NYTransitWoe

The lack of expertise in old tech is in itself a security risk. If a system needs maintenance and you have to spend extra time finding the person to do the job, that is the time you are exposing your system's vulnerabilities. And I don't need to mention to you the number of times banks and credit agencies have been hacked over the years. And to your point about software being vulnerable instead of hardware, old hardware usually runs old software, because newer software often have system requirements that demand newer hardware. So in short, again, your statement of "aged hardware <> insecure" may be true in the rawest sense, but in all practical purposes everybody knows that's not true. But if you get NEW hardware to run old software, that's different. My company is in such a position. Our mission-critical software was written for an ancient OS called PICK system from the 80s, with no modern security whatsoever. But IBM made a Windows software called "Universe" that happens to support PICK system. So we bought a modern Windows server PC with all the modern security, run "Universe" on it, and it in turns runs the ancient software that we use to this day. Our software, which had no security, now requires Windows authentication to run. We are happy to not only be able to continue using the software, but also have better security as well.

It is not just the aged computer, but anything networked to it could be vulnerable. There may not even need to have networking involved. Any activities, offline or on, networked or not, that have some relation with the aged equipment, not necessarily technical activities, could cause problems that would ultimately affect security. So for all practical purposes (at least in private businesses than I'm in; maybe government agencies are different), age IS a concern for security. In short, you put an outdated equipment in any environment that has at least some relation to the mission-critical functions in that environment, you have a problem. And that problem may affect security. Sure, if you have the technical expertise to make an old computer secure, you can do that. But nobody is going to do that in all practical purposes.

But keeping old hardware is just a bad idea in general because tech support and maintenance becomes harder and more expensive as the hardware ages. Of course you can fix anything and make anything secure, but sometimes it is cheaper to just buy new hardware than fix old ones. E.g. I could replace the broken ISA sound card on my 90s PC, or I could just upgrade to newer tech. It's always best to quit on a technology at the right time than to have an outdated technology quit on you at the most inopportune time. So I think this is just another case of MTA keeping their equipment way past its shelf life, just like its 1930-era switching system.

This photo was taken in the 42nd St Time Square Station. It shows a really old computer's start-up screen. Those who used PCs in the 90s should recognize this. The screen even says "American Megatrends 1997" on top. I saw this yesterday and it was still here this morning. I remember these vending machines were first used in the 90s. That means the computer inside this vending machine came from the 90s and has probably never been upgraded all this time, which is rather disturbing to say the least. We have been putting our credit card info into a 20-year-old computer that has probably very little E-security to speak of. I hope they are in the process of finally upgrading these computers, which may explain the boot-up screen,