UK’s Trident Nuclear Subs Vulnerability To Hackers

Uploaded on 2017-06-09 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

Think-tank sceptical about MoD assurances, saying cyber attack could lead even to ‘exchange of nuclear warheads’ 

The UK’s Trident submarine fleet is vulnerable to a “catastrophic” cyber-attack that could render Britain’s nuclear weapons useless, according to a report by a London-based think-tank. 

The 38-page report, Hacking UK Trident: A Growing Threat, warns that a successful cyber-attack could “neutralise operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads (directly or indirectly)”.
The Ministry of Defence has repeatedly said the operating systems of Britain’s nuclear submarines cannot be penetrated while at sea because they are not connected to the internet at that point.

But the report’s authors, the British American Security Information Council (Basic), expressed scepticism. 
“Submarines on patrol are clearly air-gapped, not being connected to the internet or other networks, except when receiving  data from outside. As a consequence, it has sometimes been claimed by officials that Trident is safe from hacking. But this is patently false and complacent,” they say in the report.

Even if it were true that a submarine at sea could not be attacked digitally, the report points out that the vessels are only at sea part of the time and are vulnerable to the introduction of malware at other points, such as during maintenance while docked at the Faslane naval base in Scotland.

The report says: “Trident’s sensitive cyber systems are not connected to the internet or any other civilian network. Nevertheless, the vessel, missiles, warheads and all the various support systems rely on networked computers, devices and software, and each of these have to be designed and programmed. All of them incorporate unique data and must be regularly upgraded, reconfigured and patched.”

The UK has four nuclear missile-carrying submarines, which are in the process of being replaced. Their replacements are scheduled to go into service in the early 2030s.

The report comes after the cyber attack last month that disrupted the NHS, which uses the same Windows software as the Trident submarines. There was speculation too that the US used cyberwarfare to destroy a North Korean missile test. A Trident test-firing of a missile last year off the coast of Florida also went awry, with no official explanation given. The report was co-written by Stanislav Abaimov, a researcher in cybersecurity and electronic engineering at the University of Rome and a graduate of the Moscow State Institute of Electronics and Mathematics, and Paul Ingram, Basic’s executive director. 

In reaction to the report, Des Browne, who as UK defence secretary in 2007 was responsible for steering the original decision to renew Trident through parliament, said: “The WannaCry worm attack earlier this month affecting 300,000 computers worldwide, including vital NHS services, was just a taste of what is possible when cyber-weapons are stolen. 
“To imagine that critical digital systems at the heart of nuclear weapon systems are somehow immune or can be confidently protected by dedicated teams of network managers is to be irresponsibly complacent.”

Abaimov said: “There are numerous cyber vulnerabilities in the Trident system at each stage of operation, from design to decommissioning. An effective approach to reducing the risk would involve a massive and inevitably expensive operation to strengthen the resilience of subcontractors, maintenance systems, components design and even software updates. If the UK is to continue deploying nuclear weapon systems this is an essential and urgent task in the era of cyberwarfare.”

The report’s authors estimate that the capital costs for the UK government to improve cybersecurity for the Trident programme would run to several billions of pounds over the next 15 years.

Guardian:

You Might Alos Read:

French Submarine Builder Admits Data-Warfare Breach:

Cyber Threats & Nuclear Weapons:

British Royal Navy Drone Ships Will Replace Sailors:

Underwater Drone Technology Could Doom Trident:

 

« Leaked NSA Report Claims Russian 'Cyber Espionage' Against US Elections
French Security Chief Warns of Permanent Cyber War »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Detectify

Detectify

Detectify is a web security service that simulates automated hacker attacks on your website, detecting critical security issues before real hackers do.

Keyfactor

Keyfactor

Keyfactor is a leader in cloud-first PKI as-a-Service and crypto-agility solutions. Our Crypto-Agility Platform seamlessly orchestrates every key and certificate across the enterprise.

CSIS Security Group

CSIS Security Group

CSIS provide actionable threat intelligence, prevention, incident response and 24/7 managed security services.

Aves Netsec

Aves Netsec

Aves is a deceptive security system for enterprises who want to capture, observe and mitigate bad actors in their internal network.

Information & eGovernment Authority (iGA) - Bahrain

Information & eGovernment Authority (iGA) - Bahrain

The Information & eGovernment Authority facilitates many services catering to different parts of the community within the IT sector in Bahrain including information security.

Lineal Services

Lineal Services

Lineal supports clients in meeting their digital forensics, cyber security and eDiscovery needs by providing bespoke solutions to complex problems.

Carbide

Carbide

Carbide (formerly Securicy) breaks down enterprise-class security and privacy requirements and makes them accessible to, and achievable by, companies of all sizes.

ALTR

ALTR

ALTR provide software-embedded solutions for data security and privacy.

Aversafe

Aversafe

Aversafe provides individuals, employers and certificate issuers around the world with a first line of defense against credential fraud.

e-Careers

e-Careers

e-Careers is an edtech institution that provides industry recognised courses and up-skilling solutions to individuals and organisations.

Sontiq

Sontiq

Sontiq is committed to providing best-in-class, highly scalable, award-winning identity security solutions to consumers, businesses and government agencies.

Data Priva

Data Priva

Data Priva is the UK's leading subscription-based data protection, governance, risk and and compliance service.

Vanta

Vanta

Vanta helps companies scale security practices and automate compliance for the industry’s most sought after standards - SOC 2, ISO 27001, HIPAA, GDPR, and other security and privacy frameworks.

HEROIC Cybersecurity

HEROIC Cybersecurity

HEROIC’s enterprise cybersecurity services help improve overall organizational security with industry best practices and advanced technology solutions.

Global Market Innovators (GMI)

Global Market Innovators (GMI)

Global Market Innovators (GMI) delivers secure technology solutions to organizations in need.

NuKuDo

NuKuDo

NukuDo redefine the boundaries of cybersecurity talent development. We are dedicated to cultivating top-tier professionals equipped to tackle the complex challenges of cybersecurity.