A think tank today published a report that claims that nuclear weapon systems in both the U.S. and U.K. are vulnerable to hacking and that hackers could potentially start a nuclear war.

The claim comes from Chatham House in its report “Cybersecurity of Nuclear Weapons Systems: Threats, Vulnerabilities and Consequences,” which details the history of nuclear weapons systems and the inherent risks built into them.

“There are a number of vulnerabilities and pathways through which a malicious actor may infiltrate a nuclear weapons system without a state’s knowledge,” the researchers said. “At times of heightened tension, cyberattacks on nuclear weapons systems could cause an escalation, which results in their use…. Inadvertent nuclear launches could stem from an unwitting reliance on false information and data. Moreover, a system, that is compromised cannot be trusted in decision-making.”

The report identified vulnerabilities across entire nuclear weapon systems, with human errors, design flaws, system failures and other vulnerabilities within the supply chain cited as potential entry points for malicious actors. Once in the door, those actors could “launch a weapon, prevent an inadvertent launch, maintain command and control of all military systems, transmit information and other communications and the maintenance and reliability of such systems,” the report noted.

Eddie Habibi, founder and chief executive officer of PAS Global LLC, which offers process safety, cybersecurity and asset reliability software to the energy, process and power industries, told SiliconANGLE that although it’s good that these threats are being recognized, more needs to done.

“Early in the Chatham House report, the authors note, ‘Nuclear weapons systems were first developed at a time when computer capabilities were in their infancy and little consideration was given to potential malicious cyber vulnerabilities,'” Habibi said. “Similarly, the systems behind our oil refining, water management, electricity production and other critical infrastructure were built before ‘secure by design’ was even a term. Not only are systems within critical infrastructure typically insecure, they tend to fall outside of cybersecurity personnel’s view which increases overall risk.”

Although areas such as critical infrastructure take steps to put in necessary security controls such as better network segmentation, asset management and change control, Habibi said more needs to be done. “The problem is that we are moving at industry speed, and the bad guys are moving at hacker speed,” Habibi added. “Make no mistake, we are in an arms race still today. The difference is that threat actors include cyber ones along with state actors now, and we need to adjust our strategies and tactics to prepare for a stark reality that is already upon us.”

Image: Pixabay