Nuclear hackingHackers could take control of missiles on U.K. subs, start a “catastrophic” nuclear war: Report
Britain’s Trident nuclear weapons deterrent program consists of four Vanguard-class submarines, each carrying up to sixteen Trident II D5 ballistic missiles with a nuclear warhead. Hackers could take control of nuclear weapons-carrying Vanguard-class submarines and start a “catastrophic” nuclear war, a new report warns. The 38-page report warns a security breach could “neutralize operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads (directly or indirectly).” Des Browne, former U.K. Defense Secretary, said: “To imagine that critical digital systems at the heart of nuclear weapon systems are somehow immune or can be confidently protected by dedicated teams of network managers is to be irresponsibly complacent.”
Hackers could take control of nuclear weapons-carrying Vanguard-class submarines and start a “catastrophic” nuclear war, a new report warns.
Britain’s Trident nuclear weapons deterrent program consists of four Vanguard-class submarines, each carrying up to sixteen Trident II D5 ballistic missiles with a nuclear warhead.
A report from the British American Security Information Council (BASIC) has pointed out disturbing security vulnerabilities in the U.K.’s nuclear weapons program. If exploited, these security flaws could lead to devastating loss of life and would render Britain defenseless against attack.
Fox News reports that
The 38-page BASIC report warns a security breach could “neutralize operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads (directly or indirectly).”
The report’s authors note that technological advances – advances which capable hackers could exploit – now move forward so rapidly, that even a nuclear weapons-carrying sub equipped with the best security measures available, could now be vulnerable to cyberattack.
The report stress that lone hackers and cyber criminals likely do not have the skills or capabilities to “conduct operations of the required scale and sophistication relevant to penetrating Trident systems.”
Such an attack would require the capabilities and sophistication of a nation-state.
“We are not talking about a lone wolf teenager in a basement hacking into the controls of a missile and warhead and starting a nuclear war,” the researchers said.
“Rather, we consider the most significant threat by some margin originates from the expanding investments by leading states in their offensive cyber capabilities, alongside their existing intelligence networks.”
The subs, which spend more than half the time submerged, are not connected to the internet and are difficult to track down or hack, something the authors acknowledge.
“Submarines on patrol are clearly air-gapped, not being connected to the internet or other networks, except when receiving (very simple) data from outside. As a consequence, it has sometimes been claimed by officials that Trident is safe from hacking.”
But this does not mean that the submarines are immune to hacking. To make this claim – as the Ministry of Defense does, “is patently false and complacent,” they researchers say.
The submarine do return to port for routine maintenance and refurbishment, and the report’s authors say that when in port, the subs could be “injected” with malicious software. This malware may lie dormant, waiting be activated remotely at the time of the hacker’s choosing.
“Trident’s sensitive cyber systems are not connected to the internet or any other civilian network. Nevertheless, the vessel, missiles, warheads and all the various support systems rely on networked computers, devices and software, and each of these have to be designed and programmed. All of them incorporate unique data and must be regularly upgraded, reconfigured and patched.”
Depending on the malware capabilities, it could allow the hackers, presumably working for a nation-state, to disable the launch mechanism of the nuclear arms on board at times of war, the report warned.
“Relying as it does upon numerous computers, complex software and endless lines of code, the Trident system is undeniably vulnerable to cyber interference,” the report said.
Des Browne, former U.K. Defense Secretary, told the Guardian that the threat of nuclear submarine hacking should be taken seriously.
“The WannaCry worm attack earlier this month affecting 300,000 computers worldwide, including vital NHS services, was just a taste of what is possible when cyber-weapons are stolen,” he said.
“To imagine that critical digital systems at the heart of nuclear weapon systems are somehow immune or can be confidently protected by dedicated teams of network managers is to be irresponsibly complacent.”
The report was written by Stanislav Abaimov, a researcher in cybersecurity and electronic engineering at the University of Rome and a graduate of the Moscow State Institute of Electronics and Mathematics, and Paul Ingram, Basic’s executive director.
Abaimov told the Guardian: “There are numerous cyber vulnerabilities in the Trident system at each stage of operation, from design to decommissioning. An effective approach to reducing the risk would involve a massive and inevitably expensive operation to strengthen the resilience of subcontractors, maintenance systems, components design and even software updates. If the U.K. is to continue deploying nuclear weapon systems this is an essential and urgent task in the era of cyberwarfare.”
— Read more in Stanislav Abaimov and Paul Ingram, Hacking U.K. Trident: A Growing Threat (British American Security Information Council [BASIC]), June 2017)
