Slashdot Mirror
Hacking Nuclear Command and Control
The Walking Dude writes "The International Commission on Nuclear Non-proliferation and Disarmament (ICNND) has released an unclassified report exploring the possibility of cyber terrorists launching nuclear weapons. Ominous exploits include unreliable early warning sensors, unsecure nuclear weapons storage, transportation blunders, breaches in the chain of command, and the use of Windows on nuclear submarines. A traditional large-scale terrorist attack, such as the 2008 Mumbai attacks, could be combined with computer network operations in an attempt to start a nuclear war. Amidst the confusion of the traditional attack, communications could be disrupted, false declarations of war could be issued on both sides, and early warning sensors could be spoofed. Adding to this is the short time frame in which a retaliatory nuclear response must be decided upon, in some cases as little as 15 minutes. The amount of firepower that could be unleashed in these 15 minutes would be equivalent to approximately 100,000 Hiroshima bombs."
"...and the use of Windows on nuclear submarines" Talk about your Blue Screen of Death
"... and the use of Windows on nuclear submarines." - i stopped reading.
Shall we play a game?
Windows on a submarine sound like a pretty bad idea to me...
Watching a flash presentation might just launch a nuke.
When it happens, most of us wont even know it :-)
The survivors amongst us might know after they can't access /. for 12 consecutive hours.
Need an ISP in South Africa?
We tried to nail Jane Fonda.
Most people know a thing or two. Some people know their way around weapons systems but most people don't. Most people are sane and rational but a few people are not. The unabomber wasn't rational but fortunately he was a mathematician, not a rail signalling engineer or an air traffic controller.
I don't believe that Al Qaida could weasel their way into the control systems for missiles, unless they come across somebody smart enough and crazy enough to be of value to them. I don't believe there is any systematic reason why this could not happen, it is just very unlikely.
At the moment it is much easier for the terrorists to work with the tools they know.
Researching Kaczynski for this post has got me thinking. With his background he could have gone into a field where he gained access to some critical systems. Lots of secure areas employ mathematicians. But then he might not have had the time and resources to develop his nutty ideas. He had to withdraw somewhat to do that. Was the Jack D Ripper character a realistic possibility? Or would a maniac have been unable to rise to a position of responsibility?
http://michaelsmith.id.au
So, the "International Commission on Nuclear Non-proliferation and Disarmament" releases a report saying Nucler weapons are dangerous? Who would have thunk it?
Do we have ANY super-villain cyber hackers in the world who WANT to start a nuclear war and launch 100,000 hiroshima type bombs?
Seriously?
Who do they envision being behind this? Doctor Evil???
From personal experience I can say that 'Windows on a submarine' really isn't an issue. The Navy uses at LEAST three independent networks on their ships. Two that I was told about and one that I wasn't supposed to notice on my own. These aren't connected together, and only one of them connects to the outside world. Even if they were running a completely un-patched version of Windows 3.11 on that inner-most network, they're still as secure as they need to be.
In the case of the Navy's most important systems, they're not secured via copper but instead by steel-jacketed lead.
The use of Windows on nuclear submarines is not a big deal without providing a lot more context. Is Windows being installed to perform a critical function? Is there an independent backup implemented in hardware? There remain a lot of questions to be answered before I care that Windows is installed on submarines, especially given the alarmist tone of the paper as a whole.
The article (mis?)cited even talks about how the systems being used don't "usually" get autonomous control of the weapons systems. (http://www.theregister.co.uk/2008/12/16/windows_for_submarines_rollout/) That's pretty vague, but not really surprisingfor a reporter.
So, is Windows on submarines a concern? Sure it is. Quite frankly, (get out your -1 mod points) for a high risk system, one in which failure can cause loss of life on a massive scale, using Linux, or any computer system is a concern.** Luckily, if engineers are doing their jobs correctly, they know how to design these systems to prevent a software failure from causing one of these events. This almost invariably means using custom software or (better) simple hardware to implement/interlock critical functions and use regular COTS software for the rest. And yes, false indications are an example of a critical function. If the software were to indicate a missile launch, for example, I would expect a way to verify that using hardware in the procedure before moving on to the next step.
** This is because any of these systems are too big to have the kinds of quality steps needed for such a system (think TRACEABLE code coverage, testing, requirements traceability, application of coding standards and other software engineering principles, all must be traceable). Maybe if Linus Torvalds and everyone who works on the Linux kernel was hired by the DOD and held to a software quality standard, like DO-178B (http://en.wikipedia.org/wiki/DO-178B)*** there would be a small chance of being able to use this software for a function that is required to prevent loss of life.
*** Having dug through DO-178B, it is not without its issues, either. But its a good starting point at least.
Talk about your Blue Screen of Death
Agreed, but I was wondering when the quantity of "could's" in a summary turns it from a "report" into a "work of fiction"?
