
Hacking UK Trident: A Growing Threat - 076ae80a-3c97-4
http://www.basicint.org/sites/default/files/HACKING%20UK%20TRIDENT.pdf
======
jackweirdy
Technology aside I find the scariest thing about trident to be the lack of
codes in the PM's control. Everything needed to launch a nuke is already on
the submarine, and it's only military discipline stopping it.

~~~
evgen
That is how all nuclear submarines work. Part of their role as deterrent is to
be capable of delivering a response even if a sneak attack takes out the
national leadership.

~~~
jackweirdy
I thought the use of Permissive Action Link prevented this in the US, for
example

~~~
evgen
Nope, naval nukes to not use PALs. Assuming a boat at a defcon level such that
the keys are out of the safe you would need the captain and xo to agree and
launch (assuming tacit agreement from weapons officer, comm, and most of the
rest of the boat who could all in theory simply overpower someone trying to
launch without valid orders or sabotage the necessary systems to prevent
launch.)

~~~
scrumper
I don't believe what you have written is true in the case of the US Navy,
which parent was asking about. US SSBNs do indeed have PALs.

You are correct if you're talking about Britain: Royal Navy SSBN captains are
able to launch missiles independent of government orders and there are no PALs
involved in the UK nuclear deterrent (which is entirely submarine based).

This is the most authoritative source I can find right now; it's not a subject
where it's easy to find a ton of verifiable information:
[https://ukdefencejournal.org.uk/trident-what-are-the-
facts/](https://ukdefencejournal.org.uk/trident-what-are-the-facts/)

EDIT: For interest, the justification in Britain for leaving "full operational
control" in the hands of submarine commanders is that the UK government is
likely to be vaporized almost immediately after a hostile launch, there being
such a short flight time from many hostile nations to the UK. The USA has more
time to react, and a number of scares helped to swing political opinion in
favor of mandatory PALs for submarines. Now, I have heard that there is in
fact a way for a US SSBN crew to launch independently in the event of a
verified destruction of the chain of command on shore, but as that
verification is ultimately down to the command crew's judgement, it renders
the PAL moot. This I could only find Quora answers about so take it with a
pinch.

~~~
evgen
Aren't the only PALs on a US SSBN the launch keys? I realize that the devices
themselves have anti-tamper PAL components, but once the safe is opened and
the keys are out I was under the impression that the captain and xo could
launch without any additional outside input. Happy to be wrong, but to the
best of my (very limited) knowledge there is no need for an external
authentication code to launch a sub nuke.

~~~
scrumper
There's a code lock - the PAL - on US Tridents, not just the launch keys.
Anecdotally and non-authoritatively I've heard that there are offline backup
codes in a safe accessible to the command crew (which is the mechanism I refer
to above).

"Last strike" is arguably a necessary component of a submarine deterrent since
it means even a surprise decapitation strike carries the risk of a
retaliation. It's certainly why the UK delegates launch authority to the
captain (again, after a procedural verification of the destruction of the
chain of command).

God, this stuff is frightening.

------
jaclaz
The only issues being that there is no real evidence that Wannacry diffusion
is connected with machines running Windows 2000 or XP (where seemingly the
malware doesn't even run) and seemingly (as stated in the El Reg article cited
by detritus) the OS of the ship(s) are not connected in any way with the
internet, so it would be hard for it to enter the system at all.

------
detritus
On the other hand..

[http://www.theregister.co.uk/2017/06/01/trident_nuclear_dete...](http://www.theregister.co.uk/2017/06/01/trident_nuclear_deterrent_submarines_hackable_lol_no/)

------
chris__butters
This is ridiculously scary proposition - that's all I can really say without
getting too political/philosophical.

~~~
cjCamel
Why would people go after such a hard target when there are so many easier
systems that could be hacked, such as land based military installations,
nuclear power stations, airports (especially air traffic control), world
finance etc?

It's probably not totally crazy that one day almost the entire UK NHS or even
the US election could be susceptible to a cyber attack, then we'd be really
screwed.

