83.7 F
Washington D.C.
Saturday, May 25, 2024

Nuclear Weapons Cybersecurity: Status of NNSA’s Inventory and Risk Assessment Efforts for Certain Systems

At the National Nuclear Security Administration (NNSA), information technology is embedded in more than computers—it’s in equipment used to produce nuclear weapon components and in nuclear weapons themselves. Federal law requires NNSA to manage cybersecurity risks. NNSA has been developing risk management policies and practices for both of these IT environments.

However, NNSA’s efforts to identify, assess, and mitigate cyber risks—to specific weapons or manufacturing equipment—are still in the early stages of development. For instance, NNSA is still trying to inventory systems with potential cybersecurity vulnerabilities.

NNSA and its contractors who operate its laboratory and production sites are increasingly integrating digital systems into nuclear weapons and into manufacturing and industrial control processes and operations at sites across the nuclear security enterprise. These digital systems could be targeted by malicious actors, and NNSA has stated that securing its digital assets is an agency priority. To protect against such threats, federal law and policies require that NNSA establish a program to manage cybersecurity risk.

NNSA and its contractors remain in the early stages of efforts—even after several years—to address cybersecurity at the system level in its operational technology (OT) and nuclear weapons IT environments.

  • The operational technology environment includes manufacturing equipment and industrial control systems with embedded IT. NNSA has estimated that there could be hundreds of thousands of OT systems at sites across the nuclear security enterprise. NNSA is taking some steps as a precursor to creating an inventory of systems in its OT environment and assessing and mitigating the risks to such systems. Such steps include developing an OT-specific guidebook for assessing risk to OT systems and creating and conducting OT training for NNSA and site contractors. NNSA’s efforts to create an inventory of OT systems across all its sites and to assess and mitigate risks to them, however, are still in very early stages and limited in scope. NNSA’s main actions include working with the sites to identify the most critical OT capability at each and having them conduct an assessment of a single OT system or component as a learning exercise.
  • The nuclear weapons IT environment includes IT within or in contact with weapons. NNSA officials do not have an estimate of the number of nuclear weapons IT systems, but they told us that the number is smaller compared with the OT environment. NNSA has begun a number of efforts to facilitate the creation of an inventory of nuclear weapon IT systems and to assess and mitigate the cyber risks to such systems, but these efforts are not yet complete. Such steps are intended to result in creating a formal definition of nuclear weapons IT, developing a cybersecurity risk management framework, analyzing gaps between NNSA’s cybersecurity risk management framework and existing engineering processes, and revising internal guidance.

NNSA officials told us that cyber risks vary from one nuclear weapon type to another. NNSA officials said that they have conducted preliminary reviews and determined that current nuclear weapons generally contain little IT that is at risk due to their age and reliance on older technology. Newer and more modern weapons are slated to begin entering the stockpile after 2030 and may contain more IT, however. For these weapons, NNSA officials said that each program is still considering approaches to managing cybersecurity risks as part of the weapon design and development process.

Read the GAO report

author avatar
Homeland Security Today
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.
Homeland Security Today
Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

Latest Articles