“The biggest security issue here isn’t that the computer is 40 years old, but rather the quality of the lock on the door where the computer is housed,” Cris Thomas, a strategist for Tenable Network Security, said in a statement.
Thomas, known in hacker circles by his pseudonym Space Rogue, was one of the founding members of the legendary hacker collective L0pht. The group famously testified to the U.S. Senate in 1998 that it could take down the Internet in 30 minutes.
Interestingly, having the nuclear arsenal running on decades-old computers with floppy disks makes it incredibly difficult to hack, a fact that some in the Air Force actually used as an example of why upgrading isn’t really necessary.
Thomas said that the IBM Series/1 computer the Pentagon is using to control nukes is most likely air-gapped — meaning it’s not connected to the Internet or a network that would give remote access — so a hacker would need to be sitting at the terminal to actually do any damage.
He also said the machines are “notoriously reliable,” so he wasn’t surprised they were still being used.
“As long as they can make regular copies of the software on the 8 inch floppy’s so that they don’t degrade, and they have a ready supply of spare parts and new floppies, there’s no reason why the system wouldn’t last another 40 years,” he said.
There is a caveat: While an outdated machine would make it hard for hackers, it also makes it hard to fix things if something goes wrong, since the coding languages it uses are aging as well. Fewer programmers are around that even know COBOL or FORTRAN, he explained.
Regardless, the report noted that the DoD plans to update “data storage solutions, port expansion processors, portable terminals, and desktop terminals by the end of fiscal year 2017.”
This story originally appeared on Business Insider.