British Nuclear Security Kind of Slipshod

No two-person control or complicated safety features: until 1998, you could arm British nukes with a bicycle lock key.

To arm the weapons you just open a panel held by two captive screws -- like a battery cover on a radio -- using a thumbnail or a coin.

Inside are the arming switch and a series of dials which you can turn with an Allen key to select high yield or low yield, air burst or groundburst and other parameters.

The Bomb is actually armed by inserting a bicycle lock key into the arming switch and turning it through 90 degrees. There is no code which needs to be entered or dual key system to prevent a rogue individual from arming the Bomb.

Certainly most of the security was procedural. But still....

Posted on November 21, 2007 at 12:50 PM • 45 Comments

Comments

How I Learned To Stop WorryingNovember 21, 2007 1:30 PM

Thank God it was in the hands of government bureaucrats! Private sector security would never have any incentive to do any better than that.

Miles BaskaNovember 21, 2007 1:32 PM

Back when the Cold War was still hot all of our Minuteman sites were secured with the same six-digit code: 111111.

The idea was that they needed a code that would be easy to remember under stress.

AnonymousNovember 21, 2007 1:32 PM

Back when the Cold War was still hot all of our Minuteman sites were secured with the same six-digit code: 111111.

The idea was that they needed a code that would be easy to remember under stress.

The EnforcerNovember 21, 2007 1:47 PM

It would appear that "Miles Baska" is trying to be "Anonymous". Agents are being dispatched as we speak...

The EnforcerNovember 21, 2007 2:13 PM

It would appear that "Anonymous" is trying to be "Miles Baska". Agents are being dispatched as we speak...

SavikNovember 21, 2007 2:34 PM

It shouldn't be hard to arm a nuke. It should be hard to get access to it.

If you stole one any competant EE could rewire the whole thing to do what he needs anyway. Those inclined to steal a nuke would have this know-how; they wouldn't be your average bank robber or shoe-bomber terrorist.

bpdNovember 21, 2007 2:50 PM

Not necessarily. I vaguely remember reading that the exact timings for the detonators make up part of the information you need to arm modern nukes.

Set the explosives off in the wrong sequence and you get a fizzle.

Wouldn't apply to older stuff though.

Unix RoninNovember 21, 2007 2:54 PM

Luggage code? At a former employer, a manager who shall remain unnamed used '11111' as his Windows and network password, despite repeated remonstration and warnings that his password was insecure. Finally, a cow-orker "hacked" his laptop (well, walked by while it sat unattended on his desk) and installed the ever-popular duckjob.wav as his Windows shutdown sound. "Oh god," the poor guy was moaning, "oh god, how do I stop it? Please make it stop."

We pointed out that his password was so weak anyone could hack into his account and do far worse any time they wanted to. I showed him, again, how John the Ripper cracked his password in only a few seconds.

This experience finally persuaded him to change his password.


.....To 'qqqqq'.

The EnforcerNovember 21, 2007 2:56 PM

Once upon a time I wanted to anonymously send a "slightly risque" fax (via software on my PC). Knowing that my phone number was part of the information in the set-up data for the software package I was using, I thought I better change that first to something else. Leaving the field blank wasn't acceptable so I chose 111111 instead - just the first thing that popped into my head. Then to test that my devilishly clever plan was working and that no incriminating information would appear on the fax, I transmitted it to a free testing and diagnostic service provided by the local Telco. This service would normally reply with a copy of your fax plus a page of information about signal strengths and noise levels and so forth. I assumed it would know the number to reply to via the equivalent of caller-ID or similar. But I didn't get a reply. Then suddenly I realised a possible explanation... the emergency number (for Police, Fire, Ambulance, etc.) where I live is 111....!

Epilogue: The real "Enforcers" arrived on my doorstep a few months later, presumably after one of the recipients of the fax had lodged a complaint. Yes - I had still sent it even after the heart stopping moment with the fax testing service - clearly there is no end to my stupidity! Luckily I was let off with a warning but I guess the moral of the story is to always be careful with numbers that start with 111... (and multiples of them).

exit14November 21, 2007 3:43 PM

As for using common 'keys' for supposedly secure purposes -

The local commuter subway [PATH] between NYC-NJ used a common 'skeleton key' for years. This is the subway that ran (runs) under the WTC in NYC. This same key was historically also used to open the old fashioned police call boxes, and was widely available in hardware stores for under US$1 .
This key could open train doors, engineer cabs, conductor windows, fuse panels, emergency brake access, and a lot of other critical things - whether the train was in motion or not.
Of course, when a few employees brought this serious security concern to management attention, it was ignored. Later the news media was alerted. After denying that there was any security problem, administrators spent just as much time trying to find the 'leak' as they did implementing " ... the longstanding plan to update security.."

