by Leonardo Carvalho

A document produced by researchers at the British American Security Information Council (BASIC) warns of the risks and consequences of a cyber attack on Nuclear Defense Systems using as a study object the Trident Nuclear Programme— or Trident Deterrence Program — created in 1992 as a case study to “cover the development, acquisition and operation of the current generation of UK nuclear weapons and their means of delivery”.

The paper, titled “Hacking Trident: A Growing Threat” (available in PDF here) focuses on the so-called “delivery means”, more specifically the Vanguard-class submarine fleet equipped with Trident II D-5 nuclear missiles. It concludes: “Vulnerability to cyber attacks is real. It can be reduced with continuous and significant cybernetic surveillance, but it can not be eliminated”.

The threat, according to the study, could “neutralize Trident operations”, potentially causing loss of life and even “catastrophic exchange of nuclear warheads (directly or indirectly)”.

Trident is the codename of the British nuclear deterrent program that was commissioned in the 1990s to replace the Polaris system, which had been opereting since 1968. Like its predecessor, Trident consists of four submarines (SSBNs) armed with nuclear warheads operated by the Royal Navy Navy from the naval base of Clyde on the coast of Scotland patrolling the waters of the UK — at any moment one of the submarines is on patrol, one is preparing for patrol, one is undergoing maintenance, and one has just came off patrol and is recovering.

The logic behind both programs is, “Even if the nation’s conventional defense capabilities were destroyed, the submarines would still be capable of delivering catastrophic retaliation against the aggressor”.

The document, produced by researchers Stanislav Abaimov and Paul Ingram, looked at vulnerabilities in key systems associated with Trident to assess the risks of attacking such systems, including identifying potential vectors.

“Currently, every critical vessel system is automated and controlled by computers. Given that military structures are heavily protected, the most effective means of penetrating these systems would be the use of malware” the study said.

The authors noted that the submarine network architecture is “air gap”, that is, “physically isolated from the internet and any other civil network, which limits the possibility of real-time access to the command network”, however this type of system does not prevent “in-house” attacks, or “pre-injection of malware” on submarines, missiles or other structures during their construction or maintenance stages.

Incidents such as those involving Stuxnet and Duqu demonstrate, according to the study, that air gap systems and network segmentation are not necessarily an effective defense against cyber attacks, since any electronic system “inevitably has a means for new code to be introduced” — an example is the use of USB devices; we mentioned, in a recent article, a study by ESET researcher Tomáš Gardon and published in March 2016 to announce the discovery of a malware (called Win32 / PSW.Stealer.NAI) that uses these devices as attack vectors .

The study finds that the most likely targets of a cyberattack to Trident would be critical systems — its reactor, or missile launch control — and other systems such as the internal communication system, water purification and oxygen level, among others .

Attackers could interfere with the communications, delivering the position of the vessel. They could also intercept, prevent or scramble the exchange of messages between the submarine and the base transmitting false information. “At worst”, the researchers say, “it would be possible to launch a missile in an unauthorized way (through the theft and transmission of release authorization codes) or by simulating a nuclear attack on the UK”, a hypothesis treated as extremely unlikely to require , Besides the technical skill, an extensive amount of intelligence work.