It may be difficult to believe that nuclear programs could be hacked. But 2 years ago, US Nuclear Weapons Agency was hacked as a part of a massive Cyber-attack. And according to the Global Cybersecurity Index, US holds the first spot in terms of cybersecurity. The funny thing is that the systems were hacked by a program added to the software update which the agency was using. It was not even a remote network-to-network attack.

But before we jump to any conclusions, let us understand what all is involved in any nuclear program?

A typical nuclear enterprise consists of following things:
• Design and production
• Delivery systems
• Early warning/attack assessment
• Operational plans

The bad news is that all these aspects need information technology to operate.

1. Nuclear databases could be hacked during the design and production phase which would lead to a breach in confidential data.

2. In case of delivery systems, GPS and mapping devices could be hacked leading to false delivery of the package.

3. The most serious of the threats is the possibility of hacking the early warning/attack assessment. A false alarm about a nuclear attack could lead to a world-wide nuclear war. It is also possible that the early warning systems fail to raise an alarm in case of a real nuclear attack.

Given below is a diagram of possible points of vulnerability in a weapons system. All the mentioned parts are digital components and could be hacked.

So can it all be done over the network alone?

Well for now the answer is no. Let us take US nuclear program for example. The steps to launch a nuclear strike are as follows:

1. The president first discusses the plan with a group of military and civilian advisors.

2. The meeting either takes in a secured white house room or over call on a secured line. The meeting can be as short as 30 seconds. So even if someone hacks into the call line, there is not much which can be done.

3. Now if the president orders to launch a nuclear strike, the pentagon must first verify that the person ordering the launch is indeed the president. So an officer in the pentagon’s war room reads a “challenge code”. For example: Go delta. The president retrieves the “biscuit” which is a laminated card carried by the president or military aide at all times. The president finds the matching response to the challenge code. Once the codes match, the launch order is confirmed.

4. The war room prepares a message containing the details of the launch. Like the time of launch, authentication codes and the codes needed to unlock the missiles before they are launched. That message is about 150 characters long. It is encrypted and broadcast to launch crews. Till this point, only about 3 minutes would have passed since the initial meeting of the president. It is possible to change the details of the launch at this stage. More so because the code is broadcasted. But as it all happens in a minute, it next to impossible to decrypt the code and then encrypt it in the same minute.

5. Within seconds, a submarine with 5 ICBM officers receives the launch order. They open safes and compare their codes to confirm if the order is authentic.

6. They then add the codes to unlock the missiles and the two of the five crews simultaneously turn a launch key.

Considering that this whole cycle takes place in under 5 minutes, it would an alien technology to hack the program. But cybersecurity is needed at all the other levels of any nuclear