Britain’s Trident nukes vulnerable to hack attack – report
The British American Security Information Council (BASIC) is scathing about both the state of security on Trident-carrying Vanguard submarines and the Ministry of Defence (MoD) claims that the submarines are hacker-proof.
The MoD has rejected concerns over the accessibility of systems aboard Vanguard on the basis that IT equipment, which is run on Windows XP, is not connected to the internet while at sea during three-month patrols.
“Submarines on patrol are clearly air-gapped, not being connected to the internet or other networks, except when receiving (very simple) data from outside. As a consequence, it has sometimes been claimed by officials that Trident is safe from hacking. But this is patently false and complacent,” the authors says.
BASIC insists there are various points at which malware can be introduced, including when the submarines are docked at their Royal Navy base in Faslane, Scotland.
“Trident’s sensitive cyber systems are not connected to the internet or any other civilian network,” the report says.
“Nevertheless, the vessel, missiles, warheads and all the various support systems rely on networked computers, devices and software, and each of these have to be designed and programmed. All of them incorporate unique data and must be regularly upgraded, reconfigured and patched.”
Responding to the report, former Labour Defence Secretary Des Browne pointed to the recent ransomware attack on National Health Service (NHS) computers, calling it “just a taste of what is possible when cyber-weapons are stolen.”
“To imagine that critical digital systems at the heart of nuclear weapon systems are somehow immune or can be confidently protected by dedicated teams of network managers is to be irresponsibly complacent,” Browne told the Guardian.
The report was written by BASIC director Paul Ingram and cybersecurity expert Stanislav Abaimov. Abaimov told the Guardian: “There are numerous cyber vulnerabilities in the Trident system at each stage of operation, from design to decommissioning.
“An effective approach to reducing the risk would involve a massive and inevitably expensive operation to strengthen the resilience of subcontractors, maintenance systems, components design and even software updates.”
If the UK plans to keep deploying nuclear weapons it needs to urgently upgrade its systems at a cost of billions of pounds, he said.