According to TheRegister.com, the UK’s Department for Environment, Food & Rural Affairs (Defra) spent £312 million modernizing its IT systems, including replacing 31,500 Windows 7 laptops with Windows 10. The department also addressed over 49,000 critical vulnerabilities, migrated 137 legacy applications, and closed one aging datacenter. This massive investment came despite Microsoft ending support for Windows 10 on October 14, 2024, unless customers pay for extended updates. Defra still has 24,000 end-of-life devices to replace along with 26,000 smartphones and network infrastructure. The details emerged in a letter from interim permanent secretary David Hill to MP Sir Geoffrey Clifton-Brown, responding to a Public Accounts Committee report from May 2023 that was submitted over a year late.
<h2 id="windows-10-stopgap”>The Windows 10 stopgap
Here’s the thing that really stands out: Defra just spent hundreds of millions moving to an operating system that Microsoft stopped supporting last month. That’s like buying a new car that the manufacturer just announced they’ll stop making parts for. The department insists this refresh will improve critical systems like flood prevention and border controls, but the timing suggests they might have just traded one obsolete system for another.
And let’s talk about those 24,000 devices still needing replacement. That number tells you everything about how deep the technical debt runs. These are likely older machines that can’t even handle Windows 10 properly, let alone Windows 11. So what was the point of this massive upgrade if they’re still running hardware that’s essentially outdated?
The cloud migration plan
Defra’s next phase focuses on moving business-critical applications to the cloud and replacing all that aging hardware. They’re talking about phasing out paper forms and investing in automation and AI to cut costs. But here’s the question: why wasn’t this the priority from the start?
Large-scale government IT projects have a terrible track record of going over budget and behind schedule. The fact that Defra missed its reporting deadline by over a year doesn’t exactly inspire confidence. Now they’re promising “significant efficiency savings” in the next spending period, but we’ve heard that before from government tech projects.
Security concerns linger
The department is deploying what they call a “hyper care” security solution to protect obsolete servers until full upgrades happen. That’s basically putting bandaids on systems that need major surgery. When you’re dealing with critical infrastructure like flood prevention and border controls, running outdated software isn’t just inefficient—it’s potentially dangerous.
And think about this: if they’re paying Microsoft for extended Windows 10 support, that’s additional money on top of the £312 million already spent. If they’re not paying? Well, that’s even more concerning from a cybersecurity perspective.
The bigger picture
Look, I get it—government IT modernization is incredibly complex. Defra’s letter to Parliament shows they’re at least trying to address years of deferred upgrades. Moving from Windows 7 to Windows 10 was probably necessary as an intermediate step.
But the real test will be whether they follow through with the cloud migration and hardware replacement they’ve promised. If they stop at Windows 10, they’ll find themselves in exactly the same position in a few years—maintaining another unsupported system, just with a different version number. Basically, they’ve bought themselves some time, but the clock is already ticking.
