Sign up to our newsletter
It’s a tough enough job protecting your home computer, or your business network, against the rising threat of malware and determined hackers… imagine if you were responsible for the security of Britain’s nuclear deterrent?
As The Telegraph reports, “legitimate concern” has been raised that the computer systems responsible for the Trident nuclear missile system could be at risk of attack from terrorists or hackers sponsored by foreign nations.
A report released in January 2013 by the US Department of Defense warned that the United States and its allies “cannot be confident” that systems would be able to survive “an attack from a sophisticated and well-resourced opponent utilising cyber-capabilities in combination with all of their military and intelligence capabilities.”
The concern is that the military and its contractors are high priority targets for attackers. And although Trident nuclear missiles are separated from the rest of the online world via an “air gap”, that doesn’t mean that there no opportunities for infection. For instance, when submarines carrying nuclear warheads come into port for maintenance or the upgrading of systems.
All it would take is one malware-infected USB drive or a contractor determined to sabotage systems.
And then, another consideration, what use is a working nuclear defence hiding under the waves somewhere in the Atlantic if a breakdown in systems makes it impossible for a British Prime Minister to send orders to launch? Or what threat could be posed by hackers stealing information about the nuclear deterrent – such as design documents and operational plans?
As Bloomberg reports, it is these concerns which have resulted in plans to award a contract to BAE Systems, who will be tasked to boost the security of the software running the US and UK Trident missle systems.
It is good that Trident nuclear missiles are standalone systems. It is good that they are air-gapped. It is good that they are not connected to the internet.
But, as any business should be aware, the internet is not the only route through which attacks can enter your organisation.
Anyone who is serious about building resilient security – which surely includes those responsible for national security – need to consider not just the mainstream risks, but the other avenues through which a determined hacker or nation state might attempt to compromise their systems.
After all, the security team at the Natanz nuclear complex in Iran probably never realised the harm that could be done to its centrifuges until it was too late…
Picture credits: (c) flickr/defenceimages
Author Graham Cluley, We Live Security