Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Military Security

Hacking Nuclear Command and Control 256

The Walking Dude writes "The International Commission on Nuclear Non-proliferation and Disarmament (ICNND) has released an unclassified report exploring the possibility of cyber terrorists launching nuclear weapons. Ominous exploits include unreliable early warning sensors, unsecure nuclear weapons storage, transportation blunders, breaches in the chain of command, and the use of Windows on nuclear submarines. A traditional large-scale terrorist attack, such as the 2008 Mumbai attacks, could be combined with computer network operations in an attempt to start a nuclear war. Amidst the confusion of the traditional attack, communications could be disrupted, false declarations of war could be issued on both sides, and early warning sensors could be spoofed. Adding to this is the short time frame in which a retaliatory nuclear response must be decided upon, in some cases as little as 15 minutes. The amount of firepower that could be unleashed in these 15 minutes would be equivalent to approximately 100,000 Hiroshima bombs."
This discussion has been archived. No new comments can be posted.

Hacking Nuclear Command and Control

Comments Filter:
  • IRL (Score:5, Funny)

    by hellfish006 ( 1000936 ) on Thursday July 23, 2009 @07:06AM (#28793745)
    "...and the use of Windows on nuclear submarines" Talk about your Blue Screen of Death
    • by siloko ( 1133863 ) on Thursday July 23, 2009 @07:52AM (#28794105)

      Talk about your Blue Screen of Death

      Agreed, but I was wondering when the quantity of "could's" in a summary turns it from a "report" into a "work of fiction"?

      • Re: (Score:2, Insightful)

        by domatic ( 1128127 )

        A quantity of small "coulds" coming together at the wrong time and place is how a lot of accidents happen. This has happened in regards to missile warnings before though thankfully we didn't achieve a critical density of "coulds":

        http://en.wikipedia.org/wiki/Able_Archer_83 [wikipedia.org]
        http://www.pbs.org/wgbh/nova/missileers/falsealarms.html [pbs.org]

        • Re: (Score:3, Insightful)

          > A quantity of small "coulds" coming together at the wrong time and place is how a lot of accidents happen

          That is absolutely correct. That is how accidents happen. But if you or I or McVeigh planned to force "a critical density of 'coulds'," it would never work. Hollywood allows for failures on cue and long chains of helpful improbabilities, but outside the movies perfect storms don't follow a plan.

      • by k.a.f. ( 168896 ) on Thursday July 23, 2009 @10:12AM (#28795529)

        Agreed, but I was wondering when the quantity of "could's" in a summary turns it from a "report" into a "work of fiction"?

        When assessing your adversaries, you always assess capability, not probability or even intention. "Can't possibly" is acceptable, but improvable. "Might" raises serious concern. "Could" is reason for all-out batshit-crazy paranoia.

        And I like that things are that way. At least, y'know, when dealing with unauthorized nuclear launches.

    • Auto-update (Score:5, Funny)

      by Smivs ( 1197859 ) <smivs@smivsonline.co.uk> on Thursday July 23, 2009 @08:20AM (#28794365) Homepage Journal

      "...and the use of Windows on nuclear submarines" Talk about your Blue Screen of Death

      It could be worse:
      Sub Commander: "Enemy vessel has locked on and fired anti-sub missile. Impact in 10 seconds. Immediate Anti-missile counter-strike authorised. Target enemy vessel with Tomahawk."
      Sub operator: "Incoming target acquired and locked on. Tomahawk ready for launch authorisation."
      Computer: "Automatic update has replaced current program with I.E 8 as default. Computer re-booting. This will take 30 seconds"
      Sub crew: "S**t!"

      • Re: (Score:2, Funny)

        Sub Commander:"Fire the missiles!" Computer: *bleep blop* Sub operator:"What do you mean am I sure? Fucking thing.."
      • Re: (Score:3, Funny)

        by jDeepbeep ( 913892 )

        "...and the use of Windows on nuclear submarines" Talk about your Blue Screen of Death

        It could be worse: Sub Commander: "Enemy vessel has locked on and fired anti-sub missile. Impact in 10 seconds. Immediate Anti-missile counter-strike authorised. Target enemy vessel with Tomahawk." Sub operator: "Incoming target acquired and locked on. Tomahawk ready for launch authorisation." Computer: "Automatic update has replaced current program with I.E 8 as default. Computer re-booting. This will take 30 seconds" Sub crew: "S**t!"

