Hacking Nuclear Command and Control

The Walking Dude writes "The International Commission on Nuclear Non-proliferation and Disarmament (ICNND) has released an unclassified report exploring the possibility of cyber terrorists launching nuclear weapons. Ominous exploits include unreliable early warning sensors, unsecure nuclear weapons storage, transportation blunders, breaches in the chain of command, and the use of Windows on nuclear submarines. A traditional large-scale terrorist attack, such as the 2008 Mumbai attacks, could be combined with computer network operations in an attempt to start a nuclear war. Amidst the confusion of the traditional attack, communications could be disrupted, false declarations of war could be issued on both sides, and early warning sensors could be spoofed. Adding to this is the short time frame in which a retaliatory nuclear response must be decided upon, in some cases as little as 15 minutes. The amount of firepower that could be unleashed in these 15 minutes would be equivalent to approximately 100,000 Hiroshima bombs."

People in the know

[MichaelSmith]

Most people know a thing or two. Some people know their way around weapons systems but most people don't. Most people are sane and rational but a few people are not. The unabomber wasn't rational but fortunately he was a mathematician, not a rail signalling engineer or an air traffic controller.

I don't believe that Al Qaida could weasel their way into the control systems for missiles, unless they come across somebody smart enough and crazy enough to be of value to them. I don't believe there is any systematic reason why this could not happen, it is just very unlikely.

At the moment it is much easier for the terrorists to work with the tools they know.

Researching Kaczynski for this post has got me thinking. With his background he could have gone into a field where he gained access to some critical systems. Lots of secure areas employ mathematicians. But then he might not have had the time and resources to develop his nutty ideas. He had to withdraw somewhat to do that. Was the Jack D Ripper character a realistic possibility? Or would a maniac have been unable to rise to a position of responsibility?

Re:Windows on submarines?

[IBBoard]

I've heard about it for a while now - it's not overly new news in the UK.

At least they're not wasting resources on Vista/7 - they're using Windows XP, which is nice and secure(!) As the El Reg article points out, though, at least the submarine is generally a stand-alone network, which should protect it from a lot of vulnerabilities (although not all)

Re:Windows on submarines?

at least the submarine is generally a stand-alone network

My next-door neighbour, a middle-ranking officer on the UK's Vanguard fleet of nuclear submarines, asked me to fix his laptop ready for the recent 3-month wargame off Florida. Naturally, the "fix" was as simple as identify trojan, format, re-install MS-Windows, install Avast, advise him not to run keygens he'd randomly downloaded off a torrent, and slip an Ubuntu live CD into the laptop bag in the hope it'd pique his interest.

As I returned it to him, I said "I turned WiFi and Bluetooth off by default. I assume you'd get in trouble if your stealth-sub got spotted by something as simple as your opponent searching for available networks."

Apparently he'd never thought of that. And regaled me with stories of how long undersea voyages are just one huge wireless LAN party and movie fileswap meet. And asked me to turn WiFi and BT back on.

Nuclear subs are just one huge Faraday cage, right? Right? No really, they are... aren't they?