Britain's Nuclear Subs In Cyber War

Trident Nuclear Submarine HMS Victorious

The British Ministy of Defence  wants to spend £31 billion on a new fleet of submarines kitted out with the latest nuclear missiles. But could these deadly weapons and the Royal Navy's two new aircraft carriers be rendered impotent by cyber warfare?

Former defence secretary Lord Browne said recently there could be no guarantee of a reliable nuclear deterrent without an “end-to-end” assessment of the cyber-threat to the system.

Cyber warfare expert Kim Zetter, author of Countdown to Zero Day, told Daily Star Online around 20 countries were ramping up their cyber warfare capability.
Britain and America's nuclear subs communicate with the admirals on shore by way of a special computer system, which is not connected to the Internet.

The absence of an Internet connection is known in the military and computer world as "air gapping" and was always thought to make such systems impossible to hack into.
But Ms. Zetter told Daily Star Online: "Air gapping is no longer as secure as people once thought it was."
And one experienced hacker, known as Rebirth, told the Daily Star Online: "There are ways to get around air gaps. No network is actually secure. You can possibly run by the area with a signal decompressor and disable it completely.
"Modern computer-controlled hardware will always have someone trying to gain access to it and someone will always be trying to gather information on their enemy so it is important for these systems to be secure and always checked for vulnerabilities."

Asked if it was possible for a James Bond-style "baddie" to take over Britain’s subs and target them on London, Rebirth said: 'It is not far fetched. If you have the skills to do so anything is possible."
In 2010, a computer worm called Stuxnet was discovered by researchers in Belarus.
German researcher Ralph Langner and his team then helped crack the code that revealed this digital warhead's final target. It has been created by the US and Israel to derail the Iranian nuclear programme.

Ms. Zetter said Stuxnet proved the vulnerability of computer systems.
The US spent millions of dollars creating the Stuxnet malware and then infecting the computers of contractors who then passed on the virus to the Iranian computers at a vital centrifuge.

It is the first and only known cyber warfare attack and the computers at the centrifuge WERE air gapped. But Ms. Zetter says it almost certainly was not the only one. Two other incidents may have been cyber attacks.

During the first Gulf War US Patriot missiles were based in Israel and were designed to protect that country from Saddam Hussein's Scud missiles.

But somehow the Patriots missed the incoming missiles. It was blamed at the time on a "software glitch".

Software failure was also blamed for an incident in South Africa when a gun suddenly went out of control and began aiming at its own soldiers.

Air gapped systems can also be attacked through radio waves and researchers in Israel showed how they could siphon data from an air gapped machine using radio frequency signals and a nearby mobile phone.

In 2014 it was reported that Mr Cameron had pledged to spend £1.1 billion on tackling cyber warfare threats. But most of that money has gone on drones and only a fraction on cyber threats.

The nightmare scenario is of a James Bond-style scene where a cyber attack led to Britain's nuclear missiles being redirected at London or Washington or maybe Moscow.

That may still be some way off but some experts fear that our enemies – be they Russia, China, North Korea or ISIS – could be working on ways to sabotage the West's military advantage.

Last month American tech security tycoon John McAfee said ISIS, or Daesh, was far more advanced in terms of cyber warfare than we thought and he added: "We have to prepare ourselves, because the next war is not going to be fought with bombs and battleships and airplanes. "It’s going to be a cyber war, fare more devastating than any nuclear war."

Lord Browne, who was defence secretary between 2006 and 2008, highlighted a report by the US Department of Defense. It warned that the US and Britain "cannot be confident" their defence systems would be able to survive an “attack from a sophisticated and well-resourced opponent utilising cyber-capabilities in combination with all of their military and intelligence capabilities”.

Franklin Miller, a former White House defence policy official, said the report was meant as a "shot across the bow" to some in the US defence community who were planning on connecting defence systems to the Internet.

But Lord West, a former Royal Navy admiral, told the Daily Star Online: "I asked a question in the Lords recently. Up until I left, the Navy had the whole thing air gapped and I said I hoped the upgrade would be air gapped. As soon as you connect it it's vulnerable.