        This is where Clippy would be reassuring and helpful, is in a situation like this.

        • Re: (Score:3, Funny)

          by jcwayne ( 995747 )

          At least, in your last seconds on this earth, you'd have the solace of knowing Clippy would soon be no more.

      • by koolfy ( 1213316 ) <koolfy@@@gmail...com> on Thursday July 23, 2009 @02:17PM (#28798797) Homepage Journal
        Sub Commander: "Enemy vessel has locked on and fired anti-sub missile. Impact in 10 seconds.
        Impact in 9 seconds.
        Impact in 8 seconds.
        Impact in 7 seconds.
        Impact in 12 seconds.
        Impact in 2 seconds.
        Impact in 1 seconds.
        Impact in about an hour.
        Impact in 4 minutes.

        -- BOOM

        Finished copying 2MegaTons file "Missile.snk" from "Vessel" to "Your Ass".

        Thanks for using MIcrosoft Windows Vista.
  • oh yes (Score:2, Insightful)

    by Anonymous Coward

    "... and the use of Windows on nuclear submarines." - i stopped reading.

    • Re: (Score:3, Interesting)

      Why? Because you believe that nobody in the US Department of Defense would be stupid enough to have a Windows machine as part of a nuclear weapons control system, or because you believe that including Windows in anything built by DoD and its contractors couldn't really make the system significantly more vulnerable?

      • Re:oh yes (Score:4, Funny)

        by Anonymous Coward on Thursday July 23, 2009 @08:43AM (#28794573)

        Why?

        Mostly because having windows on such a submarine isn't very practical.
        You cant open them to get any fresh air in, there is little to no light getting in, and the view is just terrible most of the time!

      • Re: (Score:2, Insightful)

        by Anonymous Coward
        Maybe because the way Windows is used on a nuclear sub (Non-networked, no USB drives, et cetera) leave it pretty much 'unhackable' from somebody who doesn't already have access to that machine?

        Seriously, you could use an unpatched Windows XP box with all the remote services running and no firewall, and it STILL DOESN'T MATTER SINCE THERE'S NO VECTOR ONTO THE MACHINE.

        They use Windows, iirc, because that's where the development tools are. And, since security in this application is basically all physical a
  • by DaRanged ( 735002 ) on Thursday July 23, 2009 @07:07AM (#28793751)
    Shall we play a game?
  • by PvtVoid ( 1252388 ) on Thursday July 23, 2009 @07:08AM (#28793759)
    Windows on a submarine sound like a pretty bad idea to me...
    • by Cur8or ( 1220818 ) on Thursday July 23, 2009 @07:12AM (#28793775) Homepage
      Maybe, but "The hunt for Redhat October" would be a bitching movie.
    • by nicc777 ( 614519 ) on Thursday July 23, 2009 @07:17AM (#28793817) Homepage Journal

      Especially if you open one...

    • by IBBoard ( 1128019 ) on Thursday July 23, 2009 @07:19AM (#28793827) Homepage

      I've heard about it for a while now - it's not overly new news in the UK.

      At least they're not wasting resources on Vista/7 - they're using Windows XP [theregister.co.uk], which is nice and secure(!) As the El Reg article points out, though, at least the submarine is generally a stand-alone network, which should protect it from a lot of vulnerabilities (although not all [itpro.co.uk])

      • by Anonymous Coward on Thursday July 23, 2009 @08:03AM (#28794205)

        at least the submarine is generally a stand-alone network

        My next-door neighbour, a middle-ranking officer on the UK's Vanguard fleet of nuclear submarines, asked me to fix his laptop ready for the recent 3-month wargame off Florida. Naturally, the "fix" was as simple as identify trojan, format, re-install MS-Windows, install Avast, advise him not to run keygens he'd randomly downloaded off a torrent, and slip an Ubuntu live CD into the laptop bag in the hope it'd pique his interest.

        As I returned it to him, I said "I turned WiFi and Bluetooth off by default. I assume you'd get in trouble if your stealth-sub got spotted by something as simple as your opponent searching for available networks."

        Apparently he'd never thought of that. And regaled me with stories of how long undersea voyages are just one huge wireless LAN party and movie fileswap meet. And asked me to turn WiFi and BT back on.

