No, hackers can’t ‘take control of Trident’

A recent report has suggested that Trident carrying submarines could be hacked, leading to a nuclear war. However, the report fails to give much detail and appears to gloss over key details.

The report was produced by the British American Security Information Council (BASIC), a think tank based in London which aims to promote nuclear disarmament. Their paper reviews the ‘growing potential for cyber-attack’ on the UK’s operational fleet of Vanguard class submarines armed with Trident II D-5 ballistic missiles.

The paper warns that “A successful attack could neutralise operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads”. However, this would appear to be based on the fact that the submarines use ‘SMCS NG’ which they argue is similar to Windows XP.

The ‘Submarine Command System New Generation’, was created for the Vanguard class submarines as a tactical information system and a weapon control system and is often nicknamed ‘Windows for Submarines’. It does however not control Trident.

They also make claims that malicious software could be uploaded while the vessel is in port for maintenance:

“Every electronic system inevitably has a means for new code to be introduced, be it by USB memory stick or some more sophisticated method, particularly at more vulnerable times.”

The report however does not go into detail regarding how this would be done, nor does it discuss any of the countermeasures in place to prevent this from happening.

The report also claims that being ‘air gapped’ doesn’t make an impact on their security:

“Submarines on patrol are clearly air gapped, not being connected to the internet or other networks, except when receiving (very simple) data from outside. As a consequence, it has sometimes been claimed by officials that Trident is safe from hacking. But this is patently false, and complacent.”

When deployed and when it port, the computers on a submarine function as a standalone system. They are air-gapped, that means that they’re not connected to an external network or the internet, there is a physical gap between them and any external network.

Sean Sullivan, a security adviser at F-secure, told Infosecurity magazine in 2015 that while some hackers have been able to “jump” air-gaps, this would cause “interference” at most. It should be noted that attacking a submarine far out at sea in this way is not really feasible at all.

Some have also claimed that the Vanguard class submarines which carry Trident are vulnerable to cyber-attacks in the same way the recently hit NHS is, that is not the case.

Critics again point to the Royal Navy’s decision to install a heavily adapted operating system, based off the same framework as Windows XP, as the operating system on its missile-carrying Vanguard class submarines. While some versions of Windows have long been criticised for unreliability, the variant installed on the submarine fleet is about as robust and reliable as they come, having no real practical similarity with Windows XP.

So reliable is the system that the operating system and its variants are widely used in commercial operations including manufacturing plants, labs and commercial ships. The Royal Navy has already installed similar systems in other ships and submarines.

Some have taken to using the recent attacks on the NHS as part of a campaign against Trident, albeit they’ve used the wrong information. While we have no position on renewing Trident, we do have a very strong position on facts being important.

Do you know where else Windows XP is used? #CyberAttack pic.twitter.com/Ve2trUYbZM

— CND (@CNDuk) May 13, 2017

Even claims that because the operating system is based on an older Windows product means that it would not be supported are incorrect. The UK government negotiated a Custom Support Agreement in April 2014 so the departments and agencies could using it or software based on it without worrying about criticial patches being written.

The worry over security, in our view, isn’t really something to be concerned about. The biggest threat is experienced when submarines are in port to receive software updates as unpatched vulnerabilities in the operating system could in theory be used by attackers to break into their systems if they were connected to the internet.

However, they’re not connected to the internet and are in no way vulnerable to the type of attacks that crippled the NHS, as we reported here.

The Ministry of Defence claim it isn’t worried that hackers could exploit any potential vulnerabilities found in the system and in a statement, explain they pay particular attention to keeping submarines protected against this kind of threats.

“Submarines operate in isolation by design, and this contributes to their cyber resilience. We take our responsibility to maintain a credible nuclear deterrent extremely seriously and continually assess the capability of our submarines to ensure their operational effectiveness, including against threats from cyber and unmanned vehicles.”

Peter Roberts, a former Royal Navy officer now at Royal United Services Institute, told the Guardian that British technicians are well aware of the potential software vulnerabilities and have instituted special safeguards.

“None of this anti-submarine technology has been perfected and what you are not able to do with drones is get them to work together, because of the problems of communications underwater.

I can’t see a breakthrough in the next 15 years, and you are never going to see the whole ocean. We are talking about a water space that covers two-thirds of the world’s surface. This is not a needle in haystack. It’s way beyond that.”

It is understood that the Trident missile system itself has also been given increased protection from cyber-security threats.

The Ministry of Defence is planning to spend nearly £2 billion on cyber security over the coming five years, including a scheme to improve the safety of Britain’s nuclear deterrent in partnership with the US Navy. The US military is reported to be poised to award a contract to British defence contractor BAE Systems to develop Trident’s cyber-security protection.

In statements made by Ministry of Defence officials to The Telegraph, both countries have scheduled upgrades to Trident missile software in order to fend off the threat of cyber-attacks. Since Trident missiles aren’t connected to the Internet, the security features planned are likely aimed at making it harder for attackers to leverage techniques used in targeting air-gapped systems.

John Daniels, a spokesman for the US Navy’s Strategic Systems Programme, told the media:

“Now that cyber has become even more important in our national security, there will be even more requirements. In our modern era, cyber-security threats are a legitimate concern.”

US and UK officials have announced future upgrades to their Trident missiles program, and more specifically, to the missile’s software, in order to prevent cyber-attacks.

A Ministry of Defence spokesman said:

“The deterrent remains safe and secure.We take our responsibility to maintain a credible nuclear deterrent extremely seriously and continually assess the security of the whole deterrent programme and its operational effectiveness, including against threats from cyber.”

Currently, the US and UK are using the same type of submarine-launched missiles with their fleets, which is the Trident Class II D5 model. Britain has 58 of these missiles, deployable on four submarines.

All of the UK’s missiles regularly undergo scheduled maintenance work, during which they also receive upgrades. This work is done by BAE Systems, the company contracted by both the US and the UK for this job. BAE company declined to comment on the work.

The UK deterrent is completely operationally independent and UK does not need permission of the US (or anyone else) to launch its Trident missiles.