Expert warns over threat of cyber attacks on nuclear weapons
It will never be possible to say UK nuclear weapons are entirely safe from cyber attack or cannot be compromised or undermined, an expert has told an international security think tank.
There is evidence hackers have attempted to compromise radio communications used to send launch approval messages, according to the paper for the European Leadership Network (ELN).
The think tank's advisory board includes former Labour defence secretary Des Browne, former Conservative foreign and defence secretary Sir Malcolm Rifkind, former Liberal Democrat leader Menzies Campbell and former Lib Dem leader in the Lords Shirley Williams.
It also includes former senior ministers from a variety of European countries including Italy and Spain.
Last year, Mr Browne warned UK nuclear weapons could "be rendered obsolete by hackers" and called for risk assessment.
In an article for the ELN, Dr Andrew Futter, senior lecturer in international politics at the University of Leicester, said: "By far the biggest fear and worst-case scenario is that hackers somehow compromise or sabotage the submarine or the weapons it carries."
He said advances are being made to jump the "air gap" – the isolated nature of submarine systems underwater.
"UK submarines receive regular radio transmissions from ashore that could theoretically be attacked, such as weather updates needed for targeting and the regular FamilyGram," he said.
"This will almost certainly involve malware introduced during the procurement phase while the submarine/missiles/warheads are being built, or when the submarine is in port for maintenance, refurbishment and software updates.
"Given that the UK is likely on the cusp of building the next generation of nuclear-armed submarines, this challenge, and guarding against threats to the supply chain and overall maintenance, is particularly relevant now.
"There is evidence that hackers have attempted to compromise the extremely low frequency radio communications used to send launch approval messages to US nuclear-armed submarines in the past.
"It must be assumed that the same is true for the communications hub for British SSBN's based at Northwood in the Chiltern Hills.
"It will never be possible to say that the UK nuclear deterrent is entirely safe from cyber attack or that it cannot be compromised or undermined in some other way in the future.
"The potential for an adversary of the UK to discover the patrol area of British submarines or the specifics of the boat, missile or warhead through cyberespionage, the possibility of interfering with key systems in the procurement or maintenance phase, or the prospect of lacing targeting or fire-control software with malware, combined with better ASW and BMD capabilities, is clearly a serious issue.
"However, while these challenges are undoubtedly significant, and a comprehensive assessment right across the UK nuclear weapons enterprise is clearly a must, cyber threats do not necessarily mean that the programme should be scrapped.
"Rigorous testing, security practices, and professionalism should help mitigate the worse-case cyber scenarios described above while many of the other challenges will simply have to be managed as we move into a more complex future nuclear deterrent environment."