- By Ellie Hurst
- Posted 26th November 2015
- In cyber attack, cyber security, hacking, ISO27001, missiles, MOD, nuclear, Trident
By Julia McCarron with contribution from Chris Cope.
There have been a number of press stories in the last few days that could have us searching for our 3 pronged spears to protect these shores because, if the news is to be believed, the missile version of Trident could be rendered useless or obsolete from a cyber-hack.
I don’t know about you but I viewed these articles with some skepticism as I can’t believe that the MOD and Government haven’t thought to test the technical vulnerabilities of such a critical system before now, especially one with such far reaching consequences if it were breached?
As I understand it from those who have knowledge of MOD workings, all military systems, including Trident and its associated communications networks, are assured via the Defence Information Assurance Services (DIAS) Accreditors. This assurance process takes into account the likely threats and resulting risks that apply to those systems, including hacking and other forms of cyber-attack. There is a stringent policy of assessment and review for all major systems, and Trident will be one of the most assured systems due to its importance. Clearly, though details of this assurance are highly unlikely to ever be released into the public domain; information on risks and counter measures taken against them will be very closely guarded. And I would hope so too!
The MOD will employ a number of safeguards to protect its most important systems. Many of these will be familiar to the wider information security field and it’s no surprise that ISO27001 features heavily. The greater the risks to the system, and the more critical it is, the more stringent the controls in place. Many high level MOD systems are effectively air-gapped and have no connection to the internet, even via a controlled gateway. That means they are effectively isolated from other communications networks, even the authorised users are heavily constrained in what they can and cannot do; use of mobile media for example is highly regulated. Given Trident’s role as a potential counter-strike weapon, the communications to the deployed vessels receive very careful attention. Not only will there be good level of assurance against the normal range of attacks, but there will be significant redundancy in place, just in case one fails. Trident is carried by the Vanguard class submarine, which is designed to operate virtually undetected. Commanders of these vessels have clear direction from the Prime Minister on what to do if there is evidence of a nuclear attack and all communication from the political leadership in the UK fails.
The comments made by a former Defence Secretary about potential vulnerabilities around the Trident system make interesting reading in light of recent concerns over cyber-attack, but the timing of these comments is telling. The House of Commons is due to vote on the future of the UK’s nuclear deterrent … there I go being skeptical again but as my hero Leroy Jethro Gibbs often says, Rule 39# There’s no such thing as a coincidence…