Trident cyberattack fears justified, say industry watchers

Former defence secretary Des Browne says government needs to spend more on cybersecurity

Concerns voiced by a former minister that the UK's Trident nuclear weapons system could be rendered obsolete by hackers have been backed by industry commentators.

Adrian Crawley, regional director for Northern Europe at Radware, agreed that "any national public or private infrastructure service or defence facility" could be hacked, following comments made by ex-Labour defence secretary Des Browne.

Talking to the BBC and the Guardian, Browne suggested that Trident – which the government this week has admitted will cost £31bn to renew – would not offer a reliable deterrent without an "end-to-end" assessment of the cyberthreat to the system.

Browne highlighted a US defence report warning that the US and its allies "cannot be confident" that their defence systems could survive a sophisticated cyberattack , the Guardian reported.

The former minister, who served as defence secretary between 2006 and 2008, also said plans unveiled this week by George Osborne to allocate £3.2bn to cybersecurity over the next five years did not go far enough to protect Trident.

"My instinct is to think that £3.2bn over five years comes nowhere near the scale of the cyberthreat challenge, if it includes ensuring cybersecurity for the command and control of our nuclear weapons," he said.

"Also, this is the environment to which Moore's law applies. Consequently, we can expect cybercapacity to have doubled and doubled again since the report was published and to continue to increase."

Radware's Crawley agreed: "I'm afraid the reality is that any national public or private infrastructure service, or defence facility, could be hacked. Cyberattacks are advancing all the time – nothing stands still. We now see more automated attacks than ever before (a 300 per cent increase on this time last year), using techniques that sustain intense attacks over long periods without a person being involved."

However, Jens Monrad, a systems engineer at FireEye, said he found it "unlikely" that a threat actor, using the internet, would be able, to conduct a successful cyber-attack against Trident.

"Proving something is a 100 per cent secure or protected, can be very complicated, but I assume that extra analysis has been conducted into monitoring, isolating these sensitive networks from the public, as well as people having access to these systems, have undergone a strict and thorough background check, as well as continuous background checks," he said.

"These systems typically run and operate in an air-gapped environment and further more, they are typically not depended, or make use of Internet connected infrastructure, so this makes a cyber-attack less likely, compared to potential direct sabotage or physical attacks."