Britain's Nuclear Subs In Cyber War

Uploaded on 2016-01-14 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

Trident Nuclear Submarine HMS Victorious

The British Ministy of Defence  wants to spend £31 billion on a new fleet of submarines kitted out with the latest nuclear missiles. But could these deadly weapons and the Royal Navy's two new aircraft carriers be rendered impotent by cyber warfare?

Former defence secretary Lord Browne said recently there could be no guarantee of a reliable nuclear deterrent without an “end-to-end” assessment of the cyber-threat to the system.

Cyber warfare expert Kim Zetter, author of Countdown to Zero Day, told Daily Star Online around 20 countries were ramping up their cyber warfare capability.
Britain and America's nuclear subs communicate with the admirals on shore by way of a special computer system, which is not connected to the Internet.

The absence of an Internet connection is known in the military and computer world as "air gapping" and was always thought to make such systems impossible to hack into.
But Ms. Zetter told Daily Star Online: "Air gapping is no longer as secure as people once thought it was."
And one experienced hacker, known as Rebirth, told the Daily Star Online: "There are ways to get around air gaps. No network is actually secure. You can possibly run by the area with a signal decompressor and disable it completely.
"Modern computer-controlled hardware will always have someone trying to gain access to it and someone will always be trying to gather information on their enemy so it is important for these systems to be secure and always checked for vulnerabilities."

Asked if it was possible for a James Bond-style "baddie" to take over Britain’s subs and target them on London, Rebirth said: 'It is not far fetched. If you have the skills to do so anything is possible."
In 2010, a computer worm called Stuxnet was discovered by researchers in Belarus.
German researcher Ralph Langner and his team then helped crack the code that revealed this digital warhead's final target. It has been created by the US and Israel to derail the Iranian nuclear programme.

Ms. Zetter said Stuxnet proved the vulnerability of computer systems.
The US spent millions of dollars creating the Stuxnet malware and then infecting the computers of contractors who then passed on the virus to the Iranian computers at a vital centrifuge.

It is the first and only known cyber warfare attack and the computers at the centrifuge WERE air gapped. But Ms. Zetter says it almost certainly was not the only one. Two other incidents may have been cyber attacks.

During the first Gulf War US Patriot missiles were based in Israel and were designed to protect that country from Saddam Hussein's Scud missiles.

But somehow the Patriots missed the incoming missiles. It was blamed at the time on a "software glitch".

Software failure was also blamed for an incident in South Africa when a gun suddenly went out of control and began aiming at its own soldiers.

Air gapped systems can also be attacked through radio waves and researchers in Israel showed how they could siphon data from an air gapped machine using radio frequency signals and a nearby mobile phone.

In 2014 it was reported that Mr Cameron had pledged to spend £1.1 billion on tackling cyber warfare threats. But most of that money has gone on drones and only a fraction on cyber threats.

The nightmare scenario is of a James Bond-style scene where a cyber attack led to Britain's nuclear missiles being redirected at London or Washington or maybe Moscow.

That may still be some way off but some experts fear that our enemies – be they Russia, China, North Korea or ISIS – could be working on ways to sabotage the West's military advantage.

Last month American tech security tycoon John McAfee said ISIS, or Daesh, was far more advanced in terms of cyber warfare than we thought and he added: "We have to prepare ourselves, because the next war is not going to be fought with bombs and battleships and airplanes. "It’s going to be a cyber war, fare more devastating than any nuclear war."

Lord Browne, who was defence secretary between 2006 and 2008, highlighted a report by the US Department of Defense. It warned that the US and Britain "cannot be confident" their defence systems would be able to survive an “attack from a sophisticated and well-resourced opponent utilising cyber-capabilities in combination with all of their military and intelligence capabilities”.

Franklin Miller, a former White House defence policy official, said the report was meant as a "shot across the bow" to some in the US defence community who were planning on connecting defence systems to the Internet.

But Lord West, a former Royal Navy admiral, told the Daily Star Online: "I asked a question in the Lords recently. Up until I left, the Navy had the whole thing air gapped and I said I hoped the upgrade would be air gapped. As soon as you connect it it's vulnerable.

