The Trident nuclear weapons system, often trumpeted by politicians as the very foundation of the UK’s ability to protect itself from potential enemies, could be rendered useless by a cyber attack a former defence secretary has warned – and worryingly, security experts agree.
Prime Minister David Cameron told the House of Commons that the Trident nuclear weapons programme “our ultimate insurance policy as a nation,” but there are those who are far less certain.
Des Browne, who served as Labour’s defence sectary between 2006 and 2008, recently expressed concern that such a technologically advanced weapons system which relies so heavily on computer systems could be compromised by hackers.
“The government has an obligation to assure parliament that all of the systems of the nuclear deterrent have been assessed end-to-end against cyber attacks to understand possible weak spots and that those weak spots are protected against a high-tier cyber threat,” Browne, who is now vice-chair of Nuclear Threat Initiative, a nuclear weapons disarmament group, told The Guardian.
“If they are unable to do that then there is no guarantee that we will have a reliable deterrent or the prime minister will be able to use this system when he needs to reach for it,” he added.
Browne referenced a 2013 report by the United States Department of Defense’s Defence Science Board, which warned that neither the US, nor it’s allies, could be confident that cyber security systems protecting nuclear weapons could protect against an “attack from a sophisticated and well-resourced opponent utilising cyber-capabilities in combination with all of their military and intelligence capabilities”.
So, could the security of Trident or another nuclear missle system be compromised by hackers?
Adrian Crawley, regional director for northern Europe at cyber security providers Radware, told Computing there’s no reason why cyber criminals, terrorists are any other rogue player couldn’t compromise systems.
“I’m afraid the reality is that any defence facility, or national public or private infrastructure service, could be hacked,” he said, and warned that “cyber attacks are advancing all the time”.
And as more and more computer systems become reliant on connected devices and the Internet of Things, Crawley argued that cyber security must be stepped up in order to prevent attacks against critical infrastructure.
“As automation becomes a normal part of how we live our lives, so we must ensure that every point in a corporate or public network is continuously assessed for weakness,” he said.
“Meticulous scanning for risk needs to include people and process too as it only takes one person with knowledge to cause damage,” Crawley added.
Dr Kevin Curran, senior member of Institute of Electrical and Electronics Engineers (IEEE) and security lecturer at Ulster University, told Computing that security must go one step further. “Trident must ban devices capable of intercepting wireless”, he said.
Curran explained that the government can never be complacent when it comes to the cyber security of Trident or other weaponised infrastructure, because “with global terrorism we can expect to see increasingly clever methods and tools to attack systems”.
And Dr Siraj Ahmed Shaikh, reader in cyber security at Coventry University’s Centre for Mobility and Transport, echoed those concerns about an increased risk to infrastructure.
“More and more nations and non-state actors around the world are gaining cyber weaponry, skills and have motive to target the UK, due to various geopolitical reasons. This means that the cyber-related risk is ever higher,” he told Computing.
Chancellor George Osborne recently pledged to boost UK cyber security spending by £1.9m a year, but Browne has voiced concern that the figure “comes nowhere near the scale of the cyber-threat challenge.”
“This is the environment to which Moore’s law applies. Consequently, we can expect cyber-capacity to have doubled and doubled again since the report was published and to continue to increase,” he added.
However, Adrian Crawley argued that with enough investment, full protection is indeed possible – but will require a lot of funding and collaboration.
“While the sums seem very high for Trident, they are probably realistic. They reflect the effort that’s required, which includes a focused local scheme integrated with international collaboration both in terms of intelligence gathering, and the physical technology that’s required for intervention and prevention,” he said.
Dr Shaikh agreed that plentiful resouces are required to protect systems like Trident the defence sector and government must ensure that the funds and skillsets are readily available.
“There is an increasing momentum in the UK to focus on systems security,” he explained.
“This is an opportunity for the UK defence to tap into this rich resource to protect important assets like Trident,” Dr Shaikh continued.
“But this does mean that the UK does need to invest in the systems security area to ensure a steady supply of skills, technology and policy benefits for this purpose,” he concluded.