A new report warns UK’s Trident submarines ‘vulnerable to catastrophic hack’

According to a report published by the London-based think tank British American Security Information Council (Basic), the UK Trident submarine fleet is vulnerable to cyber-attacks.

According to the report “Hacking UK Trident, A Growing Threat,” a cyber attack against a submarine could have ‘catastrophic’ consequences, including loss of life.

“A successful attack could neutralise operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads (directly or indirectly).” reads the report. “But the very possibility of cyber-attack and the growing capability to launch them against SSBNs, could have a severe impact upon the confidence of maintaining an assured second-strike capability and therefore on strategic stability between states”

Military officials consider Trident submarines safe from hacking because they leverage air-gapped networks, but authors of the report expressed skepticism.

The researchers believe that vessels are not vulnerable to cyber attacks during normal operations while are in the sea, but they could be targeted with a malware-based attack at other points, such as during maintenance while docked at a naval base.

Trident submarines use same Windows software deployed at the NHS that were recently destroyed by the WannaCry attack.

The UK defence secretary Des Browne confirmed that such kind of attacks on a large-scale could have unpredictable effects.

“The WannaCry worm attack earlier this month affecting 300,000 computers worldwide, including vital NHS services, was just a taste of what is possible when cyber-weapons are stolen.” said Des Browne.

“To imagine that critical digital systems at the heart of nuclear weapon systems are somehow immune or can be confidently protected by dedicated teams of network managers is to be irresponsibly complacent.”

The report details the attack vectors that could be exploited to destroy or endanger operations, but it highlights that it takes sophisticated, well-resourced and sustained cyberattacks to trigger the vulnerabilities in remote submarine subsystems.

“These attacks are beyond the scope of all but the most well-resourced and extensive non-state groups. Essentially, the principal threat comes from other states’ cyber operations alongside extensive and highly sophisticated intelligence activities.” states the report.

The authors of the study estimate that the capital costs for the UK government to improve cybersecurity for the Trident submarines would run to several billions of pounds over the next 15 years.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – hacking, Trident submarines)

[adrotate banner=”13″]