Just before the false alarm last weekend in Hawaii when residents were erroneously warned of an impending missile attack, think tank Chatham House issued a report stating that it had identified vulnerabilities in nuclear weapons systems located throughout the world that made them susceptible to malware and ransomware attacks that could lead to inadvertent missile launches.
This is a scary report. It notes that the computer systems that control nuclear weapons systems were developed when computers were in their infancy and malicious cyber activities were not contemplated or experienced. Because data security was not built into the architecture of the nuclear control systems, the systems could be tampered with unbeknownst to its controllers.
According to the report, “The likelihood of attempted cyber-attacks on nuclear weapons systems is relatively high and increasing from advanced persistent threats from states and non-state groups.” The author stresses that these vulnerabilities are not being prioritized and addressed and that there is complacency by governments in securing nuclear weapons systems because of the inability to keep up with technological advances, a dearth of skilled workers and slowness of institutional change. “As a result, current nuclear strategy often overlooks the widespread use of digital technology in nuclear systems.”
The report is a wake-up call to those countries with nuclear capabilities, including the U.S., the United Kingdom, France, India, and Israel. (Note that other countries with nuclear capabilities include Russia, Pakistan, China, and North Korea).
The report states that if a nuclear system was tampered with by a malicious cyber-attack, it could “cause an escalation, which results in their use. Inadvertent nuclear launches could stem from an unwitting reliance on false information and data.”
It really is no different than a fraudulent wire fraud case, but with serious life-threatening consequences. In a wire fraud incident, the intruder gains access to a system, changes information, documents or rules in the system, and is able to divert funds to the attacker’s bank account without the knowledge of the victim until it is too late. In this case, when the attacker gets into the nuclear system, it can change information, documents or controls in the system, override control mechanisms, and launch a nuclear attack. Very scary indeed.