lolloj - Fotolia
The likelihood of attempted cyber attacks on nuclear weapons systems is relatively high, according to a research report published by Chatham House.
This threat is increasing from advanced persistent threats from states and non-state groups, the think-tank’s report warns, noting that the reliance on digital technologies in modern weapons systems – particularly nuclear – has led to growing concerns that cyber attacks may pose additional risks at a time of escalating conflict.
“At times of heightened tension, cyber attacks on nuclear weapons systems could cause an escalation, which results in their use,” the report said. “Inadvertent nuclear launches could stem from an unwitting reliance on false information and data. Moreover, a system that is compromised cannot be trusted in decision-making.”
As an example of what is possible, the research paper cited a Washington Post report published in March 2017 that said the US had infiltrated parts of North Korea’s missile systems and caused test failures.
“Recent cases of cyber attacks indicate that nuclear weapons systems could also be subject to interference, hacking and sabotage through the use of malware or viruses, which could infect digital components of a system at any time,” the research paper said.
There are a number of vulnerabilities and pathways through which a malicious actor may infiltrate a nuclear weapons system without a state’s knowledge, the report said. “Human error, system failures, design vulnerabilities and susceptibilities within the supply chain all represent common security issues in nuclear weapons systems,” it added.
Some of the known methods that would affect the decision-making process for launching a nuclear weapon include data manipulation, cyber jamming communication channels or cyber spoofing, according to the authors of the report, international security researchers Beyza Unal and Patricia Lewis.
In particular, they said, successful cyber spoofing could hijack decision-making – with potentially devastating consequences.
However, the researchers said cyber risks in nuclear weapons systems have so far received scant attention from the nuclear weapons policy community.
“The potential impacts of a cyber attack on nuclear weapons systems are enormous,” they said, because data hacks can reveal sensitive information on facilities’ layouts, personnel details, and design and operational information.
Read more about cyber-nuclear risks
Cyber interference could also destroy industrial control systems within delivery platforms, such as submarines, causing them to malfunction, while clandestine attacks could be conducted on targeting information or operational commands, which may not be discovered until the point of launch.
“These risks raise significant doubts as to the reliability and integrity of nuclear weapons systems in a time of crisis, regarding the ability to: launch a weapon; prevent an inadvertent launch; maintain command and control of all military systems; transmit information and other communications; and the maintenance and reliability of such systems,” the report said.
The researchers said the digitisation of systems and the use of emerging technologies increase nuclear weapons systems’ vulnerabilities to cyber attacks.
While the researchers do not claim that emerging technologies are the primary risk to consider in the nuclear field, they argue that although key risk areas have existed for a long time, new technology has exacerbated these risks.
“With each new digital component embedded in the nuclear weapons enterprise, new threat vectors may emerge,” the report said. “Solutions to these risks, therefore, should go beyond applying cyber security policies because, in this context, cyber risk reduction is actually about nuclear risk reduction.”
According to the researchers, possible cyber resilience measures include taking a holistic approach in creating trustworthy systems based on rigorous risk assessments. “These should incorporate an analysis of a combination of threats, vulnerabilities and consequences,” they said.
The report noted that it is the responsibility of nuclear weapons states to incorporate cyber risk reduction measures in nuclear command, control and communication systems.
“Although some information is publicly available on US weapons systems, there is very little information regarding other nuclear weapons states,” the report said. “Academia and civil society should be encouraged to bring this issue to the attention of their government.”