The Louvre Museum in Paris recently experienced a bold theft, with thieves using a furniture lift to break through a second-floor window and steal jewelry. Luckily, the alarm systems worked as they should, and police arrived quickly. But this incident has revealed deeper issues with the museum’s security, especially its outdated technology and long-standing IT problems.

A report from the French Ministry of Culture has sparked a major review of security measures. The authorities are now pushing for new rules, more cameras around the building, and a complete overhaul of security procedures by the end of the year. While the details of the report are confidential, it’s clear that the museum’s security challenges go back many years.

Old Software and Security Gaps

It turns out the Louvre has been dealing with outdated technology for over a decade. Confidential audits from 2014 and 2017 show that some of its systems were seriously out of date. In 2014, the museum was still using Windows 2000, an operating system Microsoft stopped supporting in 2003. That means it no longer received security updates, leaving it vulnerable to hackers.

The audits also uncovered weak passwords on security systems. One video surveillance server used the simple password “LOUVRE,” and another Thales application had the password “THALES.” Experts recommended using complex passwords and updating software, but it’s unclear if these steps were ever taken. The museum refused to comment when asked about following these recommendations, suggesting some security lapses persisted.

The Cost of Technical Debt

Over the years, the Louvre accumulated a lot of old hardware and software. Many systems for video monitoring, intrusion detection, and access control became outdated. For example, in 2003, Thales supplied a system called Sathi, but by 2019, support for it had ended. Documents show that even in 2021, the museum was still running Sathi on a server using Windows Server 2003, which Microsoft stopped supporting in 2015.

This “technical debt” made security more difficult. As systems age, they become more vulnerable to attack, especially when updates and patches are no longer available. While there is no direct link between these issues and the recent break-in, the review highlights how years of neglect left the museum exposed. The report also pointed out that the museum underestimated the risks of intrusion for over 20 years.

Security Failures and Moving Forward

The recent incident has prompted a serious look at security flaws. The Inspectorate General of Cultural Affairs found that the Louvre’s surveillance and security protocols were not enough. The system’s weaknesses, combined with the long history of outdated technology, created opportunities for criminals.

In response, the culture ministry recommends installing more security cameras, improving governance, and updating all security protocols quickly. The focus now is on fixing these vulnerabilities and making sure the museum’s security is ready to face future threats. Although the recent burglary didn’t seem to be caused directly by the software issues, the incident has served as a wake-up call for the importance of modern, secure systems.

The Louvre’s story is a reminder of how critical it is to keep security technology current. Years of neglect can create gaps that even a quick police response can’t fully cover. As museums and other institutions face increasing risks, investing in up-to-date systems is more important than ever. Proper maintenance, strong passwords, and regular updates are key to protecting priceless cultural treasures.

Inspired by

• https://www.computerworld.com/article/4084017/louvre-delayed-windows-security-updates-ahead-of-burglary-2.html

Sources

• gmpg.org
• csoonline.com
• shutterstock.com
• theguardian.com
• gouv.fr