- Security TWENTY
- Women in Security
At times of heightened tension, cyber-attacks on nuclear weapons systems could cause an escalation, which results in their use, a paper from the current affairs think-tank Chatham House warns. Inadvertent nuclear launches could stem from an unwitting reliance on false information and data, academics say: ‘successful cyber spoofing could hijack decision-making with potentially devastating consequences’.
The likelihood of attempted cyberattacks on nuclear weapons systems is described as ‘relatively high and increasing’. Nuclear weapons systems were first developed at a time when computers were in their infancy and little consideration was given to potential malicious cyber vulnerabilities. Many of the assumptions on which nuclear strategies are based pre-date the current widespread use of digital technology in nuclear command, control and communication systems. Military procurement tends not to consider emerging cyber risks, the paper claims. It’s not only something for Governments, the paper argues, but the supply chain, which is not ‘secure by design’, according to the paper; cyber-attacks on private sector IT may result in the theft of nuclear weapons design information, to sell or pass on.
A malicious actor may infiltrate a nuclear weapons system without a state’s knowledge. Human error, system failures, design vulnerabilities, and susceptibilities within the supply chain all represent common security issues in nuclear weapons. Hackers may compromise source code, firmware or internal portals. Cyber-attack methods such as data manipulation, digital jamming and cyber spoofing could jeopardize the integrity of communication. Artificial intelligence (AI) applications could add to complexity and cyber risk.
The paper urges cyber risk reduction in nuclear command, control and communication systems. Although some information is publicly available on US weapons systems, there is very little information regarding other nuclear weapons states. The paper concludes: “After all, it is the public that will pay the ultimate price for complacency regarding cybersecurity of nuclear weapons systems.”
For the 24-page document in full: by Dr Beyza Unal; and Dr Patricia Lewis, Research Director, International Security at Chatham House, click here. The annual Chatham House Security and Defence conference runs at Chatham House in central London on March 12 and 13.
Javvad Malik, security advocate at AlienVault, said: “There are many risks with connecting legacy systems, we’ve seen in the past years an increase in the attempts to attack critical national infrastructure such as electricity. Going after connected weaponry is the next step, be it for espionage purposes, or something more sinister. Owing to the legacy infrastructure, rapid patches, or constant monitoring is not always feasible, therefore, it is in the best interests to keep such systems as segregated as possible to minimise the risk of external actors being able to access.”
And Tim Erlin, VP at Tripwire, said: “One of the most difficult concepts for people outside of cybersecurity to understand is that deployed systems can become vulnerable even if they were securely deployed and you’ve made zero changes to them. The threat environment evolves regardless of how you manage your environment. The reality of the evolving threat environment is that change is required to maintain security, and this can be a difficult concept for organizations built around protecting themselves from change.
“Military nuclear facilities should ensure they’re performing regular threat assessments that include the potential for cyberattacks. Defense is a continuous process, not a point in time configuration. This report is another piece of evidence that these concerns are real, and it follows years of very real activity in the energy sector and a documented rise in nation-state attackers.”