

British nukes were only protected by bike locks - petewarden
http://www.bbc.co.uk/pressoffice/pressreleases/stories/2007/11_november/15/newsnight.shtml

======
mattmaroon
It's been known widely for some time that on every British nuclear-armed sub,
there's a safe, and in that safe another safe, and in that second safe a note
from the Prime Minister commanding the sub on what to do in the event that the
motherland should be wiped out in an attack while they were away.

That would mean it is impossible that they need some sort of special code, as
if they did, that code would have to be accessible to them already, and then
what is the point?

~~~
electromagnetic
The thing that people don't seem to grasp here is that a single Trident
missile is capable of carrying 10 warheads and is capable of striking 13,000
km away. This means that with a full compliment of missiles, a Vanguard
submarine surfacing in Anchorage Alaska would be capable of striking any
location in the US (and I believe possibly even Puerto Rico).

A false launch would essentially be capable of ending the world. It was
estimated that a small-scale nuclear war of ~50 'Little Boy' air-bursts would
have serious global complications. Being that a single warhead on the Trident
can detonate at 500KT (25 times a 'little boy'), a single missile launch is
equivalent to 5 megatons, all of which could be ground-burst and force more
dust into the atmosphere. At 160 warheads and 80 megatons of destruction, the
world is essentially over (as we know it) long before a retaliation has ever
been launched.

People's response to this never grabs the situation. It always seems to be
that people think a false launch could destroy a city like New York, when in
reality a false launch from a ballistic missile submarine could easily end the
world.

I realize the risks inherent in a lack of safeguards in the Trident program.
However, being from the UK and knowing full well that in the event of a
nuclear war, my entire homeland will be a nuclear wasteland (too many primary
targets in a small area, I know for a fact I lived in between 3 primaries when
I was growing up: major harbor, major RAF base, Army training base). So the UK
has little chance to approve a nuclear launch _after_ the attack, unless the
authorization can be approved by a UK overseas base, fail-safes are just
failures in the face of an attack. Fail-safes are intended to prevent
unauthorized launches, however for the UK they're also going to prevent
authorized launches.

I'm unsure what troubles me more, a poor ability to safeguard the system or
the inability for justice if some psycho warlord decides to destroy my
homeland.

The UK isn't in the US's situation where a nuclear launch can mean
authorization can be granted by a chief of staff or high ranking general
before everyone has been obliterated. The US would take potentially hours for
a complete destruction, the UK on the other hand can easily be nuked into non-
existence inside of a half-hour. A surprise attack doesn't leave much reaction
time for the UK like it does the US.

~~~
patio11
_A false launch would essentially be capable of ending the world._

The more I think about it, the more I think that the whole Nuclear Winter
thing is probably Global Warming 1.0. "Trust us, we're scientists."

~~~
petewarden
You're one of my favorite HN regulars but...

It's not "trust us, we're scientists", it's "trust us, we've published
extensive peer-reviewed evidence backing up what we're saying, so if you don't
believe us you can pick an informed argument".

Nuclear winter is one of the more testable scenarios in global climate, since
we have small-scale approximations whenever a big volcano erupts. There's been
some good recent research at
<http://www.agu.org/pubs/crossref/2007/2006JD008235.shtml>

I am not a climate scientist, but I've been driven crazy enough by people's
vague arguments to track down foundational papers around some of these issues.
Please, all I want is some decent research links for any skeptical stuff, no
more cheap shots.

------
swixmix
Summary: British submarines can launch missiles.

From the article: "..nuclear bombs were armed by turning a bicycle lock key.
There was no other security on the bomb itself."

By the way, it's a freaking submarine.

Perspective: I lock a gun's trigger with a bike lock, and then place it in a
safe. The safe is inside a bank vault.

If I do manage to steal the gun, then I can pick the lock and use it. If I do
manage to steal the arming key, then I can convince the crew to launch the
missile.

Would you like to play a game?

edit: Grammar

~~~
cstross
Yawn.

The W177's were secured with bike locks ... inside a reinforced concrete
bunker surrounded by razor wire and patrolled by armed guards with orders to
use lethal force to stop anyone trying to gain access to them without proper
authorization.

Just like the USSR's land-based ICBMs didn't have PAL codes -- instead they
were guarded by a platoon of KGB troops who didn't know how to launch the
missile, but sure knew how to stop the strategic rocket forces' crew from
launching the missile without orders.

