Cyber-Upgrades Coming for Trident Nuclear Missile Program
The US Navy has announced American and British Trident missiles will be upgraded because there is “legitimate concern” about threats from the cyber-realm.
The announcement comes as both nations pour billions into cybersecurity.
The UK and the US share a pool of submarine-launched Trident II D5 missiles (but design and build their payloads of nuclear warheads separately). Britain’s 58 missiles are carried by the Royal Navy’s four Vanguard class nuclear submarines; each can be fitted with up to 12 warheads that can strike different targets with a range of 7,500 miles.
None of the nuclear systems are connected to the internet, and are protected by an air gap. But, as the recent revelation of an airgap-jumping USB trojan shows, malware authors are finding a way around that protection.
“Now that cyber has become even more important in our national security, there will be even more requirements. In our modern era, cybersecurity threats are a legitimate concern,” said John Daniels, a spokesman for the US Navy’s nuclear program, as reported by the Telegraph.
The software security work will be carried out by BAE Systems, which carries out maintenance of the missiles.
A Ministry of Defence spokesman told the paper: "The deterrent remains safe and secure. We take our responsibility to maintain a credible nuclear deterrent extremely seriously and continually assess the security of the whole deterrent programme and its operational effectiveness, including against threats from cyber.”
Colin Cassidy, security consultant for IOActive, told Infosecurity that "It's a step in the right direction for the UK Government to protect its nuclear weapons against cyber-attacks. However, it shouldn’t stop with just this—it needs to be looking at defending its critical infrastructure against cyber-attack as well. More needs to be spent on that, too, as it does seem as though it is defending its means to deter, rather than defending its means to be."
Photo © Nikolay Vinokurov/Shutterstock.com
Source: Information Security Magazine