Britain's Nuclear Subs In Cyber War

Uploaded on 2016-01-14 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

Trident Nuclear Submarine HMS Victorious

The British Ministy of Defence  wants to spend £31 billion on a new fleet of submarines kitted out with the latest nuclear missiles. But could these deadly weapons and the Royal Navy's two new aircraft carriers be rendered impotent by cyber warfare?

Former defence secretary Lord Browne said recently there could be no guarantee of a reliable nuclear deterrent without an “end-to-end” assessment of the cyber-threat to the system.

Cyber warfare expert Kim Zetter, author of Countdown to Zero Day, told Daily Star Online around 20 countries were ramping up their cyber warfare capability.
Britain and America's nuclear subs communicate with the admirals on shore by way of a special computer system, which is not connected to the Internet.

The absence of an Internet connection is known in the military and computer world as "air gapping" and was always thought to make such systems impossible to hack into.
But Ms. Zetter told Daily Star Online: "Air gapping is no longer as secure as people once thought it was."
And one experienced hacker, known as Rebirth, told the Daily Star Online: "There are ways to get around air gaps. No network is actually secure. You can possibly run by the area with a signal decompressor and disable it completely.
"Modern computer-controlled hardware will always have someone trying to gain access to it and someone will always be trying to gather information on their enemy so it is important for these systems to be secure and always checked for vulnerabilities."

Asked if it was possible for a James Bond-style "baddie" to take over Britain’s subs and target them on London, Rebirth said: 'It is not far fetched. If you have the skills to do so anything is possible."
In 2010, a computer worm called Stuxnet was discovered by researchers in Belarus.
German researcher Ralph Langner and his team then helped crack the code that revealed this digital warhead's final target. It has been created by the US and Israel to derail the Iranian nuclear programme.

Ms. Zetter said Stuxnet proved the vulnerability of computer systems.
The US spent millions of dollars creating the Stuxnet malware and then infecting the computers of contractors who then passed on the virus to the Iranian computers at a vital centrifuge.

It is the first and only known cyber warfare attack and the computers at the centrifuge WERE air gapped. But Ms. Zetter says it almost certainly was not the only one. Two other incidents may have been cyber attacks.

During the first Gulf War US Patriot missiles were based in Israel and were designed to protect that country from Saddam Hussein's Scud missiles.

But somehow the Patriots missed the incoming missiles. It was blamed at the time on a "software glitch".

Software failure was also blamed for an incident in South Africa when a gun suddenly went out of control and began aiming at its own soldiers.

Air gapped systems can also be attacked through radio waves and researchers in Israel showed how they could siphon data from an air gapped machine using radio frequency signals and a nearby mobile phone.

In 2014 it was reported that Mr Cameron had pledged to spend £1.1 billion on tackling cyber warfare threats. But most of that money has gone on drones and only a fraction on cyber threats.

The nightmare scenario is of a James Bond-style scene where a cyber attack led to Britain's nuclear missiles being redirected at London or Washington or maybe Moscow.

That may still be some way off but some experts fear that our enemies – be they Russia, China, North Korea or ISIS – could be working on ways to sabotage the West's military advantage.

Last month American tech security tycoon John McAfee said ISIS, or Daesh, was far more advanced in terms of cyber warfare than we thought and he added: "We have to prepare ourselves, because the next war is not going to be fought with bombs and battleships and airplanes. "It’s going to be a cyber war, fare more devastating than any nuclear war."

Lord Browne, who was defence secretary between 2006 and 2008, highlighted a report by the US Department of Defense. It warned that the US and Britain "cannot be confident" their defence systems would be able to survive an “attack from a sophisticated and well-resourced opponent utilising cyber-capabilities in combination with all of their military and intelligence capabilities”.

Franklin Miller, a former White House defence policy official, said the report was meant as a "shot across the bow" to some in the US defence community who were planning on connecting defence systems to the Internet.

But Lord West, a former Royal Navy admiral, told the Daily Star Online: "I asked a question in the Lords recently. Up until I left, the Navy had the whole thing air gapped and I said I hoped the upgrade would be air gapped. As soon as you connect it it's vulnerable.