"The Americans were thinking of upgrading all their communications and linking it into the web because it's cheaper. As soon as you connect things you're vulnerable."

Lord West said: "The Russians are good at cyber warfare but not as good as the NSA (US National Security Agency) or GCHQ.

"The next best after the Russians are probably the Israelis. The Swedes have a niche capability. The Chinese have massive capability, huge in scale. But it's not clear how good they are.

"But rather like Enigma it's often the devil you know. The Chinese are already hacking into our companies. But it's the unknown or as Dick Cheney said the known unknown."

"It's a matter of having to look at what vulnerabilities are there. The F-35 Lightning for example has a back-up programme and the US have put a lot of money into that and making sure it's not get-at-able.

"With the Royal Navy's aircraft carriers there will be connectivity but money has been put aside to protect them. The more you use big data the more you need firewalls. New ships are bound to be less vulnerable than old ones."

But Kim Zetter said: "There are definitely cyber mercenaries out there who would sell their hacking and programming skills. Any country can acquire the capability if they are willing to pay for it…They don't have to be people with political sympathies. Some are supporters of ISIS and have these skills."

The experienced hacker, Rebirth, said Iran was not the only country which had been hit by cyber attacks and added: "These countries are too proud or embarrassed they have fell victim to these attacks." He said Britain’s new nuclear submarine fleet could actually make them a "bigger target for cyber attackers".

Ein News: http://bit.ly/1IYiUkH

« Investing In Artificial Intelligence
USA 2016: How Will Snowden Vote? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Gigamon

Gigamon

Gigamon provides intelligent Traffic Visability solutions that provide unmatched visbility into physical & birtual networks without affecting the performance or stability of production environments.

MarQuest

MarQuest

MarQuest provides services and systems to enhance network reliability and security.

PrimaTech

PrimaTech

PrimaTech provide process safety, cyber and process security, and risk management consulting, training and software for the process industries.

Brainloop

Brainloop

Brainloop's security architecture enables you to work on and distribute strictly confidential documents both within and beyond the firewall.

DAkkS

DAkkS

DAkkS is the national accreditation body for Germany. The directory of members provides details of organisations offering certification services for ISO 27001.

Phy-Cy.X Security Group

Phy-Cy.X Security Group

Phy-Cy.X specialize in the “Physics” of Information Security through both physical and cyber domains. We are not an IT company, we ARE an Information Security company.

Internet Crime Complaint Center (IC3)

Internet Crime Complaint Center (IC3)

The Internet Crime Complaint Center provide the public with a reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated criminal activity.

Psybersafe

Psybersafe

Psybersafe is a hands-on, behaviour-changing training system that keeps your people and your business cyber safe.

GuardYoo

GuardYoo

GuardYoo's SaaS platform allows cybersecurity professionals to perform Compromise Assessment remotely from anywhere in the world.

CXI Solutions

CXI Solutions

CXI Solutions: Your trusted partner in cybersecurity. We offer a full range of cybersecurity solutions to protect your business from digital attacks and virtual threats.

Aegis Cyber Defense Systems

Aegis Cyber Defense Systems

AEGIS is a powerful cybersecurity tool that can help protect your devices and networks from cyber threats, and increase performance.

TrustMe

TrustMe

TrustMe’s integrated platform for business trust and resilience keeps organizations safe, secure, and trustworthy.

Custom Computer Specialist (CCS)

Custom Computer Specialist (CCS)

CCS offers an extensive range of services including cybersecurity solutions, consulting, implementation, and support to help our clients maximize the value derived from IT investments.

Waterleaf International

Waterleaf International

Waterleaf provide advanced network and cybersecurity solutions - informed by data sciences. Transforming Connectivity, Security and Information for Municipalities, Government & Enterprise.

Sacumen

Sacumen

Sacumen is a niche player in the cybersecurity market, solving critical problems for security product companies.

Longbow Security

Longbow Security

Longbow automates root cause for your application and cloud risks, enabling teams with intelligent remediation actions that reduce the most risk with the least effort.