        Nuclear subs are just one huge Faraday cage, right? Right? No really, they are... aren't they?

        • Re: (Score:3, Insightful)

          by icebrain ( 944107 )

          Well, considering you're surrounded by at least three inches of steel in every direction, plus a whole bunch of salt water... I wouldn't be worried too much. It's noise you'd really be concerned about.

          • Re: (Score:3, Funny)

            by sabt-pestnu ( 967671 )

            So you could get in trouble if the raid cheers when you defeat Yogg-Saron?

            Good thing that you can't actually connect to the WoW servers from underwater, then!

        • by interactive_civilian ( 205158 ) <mamoru&gmail,com> on Thursday July 23, 2009 @08:47AM (#28794629) Homepage Journal

          Nuclear subs are just one huge Faraday cage, right? Right? No really, they are... aren't they?

          Radio waves don't propagate far under water, as it absorbs those frequencies. If an enemy is close enough to detect your wifi or bluetooth, they are close enough to have already found you on passive sonar.

          • by evilandi ( 2800 )

            Ah, good. I can stop posting as AC then. ;-)

          • by eth1 ( 94901 ) on Thursday July 23, 2009 @09:51AM (#28795313)

            Wi-Fi is 2.4 GHz... The Navy used to use ELF radio to communicate (communicate = notify to surface so we can send you something at >.001bps) with submerged subs - according to Wikipedia the frequency the military used was around 60-80Hz (at the high end of ELF). It has to be that low freq to get that deep, and you need to drag a huge antenna wire behind you. I think Wi-Fi is probably safe, since by the time you were close enough to find the signal, you could just plug a cable into the sub's external ethernet jack.

        • Re: (Score:3, Informative)

          by DerekLyons ( 302214 )

          As I returned it to him, I said "I turned WiFi and Bluetooth off by default. I assume you'd get in trouble if your stealth-sub got spotted by something as simple as your opponent searching for available networks."

          US submarines have been using walkie-talkies onboard for decades. Not to mention the not inconsiderable EMF put out by the vast quantities of electronics onboard. If this was a problem, we'd have done something about it decades ago... But as it turns out, salt water is a piss poor conductor of r

    • No, it's the screen doors you have to worry about. . .

    • by guruevi ( 827432 )

      I know, what if a sailor decides to catch a breath of fresh air and opens it.

  • Watching a flash presentation might just launch a nuke.

  • by nicc777 ( 614519 )

    When it happens, most of us wont even know it :-)

    The survivors amongst us might know after they can't access /. for 12 consecutive hours.

  • People in the know (Score:5, Interesting)

    by MichaelSmith ( 789609 ) on Thursday July 23, 2009 @07:18AM (#28793825) Homepage Journal
    Most people know a thing or two. Some people know their way around weapons systems but most people don't. Most people are sane and rational but a few people are not. The unabomber wasn't rational but fortunately he was a mathematician, not a rail signalling engineer or an air traffic controller.

    I don't believe that Al Qaida could weasel their way into the control systems for missiles, unless they come across somebody smart enough and crazy enough to be of value to them. I don't believe there is any systematic reason why this could not happen, it is just very unlikely.

    At the moment it is much easier for the terrorists to work with the tools they know.

    Researching Kaczynski for this post has got me thinking. With his background he could have gone into a field where he gained access to some critical systems. Lots of secure areas employ mathematicians. But then he might not have had the time and resources to develop his nutty ideas. He had to withdraw somewhat to do that. Was the Jack D Ripper character a realistic possibility? Or would a maniac have been unable to rise to a position of responsibility?
    • by maxwell demon ( 590494 ) on Thursday July 23, 2009 @07:26AM (#28793885) Journal

      The unabomber wasn't rational but fortunately he was a mathematician

      An irrational matematician may sound like an oxymoron, but really, there are uncountably many of them. Rational matematicians are the exception, and even they are dense. :-)

    • Re: (Score:3, Interesting)

      "But then he might not have had the time and resources to develop his nutty ideas. He had to withdraw somewhat to do that."

      I'd have to take issue with Kaczynski being a nut, if you actually read anything he wrote he seemed more like a misguided malcontent who channelled his frustration towards violence out of knowing powerless than someone was who was "crazy".

