Trident nuclear weapons system could be vulnerable to cyber attacks

According to the Guardian, the former British defence secretary Des Browne called on the British Prime Minister to assess the resilience to cyber attacks of the Trident nuclear weapons system.

“The UK Trident programme encompasses the development, procurement and operation of the current generation of British nuclear weapons, and the means to deliver them.” states Wikipedia.

The Britain’s Trident nuclear weapons system may be obsolete soon unless David Cameron can protect it from cyber attacks of nation-state actors.

“The government … have an obligation to assure parliament that all of the systems of the nuclear deterrent have been assessed end-to-end against cyber attacks to understand possible weak spots and that those weak spots are protected against a high-tier cyber threat. If they are unable to do that then there is no guarantee that we will have a reliable deterrent or the prime minister will be able to use this system when he needs to reach for it.” states Browne.

The UK’s former defense secretary is seeking assurance from the Prime Minister that the Trident nuclear weapons system is secured against attacks from hostile persistent threat actors, such as Russia and China.

According to a report issued by the US department of Defense on Resilient Military Systems, there is the concrete risk that the US and its allies could suffer a major attack on their military systems.

“The United States cannot be confident that our critical Information Technology (IT) systems will work under attack from a sophisticated and well-resourced opponent utilizing cyber capabilities in combination with all of their military and intelligence capabilities (a “full spectrum” adversary).” states the report. “While this is also true for others (e.g. Allies, rivals, and public/private networks), this Task Force strongly believes the DoD needs to take the lead and build an effective response to measurably increase confidence in the IT systems we depend on (public and private) and at the same time decrease a would-be attacker’s confidence in the effectiveness of their capabilities to compromise DoD systems. “

For the protection of the Trident nuclear weapons system it is essential to assess the military components searching for possible weaknesses and fix them.

According to the New Statesman, a spokesperson from the MoD explained that the Trident system is an air-gapped system, but we know that this is not sufficient to consider a system as security.

Security experts at FireEye discovered a Chinese hacking crew, dubbed APT 30, that was focusing its cyber espionage operations on air-gapped networks. The APT30 has many other tools in its arsenal that includes backdoors, malware with the ability to compromise air-gapped networks, downloaders and many others. Some of these tools were used only by the APT30 operators.

The British chancellor George Osborne last week to announce that the UK Government would allocate more than £3.2bn to cybersecurity over the next five years. Despite the significant effort, Browne expressed his skepticism on the protection of the Trident.

“My instinct is to think that £3.2bn over five years, comes nowhere near the scale of the cyber-threat challenge, if it includes ensuring cybersecurity for the command and control of our nuclear weapons. Also, this is the environment to which Moore’s law applies. Consequently, we can expect cyber-capacity to have doubled and doubled again since the report was published and to continue to increase.” said Browne.

Pierluigi Paganini

(Security Affairs – Trident nuclear weapons, Information Warfare)