So they eventually spent the money and changed most(all?) of those locks, but it took public outcry and media cooperation to get it done.

mozNovember 21, 2007 4:23 PM

@Bruce;

You have to understand that this is a matter of "who's security?". Complex security measures could lead to denial of service attacks. Since Lord Strangelove was deciding, they went for simple but reliable.

@The Enforcer;

Easy to dial accidentally numbers are a serious problem with mobile phones (and small children). Due to regulatory requirements most of them will make an emergency call whenever you press 112; independent of current phone state. Try it (without pressing send) before you have put in your PIN code, for example. This easily happens in your pocket and even leads to changes in emergency procedures since the dispatchers will now hang up on you more easily where they wouldn't before. The Ideal emergency number would be longer and better spread around the keypad. 462915, for example. I doubt you would accidentally come up with that. Remember, it always depends who's security we are worried about :-)

AnonymousNovember 21, 2007 4:42 PM

@moz

Re: Easy to dial emergency numbers and cell phones

This is very true. Most non-flip cell phones actually allow dialing out several emergency numbers even when locked. I found one to be very easy to dial with a key in your pocket 082.

Matt, GroaningNovember 21, 2007 5:20 PM

http://www.snpp.com/episodes/7F24.html

...Homer comes down to get a clean shirt, to find that they're all... pink?

Aagh! Pink? Marge, I can't wear a pink shirt to work. Everybody wears white shirts. I'm not popular enough to be different...

Burns: Why is that man in pink!
Smithers: Oh, that's Homer Simpson, sir. He's one of your boobs from Sector 7-G.
Burns: Simpson, eh?
Burns: Well, judging by his outlandish attire, he's some sort of free-thinking anarchist.
Smithers: I'll call security, sir.
Burns: Excellent. Yes, these color monitors have already paid for themselves...

Matt, GroaningNovember 21, 2007 5:24 PM

Sorry, my previous post went to the wrong thread.

For this thread, all I want to say is thank God that in the US we have The Club.

robNovember 21, 2007 5:40 PM

American nuclear security is so complicated because the Americans had to give their nukes to Greeks flying German planes from Italian bases (NATO). They just wanted to make sure that the American president had to give the order to use American nukes on (lets say Turkey).
British nuclear security didn't need to be so complex because the only person who could set the things off was an English gentleman.

skateNovember 21, 2007 9:01 PM

"yada yada, im sure they kept the key in a safe place.
Posted by: john y at November 21, 2007 06:33 PM"

Yes, in a hanger locked a bicycle lock...

EamNovember 21, 2007 10:48 PM

@Alex:
"To be fair one would assume they don't let random people near the nukes."

One would hope so. Still, these weapons appear very vulnerable to disgruntled insiders.

Kadin2048November 21, 2007 11:21 PM

I would think that the point of the key and other security features on the arming mechanism are less to make the bomb inoperative if a Bad Guy gets his hands on one, than just make sure you don't arm the thing until you really, really want to.

If said Bad Guy gets the bomb at all, then you're already pretty screwed. One bicycle lock more or less isn't going to make a difference (how hard is it really going to be, to take the plate with the keyswitch in it off, and just replace the keyswitch with a standard pushbutton?).

It's not the bicycle lock that provides the real security; it's (hopefully) the lots and lots of people with guns and itchy trigger fingers between you and that lock that do it.

David HarperNovember 22, 2007 2:41 AM

Form the article:

----
The Royal Navy argued that officers of the Royal Navy as the Senior Service could be trusted:

"It would be invidious to suggest... that Senior Service officers may, in difficult circumstances, act in defiance of their clear orders".
----

How delightfully British. The Royal Navy may have been reduced to a couple of destroyers and a rowing boat, but the spirit of Nelson is clearly still strong.

csrsterNovember 22, 2007 3:01 AM

Apparently they've now changed the arming codes and are sending them out to all relevant personnel - on cd-roms via courier.

rochusNovember 22, 2007 3:44 AM

@antibozo
> It should be obvious that the solution to this problem is to outlaw bicycles.

That's the solution I would expect from the british government. They already banned secondary-school-level chemistry courses for 'terrorist suspects': http://www.nature.com/news/2007/071121/full/...

Next step will be banning reading skills.

BritNovember 22, 2007 4:21 AM

The nukes were not really secured by the 'bicicle lock' they were secured by procedures, nobody ever alone with the nuke, proper guarding etc. The nukes in question were very old 1960s kit that we just never got around to updating before it was decided not to carry airborne nukes anymore, so they didn't have the delayed detonators of modern nukes. Thus some fancy coded lock would have been nothing more than a pretty set of LEDs providing band aid security to make politicians feel good.

As for the navy (polaris subs) personally I prefer that it be left in the hands of the submarine commander. This is to me preferable to placing codes with politicians and hoping that somehow the idiots don't leak/lose them, or in the actual event of a nuke hitting London hoping that the relevant code could still be communicated to a nuclear sub which may be hiding under an arctic ice sheet somewhere...

