Nuclear Weapons Subs Could Be Vulnerable to Cyber-attack

Uploaded on 2015-11-27 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE--Europe, GOVERNMENT-Defence, FREE TO VIEW

Britain’s Trident nuclear weapons system may turn out to be obsolete unless David Cameron can offer assurances that it is wholly protected from cyber-attacks by a hostile state, the former defence secretary Des Browne has said.

As Cameron put the replacement of Trident at the heart of the defence review, Browne told the Guardian there could be no guarantee of a reliable deterrent without an “end-to-end” assessment of the cyber-threat to the system.

Lord Browne of Ladyton, who served as defence secretary between 2006 and 2008, highlighted a report by the defense science board of the US Department of Defense, which warned that the US and its allies “cannot be confident” that their defence systems would be able to survive an “attack from a sophisticated and well-resourced opponent utilising cyber-capabilities in combination with all of their military and intelligence capabilities”.

The report, published in January 2013, asked for assurances that the US nuclear deterrent would be “survivable against the full-spectrum” Tier V-VI cyber attacks, code for Russia and China.

The former defence secretary, who now serves as vice-chair of the Nuclear Threat Initiative, which campaigns for disarmament, said: “The government ... have an obligation to assure parliament that all of the systems of the nuclear deterrent have been assessed end-to-end against cyber attacks to understand possible weak spots and that those weak spots are protected against a high-tier cyber threat. If they are unable to do that then there is no guarantee that we will have a reliable deterrent or the prime minister will be able to use this system when he needs to reach for it.”

Browne spoke out as the prime minister confirmed in the strategic defence and security review that the government would ask parliament to approve the successor to the Trident programme in a “main-gate decision”, which was originally scheduled for next year.

Labour divisions will be highlighted when a non-binding vote on Trident is held in the Commons at the end of a debate called by the SNP, which opposes the programme. Jeremy Corbyn, who shares the SNP view, is asking his MPs to abstain in the vote because Labour’s policy on Trident is under review.

Ken Livingstone, the co-convener of Labour’s defence review, said that Browne’s remarks and the US report shows that the prime minister should abandon plans to replace Trident unless Cameron can offer assurances that the system is protected from cyber-attacks.

Livingstone said: “Those questions need to be answered by the prime minister in the House of Commons before we commit to spending £20bn on another generation of this stuff. Spending £20bn on something is bad enough but spending £20bn on something that won’t be able to work is a bit of a problem.”

George Osborne, the chancellor, used a speech at the headquarters of GCHQ last week to announce that the government would allocate more than £3.2bn to cybersecurity over the next five years. But Browne said that this did not go far enough to protect Trident.

He said: “My instinct is to think that £3.2bn over five years, comes nowhere near the scale of the cyber-threat challenge, if it includes ensuring cybersecurity for the command and control of our nuclear weapons. Also, this is the environment to which Moore’s law applies. Consequently, we can expect cyber-capacity to have doubled and doubled again since the report was published and to continue to increase.”

Franklin Miller, a former White House defence policy official under President George W Bush who oversaw the US nuclear deterrent between 1981-2001, said that Browne’s analysis was flawed.

Miller said: “It is no surprise that Des Browne would be coming up with arguments against the successor to Vanguard and to be grasping at straws. If our nuclear command and control system depended upon the Internet or went through the Internet then the report by the defense science board would be quite an important warning. However, for those reasons it is a standalone system. It is air-gapped. It does not go through the Internet.”

The former White House official said that the report cited by Browne was written in 2013 as a “shot across the bow” to elements in the US defence community who were thinking that the next generation of the command and control system of the US nuclear deterrent should have elements connected to the Internet.

Miller added: “I am very comfortable saying that right now our command and control system is insulated from cyber-attack because it doesn’t go into any place that cyber would intrude.”

Livingstone, who was appointed last week by Labour’s national executive committee to co-chair the party’s defence review alongside the shadow defence secretary, Maria Eagle, made clear that he would use the US report to raise further questions about Trident and its successor. He said: “Certainly the policy review will want to see this report because it clearly is a major step.”
Guardian: http://bit.ly/1I7V4SJ

« CIA Say Edward Snowden 'taught ISIS to avoid detection'
ISIS Video Threatens US Capital »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Corero Network Security

Corero Network Security

Corero Network Security is dedicated to improving the security of the Internet through the deployment of its innovative DDoS & Network Security Solutions.

DataCore Software

DataCore Software

DataCore Software is a leader in Software-Defined Storage. Solutions offered include back up and disaster recovery.

Law Enforcement Cyber Center (LECC)

Law Enforcement Cyber Center (LECC)

LECC is designed to assist police, digital forensic investigators, detectives, and prosecutors who are investigating and preventing crimes that involve technology.

Australian Cyber Security Centre (ACSC)

Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together into a single location.

CyberOwl

CyberOwl

CyberOwl builds on cutting-edge research and combines decades of experience in developing, securing and operating large distributed systems.

Corsa Security

Corsa Security

Corsa Security is leading the transformation of network security with a private cloud approach that helps scale network security services with unwavering performance and flexibility.

CPP Group UK

CPP Group UK

CPP Group UK develops products to help insurers add further value to their products and services through its innovative suite of new products in FinTech, InsurTech and cyber security.

Cyber Pathways

Cyber Pathways

Cyber Pathways brings together the next generation of Cyber professionals along with delegates who are looking to cross train and enter the cyber market.

Vortiv

Vortiv

Vortiv Ltd (formerly known as Transaction Solutions International Ltd) is a technology based company focused on the cybersecurity and the cloud services sector.

Sprint Networks

Sprint Networks

Sprint Networks is a trusted compliance and risk program advisor which deliver cost-effective technology to reduce enterprise-wide risk.

Byos

Byos

Byos provides visibility of devices across all networks, regardless of location, integrating with your existing security stack.

Otava

Otava

Otava is a global leader of secure, compliant hybrid cloud and IT solutions for service providers, channel partners and enterprise clients.

Hackurity.io

Hackurity.io

Hackurity.io is a high energy IT security start-up founded in 2021 out of the frustration that IT Security is highly fragmented and reactive.

Ermes

Ermes

Ermes – Intelligent Web Protection provides companies with a solution that effectively secures them against web threats.

Ironblocks

Ironblocks

Ironblocks is a pioneering cybersecurity firm that specializes in delivering comprehensive, end-to-end security solutions for the rapidly evolving Web3 ecosystem.

Badge

Badge

Badge authenticates you on-demand for every application, on any device, without storing any secrets.