'Britain's Trident Subs Vulnerable to Catastrophic Cyberattacks'
(Source: British Forces News; issued June 01, 2017)
Britain's Trident submarines are vulnerable to "catastrophic" cyberattacks, according to a new report.

London-based think-tank the British American Security Information Council (BASIC) has expressed scepticism over Ministry of Defence assurances that the subs' operating systems cannot be breached while at sea because they are not connected to the internet at that point. It warns:

"A successful attack could neutralise operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads (directly or indirectly)."

It adds: "Submarines on patrol are clearly air-gapped, not being connected to the internet or other networks, except when receiving (very simple) data from outside.

"As a consequence, it has sometimes been claimed by officials that Trident is safe from hacking. But this is patently false and complacent."

The thinktank, which calls on its website for 'a world free from the threat of nuclear weapons', also points to the time the boats do not spend at sea - like when they are docked at the Faslane naval base in Scotland for maintenance.

Its report says: "Trident's sensitive cyber systems are not connected to the internet or any other civilian network.

"Nevertheless, the vessel, missiles, warheads and all the various support systems rely on networked computers, devices and software, and each of these have to be designed and programmed.

"All of them incorporate unique data and must be regularly upgraded, reconfigured and patched."

Report co-writer Stanislav Abaimov said: "There are numerous cyber vulnerabilities in the Trident system at each stage of operation, from design to decommissioning."

"An effective approach to reducing the risk would involve a massive and inevitably expensive operation to strengthen the resilience of subcontractors, maintenance systems, components design and even software updates.

"If the UK is to continue deploying nuclear weapon systems this is an essential and urgent task in the era of cyberwarfare."

Former Defence Secretary Des Browne, who steered the original decision to renew Trident through parliament in 2007, said: "The WannaCry worm attack earlier this month affecting 300,000 computers worldwide, including vital NHS services, was just a taste of what is possible when cyber-weapons are stolen."

"To imagine that critical digital systems at the heart of nuclear weapon systems are somehow immune or can be confidently protected by dedicated teams of network managers is to be irresponsibly complacent."

Britain's Trident submarines currently use the same Windows XP software as the majority of the NHS. The report's authors believe it would cost the government several billions of pounds over the next 15 years to improve Trident cyber security.

It comes after speculation that the US used cyberwarfare to destroy a North Korean missile test.

The Ministry of Defence was forced to defend Trident earlier this year, meanwhile, after reports emerged that a missile test had malfunctioned off the coast of Florida.

(ends)



Hacking UK Trident: A Growing Threat
(Source: BASIC; issued May 31, 2017)
This paper reviews the growing potential for cyber-attack on the UK’s operational fleet of Vanguard-class submarines armed with nuclear-tipped Trident II D-5 ballistic missiles, and some of the implications for strategic stability.

A successful attack could neutralise operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads (directly or indirectly). But the very possibility of cyber-attack and the growing capability to launch them against SSBNs, could have a severe impact upon the confidence of maintaining an assured second-strike capability and therefore on strategic stability between states.

Recent suggestions that the fleet is vulnerable have sometimes been met with complacency and claims that the isolated ‘air-gapped’ systems cannot be penetrated. Whilst we recognise that it is important not to be alarmist, these claims are false.

The challenge of maintaining covert and secure patrols under reliable operational control is of utmost importance to an effective nuclear deterrence posture based upon submarines. The continuous and rapid development of new cyber technologies will inevitably result in some loss of confidence in future patrols, with negative results on strategic stability.

It is crystal clear that the highest level of priority must be given to cyber protection at every stage in the construction of the UK’s Dreadnought class, across the whole supply chain, if the UK is to contain this hit on confidence.

This will inevitably have major implications for the programme budget, with uncertain success.


Click here for the full report (38 PDF pages), on the BASIC website.

-ends-




prev next

Official reports See all