Nuclear weapons systems are increasingly at threat from cyber attacks that could sabotage controls and even lead to inadvertent launches, a think tank paper warns.
The likelihood of attempted hacking attacks is “relatively high and increasing”, but has received “scant attention”.
The paper from Chatham House, the Royal Institute of International Affairs, says: “The potential impacts of a cyber attack on nuclear weapons systems are enormous.”
Nuclear weapons systems were first developed when computers were in their infancy and little consideration was given to cyber vulnerabilities, the authors warn.
There are “a number of vulnerabilities and pathways through which a malicious actor may infiltrate a nuclear weapons system without a state’s knowledge”.
Widespread reliance on digital systems in the military means communications between commanders, positioning data, and the supply and logistics chain could all be vulnerable.
The authors, Dr Beyza Unal and Dr Patricia Lewis, warn attackers could manipulate, jam, or “spoof” data, leaving commanders unable to trust their systems and undermining confidence in the nuclear deterrent.
“During peacetime, offensive cyber activities would create a dilemma for a state as it may not know whether its systems have been the subject of a cyber attack.
“This unknown could have implications for military decision-making, particularly for decisions affecting nuclear weapons deterrence policies.
“At times of heightened tension, cyber attacks on nuclear weapons systems could cause an escalation, which results in their use. Inadvertent nuclear launches could stem from an unwitting reliance on false information and data. Moreover, a system that is compromised cannot be trusted in decision-making.”
As well as threats from hostile states, there is also risk from highly skilled criminal gangs, acting on their own, or selling their cyber abilities to terrorists.
The report says many of the vulnerabilities in nuclear weapons systems have been in place for some time, but they have been made worse by new technology.
The report concludes: “At best, cyber insecurity in nuclear weapons systems is likely to undermine trust and confidence in military capabilities and in the nuclear weapons infrastructure. At worst, cyber attacks could lead to deliberate misinformation and the inadvertent launch of nuclear weapons.
Software in the nuclear missile system was being upgraded after defence officials admitted there was “legitimate concern” about threats from cyber hackers.
One cyber expert at the time suggested potential weak spots could be apparent when Britain’s nuclear deterrent submarines came in to port to receive upgrades and maintenance.
Malicious programs to sabotage or damage the deterrent could also be secretly hidden in nuclear systems when new parts are being designed and made.
The Chatham House authors call for urgent attention on increasing cyber security, but admit that states are unlikely to publicly talk about the issue.
When the Trident upgrade was disclosed in 2016, the Ministry of Defence in 2016 would only say that “the deterrent remains safe and secure”.
The authors called for more transparency, arguing that “it is the public that will pay the ultimate price for complacency regarding cybersecurity of nuclear weapons systems.”