      He understood some of the problems of modern society very well even if he did not always frame them in a way that other people would agree with, the e

    • Most people know a thing or two. Some people know their way around weapons systems but most people don't. Most people are sane and rational but a few people are not. The unabomber wasn't rational but fortunately he was a mathematician, not a rail signalling engineer or an air traffic controller.

      Yeah, fortunately no mathematicians have gotten into places where their lack of a grasp of reality has caused any serious problems, like financial crises or anything...

    • "The unabomber wasn't rational but fortunately he was a mathematician, not a rail signalling engineer or an air traffic controller"

      The unabomber built his bombs out of wood, so lucky he never became a tree surgeon .. :)
  • by cluke ( 30394 ) on Thursday July 23, 2009 @07:22AM (#28793851)

    So, the "International Commission on Nuclear Non-proliferation and Disarmament" releases a report saying Nucler weapons are dangerous? Who would have thunk it?

  • by VShael ( 62735 ) on Thursday July 23, 2009 @07:25AM (#28793869) Journal

    Do we have ANY super-villain cyber hackers in the world who WANT to start a nuclear war and launch 100,000 hiroshima type bombs?

    Seriously?

    Who do they envision being behind this? Doctor Evil???

    • by bcmm ( 768152 )
      There must be someone who would want to use them under certain circumstances, or they wouldn't be there in the first place.

      So I suppose it depends on whether "super-villain cyber hacker" are as crazy as the US government...
      • not sure who said it, but... ``none of us are as dumb as all of us'' :-)

      • by fmobus ( 831767 )
        I am rather curious about your sig...

        $ sudo su
        $ cat /dev/mem | strings | grep -i llama
        cat: /dev/mem: Operation not allowed

        $ cat /dev/mem | strings
        [really long dump of strings]

        $ cat /dev/mem | strings > test
        cat: /dev/mem: Operation not allowed

        Why is this happening?
    • While they may have listed a dozen potential vulnerabilities that *might* be used to construct their doomsday senario, how in the hell is an evil vilian going to test each exploit and assemble their master plan without the other side catching on and plugging up these holes? All this l337 haxxor scaremongoring is waaay overblown.
      • by 1u3hr ( 530656 )
        how in the hell is an evil vilian going to test each exploit and assemble their master plan without the other side catching on

        That was (one of the many) plot holes in Die Hard 4.0. The Super Villain hires a bunch of l33t haxx0rs to create exploits for every important utilty, bank, telecom, etc. And they all finish them on time, on the same day. And they all work flawlessly, the first time.

        He doesn't need to break the banks to become a billionaire if he can do that.

    • You can never underestimate the craziness of some people. I could imagine a hardcore environmentalist wanting to do this, for instance, finding the short term damage to the biosphere less harmful than the longterm damage that continued human occupation would do. A fundamentalist Christian who wants to bring about the second coming of jeebus? Someone who is just really pissed off and anti-social (in the psychological sense, not someone who doesn't like going to parties). I can envision plenty of reasons that
      • Because the sets of "people hating themselves enough to kill themselves" and "people hating other people in general enough to go on a killing spree" intersect only in a very small area. When you intersect with the "people with power" subset, you end up with zero members.

        In short, people who hate themselves and everyone else rarely come into a position where they could have the power to destroy everyone and everything. Usually they don't get old enough to aggregate that power.

    • Launching 100,000? Probably not. But someone in the middle east hacking in to a US nuclear submarine in the pacific wouldn't suffer from much fallout if they launched against San Francisco, for example. If this kind of vulnerability had existed and been known a few years ago, the invasion of Iraq might have gone very differently.
      • Re: (Score:2, Interesting)

        by icebrain ( 944107 )

        The problem isn't the hacker-launched missiles themselves; rather, the problem comes when everyone else starts launching in reaction. There's an axiom in strategic nuclear planning that "if one flies, they all fly". Basically, once the first launch is detected, everyone else has less than half an hour to make a decision. They don't know if it's just a rogue missile or the start of an attack, and they face the dilemma of doing nothing and letting all their forces be wiped out if that's the case. Therefor

    • by eth1 ( 94901 )

      If this happened, it wouldn't be because of a criminal/super-villain. Any criminal smart enough to pull it off would realize that by causing a "global thermonuclear war" they would essentially wipe themselves out, or at least deny them a decent life. Totally counter-productive.

