A cyber attack could cause Britain or another nuclear-armed state to launch a strike by mistake, according to an international affairs think tank.
A report from Chatham House has identified digital vulnerabilities within nuclear weapons systems, such as the risk of data being compromised or false information being delivered to decision-makers.
‘Nuclear weapons systems were developed before the advancement of computer technology and little consideration was given to potential cyber vulnerabilities. As a result, current nuclear strategy often overlooks the widespread use of digital technology in nuclear systems,’ the authors of the study said.
The report, Cybersecurity of Nuclear Weapons Systems: Threats, Vulnerabilities and Consequences, was written by Beyza Unal, who previously worked on strategic analysis at Nato, and Patricia Lewis.
‘There are a number of vulnerabilities and pathways through which a malicious actor may infiltrate a nuclear weapons system without a state’s knowledge,’ the authors say.
‘Human error, systems failures, design vulnerabilities and susceptibilities within the supply chain all represent common security issues in nuclear weapons systems.’
Digital components are subject to intrusion
Potential weaknesses include rudimentary components, the report said, citing the example of Britain’s newest aircraft carrier, which was reportedly using a customised version of discontinued Windows XP in its control room during trials.
‘Most countries acquire computer chips from the global marketplace rather than from national defence units and laboratories,’ warn the authors.
Digital components, material and software can quickly become obsolete and, without proper updates and patching, ‘they are subject to intrusion.’
Involvement of private sector brings dilemma
The authors highlighted tensions arising between the demands of a private sector that needs to keep up with advances in technology and the risks they bring with them.
‘Many aspects of nuclear weapons development and systems management are privatised in the US and in the UK, potentially introducing a number of private sector supply chain vulnerabilities.’
They write: ‘Presently, this is a relatively ungoverned space and these vulnerabilities could serve to undermine the overall integrity of national nuclear weapons systems. For example, the backdoors in software that companies often maintain to fix bugs and patch systems are targets for cyber attacks once they are discovered and become known.’
Sign-up to our weekly cybersecurity news digest
Want to read more stories like this? Our weekly news digest helps to keep you up-to-date with cybersecurity news stories relevant to the legal sector.
Sign-up to our email list