Chatham House issues stark warning on nuclear arsenals’ cyber vulnerabilities
Image credit: An image of one of the first nuclear weapons tests conducted by the United States at Bikini Atoll at the start of the Cold War (Creative Commons)
Think tank warns nations could inadvertently launch atomic bombs and detonate warheads after being ‘spoofed’ by cyber attackers into thinking they themselves are under attack.
A leading international relations think tank today warned nuclear-armed countries could be duped into firing atomic missiles by cyber attackers – even if their computer systems were effectively isolated from the internet.
Dr Beyza Unal and Dr Patricia Lewis from Chatham House suggested military chiefs had allowed themselves to be lulled into a false sense of security about the extent to which their weapons systems could be shielded from malware by being cut off from the web.
Their report, published today, assesses the likelihood of a cyberstrike on a nuclear weapons system as being “relatively high”. They say “urgent attention” must be paid to identifying potential vulnerabilities in Britain’s Trident weapons infrastructure as well as analogous systems underpinning the arsenals of allies such as France and America.
Hostile countries like North Korea should also be assessed for weaknesses and special cyber hotlines between potential belligerents – similar to communication channels that existed during the Cold War – should be established.
The duo of researchers cited the Stuxnet attack on Iranian nuclear centrifuges – via IT equipment that had been “air-gapped” or cordoned off from the web – as an example of what was possible.
They said an insider attack could be launched by inserting a simple thumb drive into an otherwise quarantined computer, as happened in the Stuxnet case.
Organisational processes such as subcontracting and lengthy procurement regimes could heighten the risk of insider malfeasance and cyber weakness, they warned, adding: “In this equation, people are both the strongest and the weakest link, particularly with the high volume of personnel at defence companies.”
Artificial intelligence (AI) technology, which is sometimes seen as a panacea in eliminating human error, could in fact exacerbate problems because it was predicated on the assumption that future events could be predicted based on data about past experiences.
Hostile state actors could exploit that by crafting an attack specifically designed to trick AI-enabled systems into thinking it was harmless.
Better verification of information through cooperation between allied nations and “diversified intelligence sources” could guard against the risk of the UK launching a Trident missile by mistake after being duped by terrorists or a hostile state into thinking a nuclear attack on Britain itself was imminent.
They said Russia had been working on a new spoofing device that could imitate jets, rockets or a missile attack and thereby fool defence systems.
This type of cyber spoofing was judged to be a particular threat, but other types of trickery involving viruses designed to infect and disable specific parts of computer systems were also highlighted in the report.
The threat to nuclear weapons from cyber attacks is nothing new. The US is reported to have successfully infiltrated parts of North Korea’s missile systems and caused test failures in the past. Additionally, German-owned Patriot missiles in Turkey were reported to have been hacked in 2015.
Unal and Lewis said hackers and organised crime groups had joined forces in Moldova and Georgia to collaborate in the illicit trafficking of radioactive and nuclear materials.
They added that individuals affiliated with so-called Islamic State had monitored the movements of a nuclear scientist in Belgium, for reasons as yet unknown.
According to a Stockholm International Peace Research Institute report from 2014, nine countries have nuclear forces: the United States, Russia, UK, France, China, India, Pakistan, Israel and North Korea.