Nuclear Weapons Subs Could Be Vulnerable to Cyber-attack

Uploaded on 2015-11-27 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE--Europe, GOVERNMENT-Defence, FREE TO VIEW

Britain’s Trident nuclear weapons system may turn out to be obsolete unless David Cameron can offer assurances that it is wholly protected from cyber-attacks by a hostile state, the former defence secretary Des Browne has said.

As Cameron put the replacement of Trident at the heart of the defence review, Browne told the Guardian there could be no guarantee of a reliable deterrent without an “end-to-end” assessment of the cyber-threat to the system.

Lord Browne of Ladyton, who served as defence secretary between 2006 and 2008, highlighted a report by the defense science board of the US Department of Defense, which warned that the US and its allies “cannot be confident” that their defence systems would be able to survive an “attack from a sophisticated and well-resourced opponent utilising cyber-capabilities in combination with all of their military and intelligence capabilities”.

The report, published in January 2013, asked for assurances that the US nuclear deterrent would be “survivable against the full-spectrum” Tier V-VI cyber attacks, code for Russia and China.

The former defence secretary, who now serves as vice-chair of the Nuclear Threat Initiative, which campaigns for disarmament, said: “The government ... have an obligation to assure parliament that all of the systems of the nuclear deterrent have been assessed end-to-end against cyber attacks to understand possible weak spots and that those weak spots are protected against a high-tier cyber threat. If they are unable to do that then there is no guarantee that we will have a reliable deterrent or the prime minister will be able to use this system when he needs to reach for it.”

Browne spoke out as the prime minister confirmed in the strategic defence and security review that the government would ask parliament to approve the successor to the Trident programme in a “main-gate decision”, which was originally scheduled for next year.

Labour divisions will be highlighted when a non-binding vote on Trident is held in the Commons at the end of a debate called by the SNP, which opposes the programme. Jeremy Corbyn, who shares the SNP view, is asking his MPs to abstain in the vote because Labour’s policy on Trident is under review.

Ken Livingstone, the co-convener of Labour’s defence review, said that Browne’s remarks and the US report shows that the prime minister should abandon plans to replace Trident unless Cameron can offer assurances that the system is protected from cyber-attacks.

Livingstone said: “Those questions need to be answered by the prime minister in the House of Commons before we commit to spending £20bn on another generation of this stuff. Spending £20bn on something is bad enough but spending £20bn on something that won’t be able to work is a bit of a problem.”

George Osborne, the chancellor, used a speech at the headquarters of GCHQ last week to announce that the government would allocate more than £3.2bn to cybersecurity over the next five years. But Browne said that this did not go far enough to protect Trident.

He said: “My instinct is to think that £3.2bn over five years, comes nowhere near the scale of the cyber-threat challenge, if it includes ensuring cybersecurity for the command and control of our nuclear weapons. Also, this is the environment to which Moore’s law applies. Consequently, we can expect cyber-capacity to have doubled and doubled again since the report was published and to continue to increase.”

Franklin Miller, a former White House defence policy official under President George W Bush who oversaw the US nuclear deterrent between 1981-2001, said that Browne’s analysis was flawed.

Miller said: “It is no surprise that Des Browne would be coming up with arguments against the successor to Vanguard and to be grasping at straws. If our nuclear command and control system depended upon the Internet or went through the Internet then the report by the defense science board would be quite an important warning. However, for those reasons it is a standalone system. It is air-gapped. It does not go through the Internet.”

The former White House official said that the report cited by Browne was written in 2013 as a “shot across the bow” to elements in the US defence community who were thinking that the next generation of the command and control system of the US nuclear deterrent should have elements connected to the Internet.

Miller added: “I am very comfortable saying that right now our command and control system is insulated from cyber-attack because it doesn’t go into any place that cyber would intrude.”

Livingstone, who was appointed last week by Labour’s national executive committee to co-chair the party’s defence review alongside the shadow defence secretary, Maria Eagle, made clear that he would use the US report to raise further questions about Trident and its successor. He said: “Certainly the policy review will want to see this report because it clearly is a major step.”
Guardian: http://bit.ly/1I7V4SJ

« CIA Say Edward Snowden 'taught ISIS to avoid detection'
ISIS Video Threatens US Capital »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

SISSDEN

SISSDEN

SISSDEN will improve cybersecurity through the development of increased awareness and the effective sharing of actionable threat information.

i-Sprint Innovations

i-Sprint Innovations

i-Sprint is a leader in Securing Identity and Transactions in the Cyber World for industries that are security sensitive.

Cyber Intelligence House (CIH)

Cyber Intelligence House (CIH)

Cyber Intelligence House provides risk exposure solutions for a wide range of audiences including companies, government agencies, regulators, investors, law enforcement and consumers.

iON United

iON United

iON United is a full-service IT security solutions provider and one of the most trusted names in cybersecurity in Canada.

Enginsight

Enginsight

Enginsight provides a comprehensive solution for monitoring and securing your servers and clients.

HACKNER Security Intelligence

HACKNER Security Intelligence

HACKNER Security Intelligence is an independent security consultancy delivering comprehensive security assessments across IT security, physical security, and social engineering.

IMQ Group

IMQ Group

IMQ is one of Europe’s top players in the field of conformity assessment. We offer certification services to support all the major sectors of the manufacturing and service industries.

Firmus

Firmus

As the leading penetration testing services provider in Malaysia, Firmus evaluates the ability of your internal or external information assets to withstand attacks.

SecureOps

SecureOps

SecureOps is transforming the Managed Security Service Provider industry by providing tailored cybersecurity solutions proven to protect organizations from cyberattacks.

CyberCatch

CyberCatch

CyberCatch provides an innovative cybersecurity Software-as-a-Service (SaaS) platform designed for SMBs.

Seigur

Seigur

Seigur is an IT consultancy business providing flexible legal and cyber security services for IT and data privacy programmes.

Trackd

Trackd

At trackd, we’re re-imaging vulnerability remediation for the benefit of the entire cyber security community. Automating Vulnerability Remediation without the Fear of Disruption.

M.Tech

M.Tech

M.Tech is a leading cyber security and network performance solutions provider. We work with leading vendors to bring optimal solutions to the market through a channel of reseller partners.

Security Risk Advisors (SRA)

Security Risk Advisors (SRA)

Security Risk Advisors deliver cybersecurity services to leading companies in the Financial Services, Healthcare, Pharmaceuticals, Technology and Retail industries.

Runecast Solutions

Runecast Solutions

Runecast Solutions is a global leader in AI-powered risk mitigation, security, continuous compliance and more efficient IT operations management.

Defence Logic

Defence Logic

Defence Logic is a cyber security company serving clients in many business sectors. Our consultancy services include Penetration Testing, Security Reviews and Monitoring.