Hacking Nuclear Submarines

If you thought your PC being hacked with ransomware, a data breach at your bank, nearby electric power stations brought offline, or hospital emergency room equipment being manipulated was the worst that could happen, then you were wrong.  There are bigger fish in the sea for professional nation state offensive cyber operators to target and it bring a whole new meaning to anxiety.    

A new report published by the British American Security Information Council (BASIC) revealed the possibility that nuclear submarines from the United Kingdom could possibly be susceptible to cyber attacks. The Hacking UK Trident: A Growing Threat report outlined the increasing risks to UK’s Vangard class submarines that are armed with Trident II nuclear ballistic missiles.    

Well, this is just disturbing.  

While some of us worry that our home router, IP camera, and kitchen toaster might get hacked, there are other more serious devices at the other end of the spectrum which should also garner our attention. Weapons of mass destruction are also at risk.   

A successful cyber-attack, as stated by the report, could undermine the assets, lead to a grave loss of life, or even perhaps “the catastrophic exchange of nuclear warheads”.  This does not bode well for anyone. I cannot image any situation where the outcome is minor or acceptable. The report outlines a few scenarios, including attacks which facilitate the ability to steal a submarine, infiltrating the command-and-control for a denial-of-service attack, redirection or manipulation of its mission, and in the worst case, potentially disrupting guidance of the Trident nuclear missiles.  

Not for Amateurs  

Attacks against powerful nation-state assets is not trivial or taken lightly. It would likely be a multi-year comprehensive and professional campaign. Missteps at this level could result in unthinkable backlash. The report outlines a number of growing vulnerabilities which could be targeted during construction and operation. One area of grave concern is the potential of systems to be infected with malware. Faith in traditional ‘air-gapped security’ is giving way as techniques are finding ways to bridge those gaps in our highly connected world.   

The UK Vangard class has been in service since 1993 with an intended service life into the 2030’s.  These submarines are crewed by 132 sailors, is almost 500 feet in length, and weighs a massive 15,900 tons. They carry Spearfish anti-ship torpedoes and up to 16 Trident II D5 Submarine Launched Ballistic Missiles. Each Trident missile carries multiple independently targeted nuclear warheads. Simply put, it is war in a can.    

Securing our Connected World 

Defense agencies from governments around the globe have the responsibility to deploy modern effective weapon systems, but they also must protect those systems from being compromised. The consequences for a lack of diligence could prove catastrophic.   

The motto moving forward should be "anything connected, is at risk". Given that, our position as stewards if cybersecurity must always be to establish and maintain equitable security controls in alignment with the value of what we protect. Many veterans are aligned, but we need everyone to form a common front and for all of us to understand the entire spectrum of our connected and potentially vulnerable world, from watches to warheads.     

Photo Credits: https://commons.wikimedia.org/wiki/File:Trident_boat.jpg and https://commons.wikimedia.org/wiki/File:HMS_Vanguard_April_1994.jpg    

Interested in more? Follow me on LinkedIn, Twitter (@Matt_Rosenquist), Information Security Strategy, and Steemit to hear insights and what is going on in cybersecurity.