"...and the use of Windows on nuclear submarines" Talk about your Blue Screen of Death
It could be worse:
Sub Commander: "Enemy vessel has locked on and fired anti-sub missile. Impact in 10 seconds. Immediate Anti-missile counter-strike authorised. Target enemy vessel with Tomahawk."
Sub operator: "Incoming target acquired and locked on. Tomahawk ready for launch authorisation."
Computer: "Automatic update has replaced current program with I.E 8 as default. Computer re-booting. This will take 30 seconds"
Sub crew: "S**t!"
Smivs on the intertubes!
Mutually Assured Destruction or Destruction. Asymmetrical use of a captured Nuclear weapon is surely a nightmare scenario, but a disarmament solution requires careful consideration.
Some who have read my criticisms of the Nuclear Industry may be surprised to find that I actually support the development of a reactor that addresses the issue of 70,000 tons of Pu-239 (and much more U-238) currently stored in reactor sites around America, simply because it's irresponsible for our generation to foist these issue onto later generations.
One of the core reasons I support the development of such a reactor because it is capable of utilising weapons grade plutonium as fuel creating an impetus for disarmament and, hopefully, slowly defusing the asymmetrical weapons threat.
Unfortunately, because there is no geologically sound Nuclear waste dump in operation it's totally inappropriate to discuss building a new reactor facility until a proper containment facility is available. Yucca mountain is not a suitable site because it is made of pumice and geologically active evidenced by recent aftershocks of 5.6 within ten miles of a repository that is supposed to be geologically stable for at least 500000 years. The DOE's own 1982 Nuclear Waste policy Act reported that Yucca Mountain's geology is inappropriate to contain nuclear waste, and long term corrosion data on C22 (the material to contain the Pu-239 and mitigate the ingress of water - yet another Yucca problem) is just not available.
We need something made of granite. The only human made structure with the potential to last 10000 years is Mt Rushmore, so it has to be an engineering project of that scale, because the logistical problems of transferring the 70000 odd tons of Pu239 to the spent fuel containment facility are so involved that you want to get it right the first time and only do it once.
Even doing that will probably take 30 years to complete, but there is more to it than that.
I was a big fan of the Integral Fast Reactor as a potential solution and in a way I still am. But the reality is 3rd and 4th generation reactors are a pipe dream because our material science is not advanced enough yet to produce a reactor design that will last the thousands of years it will take to use that fuel. If you are going to build reactors then do it properly and build a Terra-watt scale nuclear reactor facility the belly of a massive granite mountain with an attached waste facility and chomp up all your remaining plutonium or end all commercial nuclear activity altogether.
Why? Because Nuclear power is energy intensive *after* the energy has been produced simply because said technology (material sciences) are not adequate to produce a Nuclear reactor that has a life span that matches the geological time frames of the fuel. This exposes the facility to all the issues associated with de-commissioning reactor sites every 4 decades or so. A reactor design that lasts at least 1000 years and is a closed loop, i.e. the plutonium goes in and nothing comes out (except electricity and possibly hydrogen) and avoids all the energetic costs associated with mining, enrichment and de-commissioning/demolition of the reactor.
As long we are producing plutonium and there is no where for it to go we will have a Nuclear Weapons threat and this is the price we pay for opening that pandora's box. I don't hide the fact that I don't like the constant failure of the Nuclear Industry. But I'm also being realistic. I realise that the only way out of this mess is a well thought out and designed project because we have no other choice due to the nature of the materials. It entails redesigning the entire industry, and it's a long term solution. A well designed and secured facility resistant to attacks even from orbit because that's the type of 21st century threats it would have to face.
But it has to be done properly, and I don't think privat
My ism, it's full of beliefs.
Agreed, but I was wondering when the quantity of "could's" in a summary turns it from a "report" into a "work of fiction"?
When assessing your adversaries, you always assess capability, not probability or even intention. "Can't possibly" is acceptable, but improvable. "Might" raises serious concern. "Could" is reason for all-out batshit-crazy paranoia.
And I like that things are that way. At least, y'know, when dealing with unauthorized nuclear launches.
Except the need for the CO / XO is implemented in the form of a physical key, that actually closes the electrical circuit, something that can't be bypassed with software.
Sub Commander: "Enemy vessel has locked on and fired anti-sub missile. Impact in 10 seconds.
Impact in 9 seconds.
Impact in 8 seconds.
Impact in 7 seconds.
Impact in 12 seconds.
Impact in 2 seconds.
Impact in 1 seconds.
Impact in about an hour.
Impact in 4 minutes.
-- BOOM
Finished copying 2MegaTons file "Missile.snk" from "Vessel" to "Your Ass".
Thanks for using MIcrosoft Windows Vista.
Segmentation Fault in "Life, Universe and Everything" at line 42. Don't Panic.