Britain's Nuclear Subs In Cyber War

Uploaded on 2016-01-14 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

Trident Nuclear Submarine HMS Victorious

The British Ministy of Defence  wants to spend £31 billion on a new fleet of submarines kitted out with the latest nuclear missiles. But could these deadly weapons and the Royal Navy's two new aircraft carriers be rendered impotent by cyber warfare?

Former defence secretary Lord Browne said recently there could be no guarantee of a reliable nuclear deterrent without an “end-to-end” assessment of the cyber-threat to the system.

Cyber warfare expert Kim Zetter, author of Countdown to Zero Day, told Daily Star Online around 20 countries were ramping up their cyber warfare capability.
Britain and America's nuclear subs communicate with the admirals on shore by way of a special computer system, which is not connected to the Internet.

The absence of an Internet connection is known in the military and computer world as "air gapping" and was always thought to make such systems impossible to hack into.
But Ms. Zetter told Daily Star Online: "Air gapping is no longer as secure as people once thought it was."
And one experienced hacker, known as Rebirth, told the Daily Star Online: "There are ways to get around air gaps. No network is actually secure. You can possibly run by the area with a signal decompressor and disable it completely.
"Modern computer-controlled hardware will always have someone trying to gain access to it and someone will always be trying to gather information on their enemy so it is important for these systems to be secure and always checked for vulnerabilities."

Asked if it was possible for a James Bond-style "baddie" to take over Britain’s subs and target them on London, Rebirth said: 'It is not far fetched. If you have the skills to do so anything is possible."
In 2010, a computer worm called Stuxnet was discovered by researchers in Belarus.
German researcher Ralph Langner and his team then helped crack the code that revealed this digital warhead's final target. It has been created by the US and Israel to derail the Iranian nuclear programme.

Ms. Zetter said Stuxnet proved the vulnerability of computer systems.
The US spent millions of dollars creating the Stuxnet malware and then infecting the computers of contractors who then passed on the virus to the Iranian computers at a vital centrifuge.

It is the first and only known cyber warfare attack and the computers at the centrifuge WERE air gapped. But Ms. Zetter says it almost certainly was not the only one. Two other incidents may have been cyber attacks.

During the first Gulf War US Patriot missiles were based in Israel and were designed to protect that country from Saddam Hussein's Scud missiles.

But somehow the Patriots missed the incoming missiles. It was blamed at the time on a "software glitch".

Software failure was also blamed for an incident in South Africa when a gun suddenly went out of control and began aiming at its own soldiers.

Air gapped systems can also be attacked through radio waves and researchers in Israel showed how they could siphon data from an air gapped machine using radio frequency signals and a nearby mobile phone.

In 2014 it was reported that Mr Cameron had pledged to spend £1.1 billion on tackling cyber warfare threats. But most of that money has gone on drones and only a fraction on cyber threats.

The nightmare scenario is of a James Bond-style scene where a cyber attack led to Britain's nuclear missiles being redirected at London or Washington or maybe Moscow.

That may still be some way off but some experts fear that our enemies – be they Russia, China, North Korea or ISIS – could be working on ways to sabotage the West's military advantage.

Last month American tech security tycoon John McAfee said ISIS, or Daesh, was far more advanced in terms of cyber warfare than we thought and he added: "We have to prepare ourselves, because the next war is not going to be fought with bombs and battleships and airplanes. "It’s going to be a cyber war, fare more devastating than any nuclear war."

Lord Browne, who was defence secretary between 2006 and 2008, highlighted a report by the US Department of Defense. It warned that the US and Britain "cannot be confident" their defence systems would be able to survive an “attack from a sophisticated and well-resourced opponent utilising cyber-capabilities in combination with all of their military and intelligence capabilities”.

Franklin Miller, a former White House defence policy official, said the report was meant as a "shot across the bow" to some in the US defence community who were planning on connecting defence systems to the Internet.

But Lord West, a former Royal Navy admiral, told the Daily Star Online: "I asked a question in the Lords recently. Up until I left, the Navy had the whole thing air gapped and I said I hoped the upgrade would be air gapped. As soon as you connect it it's vulnerable.

"The Americans were thinking of upgrading all their communications and linking it into the web because it's cheaper. As soon as you connect things you're vulnerable."

