Next-generation nuclear missiles and submarines were among the weapons systems reviewed for hacking vulnerabilities by the Government Accountability Office (GAO) in a report published this week, The New York Times reported.
Citing interviews with unidentified GAO officials, the Times said the classified version of the report published in unclassified form Tuesday included a look at the cyber vulnerabilities of the Ground Based Strategic Deterrent (GBSD) and the Columbia-class submarine: respectively, the replacements for aging intercontinental ballistic missiles and nuclear-powered ballistic-missile submarines.
The report does not address the developmental B-21 “Raider” strategic bomber or the actual nuclear weapons carried by delivery systems, according to the newspaper. In September, the nongovernmental Nuclear Threat Initiative in Washington, D.C., warned in a report that “nuclear weapons themselves,” along with “nuclear planning systems, early warning systems, communication systems, and delivery systems” are vulnerable to cyber attacks.
The Pentagon hopes to deploy GBSD late next decade. Boeing and Northrop Grumman are in the middle of a competitive technology development phase intended to produce a single design for a Minuteman III replacement missile. The companies’ three-year contracts, awarded in 2017, are worth about $350 million and $330 million, respectively.
General Dynamics is designing and building 12 Columbia-class submarines as part of an acquisition the Pentagon estimates will cost roughly $130 billion to replace 14 Ohio-class boats. The first Columbia-class vessel is slated to go on patrol in the early 2030s.
“These weapons are essential to maintaining our nation’s military superiority and for deterrence,” says the 50-page GAO report, Weapon Systems Cybersecurity: DoD Just Beginning to Grapple with Scale of Vulnerabilities. It adds that “Cyber attacks can target any weapon subsystem that is dependent on software, potentially leading to an inability to complete military missions or even loss of life.”
The report, which was prepared for the Senate Armed Services Committee, says the GAO and other agencies such as the National Research Council and Defense Science Board have warned for years about cyber risks to weapons systems. It says the Department of Defense only recently has begun to prioritize and understand how to build in cybersecurity into its weapon systems, and that it may not happen overnight.
“Several DoD officials explained that it will take some time, and possibly some missteps, for the department to learn what works and does not work with respect to weapon systems cybersecurity,” the report says.
