Thursday, January 11, 2018

Could Hackers Launch a Nuclear Attack?

Chatham House, the Royal Institute of International Affairs, has released a study of cyber security risks posed to US, British and other countries' nuclear arsenals.

The threat has received scant attention so far from those involved in nuclear military planning and the procurement of weapons, the report said.

It blames this partly on failure to keep up with fast-moving advances, lack of skilled staff and the slowness of institutional change.

“Nuclear weapons systems were developed before the advancement of computer technology and little consideration was given to potential cyber vulnerabilities. As a result, current nuclear strategy often overlooks the widespread use of digital technology in nuclear systems,” the authors of the study said.

Nuclear weapons systems are at threat from hostile states, criminal groups and terrorist organisations exploiting cyber vulnerabities.

“The likelihood of attempted cyber-attacks on nuclear weapons systems is relatively high and increasing from advanced persistent threats from states and non-state groups,” the report said.

It cited examples such as a report the US could have infiltrated the supply chain of North Korea’s missile system that contributed to a test failure in April last year. The silos of US nuclear-tipped Minuteman intercontinental ballistic missiles “are believed to be particularly vulnerable to cyber attacks”.

Here's the summary taken verbatim from the report:

Nuclear weapons systems were first developed at a time when computer capabilities were in their infancy and little consideration was given to potential malicious cyber vulnerabilities. Many of the assumptions on which current nuclear strategies are based pre-date the current widespread use of digital technology in nuclear command, control and communication systems.
There are a number of vulnerabilities and pathways through which a malicious actor may infiltrate a nuclear weapons system without a state’s knowledge. Human error, system failures, design vulnerabilities, and susceptibilities within the supply chain all represent common security issues in nuclear weapons systems. Cyberattack methods such as data manipulation, digital jamming and cyber spoofing could jeopardize the integrity of communication, leading to increased uncertainty in decision-making.
During peacetime, offensive cyber activities would create a dilemma for a state as it may not know whether its systems have been the subject of a cyberattack. This unknown could have implications for military decision-making, particularly for decisions affecting nuclear weapons deterrence policies.
At times of heightened tension, cyberattacks on nuclear weapons systems could cause an escalation, which results in their use. Inadvertent nuclear launches could stem from an unwitting reliance on false information and data. Moreover, a system that is compromised cannot be trusted in decision-making.
Possible cyber resilience measures include taking a holistic approach in creating trustworthy systems based on rigorous risk assessments. These should incorporate an analysis of a combination of threats, vulnerabilities and consequences.
It is the responsibility of nuclear weapons states to incorporate cyber risk reduction measures in nuclear command, control and communication systems. Although some information is publicly available on US weapons systems, there is very little information regarding other nuclear weapons states. Academia and civil society should be encouraged to bring this issue to the attention of their government.

As a confidence booster, the report features a photo of a threadworn control panel from a Minuteman missile silo.  Nice, eh?


Toby said...

The weak spot is always human. You probably won't read The Cuckoo's Egg but you can read a Wiki summary here:

"He watched as the hacker sought, and sometimes gained unauthorized access to, military bases around the United States, looking for files that contained words such as “nuclear” or “SDI”. The hacker also copied password files (in order to make dictionary attacks) and set up Trojan horses to find passwords. Stoll was amazed that on many of these high-security sites the hacker could easily guess passwords, since many system administrators had never bothered to change the passwords from their factory defaults. Even on military bases, the hacker was sometimes able to log in as “guest” with no password."

To answer your question, Mound, the answer is yes. Also likely is an hacker taking control of a military drone and redirecting it.

Anonymous said...

Also likely is an hacker taking control of a military drone and redirecting it.

This seems to have happened before in Iran.

Taking control and using nuclear weapons could well end up with the self destruction of many nations if not mankind.

An indiscriminate strike would trigger a nuclear apocalypse; with some nations also indiscriminately countering an indefinable enemy.

This should seem far fetched were it not for the Tea Baggers 'End of Timers" within the USA and the Trump regime that manipulates them for power.


The Mound of Sound said...

I have to say that, when a warning like this comes from Chatham House, it's a good idea to take it seriously.