Using good, intelligent, well trained people to do this job is IMHO superior to relying on politicians in charge of highly complex technical systems (never a good combination).

gregNovember 22, 2007 9:00 AM

I personally know someone who was with the RAF. He was also personally involved with some disarming and was of course not alwoed to say much.

He did say that know one would believe the best stories anyway.

But it was shoot to kill security.

gregNovember 22, 2007 9:02 AM

Oh and one of the arming disarming methods was a chain placed inside the nuke. Even if it went off, it wouldn't go nuclear.

IshmaelNovember 22, 2007 9:13 AM

I seem to reacall that there was a similar concern with the former Soviet Union's weapons and that US "failsafe" technology was deliberately "leaked" to the Soviets back in the 60s.

As usual, I don't have a reference handy but perhaps someone has a better filing system.

AlexNovember 22, 2007 9:24 AM

The point that this was so up to 1998 means that the weapons in question were WE177 parachute-retarded aerial bombs; the disgruntled insider would have needed to nick a jet as well, get the weapon on the aircraft, etc.

Am I anonymous?November 22, 2007 10:44 AM

The other story about Brit nuke security was that back in the 60s we were worried about how the PM could fire the things if he was out of London. The US solution with the Air Force (?) officer and the "football" was rejected as being too expensive. So they bugged the AA's network of roadside telephones (Breakdown recovery like the AAA in the US) with the idea that the PM could just pull up and use one of them to set the bombs flying...


averrosNovember 25, 2007 6:34 AM

@Alex: To be fair one would assume they don't let random people near the nukes.

Yep. They only allow total morons to play with the nuke toys. This explains why none of them made the fuss about the procedure - or understood why it is wrong.

guvn'rNovember 26, 2007 8:46 AM

@Matt, Groaning - very clever nom de plume, thanks for the amusement.

@A. Q. Khan, I would expect countries such as Pakistan to have much better security around such weapons, their main concern should be the risk of dissidents capturing one for internal use. I'm surprised that such a possibility hasn't completely dissuaded them from maintaining nuclear capability.

JosephNovember 26, 2007 10:07 AM

"I would think that the point of the key and other security features on the arming mechanism are less to make the bomb inoperative if a Bad Guy gets his hands on one, than just make sure you don't arm the thing until you really, really want to."

This seems so obvious to me, I'm surprised that only one comment mentioned it. Remember back in the Hiroshima days, "Arming" the weapon was removing a green screw and replacing it with a red one.

This isn't security for preventing unauthorized use. It's to prevent the weapon from accidentally arming itself, and to make it painfully obvious if the weapon is armed.

RogerNovember 27, 2007 5:30 AM

I was about to make more or less the same remark that rob made.

To amplify: the original purpose to installing PALs on US nuclear weapons was that quite a lot of them were forward deployed in foreign countries where the US could exert only weak control over them. Thus, they had to be able to provide at least a significant delay to a very capable opponent who might obtain largely unfettered access.

British nuclear weapons were only ever deployed on RAF bases in the UK, and on British submarines. There was essentially no risk of capture by a foreign government. The only threat prevented by a PAL was a very low probability one: namely, that a rogue officer might attempt to surreptitiously arm the (guarded) weapon. Against this threat, a bicycle lock key (whatever that is, exactly) is probably a quite adequate defence.

So far from being slipshod, this system actually looks like a measured response to a proper security analysis of a very limited threat.

RogerNovember 27, 2007 5:48 AM

Small aside: I just watched the video linked from the BBC. It seems that by "bicycle lock" they mean a tubular pin tumbler lock. These locks are often found on higher end bicycle cables, but have also long been one of the more standard types in electrical switch locks. This would tend to support the view that the lock was a safety feature rather than a security feature.

There was a notoriously simple bypass of one type of tubular tumbler lock (used e.g. on "Kryptonite" bicycle shackles) a couple of years ago. However, tubular pin tumblers are in general considered easy to bypass with special equipment, but quite difficult to pick with improvised tools. Once again this fits with the threat model I suggested above.

bruggen sparkDecember 13, 2007 5:42 AM

regarding the above comments re we177 nuke i was on german tornado squadron on qra duties and remember getting too close to the arming panel when the pilot "asked me to step away" looking back it was probally out of embaressment at putting bike key into weapon to arm/disarm the nuke! however to get into the qra site you had to go through a heavily guarded entrance and the whole of the site was patrolled 24/7 by armed raf police plus there was a permanant station reserve force on standby 365 days 24/7 should anybody try to penetrate the site plus the aircraft electronics could only set the wheels in motion to trigger the nuke once it was released from the aircraft so the chances of someone stealing one and detonating it where slimmer than kate moss!!!

UKHABUApril 5, 2008 9:30 PM

RAF Nukes only ever based in the UK?
Think again!
24 "Red Beard" weapons were deployed to RAf Tengah in Singapore in the 60's/70's

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..