Some have claimed that the Vanguard class submarines which carry Trident are vulnerable to cyber-attacks in the same way the recently hit NHS is, that is not the case.

Critics point to the Royal Navy’s decision to install a heavily adapted operating system, based off the same framework as Windows XP, as the operating system on its missile-carrying Vanguard class submarines. While some versions of Windows have long been criticised for unreliability, the variant installed on the submarine fleet is about as robust and reliable as they come, having no real similarity with Windows XP.

So reliable is the system that the operating system and its variants are widely used in commercial operations including manufacturing plants, labs and commercial ships. The Royal Navy has already installed similar systems in other ships and submarines. Some have taken to using the recent attacks on the NHS as part of a campaign against Trident, albeit they’ve used the wrong information.

While we have no position on renewing Trident, we do have a very strong position on facts being important.

The submarines use ‘SMCS NG’, the Submarine Command System New Generation, was created for the Vanguard class submarines as a tactical information system and a weapon control system and is often nicknamed ‘Windows for Submarines’. It does however not control Trident.

The programme undertaken by the Royal Navy and BAE Systems to equip the fleet with a Windows-based command system was completed in just 18 days.

The worry over security, in our view, isn’t really something to be concerned about. The biggest threat is experienced when submarines are in port to recieve software updates as unpatched vulnerabilities in the operating system could in theory be used by attackers to break into their systems if they were connected to the internet. However, they’re not connected to the internet and are in no way vulnerable to the type of attacks that crippled the NHS, as we reported here.

The Ministry of Defence claim it isn’t worried that hackers could exploit any potential vulnerabilities found in the system and in a statement, explain they pay particular attention to keeping submarines protected against this kind of threats.

“Submarines operate in isolation by design, and this contributes to their cyber resilience. We take our responsibility to maintain a credible nuclear deterrent extremely seriously and continually assess the capability of our submarines to ensure their operational effectiveness, including against threats from cyber and unmanned vehicles.”

Peter Roberts, a former Royal Navy officer now at Royal United Services Institute, told the Guardian that British technicians are well aware of the potential software vulnerabilities and have instituted special safeguards.

“None of this anti-submarine technology has been perfected and what you are not able to do with drones is get them to work together, because of the problems of communications underwater.

I can’t see a breakthrough in the next 15 years, and you are never going to see the whole ocean. We are talking about a water space that covers two-thirds of the world’s surface. This is not a needle in haystack. It’s way beyond that.”

It is understood that the Trident missile system itself has also been given increased protection from cyber-security threats.

The Ministry of Defence is planning to spend nearly £2 billion on cyber security over the coming five years, including a scheme to improve the safety of Britain’s nuclear deterrent in partnership with the US Navy. The US military is reported to be poised to award a contract to British defence contractor BAE Systems to develop Trident’s cyber-security protection.

In statements made by Ministry of Defence officials to The Telegraph, both countries have scheduled upgrades to Trident missile software in order to fend off the threat of cyber-attacks. Since Trident missiles aren’t connected to the Internet, the security features planned are likely aimed at making it harder for attackers to leverage techniques used in targeting air-gapped systems.

John Daniels, a spokesman for the US Navy’s Strategic Systems Programme, told the media:

“Now that cyber has become even more important in our national security, there will be even more requirements. In our modern era, cyber-security threats are a legitimate concern.”

US and UK officials have announced future upgrades to their Trident missiles program, and more specifically, to the missile’s software, in order to prevent cyber-attacks.

A Ministry of Defence spokesman said:

“The deterrent remains safe and secure.We take our responsibility to maintain a credible nuclear deterrent extremely seriously and continually assess the security of the whole deterrent programme and its operational effectiveness, including against threats from cyber.”

Currently, the US and UK are using the same type of submarine-launched missiles with their fleets, which is the Trident Class II D5 model. Britain has 58 of these missiles, deployable on four submarines.

All of the UK’s missiles regularly undergo scheduled maintenance work, during which they also receive upgrades. This work is done by BAE Systems, the company contracted by both the US and the UK for this job. BAE company declined to comment on the work.

The UK deterrent is completely operationally independent and UK does not need permission of the US (or anyone else) to launch its Trident missiles.

13 COMMENTS

    • Ron one could say that both those for and against a nuclear deterrent are simply following a belief system. There is no real imperical evidence for or against until we have one of the following documented:

      1) A significant element of the Human race ends in nuclear fire.
      2) The entire human race multilaterally breaks out in peace and harmony and renounces organised violence as a means to an end.
      3) A technological leap renders Nuclear weapons invalid

      Until then it’s all hopes, wishesand opinion.

      My belief is that just because we did not have them it would in no way stop someone using them against us. But the fear of our weapons may stop someone attacking us.

      But I may be wrong and get vaporised some day. Belief is like that…….

    • A few years back, CND not only had the Iranian ambassador as guest of honour at the annual AGM (He was allowed to talk on nuclear disarmament) they actually stated that Iran had a right to develop nuclear power

    • Indeed. Also Even if the subs used XP (which they obviously do not – although xp itself is not a bad OS) there is one other major factor in that Subs control systems are not connected to the internet….

      • If they ran on windows 10 OS they still wouldn’t be connected to the internet even if they were connected! Or only intermittently!!!

        • I don’t get it?

          I could understand it if there was an issue with windows 10 connecting to the internet… but there isn’t…

          • Operating systems don’t have much to do with the internet. The comparison made by CND is like saying that NHS computers have quad core processors which computers on Trident subs also have, so that is somehow a bad thing. They are unrelated. XP is actually still popular because it is so stable and is not demanding.

          • @Evan P

            I know. I am a software engineer. I was replying to the odd comment by Nigel Collins.

  1. If you read the various denials carefully and it is clear that actually it does run windows xp. What they always state is it runs the core of XP that has been modified. Anyone that knows anything about computers will understand what this means, which is effectively windows xp with a overlay. It’s like saying Android is not linux, and yet it is.

    Generally it is the programs that run on top of the core that cause the vulnerabilities and not the core itself.

    What we do not know is how far these modifications go, it could be anything from a simple skin (graphical overlay) for a more heavy rewrite.

    Does running windows xp core make it any more vulnerable than any other UI, i would argue the reverse, since being mass used, vulnerabilities are discovered (this is the key part) and fixed on a regular basis, which might not be the case with a more niche UI.

    • Windows XP is not a core. XP runs on an NT System. NT is the core XP is the rest of the system built around it. NT is also the Core for windows server and various other high availability and high resilience systems. NT is also the core for Windows 10. NT systems are used in many high profile companies for many tasks from web servers to production control systems.

      As with your Linux example. Android runs on a linux kernal Just like Ubuntu runs on a linux kernal. However they are different operating systems with different purposes (ubuntu for instance does not have intents etc that android has neither does it have the process management that Android has). Windows XP runs on the NT kernal (along with some other microkernals) just like Windows server runs on the NT kernal.

  2. Wow. I just read this. That CND tweet is shocking. It’s so wrong as to be pretty much an outright lie. It’s so sad to see such hideous misinformation spread to people who, through no fault of their own, don’t know enough about computers to understand what total and utter nonsense it is.

LEAVE A REPLY

Please enter your comment!
Please enter your name here