Not long ago, news emerged that the US may have the power to use cyberattacks to negatively affect North Korean missiles tests. Now it has been revealed that the UK’s nuclear submarines could suffer a similar fate and could be disabled during times of war – or worse.
The revelation has come courtesy of a 38-page report called Hacking UK Trident: A Growing Threat. The report has been published by a London think tank called the British American Security Information Council (BASIC). Authors of the paper include Paul Ingram, Basic’s executive director and Stanislav Abaimov, a cybersecurity researcher and electronic engineering who is a graduate of the Moscow State Institute of Electronics and Mathematics.
In the document, BASIC heavily criticizes the UK Ministry of Defence’s claims that the submarines are safe from hacking when at sea because they are not attached to the Internet,
“Submarines on patrol are clearly air-gapped, not being connected to the internet or other networks, except when receiving (very simple) data from outside. As a consequence, it has sometimes been claimed by officials that Trident is safe from hacking. But this is patently false and complacent.”
In fact, according to the report a successful cyberattack on one of the UK’s nuclear subs could “neutralise operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads (directly or indirectly)”.
Not Always at Sea
In addition, the report draws attention to the fact that even if the submarines were safe when at sea, the reality remains that the submarines still spend periods of time in the docks. The report points out that it is during those times that malware could theoretically be introduced onto a submarine’s operating system. From the report:
“Trident’s sensitive cyber systems are not connected to the internet or any other civilian network. Nevertheless, the vessel, missiles, warheads and all the various support systems rely on networked computers, devices and software, and each of these have to be designed and programmed. All of them incorporate unique data and must be regularly upgraded, reconfigured and patched.”
This is hugely concerning because the UK has four Trident nuclear submarines, which aren’t due to be replaced until the early 2030s. In addition, it is highly worrying that nowadays it is becoming very difficult to confidently attribute cyberattacks.
Who’s to Blame?
Recently, for example, Wikileaks’ Vault 7 revealed that the US’ CIA has the capabilities to make attacks appear to have come from elsewhere. In an era when dictatorships like those of Kim Jong Un spend vast amounts of money on cyber warfare it is becoming clear that the biggest threat to civilians living in the West may come from attacks on vital infrastructure – and now perhaps even their own weapons.
Using proxies and other obfuscation methods to conceal their true identity and location is just one method employed by cybercriminals. However, North Korean hackers are also known to travel overseas – stationing themselves not only in China – but further afield in Russia, and Europe.
What’s more, in the past couple of years exploits belonging to criminal hacking gangs – stolen from firms like Hacking Team, and taken from intelligence agencies like the NSA – have all appeared online.
With these elite hacking tools now being leaked to the internet on a regular basis, one can’t help wondering what the future might have in store. How hard it would be, for example, for a North Korean hacker with a Russian keyboard (well educated in the Russian language) to use hacking tools and methods that imitate those of a well known Russian hackers?
Would it be possible to mount a catastrophic attack of this magnitude that successfully frames another nation? And what would be the circumstances?
Vital Infrastructure at Risk
It is not only nuclear submarines that could be turned into a devastating attack either. Only last month, Donald Trump signed an executive order that prioritized the strengthening not only of Federal networks, but also of critical infrastructure. This demonstrates how seriously the US administration as taking the threat, and last year it was reported that hackers could theoretically blow up a nuclear power station.
In the UK, the recent WannaCry ransomware attack proved that cyberattacks can very seriously affect vital services. During the attack, many people were turned away from hospitals and medical centers due to the chaos. Others had to have planned surgery rescheduled.
Fortunately, it is not believed that anybody died as a direct result of the cyberattacks. However, the sad truth is that it seems inevitable that it will only be a matter of time before cyberattacks do cause a loss of life.
In Ukraine, last year a cyber attack caused a power station blackout that left many people without electricity. In the UK, it has been repeatedly reported that old and infirm people struggling to pay bills is a cause of death in the winter. They simply can’t survive the cold in their homes and the winter always brings with it a horrific rise in the amount of deaths.
The fact that the cold kills is unquestionable, and there can be no doubt that hacks causing blackouts like those ones experienced in Ukraine could result in death for the most vulnerable.
Clear and Present Danger
Those threats are very real, and are a huge concern. They are vastly eclipsed, however, by the notion that hackers could use our own nukes against us. Imagine the scenario: a British nuke has hit London – or worse the capital of an allied nation – and the Brits are responsible for the most atrocious loss of life the West has ever seen.
Despite the fact that hackers are responsible, how would citizens feel about the UK’s slack cybersecurity? Where would retaliation be aimed? Especially if it were hard to pinpoint the perpetrators identity? This scenario might seem highly unlikely, but Abiamov says that:
“There are numerous cyber vulnerabilities in the Trident system at each stage of operation, from design to decommissioning. An effective approach to reducing the risk would involve a massive and inevitably expensive operation to strengthen the resilience of subcontractors, maintenance systems, components design and even software updates. If the UK is to continue deploying nuclear weapon systems this is an essential and urgent task in the era of cyberwarfare.”
As such it would seem of dire importance to take heed and fix all possible holes in these critical systems before technology (like Artificial Intelligence, for example) starts being used by hackers to mount even more sophisticated cyberattacks.
Opinions are the writer’s own.
Title image credit: iurii/Shutterstock.com
Image credits:Ruslan Guzov/Shutterstock.com