Nuclear Weapons Vulnerable To Cyber Threats – OpEd – Eurasia Review
By Yevgeny Pedanov*
According to a new report from the Nuclear
Threat Initiative (NTI), Cyber Nuclear Weapons Study Group, US nuclear
weapons can’t be effectively protected against cyberattacks with technical
means alone.
“Any system containing
a digital component, including nuclear weapons, is vulnerable to cyber
threats,” Page Stoutland, NTI’s vice president for scientific and
technical affairs, said.
In a report about cyber threats to nuclear weapons security, just
presented in Moscow and titled “Nuclear Weapons in a New Cyber Era,” NTI
analysts warn that with the development and spread of digital technology,
attacks in the information space are getting increasingly dangerous, making
even the US defense systems vulnerable to cyberattacks. According to the
report, which is based on the results of a 2013 survey conducted by the US
Defense Department, the military command may face false warnings about an
attack or lose confidence in their ability to control US forces and assets.
Losing control over power grids as a result of
cyberattacks is a serious danger to nuclear weapons (Page Stoutland)
The most dangerous consequences of a cyberattack on a country’s system
of nuclear deterrence are as follows: first, it can target the early warning
system (EWS) and simulate a nuclear attack, which could prompt a very real
retaliatory strike. Secondly, experts do not rule out the possibility of
unauthorized use of nuclear weapons as a result of cyber and physical attacks
disabling security measures. The authors of the report consider the possibility
of a false order for the release of nuclear weapons resulting from a hacked
control system less likely though. Thirdly, a cyberattack can disrupt the chain
of command transmission and international communication channels. And last, but
not least, this damage could be caused already during the production stage, if
errors or malware are introduced into the software.
“Protection
requires not only technical excellence, but also a new strategy that takes into
account cyber threats that did not exist at the time when nuclear weapons were
being developed.” (Page Stoutland)
The four worst post-cyberattack scenarios being considered by experts
include attacks on early-warning systems (radar and satellites), security
systems, communications, and production chains. According to the authors of the
“Nuclear Weapons in a New Cyber Era” report, false information about a nuclear
attack, as well as a disruption channels of communication as a result of
cyberattacks could lead to a “retaliatory” or a preventive nuclear
strike. Security and physical protection system hacks could result in the theft
of nuclear weapons. Insertion of malware into manufactured parts undermines
confidence in the predictability of nuclear deterrence. The authors warn that a
loss of confidence in one’s ability to prevent an enemy nuclear attack with
nuclear deterrence tools could have serious negative consequences for strategic
stability.
“In
1980, the failure of a NORAD computer chip resulted in a false warning about an incoming nuclear
attack.” (Page Stoutland)
Experts are convinced that because no improvements in cyber security
will be enough to completely eliminate the threat, increasing the decision time
would be the right way to go. This requires efficient systems and processes to
either confirm or discard data from DSS and other sources. To increase
decision-making time after information about a nuclear missile launch against
the US has been received, the authors propose the following scenario: if the
warning has been confirmed as accurate, and the source of the missile launch
has been duly determined, the president orders a deferred retaliatory strike.
The drawbacks of this approach, the report warns however, is delayed response,
less headroom for maneuvering and overdependence of automation, as well as the
risk of information about the order for a retaliatory strike leaking out, which
itself could provoke a nuclear attack by the adversary.
“In
2010, US launch-control officers lost communication with a squadron of 50
nuclear-tipped intercontinental ballistic missiles for 45 minutes.”
(report)
Another way of reducing the cyber threat would be to limit the use of
cyber-attacks against nuclear weapons.
The authors advise the military and political leadership, as well as
officials at a lower level, to realize full well that cyberattacks against
nuclear systems are fraught with an unintentional catastrophe. Therefore, to
avoid a disaster, they need to work out clear-cut rules of the game. Difficult
as the verification of these rules may be, the experts still believe that the
mere presence of such norms would prevent an escalation, as, according to them,
suspicious would initially fall on non-state players, who never signed the
agreement.
Obviously, these decisions are possible only in cooperation with other
countries and with a great deal of mutual trust and concerted steps. Aware of
this, the authors propose starting a discussion on cyber security, between
Russia and the US, and between China and the US, against threats posed by such
non-state players and third parties, who might initiate any of the
abovementioned scenarios and be interested in their negative consequences.
From our partner International Affairs
*About the author: Yevgeny Pedanov, Special correspondent
Source: This article was published by Modern Diplomacy
Please Donate Today
Did you enjoy this article? Then please consider donating today to ensure that Eurasia Review can continue to be able to provide similar content.
Gloss