"The Americans were thinking of upgrading all their communications and linking it into the web because it's cheaper. As soon as you connect things you're vulnerable."

Lord West said: "The Russians are good at cyber warfare but not as good as the NSA (US National Security Agency) or GCHQ.

"The next best after the Russians are probably the Israelis. The Swedes have a niche capability. The Chinese have massive capability, huge in scale. But it's not clear how good they are.

"But rather like Enigma it's often the devil you know. The Chinese are already hacking into our companies. But it's the unknown or as Dick Cheney said the known unknown."

"It's a matter of having to look at what vulnerabilities are there. The F-35 Lightning for example has a back-up programme and the US have put a lot of money into that and making sure it's not get-at-able.

"With the Royal Navy's aircraft carriers there will be connectivity but money has been put aside to protect them. The more you use big data the more you need firewalls. New ships are bound to be less vulnerable than old ones."

But Kim Zetter said: "There are definitely cyber mercenaries out there who would sell their hacking and programming skills. Any country can acquire the capability if they are willing to pay for it…They don't have to be people with political sympathies. Some are supporters of ISIS and have these skills."

The experienced hacker, Rebirth, said Iran was not the only country which had been hit by cyber attacks and added: "These countries are too proud or embarrassed they have fell victim to these attacks." He said Britain’s new nuclear submarine fleet could actually make them a "bigger target for cyber attackers".

Ein News: http://bit.ly/1IYiUkH

« Investing In Artificial Intelligence
USA 2016: How Will Snowden Vote? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Synopsys

Synopsys

Synopsys is a global leader in electronic design automation and semiconductor IP and is growing its leadership in software quality and security solutions.

Cofense

Cofense

Cofense (formerly PhishMe) is a leading provider of human-driven phishing defense solutions.

Disklabs

Disklabs

Disklabs are industry leaders in data recovery, digital forensics and data erasure.

Semperis

Semperis

Semperis is an enterprise identity protection company that enables organizations to quickly recover from accidental or malicious changes and disasters that compromise Active Directory.

Cyber Security Centre - Daffodil International University

Cyber Security Centre - Daffodil International University

Cyber Security Centre, DIU is a non-profitable organization which is focused on applied research in cyber security.

Canadian Institute for Cybersecurity (CIC)

Canadian Institute for Cybersecurity (CIC)

The Canadian Institute for Cybersecurity (CIC) is a comprehensive multidisciplinary training, research and development, and entrepreneurial unit.

IT Career Switch

IT Career Switch

An IT Career Switch Traineeship is the easiest way to start a new career in IT or Cybersecurity with fantastic career prospects.

Identifi Global Recruitment

Identifi Global Recruitment

Identifi Global is one of the UK's leading Cyber Security & IT Recruitment specialists.

Haven Group

Haven Group

Haven Group and its companies are a cyber security one-stop-shop for our clients offering a full range of cyber security services to our clients in a unified and united way.

Quside

Quside

Quside, a spin-off from The Institute of Photonic Sciences in Barcelona, designs and manufactures innovative quantum technologies for a wide range of applications including cyber security.

Institute for Pervasive Cybersecurity - Boise State University

Institute for Pervasive Cybersecurity - Boise State University

Boise State University’s Institute for Pervasive Cybersecurity is a leader of innovative cybersecurity research and advancement in Idaho and the region.

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV) is a 6000+ members angel investing firm which supports new-age entrepreneurs by connecting them with a diverse group of investors.

Oxeye

Oxeye

Oxeye fills the gap between cloud and code to show exploitable vulnerabilities, and their path from API to code. More visibility. Less noise. More time to build.

EtherAuthority

EtherAuthority

EtherAuthority's engineering team has been helping blockchain businesses to secure their smart contract based assets since 2018.

VLC Solutions

VLC Solutions

VLC Solutions is an independent solutions and technology service provider offering Cloud Services, Cybersecurity, ERP Services, Network Management Services, and Compliance Solutions.

Brightside AI

Brightside AI

Brightside AI is a Swiss cybersecurity SaaS that helps teams combat AI-enabled phishing threats. Protect your team today.