      The people that WOULD do it would be the religious fanatic types that believe they're brining "God's judgement" or whatever, and don't mind martyring themselves in the process.

    • Re: (Score:3, Insightful)

      by Opportunist ( 166417 )

      Thanks for asking the obvious: Who would WANT to do that?

      What's the gain? The end of the world. Erh... yeah, that's super (cheesy thumbs-up pic here). Nobody, absolutely nobody who has a minuscle chance to pull something like this off actually wants the world to end. Everyone who could technically pull together the manpower and know-how to pull a stunt like this wants power.

      How much power do you have over a pile of ashes and dust? Oh, and did I mention that you're dead as well?

      You'd need someone with:

      A deat

  • by BobMcD ( 601576 ) on Thursday July 23, 2009 @07:35AM (#28793953)

    From personal experience I can say that 'Windows on a submarine' really isn't an issue. The Navy uses at LEAST three independent networks on their ships. Two that I was told about and one that I wasn't supposed to notice on my own. These aren't connected together, and only one of them connects to the outside world. Even if they were running a completely un-patched version of Windows 3.11 on that inner-most network, they're still as secure as they need to be.

    In the case of the Navy's most important systems, they're not secured via copper but instead by steel-jacketed lead.

    • Ah but you forget, the systems are connected by the most insecure component of all - people. If the people are fooled into pushing the shiney red button by misinformation delivered by the other systems, what does it matter?
  • by Fantom42 ( 174630 ) on Thursday July 23, 2009 @07:44AM (#28794031)

    The use of Windows on nuclear submarines is not a big deal without providing a lot more context. Is Windows being installed to perform a critical function? Is there an independent backup implemented in hardware? There remain a lot of questions to be answered before I care that Windows is installed on submarines, especially given the alarmist tone of the paper as a whole.

    The article (mis?)cited even talks about how the systems being used don't "usually" get autonomous control of the weapons systems. (http://www.theregister.co.uk/2008/12/16/windows_for_submarines_rollout/) That's pretty vague, but not really surprisingfor a reporter.

    So, is Windows on submarines a concern? Sure it is. Quite frankly, (get out your -1 mod points) for a high risk system, one in which failure can cause loss of life on a massive scale, using Linux, or any computer system is a concern.** Luckily, if engineers are doing their jobs correctly, they know how to design these systems to prevent a software failure from causing one of these events. This almost invariably means using custom software or (better) simple hardware to implement/interlock critical functions and use regular COTS software for the rest. And yes, false indications are an example of a critical function. If the software were to indicate a missile launch, for example, I would expect a way to verify that using hardware in the procedure before moving on to the next step.

    ** This is because any of these systems are too big to have the kinds of quality steps needed for such a system (think TRACEABLE code coverage, testing, requirements traceability, application of coding standards and other software engineering principles, all must be traceable). Maybe if Linus Torvalds and everyone who works on the Linux kernel was hired by the DOD and held to a software quality standard, like DO-178B (http://en.wikipedia.org/wiki/DO-178B)*** there would be a small chance of being able to use this software for a function that is required to prevent loss of life.

    *** Having dug through DO-178B, it is not without its issues, either. But its a good starting point at least.

    • Not to mention there are dozens of networks at military installations, each of them seperated by an air-gap (meaning they're not connected to any others). IMO this report is mostly a scaretactic to try to make the US system look more vulnerable than it is. Most likely because there's an agenda to dismantle the whole she-bang.
    • Yo dawg, I heard you like end-notes, so we put an end note in yo end note so you can reference yo sources while you reference yo sources!

      Sorry, couldn't resist :-X
  • The solution is not to connect your Nuclear Command and Control center to the InterTUBES !!!
  • Another vulnerability could be commanding officers learning new computer languages. Once you dig down enough in windows internals, maybe your mind starts thinking that mass blue screens and deaths are ok, and order a launch when distracted.
  • "Terrorists could remotely commandeer computers [icnnd.org] in China and use them to launch a US nuclear attack against Russia"

    Seriously, if such systems exist, the designers should be locked up !
  • 'As of May 2009, no major cyber terror event has occurred. Policy makers, media organisations, and security companies often use the threat of cyber terrorism to further their own agendas'
  • by MrKaos ( 858439 ) on Thursday July 23, 2009 @09:36AM (#28795163) Journal

    Mutually Assured Destruction or Destruction. Asymmetrical use of a captured Nuclear weapon is surely a nightmare scenario, but a disarmament solution requires careful consideration.

