The world's nuclear weapons may be more vulnerable to cyber attacks than previously thought and could result in an accidental missile launch according to a study released by Chatham House, the Royal Institute of International Affairs. The study says that today's nuclear systems were developed in the pre-digital age and that little consideration was given to their vulnerability to malicious hacking and other cyber attacks.
Nuclear weapons are so central to modern geopolitics and military strategy that we often forget that the weapons and the systems used by the five major powers to handle them were developed at a time when computers were primitive monsters that filled whole floors and had less memory than a modern watch. It was a time when electronic warfare involved little more than radio jamming or creating false radar images and computer viruses were unheard of.
During the height of the Cold War, the nuclear arsenals of East and West were equipped with various safeguards. The Americans used elaborate electromechanical locking mechanisms to disarm bombs, while the British relied on simple keys carried by military officers chosen for their absolute loyalty and reliability. Meanwhile, the Soviets preferred to use a system that is still shrouded in mystery, but seemed to depend heavily on automated systems with as little of the human element as possible.
Unfortunately, over the next three generations, the introduction of sophisticated digital technology into the nuclear weapon systems' command, control, and communications facilities also introduced a surprising number of vulnerabilities.
According to the Chatham House study, these vulnerabilities can range from simple human error to an all-out cyberattack by a major hostile power. Indeed, such attacks have taken place on several occasions, both against and by Western and non-Western nations. In addition, attacks can come from terrorist groups, organized crime, private espionage agents, and even malicious or mischievous individuals.
Part of the problem is that cyberattacks today go far beyond online data manipulation, digital jamming, and cyber spoofing. It's also possible to attack systems even if they're protected by "air gaps" – that is, not being connected either physically or wirelessly to any other computer. The study sites the Stuxnet virus, which crippled the Iranian nuclear weapon program when it was introduced through a thumb drive, and reports that the Americans were able to ruin North Korean missile tests through infiltration. Israeli scientists were even able to access data from an unconnected computer through the sound its cooling fan made.
Some of these vulnerabilities are obvious, with examples like the landlines and internet connections to missile bases or the increasing use of data links to warplanes. But even systems previously thought invulnerable to attacks are now at risk.
The major example cited by the study is the case of nuclear ballistic missile submarines. Previously, these were thought to be immune to cyberattacks because they spend all their time underwater with only a minimum of radio contact at irregular intervals. However, the study points out that submarines are very vulnerable when in port or if an attack is mounted through components, including microprocessors or memory chips, installed in various systems.
The result of all of this goes beyond the dramatic scenarios of missiles not launching when the button is pressed or a nuclear submarine being remotely hijacked by an improbable Bond villain hell-bent on holding the world to ransom. The study says that the more likely and more far-reaching result will be to erode confidence in nuclear weapon systems.
The primary function of any nuclear weapon is to act as a deterrent to prevent nuclear or all-out conventional attacks by an enemy. In order to perform this function, the weapon system must be 100 percent reliable. If a strong element of doubt is introduced, then that deterrent loses its efficaciousness.
The study points out that in peacetime planners may be faced with uncertainty about whether a cyberattack has taken place, which means that they may not know if a system is reliable. Worse, they may not know whether the information they are receiving, from targeting coordinates to orders to fire, are reliable. In times of crisis, cyberattacks could lead to increased tensions and even inadvertent launches based on faulty data.
The study proposes a number of solutions. These include more universal and vigorous anti-cyberwarfare training, a holistic program including electronics manufacturers and development laboratories to ensure they haven't been compromised, and an ongoing analysis of threats, vulnerabilities, and consequences.
One possible tool is using artificial intelligence to create an active defense that can seek out and counter attacks on its own, but the authors point out that AI is a two-edged sword that can make things worse if it is corrupted and starts giving out false information. In addition, the study emphasizes that the problem of cyberwarfare affects all nuclear weapon states and that their governments must be made aware of the problem.
Source: Chatham House (PDF) via the Telegraph