The Destabilizing Danger Of Cyberattacks On Missile Systems

Uploaded on 2019-07-23 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

Attacks that aim to disable enemy missile systems may increase the chance of them being used, not least because the systems are so vulnerable.   By Patricia Lewis and Beyza Unal
 
After President Trump decided to halt a missile attack on Iran in response to the downing of a US drone, it was revealed that the US had conducted cyberattacks on Iranian weapons systems to prevent Iran launching missiles against US assets in the region.

This ‘left-of-launch’ strategy – the pre-emptive action to prevent an adversary launch missiles – has been part of the US missile defence strategy for some time now. President George W Bush asked the US military and intelligence community to infiltrate the supply chain of North Korean missiles. It was claimed that the US hacked the North Korean ballistic missile programme, causing a failed ballistic missile test, in 2012.

It was not clear then – or now – whether these ‘left-of-launch’ cyberattacks aimed at North Korea were successful as described or whether they were primarily a bluff. But that is somewhat irrelevant; the belief in the possibility and the understanding of the potential impact of such cyber capabilities undermines North Korean or Iranian confidence in their abilities to launch their missiles. In times of conflict, loss of confidence in weapons systems may lead to escalation.

In other words, the adversary may be left with no option but to take the chance to use these missiles or to lose them in a conflict setting. ‘Left of launch’ is a dangerous game. If it is based on a bluff, it could be called upon and lead to deterrence failure. If it is based on real action, then it could create an asymmetrical power struggle. If the attacker establishes false confidence in the power of a cyber weapon, then it might lead to false signalling and messaging.

This is the new normal. The cat-and-mouse game has to be taken seriously, not least because missile systems are so vulnerable.

There are several ways an offensive cyber operation against missile systems might work. These include exploiting missile designs, altering software or hardware, or creating clandestine pathways to the missile command and control systems.

They can also be attacked in space, targeting space assets and their link to strategic systems.

Most missile systems rely, at least in part, on digital information that comes from or via space-based or space-dependent assets such as: communication satellites; satellites that provide position, navigation and timing (PNT) information (for example GPS or Galileo); weather satellites to help predict flight paths, accurate targeting and launch conditions; and remote imagery satellites to assist with information and intelligence for the planning and targeting.

Missile launches themselves depend on:-

 1) the command and control systems of the missiles,

2) the way in which information is transmitted to the missile launch facilities and

3) the way in which information is transmitted to the missiles themselves in flight. All these aspects rely on space technology.

In addition, the ground stations that transmit and receive data to and from satellites are also vulnerable to cyberattack – either through their known and unknown internet connectivity or through malicious use of flash drives that contain a deliberate cyber infection.

Non-space-based communications systems that use cable and ground-to-air-to-ground masts are likewise under threat from cyberattacks that find their way in via internet connectivity, proximity interference or memory sticks. Human error in introducing connectivity via phones, laptops and external drives, and in clicking on malicious links in sophisticated phishing lures, is common in facilitating inadvertent connectivity and malware infection.

All of these can create a military capacity able to interfere with missile launches. Malware might have been sitting on the missile command and control system for months or even years, remaining inactivated until a chosen time or by a trigger that sets in motion a disruption either to the launch or to the flight path of the missile. The country that launches the missile that either fails to launch or fails to reach the target may never know if this was the result of a design flaw, a common malfunction or a deliberate cyberattack.

States with these capabilities must exercise caution: cyber offence manoeuvres may prevent the launch of missile attacks against US assets in the Middle East or in the Pacific regions, but they may also interfere with US missile launches in the future.

Even, as has recently been revealed, US cyber weapons targeting an adversary may blow back and inadvertently infect US systems. Nobody is invulnerable. 

Dr Patricia Lewis is Research Director, International Security, Chatham House

Dr Beyza Unal is Senior Research Fellow, International Security Department

You Might Also Read: 

Cyber Threats And Nuclear Weapons Systems:

 

 

 

« E-Fusion And Industry 4.0
Russian FSB Hacked: "Largest data breach in its history" »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Galaxkey

Galaxkey

Galaxkey is a data protection product that protects email, documents and any data using access control and an encryption platform.

Galois

Galois

Galois specializes in the research and development of new technologies that solve the most difficult problems in computer science.

Mvine

Mvine

Mvine's primary business is authoring and selling Cyber-Secure Platforms for Collaboration Portals and for Identity Management as well as delivering cloud support services.

Pluribus One

Pluribus One

Pluribus One develops customized solutions and other data-driven applications to secure your business and your devices.

Cyber Intelligence 4U

Cyber Intelligence 4U

Cyber Intelligence 4U is an educational services company that provides two levels of cybersecurity training programs: executive and technical.

Billington CyberSecurity

Billington CyberSecurity

Billington CyberSecurity is a leading, independent education company with an exclusive focus on cybersecurity.

Salt Cybersecurity

Salt Cybersecurity

Salt Cybersecurity offer a four-pronged approach to information security that includes Custom Security Policy, Vulnerability Assessment, Threat Detection, and Security Awareness Training.

Security Management Partners (SMP)

Security Management Partners (SMP)

Security Management Partners (SMP) is a trusted partner to financial services, healthcare and businesses that need to manage their information, securely.

Cyturus Technologies

Cyturus Technologies

Cyturus Technologies delivers cybersecurity business risk quantification services using our proprietary Adaptive Risk Model (ARM).

Corsica Technologies

Corsica Technologies

Corsica Technologies is recognized as one of the top managed IT and cybersecurity service providers. Our integrated IT and cybersecurity services protect companies and enable them to succeed.

Gridware

Gridware

Gridware is a specialised cybersecurity consultancy firm and an emerging global player in the cybersecurity intelligence and advisory field.

Ostra Cybersecurity

Ostra Cybersecurity

As a next-generation MSSP, Ostra Cybersecurity combines best-in-class tools, proprietary technology and exceptional talent to deliver Fortune 100-level protection for businesses of all sizes.

Artifice Security

Artifice Security

Artifice Security will demonstrate real-world attacks on your network, web applications, infrastructure, and personnel to expose your hidden security risks.

Aardwolf Security

Aardwolf Security

Aardwolf Security specialise in penetration testing to the highest standards set out by OWASP. We ensure complete client satisfaction and aftercare.

B&L PC Solutions

B&L PC Solutions

B&L PC Solutions deliver top cyber security services on Long Island and New York city to protect businesses from evolving online threats.

TrueDeploy

TrueDeploy

Making Software Security EASY. The Security Status of Your Software in One Place. All you have to do is Deploy.