Cybersecurity experts believe British nuclear warhead submarines are poorly protected from hacking

Information technologies are becoming more sophisticated, they penetrate into all spheres of human life and work. First of all, this applies, of course, to military affairs, because the same World Wide Web was created thanks to the military project ARPANET . Now everything is connected with everything, and military devices are no exception. It is believed that such systems are very well protected from cybercriminals, but is it really so?



Specialists from the organization of the British American Security Information Council (BASIC) believe that no. In particular, they studied the protection of British nuclear-powered submarines on board and found that this protection could be cracked using several methods developed over the past few years. It is also possible that a group of intruders, having set themselves the goal of gaining access to the resources of a submarine, will develop a number of new specialized hacking techniques and specific software.



The results of the study are presented in a report that was compiled jointly with Russian network security expert Stanislav Abramov. According to the authors of the report, cybercriminals can use several vectors of virtual attacks on the submarine. And one of these attacks can be successful, despite the fact that the submarine itself is under water for days or even months.

')

"Trident cyber systems are not connected to the Internet or any of the civilian networks," the report says. “However, rockets, warheads, and various kinds of auxiliary systems depend on computers, devices, and software connected to the internal network that need to be properly designed and programmed. All of these systems work with unique, private data and must be regularly updated, reconfigured and patched. ”



With regard to the possibility of an attack, then this may well be engaged in the usual representative of the service team, a technician who works in the dock or other place where you can access the systems of the submarine. After all, the military has contracts with various organizations that supply hardware and software. Therefore, a malicious program can be imperceptibly “settled” in a device sent on board even at the production stage. In addition, such software can be transferred to conventional USB-drives, memory cards, etc.



The equipment on submarines of the mentioned class is obsolete, some systems are more than ten years old. Moreover, much is known about the suppliers of this equipment - some of the information can be obtained even on Wikipedia. For example, it is known that communication and control systems for Astute-class submarines are supplied by Thales Underwater Systems.







Britain’s Submarine Command System (SMCS) submarine network systems were also installed more than ten years ago. They collect and analyze data from radars, hydrophones, sonars and other sensors. So, these systems are running a special version of Windows XP, which received the unofficial name "Windows for Warships". The consoles mentioned above are connected to the internal network via Ethernet; on some computers, Windows 2000 is installed on this network.





Rocket launch from the Trident submarine



10 years ago, when systems were only installed on submarines, they were considered a breakthrough in military affairs. Indeed, the military was able to work with data on powerful computers; the analysis is performed in real time. All systems are digital, not analog. But now all this equipment is already obsolete morally, moreover, patches and security updates are not issued for software a decade old. All this is fraught with possible hacking. And if it was not about the submarines with nuclear warheads on board, which are controlled by the same vulnerable to hacking and outdated equipment, then the problem could not be too focused on.



Nevertheless, the developers of systems for submarines continue to argue that there are no problems, since Trident systems are not connected with the outside world, and it turns out that they cannot be hacked. The words of experts from BASIC military do not take into account, arguing that the authors of the report are not aware of how the internal submarine systems work and are maintained. At the Ministry of Defense, journalists were told that they always paid maximum attention to cyber security issues, trying to eliminate emerging threats in time.



The authors of the report, however, believe that the words about the isolation of systems from the outside world are just an excuse. The fact is that now the development of malicious software and hacking tools are not carried out by lone hackers in their basement, but by teams of professionals serving in various states. As for the introduction of hacking tools, this can happen even at the production stage of various components of the submarine systems, during maintenance and software updates, as well as data transmission within the submarine itself. This threat becomes all the more important because it concerns nuclear warheads capable of wiping out entire cities from the face of the earth.