UK’s Trident Nuclear Subs Vulnerability To Hackers

Think-tank sceptical about MoD assurances, saying cyber attack could lead even to ‘exchange of nuclear warheads’ 

The UK’s Trident submarine fleet is vulnerable to a “catastrophic” cyber-attack that could render Britain’s nuclear weapons useless, according to a report by a London-based think-tank. 

The 38-page report, Hacking UK Trident: A Growing Threat, warns that a successful cyber-attack could “neutralise operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads (directly or indirectly)”.
The Ministry of Defence has repeatedly said the operating systems of Britain’s nuclear submarines cannot be penetrated while at sea because they are not connected to the internet at that point.

But the report’s authors, the British American Security Information Council (Basic), expressed scepticism. 
“Submarines on patrol are clearly air-gapped, not being connected to the internet or other networks, except when receiving  data from outside. As a consequence, it has sometimes been claimed by officials that Trident is safe from hacking. But this is patently false and complacent,” they say in the report.

Even if it were true that a submarine at sea could not be attacked digitally, the report points out that the vessels are only at sea part of the time and are vulnerable to the introduction of malware at other points, such as during maintenance while docked at the Faslane naval base in Scotland.

The report says: “Trident’s sensitive cyber systems are not connected to the internet or any other civilian network. Nevertheless, the vessel, missiles, warheads and all the various support systems rely on networked computers, devices and software, and each of these have to be designed and programmed. All of them incorporate unique data and must be regularly upgraded, reconfigured and patched.”

The UK has four nuclear missile-carrying submarines, which are in the process of being replaced. Their replacements are scheduled to go into service in the early 2030s.

The report comes after the cyber attack last month that disrupted the NHS, which uses the same Windows software as the Trident submarines. There was speculation too that the US used cyberwarfare to destroy a North Korean missile test. A Trident test-firing of a missile last year off the coast of Florida also went awry, with no official explanation given. The report was co-written by Stanislav Abaimov, a researcher in cybersecurity and electronic engineering at the University of Rome and a graduate of the Moscow State Institute of Electronics and Mathematics, and Paul Ingram, Basic’s executive director. 

In reaction to the report, Des Browne, who as UK defence secretary in 2007 was responsible for steering the original decision to renew Trident through parliament, said: “The WannaCry worm attack earlier this month affecting 300,000 computers worldwide, including vital NHS services, was just a taste of what is possible when cyber-weapons are stolen. 
“To imagine that critical digital systems at the heart of nuclear weapon systems are somehow immune or can be confidently protected by dedicated teams of network managers is to be irresponsibly complacent.”

Abaimov said: “There are numerous cyber vulnerabilities in the Trident system at each stage of operation, from design to decommissioning. An effective approach to reducing the risk would involve a massive and inevitably expensive operation to strengthen the resilience of subcontractors, maintenance systems, components design and even software updates. If the UK is to continue deploying nuclear weapon systems this is an essential and urgent task in the era of cyberwarfare.”

The report’s authors estimate that the capital costs for the UK government to improve cybersecurity for the Trident programme would run to several billions of pounds over the next 15 years.

Guardian:

You Might Alos Read:

French Submarine Builder Admits Data-Warfare Breach:

Cyber Threats & Nuclear Weapons:

British Royal Navy Drone Ships Will Replace Sailors:

Underwater Drone Technology Could Doom Trident:

 

« Leaked NSA Report Claims Russian 'Cyber Espionage' Against US Elections
French Security Chief Warns of Permanent Cyber War »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Solarflare

Solarflare

Solarflare is a leading provider of intelligent networking I/O software and hardware platforms that accelerate, monitor and secure network data.

Openminded (OPMD)

Openminded (OPMD)

Openminded is a French security and network services company.

Cybernetica

Cybernetica

Cybernetica is an ICT company with activities in e-government, marine comms, data analysis and research in information security technologies.

Averon

Averon

Averon's technology is the new gold standard for digital identity - the easiest, fastest and most secure verification solution for users on both WiFi and LTE.

Igloo Security

Igloo Security

Igloo Security is a leader and pioneer in SIEM (Security Information & Event Management), PSIM (Physical Security Information Management) and MSS (Managed Security Services).

PSW Group

PSW Group

PSW Group is a full-service Internet solutions provider with a special focus on Internet security.

Government CSIRT - Chile

Government CSIRT - Chile

Government CSIRT is the Computer Security Incident Response Team for State networks and government cyberspace in Chile.

Data443 Risk Mitigation

Data443 Risk Mitigation

Data443 Risk Mitigation provides next-generation cybersecurity products and services in the area of data security and compliance.

Inavate Consulting

Inavate Consulting

Inavate Consulting are experts in defining and implementing information assurance solutions and governance frameworks. Our ISO27001 consultants are the most experienced in the industry.

Cyber Risk Institute (CRI)

Cyber Risk Institute (CRI)

CRI is a not-for-profit coalition of financial institutions and trade associations working to protect the global economy by enhancing cybersecurity and resiliency through standardization.

InGuardians

InGuardians

InGuardians is an independent information security consulting firm specializing in penetration testing, threat hunting, and hardware hacking.

Tetrad Digital Integrity (TDI)

Tetrad Digital Integrity (TDI)

TDI is a world-class consulting firm offering cybersecurity services to government agencies and commercial clients around the world.

Aunalytics

Aunalytics

Aunalytics is a data platform company that delivers insights as a service to answer your most important IT and business questions.

Anjuna Security

Anjuna Security

Software from Anjuna Security effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud.

Halcyon

Halcyon

Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks.

Cool Waters Cyber

Cool Waters Cyber

Cool Waters Cyber manage cyber security governance, risk and compliance.