"The Americans were thinking of upgrading all their communications and linking it into the web because it's cheaper. As soon as you connect things you're vulnerable."

Lord West said: "The Russians are good at cyber warfare but not as good as the NSA (US National Security Agency) or GCHQ.

"The next best after the Russians are probably the Israelis. The Swedes have a niche capability. The Chinese have massive capability, huge in scale. But it's not clear how good they are.

"But rather like Enigma it's often the devil you know. The Chinese are already hacking into our companies. But it's the unknown or as Dick Cheney said the known unknown."

"It's a matter of having to look at what vulnerabilities are there. The F-35 Lightning for example has a back-up programme and the US have put a lot of money into that and making sure it's not get-at-able.

"With the Royal Navy's aircraft carriers there will be connectivity but money has been put aside to protect them. The more you use big data the more you need firewalls. New ships are bound to be less vulnerable than old ones."

But Kim Zetter said: "There are definitely cyber mercenaries out there who would sell their hacking and programming skills. Any country can acquire the capability if they are willing to pay for it…They don't have to be people with political sympathies. Some are supporters of ISIS and have these skills."

The experienced hacker, Rebirth, said Iran was not the only country which had been hit by cyber attacks and added: "These countries are too proud or embarrassed they have fell victim to these attacks." He said Britain’s new nuclear submarine fleet could actually make them a "bigger target for cyber attackers".

Ein News: http://bit.ly/1IYiUkH

« Investing In Artificial Intelligence
USA 2016: How Will Snowden Vote? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYBER 1

CYBER 1

CYBER 1 provides cyber security solutions to customers wanting to be resilient against new and existing threats.

Onspring

Onspring

Onspring is the cloud-based platform of choice for governance, risk and compliance (GRC) teams and business operations experts across multiple industries.

AllegisCyber Capital

AllegisCyber Capital

AllegisCyber is an investment company with a focus on seed and early stage investing in cybersecurity and its applications in emerging technology markets.

netfiles

netfiles

netfiles offers highly secure data rooms for sensitive business processes and secure data exchange.

Hypersecu Information Systems

Hypersecu Information Systems

Hypersecu Information Systems, Inc. is a solution provider dedicated to multi-factor authentication, public key infrastructure and software copyright protection.

European Society of Criminology (ESC)

European Society of Criminology (ESC)

The ESC Working Group on Cybercrime is focused on cybercrime, its causes and offenders, impact on victims, and our response to it at the individual, corporate, and governmental levels.

Cytomic

Cytomic

Cytomic is the business unit of Panda Security specialized in providing advanced cybersecurity solutions and services to large enterprises.

Ashley Page

Ashley Page

Ashley Page offer a unique cyber insurance and risk management solution - Cyber+Insure.

Blockchain Solutions

Blockchain Solutions

Blockchain Solutions Limited is a technological One Stop Solution provider, for Blockchain technology.

Practical Assurance

Practical Assurance

Practical Assurance helps companies navigate the rough terrain of information security compliance.

Thrive

Thrive

Thrive delivers the experience, resources, and expertise needed to create a comprehensive cyber security plan that covers your vital data, SaaS applications, end users, and critical infrastructure.

Sabat Group

Sabat Group

Sabat Group provide relationship-driven information security & cyber security recruiting services.

ProCheckUp

ProCheckUp

ProCheckUp is a London-based independent provider of cyber security services, including IT Security, Assurance, Compliance and Incident Response.

PingSafe

PingSafe

PingSafe is creating the next-generation cloud security platform powered by attackers' intelligence, providing coverage for vulnerabilities that traditional security solutions would otherwise overlook

SecureLake

SecureLake

SecureLake (formerly Managni) is one of the most trusted US-based IT security and infrastructure companies.

Digital Encode

Digital Encode

Digital Encode is a leading consulting and integration firm that specializes in the design, management, and security of business-critical networks, telecommunications, and IT infrastructures.

RapidFort

RapidFort

RapidFort’s Software Attack Surface Optimization Platform remediates 95% of software vulnerabilities in minutes without code changes.

Inveo Group

Inveo Group

Inveo group is the Italian leader for the management of privacy and data protection issues.