Day: March 10, 2021

We often hear about cyberattacks, cyber operations, and malware infections that target computer systems or smartphones. Attacks against civilian infrastructure facilities such as hospitals, water sanitation systems, and the energy sector similarly get a lot of airtime. But there is another type of high stakes system that gets much less attention: weapons systems. These include guided missiles, missile, and anti-missile systems, tanks, fighter jets, and more—all of which are computerized and possibly networked. We can imagine that weapons systems contain security vulnerabilities similar to most other information systems, including serious ones.

A malicious adversary taking over the control of deadly weapons capable of kinetic destruction may sound like a political fiction plot begging to be overhyped. But today, computerized weapons systems control the defense pillars of many countries. And though information on these systems is highly secretive, there is one thing we do know: While accessing such systems is not easy, they almost certainly contain vulnerabilities. My experience indicates that there is no reason to think otherwise. And such a possibility constitutes a potential risk to the world’s security and stability.

The consequences of such hacking operations could be dire. Control over these weapons systems is an integral state prerogative, and any external interference with them could be interpreted as interference in the internal state matters, leading to retaliation. No country would simply allow adversaries to peek inside the matters restricted to state control, such as the oversight of the army. Fortunately, actually pulling this off is far from simple.

Conducting a cyberattack of this kind would require not only hostile intentions, but also the existence of security vulnerabilities in the controlling systems. In order to exploit such bugs, the attacker would also need access to that system, which is not easy to obtain. But these obstacles are not impenetrable.

We should hope that such cyber risks remain low. In order to ensure that they do, the number and severity of these vulnerabilities must be controlled. The world’s militaries and governments must create a management process for the discovery of vulnerabilities—one that encourages finding them, establishes a system for fixing them, possibly even shares the information with allies, and generally works toward attaining stability. Similarly, the opportunity to exploit any weaknesses should be tightly guarded, typically by allowing access only from the internal networks, which malicious actors would be unable to reach.

Hopefully, the world’s militaries are already, in fact, looking for these vulnerabilities. But if they have found them in the past, the information about such findings has rarely been disclosed in the public. This sphere is permeated with silence. The public tidbits come from the rare reports or occasions of remarkable transparency. Such reports are a litmus test, confirming suspicions of vulnerable weapons systems. For example, the 2018 US Government Accountability Office report includes a remark about the routine identification of “mission-critical cyber vulnerabilities that adversaries could compromise,” including the ability to take full control over the tested systems, in some cases. It goes on to explain that these vulnerabilities pose unique threats to large, interdependent systems, also because updating or replacing just one part is far from simple. According to the report, a “patch or software enhancement that causes problems in an email system is inconvenient, whereas one that affects an aircraft or missile system could be catastrophic.”

Fortunately, awareness of this issue does seem to exist in certain communities. In a 2021 declassified briefing, the US Department of Defense disclosed that cybersecurity risks had been identified in multiple systems, including a missile warning system, a tactical radio system, a guided missile, and the B-2 Spirit Bomber. While the details of the identified and fixed cybersecurity issues remain classified, we can reasonably conclude that these and other weapons systems contain serious weaknesses.

The (classified) results of the audit of a 16-year-old B-2 Spirit bomber, capable of carrying nuclear munitions, raises similar concerns. Technical details of the report are not available to the public, but what we can see allows us to reasonably conclude that serious cybersecurity vulnerabilities exist in weapons systems, including those that would let the potential adversary take control over a system. This is likely because the maintenance of such old legacy systems is always a cybersecurity challenge, whether it’s obsolete systems used in hospitals, or weapons systems used by the world’s militaries. Fortunately, in the process of updating them, some issues are detected and corrected. But the phenomenon of cybersecurity risks in existing weapons systems is real. And this is true not only of the weapons systems employed by the US, but likely also of virtually every other weapons system employed by any other country.

More people with a long history of smoking should be tested annually for lung cancer, even if they’ve quit in recent years, according to new guidance released Tuesday by a government-backed panel of health experts.

The U.S. Preventive Services Task Force routinely reviews and guides preventative health care services in the country. Though officially a government agency, their guidelines are crafted by relevant outside experts brought in on a volunteer basis. On Tuesday, the agency’s experts issued new guidelines for lung cancer screening, which were also published in the medical journal JAMA.

The recommendations call for people between the ages of 50 and 80 years old with at least 20 pack-years of smoking to be screened annually for lung cancer. A pack year is defined as having smoked the equivalent of a pack—which has 20 cigarettes—a day for a year. People who have smoked that much but since quit are still advised to be screened, so long as they had quit within the past 15 years. Those who had quit more than 15 years ago or who have conditions that would affect their life expectancy or willingness to undergo lung surgery are not recommended for screening.

The USPTF’s recommendations aren’t just polite advice; they greatly influence insurance coverage, meaning that more Americans should now be eligible for lung cancer screening through their current health plans.

The new guidelines are more expansive than the most recent set, which were released in 2013. The previous version called for the screening of people between the ages of 55 to 80 years old with 30 pack-years of smoking. According to the USPTF authors, new evidence since then has shown the likely benefits of earlier screening for people with a lighter smoking history. A modeling study also published in JAMA on Tuesday, for instance, found that this new criteria would prevent more lung cancer deaths over the long run compared to the previous guidance, with few added harms.

The study modeled what would happen if everyone who was eligible and born in 1960 was screened for lung cancer via a low dose CT scan, the standard screening test. The new guidelines would be expected to prevent 503 deaths per every 100,000 people screened, compared to 381 preventable deaths per every 100,000 under the old criteria.

Importantly, the new guidelines might also help shorten certain gaps in cancer care. Although smoking remains the leading risk factor for lung cancer, the incidence of lung cancer is higher among Black Americans than other racial groups, and it’s thought that Black and Native Americans are more at risk from lung cancer at lower levels of smoking. Women also might get screened more now, since they generally smoke less on average than men.

“According to our analyses, the new recommendations will reduce disparities in lung cancer eligibility by sex and race, which hopefully will result in reductions in lung cancer disparities in the U.S.,” Rafael Meza, an associate professor of epidemiology at the University of Michigan School of Public Health who led the new modeling research published in JAMA, said in a statement released by the university.

Currently, lung cancer is the second-most common cancer in the U.S., accounting for more than 200,000 confirmed cases a year. And while the number of lung cancer deaths has steadily declined over the decades, it’s still the leading cause of cancer death in the U.S. This year, approximately 131,880 Americans are expected to die from it.