Could Cyber-Terrorists Provoke Nuclear Attacks? 183
Hugh Pickens writes "The Guardian reports that according to a study commissioned by the International Commission on Nuclear Non-proliferation and Disarmament (ICNND), a joint initiative of the Australian and Japanese Governments, terrorists could use information warfare techniques to make a nuclear attack more likely — triggering a catastrophic chain of events that may be an easier alternative 'than building or acquiring a nuclear weapon or dirty bomb themselves.' While the possibility of a radical group gaining access to actual launch systems is remote, the study suggests that terrorists could focus on feeding in false information further down the chain — or spreading fake information to officials in a carefully orchestrated strike. According to the study 'Hacking Nuclear Command and Control' [PDF], cyber-terrorists could 'provoke a nuclear launch by spoofing early warning and identification systems or by degrading communications networks.' Since command and control systems are placed at a higher degree of exploitation due to the need for rapid decisions under high pressure with limited intelligence, cyber-terrorists 'would not need deception that could stand up over time; they would only need to be believable in the first 15 minutes or so.'"
Discussed This Report Four Days Ago (Score:4, Informative)
Really, I'm less worried about the cyber part of one of these attacks and am more so worried about the weakest link in the chain: the human factor. Social, over-the-shoulder or 'soft' hacks would be the few ways left to gain access. Mental manipulation like keeping someone in the dark would be the best way to scare them into action. It's not like someone's magically overcoming the physical barrier that exists between the internet and these secure networks on which sensitive information and control are relegated--you need a human to exploit.
At least this time around the title's gone from
Hacking Nuclear Command and Control
to
Could Cyber-Terrorists Provoke Nuclear Attacks?
Which is a lot more accurate but a lot less newsworthy.
Re:Discussed This Report Four Days Ago (Score:2, Informative)
Insufficient Knowledge = Inaccurate Results (Score:5, Informative)
This paper shows a significant misunderstanding of the command and control structure and procedures at STRATCOM (formerly SAC), National Command Authority (NCA) and other key elements of the process. I am waiting for the author to explain how the attacker will obtain the encryption codes to MILSTAR, SLFCS or any of the other communication channels into a Minuteman Launch Control Facility or the equivalent communication channels going to bomber squadrons, submarines and other force components with nuclear capability. Then there are enable codes, launch codes and various other keys that would be needed. The article also fails to address safeguards in place. One needs to only examine the "incidents" that have occurred in real life, such as a exercise tape accidentally being loaded at SAC, prompting incoming ICBM warnings, to see that these procedures worked even 20 or 30 years ago, and they hve only been improved since then.
Having worked on the unauthorized launch studies for Peacekeeper (the decommissioned ICBM system often referred as MX), I can tell you the author did not have the data needed to be able to conduct this study, much less draw any valid conclusions
Re:Discussed This Report Four Days Ago (Score:4, Informative)
Of course, unless one of the "some of the crew" include the Captain, they can't actually arm the weapons. And if they have the captain, well, there are other people they have to have, any one of which can make the weapons unusable.
Plus, of course, the boats with the missiles are either underwater (and therefore the "group of people" can't reach it to take it over), or tied up alongside a subtender full of sailors and marines, in a port full of sailors and marines, all of whom have a very bad attitude about the notion of stealing a boomer.
Aside from this being impossible (there is no scenario where an "incomplete detonation" can occur - nukes have been present on aircraft that crashed without doing anything other than laying there), there aren't actually too many "populated areas" in the middle of the ocean where these boats spend their time.
Because the USSR isn't the only threat conceivable. It never was, and never will be.
This ignoring the fact that there has never been an accidental detonation of a nuclear device, in ANY of the nuclear powers. So why assume that the risk is meaningful?