It turns out, there are apparently legitimate security concerns around the Trident nuclear missile system. Not the usual security concerns that might become apparent when operating a large nuclear arsenal, but the kind of security concerns that almost every business running in the modern world needs to face - that of unauthorised access to computer systems.
The concerns stem not from online, network based attack, but from a malware-infected USB drive, or a contractor who may be determined to sabotage systems. In many ways these are both the easiest, and hardest attack vectors to protect any organisation from, especially when most security departments have users begging to let them use a USB drive "just this once".
"It doesn't have any malware on it.. I promise!"
I'm not sure that would fly on a nuclear submarine, but it is a legitimate concern for any organisation and an often overlooked attack vector that needs some real thought. What would a user do with a USB stick that they found outside the office door? They would probably plug it in to their computer to see what documents are on it, and maybe return it to its rightful owner. Congratulations, you've now been infected with targeted malware placed on the stick by an adversary, who specifically put the memory stick outside the office knowing that someone would pick it up - and then plug it in. Curiosity killed the cat.
If the Trident nuclear weapons systems are potentially vulnerable to this kind of attack, then it's safe to say that there will be a large number of organisations out there who will also be vulnerable to these type of localised threats, and addressing them should be a prioritised through a combination of hard security controls, and user education.
Of course, it's always good to make sure that your nuclear weapons are locked away somewhere under the Atlantic before you worry about other types of threats. You know, just in case.
The concern is that the military and its contractors are high priority targets for attackers. And although Trident nuclear missiles are separated from the rest of the online world via an “air gap”, that doesn’t mean that there no opportunities for infection. For instance, when submarines carrying nuclear warheads come into port for maintenance or the upgrading of systems. All it would take is one malware-infected USB drive or a contractor determined to sabotage systems.