Nuclear Test
Will a cyberattack cause an accidental nuclear war? One person says maybe Galerie Bilderwelt/Getty Images

If there's one thing we learned from the 1983 movie WarGames, it's that reckless hackers infiltrating military systems could unwittingly set-off a nuclear arsenal, thus sparking World War III.

Today, one leading Nato cybersecurity expert has claimed governments around the world are failing to defend said nuclear facilities from the threat of hackers – and it may lead to an "accidental nuclear war." His comments come as leading technologists call for a "Digital Geneva Convention."

World leaders spend their time debating irrelevant matters and are "incompetent" when it comes to the highly complex problem of keeping nuclear arsenals safe from hackers, according to Dr Sandro Gaycken, director of Nato's Science for Peace and Security (SPS) cyber-defence project.

"A cyberattack could lead to computers crashing and setting off nuclear weapons inadvertently," he said this week (10 May). "In another scenario, the infected computers do not switch off, but react in an unpredictable fashion. In that scenario – anything is possible," he added.

When first sharing his beliefs in a paper published on the ESMT Berlin university website, Gaycken wrote: "Governments are barely able to cope when it comes to key issues such as digital pickpocketing. They simply do not understand the [nuclear] problem, its causes or possible solutions."

He argued the similarity of systems used in China, Pakistan and North Korea could lead to one rogue malware strain destabilising an entire region's nuclear arsenal.

"All of these systems have a similar technical set-up – meaning that if a cyberattack intended for one of them finds its way into the computers controlling either of the others, we could have a situation where thousands of nuclear missiles are affected by one attack," Gaycken said.

The argument reminds of Stuxnet – a computer worm reportedly developed by US intelligence and used to disrupt Iran's nuclear ambitions. More recently, one UK whistleblower came forward with concerns with Trident. "We are so close to a nuclear disaster it is shocking," he warned.

Nuclear apocalypse though? What would that look like?

"A plausible scenario is that South Korea constructs an attack on North Korea's nuclear weapons that works flawlessly and resolves harmlessly," Gaycken explained. "But North Korea's nuclear weapons come from China – evolved from plans stolen and sold to Pakistan and Beijing. Pakistani and Chinese nuclear weapons therefore have a similar technical setup.

"If a cyberattack gets there by one of a thousand coincidences, it could simultaneously reach new environments, i.e., reacting unpredictably with command and control environments with a total ranging from 240 to 3,000 nuclear missiles."

How to stop the threat

In 2017, numerous cybersecurity experts have spoken out about the need for a sort of "Digital Geneva Convention" to help deal with hackers.

A UK whistleblower previously raised safety concerns with Trident Jeff J Mitchell/ Getty Images

"The world needs an organisation that can address cyber threats in a manner like the role played by the International Atomic Energy Agency in the field of nuclear non-proliferation," said Brad Smith, president and chief legal officer at Microsoft, earlier this year.

He added: "This organisation should consist of technical experts from across governments, the private sector, academia and civil society with the capability to examine specific attacks and share the evidence showing that a given attack was by a specific nation-state.

"Only then will nation-states know that if they violate the rules, the world will learn about it."

In a 2016 interview with IBTimes UK, F-Secure cybersecurity expert Mikko Hyppönen said the latest era of cyberwarfare is a number of key differences to the nuclear problems of past years.

"There are still countries today that have nuclear weapons, including the UK," he said, adding: "You know who they are because the countries that do have them conduct nuclear testing. So then you know 'we are not supposed to f**k with those people'.

"It's a deterrent. In the cyber arms race, that doesn't work at all. One day we will have things like 'when you use cyber arms to attack an enemy the malicious software attacks must not work forever' or rules like when you are in the real-world saying 'you must wear the uniform and wear your flag'."

We are not there yet. However, the topic of cyberwar on a nation-state level has arguably never been more mainstream following recent attacks in the US and France.

On 9 May, Michael Rogers, commander of US Cyber Command and director of the National Security Agency (NSA), testified at a hearing about the current state of worldwide cyber-threats. He told US senator John McCain about what the worst-case scenario of cyberattack would be.

He said: "The worst case scenario in my mind has a couple of dimensions to it: outright destructive activity focused on some aspects of critical infrastructure. In additional to outright destruction, the second thing that concerns me is will we see data manipulation on a massive scale.

"Most cyber activity [so far] has been penetration and extraction. The other element of a worst case scenario is what happens when non-state actors discover cyber now is an attractive weapon that enables them to destroy the status quo." The best case option, he said, is use of deterrents.