number of servers supporting IT systems that are running on unsupported technologies, specifically Windows 2003 or earlier.
- The name of any systems running on unsupported servers.
- What steps (if any) are being taken to ensure that data held on these servers is secure and the timescale for any remedial work to be undertaken.
- I can confirm that of over 2200 servers running in the Scottish Government's Network (SCOTS), 39 servers are running on the Windows 2003 Server platform. No earlier server platforms are on the Scottish Government network.
- For reasons outlined in Annex A it is not possible to name systems and solutions running on down-level platforms.
- Of the 39 servers running Windows 2003 Server, 22 are in the process of being actively decommissioned, while the remaining Servers have replacements on Windows 2012 Server and above either in development or at pilot stage.
Annex A: reasons for not providing information
An exemption under section s30(c) of FOISA applies to some of the information you have requested. Your request asks specifically for information relating to infrastructure. Disclosing this information would substantially prejudice our ability to protect government digital assets and digital information. Providing details about specific products and configurations we use puts information into the public domain which could subsequently be used by attackers or hackers to identify vulnerabilities, or to determine what our defences are. Indications are that such attacks on systems are by no means unusual and this risk of substantial prejudice can therefore be classed as likely.
This exemption is subject to the 'public interest test'. Therefore, taking account of all the circumstances of this case, we have considered if the public interest in disclosing the information outweighs the public interest in applying the exemption. We have found that, on balance, the public interest lies in favour of upholding the exemption. We recognise that there is a public interest in disclosing information as part of open, transparent and accountable government. However, there is a greater public interest in protecting government information systems from attack or compromise and ensuring that the Scottish Government is able to conduct its business effectively. There is also greater public interest in ensuring that any identified vulnerabilities could not be used to attack Scottish Government systems that hold information entrusted to us by the citizens for whom we provide online services, and for whom we also have responsibilities under the Data Protection Act to protect personal information.
The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses
Please quote the FOI reference
Central Enquiry Unit
Phone: 0300 244 4000
The Scottish Government
St Andrew's House