Folks on HN are predisposed to thinking about automating security
procedurally, but seem to miss the point that military organizations have been
automating security through process carried out by human bodies for centuries,
if not millenia; all they need is enough obedient soldiers with guns and
orders not to allow [X] to happen without authorization [Y] or their ass is on
the line to ensure that the bombs are _de facto_ secure.

~~~
motters
Well, not necessarily. A rogue commander could probably persuade his
subordinates that he was authorized to use the bicycle key. If someone in a
position of apparent authority claims that they will accept responsibility,
subordinates will usually go along with that.

~~~
cstross
The WE.177 (<http://en.wikipedia.org/wiki/WE.177> \-- note corrected
designation) was a free-fall H-bomb, carried on Vulcan and then Tornado
bombers, and retired by 1998; you can see details of the 'bike lock' security
on that wikipedia page. As such, it was stored on RAF bases and there are
extensive procedures in place to ensure that a rogue officer _can't_ order a
deployment without it coming down the chain of command. (See also "Dr
Strangelove".)

The WE.177 was _not_ a sub-launched missile. The Royal Navy's Trident D5s
(which come from the same maintenance pool as the US Navy's missiles) are;
they do not, as far as I know, use bike locks: if they do, _so do the USN's
D5s_.

------
Eliezer
> However, the Royal Navy argued that its officers could be trusted and: "It
> would be invidious to suggest... that senior Service officers may, in
> difficult circumstances, act in defiance of their clear orders."

Even by the standards of a world gone mad, these people are #@!%ing lunatics.

------
bensummers
Comments here
[http://www.schneier.com/blog/archives/2007/11/british_nuclea...](http://www.schneier.com/blog/archives/2007/11/british_nuclear.html)
suggest the US just used 111111 as their code. (citation needed)

~~~
jackfoxy
And on this blog is the thoughtful reply

"It shouldn't be hard to arm a nuke. It should be hard to get access to it.

If you stole one any competant EE could rewire the whole thing to do what he
needs anyway. Those inclined to steal a nuke would have this know-how; they
wouldn't be your average bank robber or shoe-bomber terrorist.

Posted by: Savik at November 21, 2007 2:34 PM"

Maybe back in the day a competent EE could rewire, but the modern arming
mechanisms are ultra-sophisticated.

~~~
dfox
ultr-sophisticated, but still any locking mechanism on nuke can be overcomed
by sufficiently motivated adversary. And anyone who can steal the nuke is
sufficiently motivated, no matter how ultra-sophisticated your lock is.

Edit: and overcoming any kind of locking mechanism on nuke is certainly
cheaper than building one yourself. What most people seem to forget is that
problem with building nuclear weapons lies with logistics, not technical
expertise.

~~~
jackfoxy
Agreed. All the locking mechanisms and codes are to prevent accidental and
non-authorized triggering. After that you have to depend on guys with guns for
security.

------
arethuza
For anyone interested in this kind of stuff I can recommend this book:

[http://www.amazon.co.uk/Secret-State-Whitehall-Cold-
War/dp/0...](http://www.amazon.co.uk/Secret-State-Whitehall-Cold-
War/dp/0141008350)

The story of how the government planned to communicate with the V bomber fleet
is wonderful...

------
MrSartorial
Wow, that's really interesting. I think that Britain is firmly in the wrong on
this one. That places a lot of trust in a lot of individuals hands, which I
don't necessarily have a problem with because of a number of psychological
factors related to their employment in the army, but that doesn't discount
someone infiltrating the systems and activating the missiles.

~~~
jules
I imagine that someone can go crazy when living in a sub for a long period of
time.

~~~
SapphireSun
Especially if they do not have a friendly port to return to anymore.

------
joubert
That's nothing. In the US, we fly nuclear warheads across states.
<http://www.msnbc.msn.com/id/20427730/>

~~~
GrandMasterBirt
That's fine, as long as the warheads could not be detonated it does not matter
where they go.

The point is that you can arm a British nuke in 98 with a bicycle lock key and
no tamper-proof mechanism was there. So if you got a warhead detonation was
easy. In the US having a warhead is pointless, you need the codes or the bomb
is worthless.

~~~
joubert
You're 100% correct. According to the news reports at the time the transport
was characterized as being a "mistake", i.e. human error. I don't know the
intricacy of warhead arming etc., but another article on CNN talks about codes
being handled insecurely: <http://www.cnn.com/2008/US/07/24/missile.error/>

