Could Cyber-Terrorists Provoke Nuclear Attacks?

Hugh Pickens writes "The Guardian reports that according to a study commissioned by the International Commission on Nuclear Non-proliferation and Disarmament (ICNND), a joint initiative of the Australian and Japanese Governments, terrorists could use information warfare techniques to make a nuclear attack more likely — triggering a catastrophic chain of events that may be an easier alternative 'than building or acquiring a nuclear weapon or dirty bomb themselves.' While the possibility of a radical group gaining access to actual launch systems is remote, the study suggests that terrorists could focus on feeding in false information further down the chain — or spreading fake information to officials in a carefully orchestrated strike. According to the study 'Hacking Nuclear Command and Control' [PDF], cyber-terrorists could 'provoke a nuclear launch by spoofing early warning and identification systems or by degrading communications networks.' Since command and control systems are placed at a higher degree of exploitation due to the need for rapid decisions under high pressure with limited intelligence, cyber-terrorists 'would not need deception that could stand up over time; they would only need to be believable in the first 15 minutes or so.'"

Discussed This Report Four Days Ago

[eldavojohn]

We discussed this the day the report was released [slashdot.org] and the conversation was pretty much limited to BSOD jokes and War Games references. Hopefully it turns out a little more interesting this time around.

Really, I'm less worried about the cyber part of one of these attacks and am more so worried about the weakest link in the chain: the human factor. Social, over-the-shoulder or 'soft' hacks would be the few ways left to gain access. Mental manipulation like keeping someone in the dark would be the best way to scare them into action. It's not like someone's magically overcoming the physical barrier that exists between the internet and these secure networks on which sensitive information and control are relegated--you need a human to exploit.

At least this time around the title's gone from

Hacking Nuclear Command and Control

to

Could Cyber-Terrorists Provoke Nuclear Attacks?

Which is a lot more accurate but a lot less newsworthy.

Re:Discussed This Report Four Days Ago

[RxScram]

All American SSBN's (Ohio Class) can actually carry 24 missiles, with a theoretical limit of 8 (or 12, depending on the source of information) W88 warheads, each warhead with a yield of 475 Kt. Of course, the START and SALT treaties limit the number of warheads per missile to something like 4, but it's still a mighty destructive force.

Insufficient Knowledge = Inaccurate Results

[DoctorMabuse]

This paper shows a significant misunderstanding of the command and control structure and procedures at STRATCOM (formerly SAC), National Command Authority (NCA) and other key elements of the process. I am waiting for the author to explain how the attacker will obtain the encryption codes to MILSTAR, SLFCS or any of the other communication channels into a Minuteman Launch Control Facility or the equivalent communication channels going to bomber squadrons, submarines and other force components with nuclear capability. Then there are enable codes, launch codes and various other keys that would be needed. The article also fails to address safeguards in place. One needs to only examine the "incidents" that have occurred in real life, such as a exercise tape accidentally being loaded at SAC, prompting incoming ICBM warnings, to see that these procedures worked even 20 or 30 years ago, and they hve only been improved since then.

Having worked on the unauthorized launch studies for Peacekeeper (the decommissioned ICBM system often referred as MX), I can tell you the author did not have the data needed to be able to conduct this study, much less draw any valid conclusions

Re:Discussed This Report Four Days Ago

[CrimsonAvenger]

Sure, but submarines are not totally safe. Lets say a group of people manage to board the ship and with some aid from some crew, hey, they have 160 nukes that can reach pretty much an entire continent or more.

Of course, unless one of the "some of the crew" include the Captain, they can't actually arm the weapons. And if they have the captain, well, there are other people they have to have, any one of which can make the weapons unusable.

Plus, of course, the boats with the missiles are either underwater (and therefore the "group of people" can't reach it to take it over), or tied up alongside a subtender full of sailors and marines, in a port full of sailors and marines, all of whom have a very bad attitude about the notion of stealing a boomer.

Or lets say two subs manage to crash into each other as had previously happened ( http://i.gizmodo.com/5154315/two-nuclear-submarines-collide-in-the-atlantic [gizmodo.com] [gizmodo.com] ) and lets say for some reason some safety measures failed and if this happens in a populated area it becomes another Chernobyl even with an incomplete detonation.

Aside from this being impossible (there is no scenario where an "incomplete detonation" can occur - nukes have been present on aircraft that crashed without doing anything other than laying there), there aren't actually too many "populated areas" in the middle of the ocean where these boats spend their time.

The USSR is no longer in power, and a nuke or two is all it takes to neutralize any potential other nuclear threat from a non-stable nation, so why risk it?

Because the USSR isn't the only threat conceivable. It never was, and never will be.

This ignoring the fact that there has never been an accidental detonation of a nuclear device, in ANY of the nuclear powers. So why assume that the risk is meaningful?