Chatham House, the Royal Institute of International Affairs, has released a study of cyber security risks posed to US, British and other countries' nuclear arsenals.
The threat has received scant attention so far from those involved in nuclear military planning and the procurement of weapons, the report said.
It blames this partly on failure to keep up with fast-moving advances, lack of skilled staff and the slowness of institutional change.
“Nuclear weapons systems were developed before the advancement of computer technology and little consideration was given to potential cyber vulnerabilities. As a result, current nuclear strategy often overlooks the widespread use of digital technology in nuclear systems,” the authors of the study said.
Nuclear weapons systems are at threat from hostile states, criminal groups and terrorist organisations exploiting cyber vulnerabities.
“The likelihood of attempted cyber-attacks on nuclear weapons systems is relatively high and increasing from advanced persistent threats from states and non-state groups,” the report said.
It cited examples such as a report the US could have infiltrated the supply chain of North Korea’s missile system that contributed to a test failure in April last year. The silos of US nuclear-tipped Minuteman intercontinental ballistic missiles “are believed to be particularly vulnerable to cyber attacks”.
Here's the summary taken verbatim from the report:
Nuclear weapons systems were first developed at a time when computer capabilities were in their infancy and little consideration was given to potential malicious cyber vulnerabilities. Many of the assumptions on which current nuclear strategies are based pre-date the current widespread use of digital technology in nuclear command, control and communication systems.
There are a number of vulnerabilities and pathways through which a malicious actor may infiltrate a nuclear weapons system without a state’s knowledge. Human error, system failures, design vulnerabilities, and susceptibilities within the supply chain all represent common security issues in nuclear weapons systems. Cyberattack methods such as data manipulation, digital jamming and cyber spoofing could jeopardize the integrity of communication, leading to increased uncertainty in decision-making.
During peacetime, offensive cyber activities would create a dilemma for a state as it may not know whether its systems have been the subject of a cyberattack. This unknown could have implications for military decision-making, particularly for decisions affecting nuclear weapons deterrence policies.
At times of heightened tension, cyberattacks on nuclear weapons systems could cause an escalation, which results in their use. Inadvertent nuclear launches could stem from an unwitting reliance on false information and data. Moreover, a system that is compromised cannot be trusted in decision-making.
Possible cyber resilience measures include taking a holistic approach in creating trustworthy systems based on rigorous risk assessments. These should incorporate an analysis of a combination of threats, vulnerabilities and consequences.
It is the responsibility of nuclear weapons states to incorporate cyber risk reduction measures in nuclear command, control and communication systems. Although some information is publicly available on US weapons systems, there is very little information regarding other nuclear weapons states. Academia and civil society should be encouraged to bring this issue to the attention of their government.
As a confidence booster, the report features a photo of a threadworn control panel from a Minuteman missile silo. Nice, eh?