UK’s Trident Nuclear Subs Vulnerability To Hackers

Uploaded on 2017-06-09 in NEWS-News Analysis, GOVERNMENT-Defence, FREE TO VIEW

Think-tank sceptical about MoD assurances, saying cyber attack could lead even to ‘exchange of nuclear warheads’ 

The UK’s Trident submarine fleet is vulnerable to a “catastrophic” cyber-attack that could render Britain’s nuclear weapons useless, according to a report by a London-based think-tank. 

The 38-page report, Hacking UK Trident: A Growing Threat, warns that a successful cyber-attack could “neutralise operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads (directly or indirectly)”.
The Ministry of Defence has repeatedly said the operating systems of Britain’s nuclear submarines cannot be penetrated while at sea because they are not connected to the internet at that point.

But the report’s authors, the British American Security Information Council (Basic), expressed scepticism. 
“Submarines on patrol are clearly air-gapped, not being connected to the internet or other networks, except when receiving  data from outside. As a consequence, it has sometimes been claimed by officials that Trident is safe from hacking. But this is patently false and complacent,” they say in the report.

Even if it were true that a submarine at sea could not be attacked digitally, the report points out that the vessels are only at sea part of the time and are vulnerable to the introduction of malware at other points, such as during maintenance while docked at the Faslane naval base in Scotland.

The report says: “Trident’s sensitive cyber systems are not connected to the internet or any other civilian network. Nevertheless, the vessel, missiles, warheads and all the various support systems rely on networked computers, devices and software, and each of these have to be designed and programmed. All of them incorporate unique data and must be regularly upgraded, reconfigured and patched.”

The UK has four nuclear missile-carrying submarines, which are in the process of being replaced. Their replacements are scheduled to go into service in the early 2030s.

The report comes after the cyber attack last month that disrupted the NHS, which uses the same Windows software as the Trident submarines. There was speculation too that the US used cyberwarfare to destroy a North Korean missile test. A Trident test-firing of a missile last year off the coast of Florida also went awry, with no official explanation given. The report was co-written by Stanislav Abaimov, a researcher in cybersecurity and electronic engineering at the University of Rome and a graduate of the Moscow State Institute of Electronics and Mathematics, and Paul Ingram, Basic’s executive director. 

In reaction to the report, Des Browne, who as UK defence secretary in 2007 was responsible for steering the original decision to renew Trident through parliament, said: “The WannaCry worm attack earlier this month affecting 300,000 computers worldwide, including vital NHS services, was just a taste of what is possible when cyber-weapons are stolen. 
“To imagine that critical digital systems at the heart of nuclear weapon systems are somehow immune or can be confidently protected by dedicated teams of network managers is to be irresponsibly complacent.”

Abaimov said: “There are numerous cyber vulnerabilities in the Trident system at each stage of operation, from design to decommissioning. An effective approach to reducing the risk would involve a massive and inevitably expensive operation to strengthen the resilience of subcontractors, maintenance systems, components design and even software updates. If the UK is to continue deploying nuclear weapon systems this is an essential and urgent task in the era of cyberwarfare.”

The report’s authors estimate that the capital costs for the UK government to improve cybersecurity for the Trident programme would run to several billions of pounds over the next 15 years.

Guardian:

You Might Alos Read:

French Submarine Builder Admits Data-Warfare Breach:

Cyber Threats & Nuclear Weapons:

British Royal Navy Drone Ships Will Replace Sailors:

Underwater Drone Technology Could Doom Trident:

 

« Leaked NSA Report Claims Russian 'Cyber Espionage' Against US Elections
French Security Chief Warns of Permanent Cyber War »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

RISA

RISA

RISA solutions help to secure networks, improve overall network security, and achieve government regulatory compliance.

CloudDNA

CloudDNA

CloudDNA deliver solutions that enable users and devices to connect over high performance, secure, efficient, scalable cloud networks.

Tempered Networks

Tempered Networks

Tempered Networks delivers the first purpose-built platform for IIoT cybersecurity that allows customers to connect and secure devices in minutes without the need for specialized skills.

WeSecureApp (WSA)

WeSecureApp (WSA)

WeSecureApp is specialized in providing Cyber Security Solutions to safeguard your applications and networks.

SKKU Security Lab (seclab)

SKKU Security Lab (seclab)

SKKU Security Lab supports research and education in information security engineering. The lab is a part of the College of Software, Sungkyunkwan University.

Gilbert + Tobin

Gilbert + Tobin

Gilbert + Tobin is an Australian corporate law firm serving clients throughout Australia, and around the world, on a broad range of legal issues including cyber security.

Digital Transformation EXPO (DTX)

Digital Transformation EXPO (DTX)

Digital Transformation EXPO showcases the latest technology and insight from the world’s leading brands and experts in DX.

FRSecure

FRSecure

FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction.

Cyway

Cyway

Cyway is a value-added cybersecurity distributor focusing on on-prem, cloud solutions and hybrid solutions, IoT, AI & machine learning IT security technologies.

Cypress Data Defense

Cypress Data Defense

Cypress Data Defense helps clients build secure applications by providing training, best practices, and evaluating security during every stage of the Secure Application Development Lifecycle.

Kratos Defense & Security Solutions

Kratos Defense & Security Solutions

The Kratos Space, Training, and Cybersecurity division addresses key cybersecurity challenges, including cloud security, continuous monitoring, IT security, and risk management.

ProCheckUp

ProCheckUp

ProCheckUp is a London-based independent provider of cyber security services, including IT Security, Assurance, Compliance and Incident Response.

CloudCover

CloudCover

CloudCover is a software-defined cybersecurity risk solution that provides risk awareness, risk analytics, and data security in real time.

Tech Seven Partners

Tech Seven Partners

At TechSeven Partners, we provide a full suite of cyber security solutions for your business including network monitoring, onsite and cloud backup solutions, HIPAA or PCI compliance.

Protexxa

Protexxa

Protexxa is a B2B SaaS cybersecurity platform that leverages Artificial Intelligence to rapidly identify, evaluate, predict, and resolve cyber issues for employees.

Sec3

Sec3

Sec3 is a security and research firm providing bespoke audits and cutting edge tools to Web3 projects.