    Some who have read my criticisms of the Nuclear Industry may be surprised to find that I actually support the development of a reactor that addresses the issue of 70,000 tons of Pu-239 (and much more U-238) currently stored in reactor sites around America, simply because it's irresponsible for our generation to foist these issue onto later generations.

    One of the core reasons I support the development of such a reactor because it is capable of utilising weapons grade plutonium as fuel creating an impetus for disarmament and, hopefully, slowly defusing the asymmetrical weapons threat.

    Unfortunately, because there is no geologically sound Nuclear waste dump in operation it's totally inappropriate to discuss building a new reactor facility until a proper containment facility is available. Yucca mountain is not a suitable site because it is made of pumice and geologically active evidenced by recent aftershocks of 5.6 within ten miles of a repository that is supposed to be geologically stable for at least 500000 years. The DOE's own 1982 Nuclear Waste policy Act reported that Yucca Mountain's geology is inappropriate to contain nuclear waste, and long term corrosion data on C22 (the material to contain the Pu-239 and mitigate the ingress of water - yet another Yucca problem) is just not available.

    We need something made of granite. The only human made structure with the potential to last 10000 years is Mt Rushmore, so it has to be an engineering project of that scale, because the logistical problems of transferring the 70000 odd tons of Pu239 to the spent fuel containment facility are so involved that you want to get it right the first time and only do it once.

    Even doing that will probably take 30 years to complete, but there is more to it than that.

    I was a big fan of the Integral Fast Reactor [wikipedia.org] as a potential solution and in a way I still am. But the reality is 3rd and 4th generation reactors are a pipe dream because our material science is not advanced enough yet to produce a reactor design that will last the thousands of years it will take to use that fuel. If you are going to build reactors then do it properly and build a Terra-watt scale nuclear reactor facility the belly of a massive granite mountain with an attached waste facility and chomp up all your remaining plutonium or end all commercial nuclear activity altogether.

    Why? Because Nuclear power is energy intensive *after* the energy has been produced simply because said technology (material sciences) are not adequate to produce a Nuclear reactor that has a life span that matches the geological time frames of the fuel. This exposes the facility to all the issues associated with de-commissioning reactor sites every 4 decades or so. A reactor design that lasts at least 1000 years and is a closed loop, i.e. the plutonium goes in and nothing comes out (except electricity and possibly hydrogen) and avoids all the energetic costs associated with mining, enrichment and de-commissioning/demolition of the reactor.

    As long we are producing plutonium and there is no where for it to go we will have a Nuclear Weapons threat and this is the price we pay for opening that pandora's box. I don't hide the fact that I don't like the constant failure of the Nuclear Industry. But I'm also being realistic. I realise that the only way out of this mess is a well thought out and designed project because we have no other choice due to the nature of the materials. It entails redesigning the entire industry, and it's a long term solution. A well designed and secured facility resistant to attacks even from orbit because that's the type of 21st century threats it would have to face.

    But it has to be done properly, and I don't think privat

  • What is the purpose of this? To engender fear or something? Or just a bit of idle fantasy in the summer heat?

    Whatever the reason, a nuclear war doesn't just happen out of the blue; it is highly unlikely that there wouldn't be a long time before where the tensions were constantly rising, and it isn't very believably that that would happen either. The missiles don't start firing because El Presidente regrettably puts his coffee cup in the wrong place and pushes the red button.

  • ICNND is yet another one of those idiotic feel-good organizations that make a living by spinning-up ridiculously unlikely scenarios that push their agenda.
    .
    Hello? Their entire charter is nuclear disarmament. Having them commission a report that doesn't say Armageddon is coming is about as likely as Greenpeace commissioning one that doesn't conclude that Technology is Bad.
    .
    As Top used to say; "Whenever I get something like this, first thing I do is consider the source. And baby, just who the hell are you?"

  • Without going too much into detail - sending launch orders requires much more than simply hacking into the network (which are probably air gapped anyhow).

    The message has to contain certain authorization codes so the recipient knows that it's not only a valid order, but that it is a valid launch order (as opposed to a valid test or training order). Those codes are stored in a double sealed envelope inside a safe with an inner and outer door - and each combo is controlled by a different person.

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...