A former UK defense secretary has warned that the country’s Trident nuclear deterrent may be rendered useless if the prime minister can’t make assurances that it will be fully protected from cyber attacks.
Des Browne, who served under the last Labour government between 2006-08, told The Guardian that an “end-to-end” assessment of the online threat to the system was essential.
He apparently cited a US defense department report from 2013 which warned that the US and its allies “cannot be confident” that their cyber defenses could withstand a sophisticated attack.
“The government ... have an obligation to assure parliament that all of the systems of the nuclear deterrent have been assessed end-to-end against cyber attacks to understand possible weak spots and that those weak spots are protected against a high-tier cyber threat,” Browne told the paper.
“If they are unable to do that then there is no guarantee that we will have a reliable deterrent or the prime minister will be able to use this system when he needs to reach for it.”
The former defense secretary was speaking as prime minister Cameron confirmed Trident’s successor would be given the thumbs up by this government following a parliament vote.
However, Browne has a vested interest in declaring opposition, as vice-chair of disarmament lobby group the Nuclear Threat Initiative.
F-Secure security adviser, Sean Sullivan, argued that any nuclear system would have to be air-gapped—cut off from the internet and therefore immune to most cyber attacks.
“Given that the report was apparently written to preempt those who brought up the question of including internet tech on US submarines, I’m confident in the analysis that US subs won’t be connecting to the internet anytime soon—thus, they should be secure against cyber-intrusions,” he told Infosecurity.
“I can’t imagine the UK would do it differently.”
However, it is still worth considering if key defense systems are vulnerable to sabotage, he added.
“Stuxnet was a good example of code jumping over air-gaps in order to cause interference. An intrusion might not be capable of performing a timely attack—but there remain possibilities to affect confidence in Trident systems by causing mysterious ‘maintenance issues’.” Sullivan argued.
“I think we’re a long way off from that though.”
FireEye systems engineer, Jens Monrad, agreed the nuclear systems would normally be air-gapped and not dependent on internet connected infrastructure, making cyber attacks less likely than “direct sabotage or physical attacks.”
“Proving something is 100% secure or protected, can be very complicated, but I assume that extra analysis has been conducted into monitoring, isolating these sensitive networks from the public, as well as ensuring people having access to these systems have undergone a strict and thorough background check, as well as continuous background checks,” he told Infosecurity.
Photo © Everett Historical