Lord West said: "The Russians are good at cyber warfare but not as good as the NSA (US National Security Agency) or GCHQ.

"The next best after the Russians are probably the Israelis. The Swedes have a niche capability. The Chinese have massive capability, huge in scale. But it's not clear how good they are.

"But rather like Enigma it's often the devil you know. The Chinese are already hacking into our companies. But it's the unknown or as Dick Cheney said the known unknown."

"It's a matter of having to look at what vulnerabilities are there. The F-35 Lightning for example has a back-up programme and the US have put a lot of money into that and making sure it's not get-at-able.

"With the Royal Navy's aircraft carriers there will be connectivity but money has been put aside to protect them. The more you use big data the more you need firewalls. New ships are bound to be less vulnerable than old ones."

But Kim Zetter said: "There are definitely cyber mercenaries out there who would sell their hacking and programming skills. Any country can acquire the capability if they are willing to pay for it…They don't have to be people with political sympathies. Some are supporters of ISIS and have these skills."

The experienced hacker, Rebirth, said Iran was not the only country which had been hit by cyber attacks and added: "These countries are too proud or embarrassed they have fell victim to these attacks." He said Britain’s new nuclear submarine fleet could actually make them a "bigger target for cyber attackers".

Ein News: http://bit.ly/1IYiUkH

« Investing In Artificial Intelligence
USA 2016: How Will Snowden Vote? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ANS Group

ANS Group

ANS are a strong team of straight-talking tech and business experts. Our mission is to make digital transformation accessible to all.

Centre for International Governance Innovation (CIGI)

Centre for International Governance Innovation (CIGI)

CIGI research areas include Conflict Management & Security which encompass cyber security and cyber warfare.

Cyphercor

Cyphercor

Cyphercor is a leading smartphone and desktop-based two-factor authentication (2FA) provider.

Ingenio Global

Ingenio Global

Ingenio is a specialist recruitment business for SaaS companies. Our purpose is to source exceptional talent in areas including cyber security for leading SaaS companies in the UK and Ireland.

Octane OC

Octane OC

OCTANe is building the SoCal of tomorrow. We drive innovation and growth by connecting people, resources and capital. Our Incubator focus is FinTech, Data Analytics and Cybersecurity.

Nokia

Nokia

Nokia is a proven leader in fixed, mobile and IoT security offering capabilities that range from systems design to integration and support.

DeVry University - Cyber Security Degree

DeVry University - Cyber Security Degree

Explore the dynamic world of data protection with a hybrid or online cyber security degree specialization with DeVry's IT & Networking Bachelor's Degree.

Veratad Technologies

Veratad Technologies

Veratad Technologies, LLC is a world class provider of online/real-time Identity Verification, Age Verification, Fraud Prevention and Compliance Solutions.

FPT Software

FPT Software

As a leading technology service provider, FPT assists customers of all sizes and from any industries in implementing and adapting digital technologies including cybersecurity.

UK Cyber Security Association (UKCSA)

UK Cyber Security Association (UKCSA)

The UK Cyber Security Association (UKCSA) is a membership organisation for individuals and organisations who actively work in the cyber security industry.

Gotham Digital Science (GDS)

Gotham Digital Science (GDS)

Gotham Digital Science is an international security services company specializing in Application and Network Infrastructure security, and Information Security Risk Management.

Charles IT

Charles IT

Charles IT is your friendly, no-nonsense IT team focused on helping companies make their technology work for them. We focus on building relationships that deliver results.

IGI Cybersecurity

IGI Cybersecurity

IGI Cybersecurity delivers people-driven cybersecurity for personalized, resilient cyber defense focused on individualized strategy and unshakeable partnership.

NexGen Cyber

NexGen Cyber

NexGen Cyber helps customers in commercial SMB markets with IT security, security integration, service management, outsourced service transition, and transformative security solutions.

Incyber

Incyber

Incyber is a fully integrated network and cybersecurity solutions provider contracted to safeguard public and private enterprise, high value data and sensitive industries.

Project Cypher

Project Cypher

Project Cypher leverages the latest cybersecurity developments, a world class team of hackers and constant R&D to provide you with unparalleled cybersecurity offerings.