Nuclear Weapons Subs Could Be Vulnerable to Cyber-attack

Britain’s Trident nuclear weapons system may turn out to be obsolete unless David Cameron can offer assurances that it is wholly protected from cyber-attacks by a hostile state, the former defence secretary Des Browne has said.

As Cameron put the replacement of Trident at the heart of the defence review, Browne told the Guardian there could be no guarantee of a reliable deterrent without an “end-to-end” assessment of the cyber-threat to the system.

Lord Browne of Ladyton, who served as defence secretary between 2006 and 2008, highlighted a report by the defense science board of the US Department of Defense, which warned that the US and its allies “cannot be confident” that their defence systems would be able to survive an “attack from a sophisticated and well-resourced opponent utilising cyber-capabilities in combination with all of their military and intelligence capabilities”.

The report, published in January 2013, asked for assurances that the US nuclear deterrent would be “survivable against the full-spectrum” Tier V-VI cyber attacks, code for Russia and China.

The former defence secretary, who now serves as vice-chair of the Nuclear Threat Initiative, which campaigns for disarmament, said: “The government ... have an obligation to assure parliament that all of the systems of the nuclear deterrent have been assessed end-to-end against cyber attacks to understand possible weak spots and that those weak spots are protected against a high-tier cyber threat. If they are unable to do that then there is no guarantee that we will have a reliable deterrent or the prime minister will be able to use this system when he needs to reach for it.”

Browne spoke out as the prime minister confirmed in the strategic defence and security review that the government would ask parliament to approve the successor to the Trident programme in a “main-gate decision”, which was originally scheduled for next year.

Labour divisions will be highlighted when a non-binding vote on Trident is held in the Commons at the end of a debate called by the SNP, which opposes the programme. Jeremy Corbyn, who shares the SNP view, is asking his MPs to abstain in the vote because Labour’s policy on Trident is under review.

Ken Livingstone, the co-convener of Labour’s defence review, said that Browne’s remarks and the US report shows that the prime minister should abandon plans to replace Trident unless Cameron can offer assurances that the system is protected from cyber-attacks.

Livingstone said: “Those questions need to be answered by the prime minister in the House of Commons before we commit to spending £20bn on another generation of this stuff. Spending £20bn on something is bad enough but spending £20bn on something that won’t be able to work is a bit of a problem.”

George Osborne, the chancellor, used a speech at the headquarters of GCHQ last week to announce that the government would allocate more than £3.2bn to cybersecurity over the next five years. But Browne said that this did not go far enough to protect Trident.

He said: “My instinct is to think that £3.2bn over five years, comes nowhere near the scale of the cyber-threat challenge, if it includes ensuring cybersecurity for the command and control of our nuclear weapons. Also, this is the environment to which Moore’s law applies. Consequently, we can expect cyber-capacity to have doubled and doubled again since the report was published and to continue to increase.”

Franklin Miller, a former White House defence policy official under President George W Bush who oversaw the US nuclear deterrent between 1981-2001, said that Browne’s analysis was flawed.

Miller said: “It is no surprise that Des Browne would be coming up with arguments against the successor to Vanguard and to be grasping at straws. If our nuclear command and control system depended upon the Internet or went through the Internet then the report by the defense science board would be quite an important warning. However, for those reasons it is a standalone system. It is air-gapped. It does not go through the Internet.”

The former White House official said that the report cited by Browne was written in 2013 as a “shot across the bow” to elements in the US defence community who were thinking that the next generation of the command and control system of the US nuclear deterrent should have elements connected to the Internet.

Miller added: “I am very comfortable saying that right now our command and control system is insulated from cyber-attack because it doesn’t go into any place that cyber would intrude.”

Livingstone, who was appointed last week by Labour’s national executive committee to co-chair the party’s defence review alongside the shadow defence secretary, Maria Eagle, made clear that he would use the US report to raise further questions about Trident and its successor. He said: “Certainly the policy review will want to see this report because it clearly is a major step.”
Guardian: http://bit.ly/1I7V4SJ

« CIA Say Edward Snowden 'taught ISIS to avoid detection'
ISIS Video Threatens US Capital »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: Navigating cloud security: The importance of posture management tools

ON-DEMAND WEBINAR: Navigating cloud security: The importance of posture management tools

Watch this webinar to see how cloud security posture management (CSPM) tools can fit into your cloud security strategy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

KoolSpan

KoolSpan

KoolSpan’s security and privacy solutions address the growing threat of loss or theft of intellectual property, information, and proprietary assets.

Texplained

Texplained

Texplained specializes in security audits of microchips to identify vulnerabilities and protect against invasive cyber attacks.

Emerson Electric Co

Emerson Electric Co

Emerson provides industrial automation systems and associated cybersecurity solutions to protect critical process control systems from cyber attack.

Entersekt

Entersekt

Entersekt is an innovator in push-based authentication and app security.

IQ Solutions

IQ Solutions

IQ Solutions is a Digital Integrator and an ICT Services Provider, focusing on innovative Cyber Secured ICT managed solutions tailored to the needs of the Maritime Industry.

Enigmatos

Enigmatos

Enigmatos is an Israeli based Automotive Cyber Security company. We provide solutions to the ever growing threat of vehicle hacking.

Baker Donelson

Baker Donelson

Baker Donelson is a law firm with a team of more than 700 attorneys and advisors representing more than 30 practice areas including Data Protection, Privacy and Cybersecurity.

Alias Robotics

Alias Robotics

Alias Robotics is a robot cyber security company. We deliver cyber security solutions for robots and robot components.

Apono

Apono

Apono enables DevOps and security teams to manage access to sensitive cloud assets and data repositories in a frictionless and compliant way.

Ibento Global

Ibento Global

Ibento organises the CyberX series of cybersecurity conferences.

SpireTec Solutions

SpireTec Solutions

SpireTec Solutions is an IT management training company offering 1500+ courses with state of art training facilities backed by a team of industry experts in various domains including cybersecurity.

Fusion Cyber

Fusion Cyber

Fusion Cyber educates students in Zero Trust Risk Management, Defense, and Cyber Offense that lead to taking industry-accepted cybersecurity certifications.

Zitec

Zitec

One of Europe's largest and most prominent full-cycle software development services companies, Zitec is the digital transformation partner to companies in the EU, UK, USA, Canada and ME.

Acronis

Acronis

At Acronis, we protect the data, applications, systems and productivity of every organization – safeguarding them against cyberattacks, hardware failures, natural disasters and human errors.

Illustria

Illustria

Illustria is your agent-less “watchdog” for all open source libraries. Our mission is becoming a dev-velocity company, enabled via cyber security.

Beaming

Beaming

Beaming is an established Internet Service Provider for businesses across the UK. We deliver reliable voice, data and managed services, including cybersecurity.