Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking Nuclear Command and Control

Posted by samzenpus on from the why-haven't-you-radioed-the-plans-countermanding-the-go-code dept.

The Walking Dude writes "The International Commission on Nuclear Non-proliferation and Disarmament (ICNND) has released an unclassified report exploring the possibility of cyber terrorists launching nuclear weapons. Ominous exploits include unreliable early warning sensors, unsecure nuclear weapons storage, transportation blunders, breaches in the chain of command, and the use of Windows on nuclear submarines. A traditional large-scale terrorist attack, such as the 2008 Mumbai attacks, could be combined with computer network operations in an attempt to start a nuclear war. Amidst the confusion of the traditional attack, communications could be disrupted, false declarations of war could be issued on both sides, and early warning sensors could be spoofed. Adding to this is the short time frame in which a retaliatory nuclear response must be decided upon, in some cases as little as 15 minutes. The amount of firepower that could be unleashed in these 15 minutes would be equivalent to approximately 100,000 Hiroshima bombs."

12 of 256 comments (clear)

  1. oh yes by Anonymous Coward · · Score: 2, Insightful

    "... and the use of Windows on nuclear submarines." - i stopped reading.

    1. Re:oh yes by Anonymous Coward · · Score: 2, Insightful

      Maybe because the way Windows is used on a nuclear sub (Non-networked, no USB drives, et cetera) leave it pretty much 'unhackable' from somebody who doesn't already have access to that machine?

      Seriously, you could use an unpatched Windows XP box with all the remote services running and no firewall, and it STILL DOESN'T MATTER SINCE THERE'S NO VECTOR ONTO THE MACHINE.

      They use Windows, iirc, because that's where the development tools are. And, since security in this application is basically all physical anyway... why not?

  2. Usual fear-mongering by cluke · · Score: 4, Insightful

    So, the "International Commission on Nuclear Non-proliferation and Disarmament" releases a report saying Nucler weapons are dangerous? Who would have thunk it?

  3. We don't live in a comic-book universe... by VShael · · Score: 4, Insightful

    Do we have ANY super-villain cyber hackers in the world who WANT to start a nuclear war and launch 100,000 hiroshima type bombs?

    Seriously?

    Who do they envision being behind this? Doctor Evil???

    1. Re:We don't live in a comic-book universe... by Opportunist · · Score: 2, Insightful

      Thanks for asking the obvious: Who would WANT to do that?

      What's the gain? The end of the world. Erh... yeah, that's super (cheesy thumbs-up pic here). Nobody, absolutely nobody who has a minuscle chance to pull something like this off actually wants the world to end. Everyone who could technically pull together the manpower and know-how to pull a stunt like this wants power.

      How much power do you have over a pile of ashes and dust? Oh, and did I mention that you're dead as well?

      You'd need someone with:

      A deathwish.
      Enough hatred towards the whole planet to wipe out mankind or at least accepting it as a possible outcome.
      Enough brainpower to envision a plan to execute it.
      Enough charisma or clout to gather a flock of equally zealous and lunatic people (remember, money won't work, you can't bribe me if I'm going to hell for it)

      What comic book did this scenario fall out of?

      Ozzy, li'l Kim, and all the other Mr. Evils of today share a common trait: They don't want to die. All the unabombers share another trait: They have no followers and nowhere near enough 'power' and 'being inside' to get a hand on those devices.

      So who? As you said it right, you'd need a comic book villain mastermind.

      And, sorry, I'm not available at the moment. I'm still busy mounting those friggin' lasers on those sharks.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  4. Windows on Nuclear Submarines by Fantom42 · · Score: 4, Insightful

    The use of Windows on nuclear submarines is not a big deal without providing a lot more context. Is Windows being installed to perform a critical function? Is there an independent backup implemented in hardware? There remain a lot of questions to be answered before I care that Windows is installed on submarines, especially given the alarmist tone of the paper as a whole.

    The article (mis?)cited even talks about how the systems being used don't "usually" get autonomous control of the weapons systems. (http://www.theregister.co.uk/2008/12/16/windows_for_submarines_rollout/) That's pretty vague, but not really surprisingfor a reporter.

    So, is Windows on submarines a concern? Sure it is. Quite frankly, (get out your -1 mod points) for a high risk system, one in which failure can cause loss of life on a massive scale, using Linux, or any computer system is a concern.** Luckily, if engineers are doing their jobs correctly, they know how to design these systems to prevent a software failure from causing one of these events. This almost invariably means using custom software or (better) simple hardware to implement/interlock critical functions and use regular COTS software for the rest. And yes, false indications are an example of a critical function. If the software were to indicate a missile launch, for example, I would expect a way to verify that using hardware in the procedure before moving on to the next step.

    ** This is because any of these systems are too big to have the kinds of quality steps needed for such a system (think TRACEABLE code coverage, testing, requirements traceability, application of coding standards and other software engineering principles, all must be traceable). Maybe if Linus Torvalds and everyone who works on the Linux kernel was hired by the DOD and held to a software quality standard, like DO-178B (http://en.wikipedia.org/wiki/DO-178B)*** there would be a small chance of being able to use this software for a function that is required to prevent loss of life.

    *** Having dug through DO-178B, it is not without its issues, either. But its a good starting point at least.

  5. Could, Could, Could . . . by siloko · · Score: 4, Insightful

    Talk about your Blue Screen of Death

    Agreed, but I was wondering when the quantity of "could's" in a summary turns it from a "report" into a "work of fiction"?

    1. Re:Could, Could, Could . . . by domatic · · Score: 2, Insightful

      A quantity of small "coulds" coming together at the wrong time and place is how a lot of accidents happen. This has happened in regards to missile warnings before though thankfully we didn't achieve a critical density of "coulds":

      http://en.wikipedia.org/wiki/Able_Archer_83
      http://www.pbs.org/wgbh/nova/missileers/falsealarms.html

    2. Re:Could, Could, Could . . . by flaming+error · · Score: 2, Insightful

      > A quantity of small "coulds" coming together at the wrong time and place is how a lot of accidents happen

      That is absolutely correct. That is how accidents happen. But if you or I or McVeigh planned to force "a critical density of 'coulds'," it would never work. Hollywood allows for failures on cue and long chains of helpful improbabilities, but outside the movies perfect storms don't follow a plan.

  6. Re:IRL by Anonymous Coward · · Score: 1, Insightful

    they are thinking that there are hundreds of computers on a submarine. do you think every one of them has a purpose built, custom OS?

  7. Re:Windows on submarines? by icebrain · · Score: 3, Insightful

    Well, considering you're surrounded by at least three inches of steel in every direction, plus a whole bunch of salt water... I wouldn't be worried too much. It's noise you'd really be concerned about.

    --
    The meek may inherit the earth, but the strong shall take the stars.
  8. You must never have been in the military. by k.a.f. · · Score: 4, Insightful

    Agreed, but I was wondering when the quantity of "could's" in a summary turns it from a "report" into a "work of fiction"?

    When assessing your adversaries, you always assess capability, not probability or even intention. "Can't possibly" is acceptable, but improvable. "Might" raises serious concern. "Could" is reason for all-out batshit-crazy paranoia.

    And I like that things are that way. At least, y'know, when dealing with unauthorized nuclear launches.