Digital Strangelove: The Cyber Dangers of Nuclear Weapons
Cyberspace is the most complex sociotechnical system ever created, while nuclear weapons are the most destructive military tools in history. They are increasingly entangled in ways that we do not fully understand.
Published by The Lawfare Institute
in Cooperation With
Editor's note: This article is part of a series of short articles by analysts involved in the Cyberspace Solarium Commission, among others, highlighting and commenting upon aspects of the commission's findings and conclusion.
Cyberspace is the most complex sociotechnical system ever created, while nuclear weapons are the most destructive military tools in history. They are increasingly entangled in ways that we do not fully understand. Partly this is due to a lack of information—cyber operations and nuclear weapons are both highly classified realms. Partly this is due to the increasing complexity of interactions, which are hard to model. Yet the greater challenges, perhaps, are political.
Nuclear command, control and communications (NC3) is the nervous system of the strategic deterrent. NC3 enables critical informational functions such as early warning and situation monitoring, operational planning and assessment, strategic decision-making and tactical force direction. Commanders aim to ensure that weapons are always available for authorized use and never usable without authorization. There is some tension between these requirements, insofar as a highly alert posture to ensure usability increases the risk of accident, and some close calls resulted during the Cold War.
In recent years, there has been a resurgence of interest in NC3 and strategic stability among academics and arms controllers. This new wave of concern has been prompted, variously, by revelations about U.S. operations allegedly targeting Iranian enrichment and North Korean missile tests; concerns about interactions with artificial intelligence or social media; and fears of inadvertent escalation due to cyber-nuclear interaction or the entanglement of nuclear and conventional forces.
As the Defense Science Board recommended in 2013, “[I]mmediate action to assess and assure national leadership that the current U.S. nuclear deterrent is also survivable against the full-spectrum cyber … threat.” NC3 modernization also features prominently in the 2018 Nuclear Posture Review. The U.S. Air Force has, accordingly, designated NC3 as a weapon system (AN/USQ-225), which consists of as many as 160 different systems. Upgrades of NC3 to leverage digital technology have the potential to improve reliability and accountability. It is a truism, however, that complexity is the enemy of cybersecurity. Greater reliance on software components offers convenience and flexibility at the price of new logical failure modes that are difficult to model. The interactive complexity of digital components, sophisticated weapons and demanding deterrent postures could increase the chance of accidents and unintended consequences.
Yet there is another category of problems that is in some ways more insidious. Covert capabilities, like offensive cyber operations, may create strategic incentives for actors to act deliberately in ways that could undermine the stability of deterrence. For example, the U.S. had a covert program of electronic warfare options targeting Soviet NC3 in the Cold War. These options might have helped to limit the damage the Soviet arsenal could inflict in a nuclear war, but they could not be revealed to the Soviets for the sake of deterrence. As the character Dr. Strangelove makes clear in the eponymous classic movie, nobody is frightened of capabilities that are kept secret. Indeed, the Soviets learned about the American program through a well-placed spy in NATO and changed their communications protocols.
This problem is even more acute today. Nuclear capabilities must be revealed to be useful for deterrence. Nuclear deterrence works because nuclear weapons states can deliberately reveal their nuclear capabilities and thus signal the potential consequences for crossing red lines. By contrast, offensive cyber operations against sensitive targets cannot be revealed if they are to be useful at all. Cyber actors deliberately conceal or obfuscate their cyber capabilities and operations because compromise would enable the target to patch or take countermeasures that mitigates the capability. This cyber commitment problem is one reason why cyber is ill suited for coercive bargaining. This is most problematic for offensive cyber operations designed for nuclear damage limitation and counterforce missions, which must be prepared well in advance in strict secrecy.
The crucial strategic conundrum, therefore, is how to manage the interaction of two domains with dangerously opposed strategic characteristics. If opponents do not agree on the balance of power in a crisis bargaining situation, for whatever reason, bargaining is more likely to fail. Offensive cyber operations targeting NC3 create just such an information asymmetry. Cyber capabilities that are needed only in the event that deterrence fails can thus make it more likely that deterrence will fail in the first place. Precisely because cyber conflict takes place below the threshold of armed conflict, the dangerous combination of offensive cyber operations and NC3 can, in effect, lower the nuclear threshold.
What is to be done? The cybersecurity of every segment of the NC3 enterprise must be assessed, to include NC3 interactions with the broader cyberspace environment. It is important not to limit analysis to technical penetrations, as social engineering or blackmail targeting operators, administrators or their families cannot be ruled out. Defense in depth for NC3 systems should include redundant communications, error correction protocols, isolation of critical systems, reduced reliance on complex software where possible, avoidance of software monocultures vulnerable to class exploitations and active network security monitoring with a threat-hunting counterintelligence mindset.
Translating defensive capacity into deterrence requires taking the additional, and politically difficult, step of advertising NC3 redundancy and resilience to potential adversaries, even in a cyber-degraded environment. Perhaps the most important thing to be done is to sensitize operators, nuclear policy makers and allied counterparts throughout the NC3 enterprise to the risks of cyber-nuclear interaction. Human interpretation and intervention will be the key to mitigating many of these scenarios as they emerge. It is thus important for governments to develop and exercise concepts and methods for noticing and evaluating the likelihood of different types of cyber-nuclear risks as they emerge in various scenarios.
The truly difficult policy questions concern the use of offensive cyber operations targeting foreign NC3. Coordination among stakeholders is more difficult because tailored cyber options, and nuclear warfighting plans generally, are highly classified in special access programs. It is precisely this level of security that gives rise to the cyber commitment problem described above. Moreover, it may be completely reasonable, or even desirable, to have just such options for damage-limiting warfighting scenarios or counterforce preemption in the event that deterrence fails. Yet it is critical that policymakers and commanders make a mindful decision about the strategic benefits of cyber options and the risks of deterrence failure they may entail. These are hard policy questions without clear technical fixes.