"I want to tell you that your fact sheet on the [Missile Technology Control Regime] is very well done and useful for me when I have to speak on MTCR issues."
The Dangers of Using Cyberattacks to Counter Nuclear Threats
July/August 2016
Top military and defense officials in the United States are currently contemplating plans to use cyberattack capabilities against enemy missile and command-and-control systems as part of a new push for full-spectrum missile defense.1
The idea is to augment the current suite of kinetic missile interceptors deployed within the United States, at sea, and on the territory of certain allies with new, nonkinetic capabilities designed to attack, compromise, or destroy enemy missiles before they can be launched. As Brian McKeon, principal deputy undersecretary of defense for policy, explained in a recent testimony to Congress,
[W]e need to develop a wider range of tools and that includes the efforts underway to address such threats before they are launched, or “left of launch.” The development of left-of-launch capabilities will provide U.S. decision-makers additional tools and opportunities to defeat missiles. This will in turn reduce the burden on our “right-of-launch” ballistic missile defense capabilities. Taken together, left-of-launch and right-of-launch will lead to more effective and resilient capabilities to defeat adversary ballistic missile threats.2
The end goal is a more robust, affordable, and holistic U.S. ballistic missile defense system,3 designed to protect against limited or perhaps undeterrable conventional and nuclear missile threats from certain states and nonstate actors around the globe.
The concept is being driven by an increasing diversification in the types of missile threats facing the United States and by the growing acceptance that there will never be enough interceptors to address all of these missile threats or enough money to build them. Although the idea of using cyberattacks or other nonkinetic weapons for missile defense is not necessarily new and probably has been discussed in secret in the Pentagon for at least a decade, such options appear to have become increasingly viable for the United States today. In the words of Admiral Archer Macy, former director of the Joint Integrated Air and Missile Defense Organization, “Ballistic missile defense cannot consist simply of defeating the launch, flight, targeting and arrival of all of the missiles an enemy could employ. We cannot simply play catch.”4
The desire to disable a missile before it can be launched rather than to intercept it after launch, however, represents a significant shift in mission and planning. This is because it amalgamates traditional protective ballistic missile defense concepts with a new offensive focus on pre-emptive prompt global-strike technologies. Although each of the systems under the prompt global-strike mission is likely to create problems, the use of cybercapabilities to disable missiles before launch is a move with particularly worrying implications for other nuclear-armed states for three key reasons.
• Kinetic missile interceptors are used only after a missile has been launched and the threat has materialized. Cyberattacks, on the other hand, would likely have to be used pre-emptively and be based on prior infiltration of enemy networks. It is therefore a notable transformation of strategy, and it will become more difficult to classify the mission as purely defensive.
• It will be even more difficult to identify the targets of such cybercapabilities and what the capabilities are intended to achieve. Although a limited U.S. ballistic missile defense system is not a serious threat to China and Russia, at least currently, due to their ability to overwhelm the limited number of U.S. interceptors, it is virtually impossible to prove what type of cybercapabilities have been deployed by the United States or other actors and in what quantity.
• The adoption of cyberattack capabilities for missile defense opens up a Pandora’s box of future uncertainty for all nuclear-armed states given the likelihood that other states and potentially nonstate actors will follow suit in developing such options.
Ultimately, such moves would appear detrimental to U.S. goals of strategic stability, arms control, nuclear security, and the safe management of the global nuclear order and may even drive renewed proliferation. The United States therefore needs to think long and hard before it opens up a whole new area of competition and insecurity that it may not win in the long run.
China and Russia
Although the budding U.S. concept of full-spectrum missile defense has not specifically mentioned nuclear weapons systems or particular actors, it is virtually impossible to see how the incorporation of cyberattack capabilities will not be met with great alarm in Beijing and Moscow. Officials in both capitals have expressed concern about the deployment of kinetic missile interceptors in the past two decades, and moves to augment these deployments with a new suite of kinetic and nonkinetic offensive options are likely to magnify this distrust and lead to potentially greater nuclear instability.
Conventional prompt global-strike systems are clearly a major concern, but it is arguably the uncertainty associated with cyberattacks that will prove to be the most problematic aspect of this new approach. Conventional kinetic systems can be quantified, monitored, and perhaps even countered. In addition, they are limited by cost. Cybercapabilities, however, remain inherently nebulous, and it is impossible to estimate their quantity or the extent of the threat. The use of cybercapabilities will also almost certainly require that an adversary’s missile systems be penetrated and perhaps even compromised in advance. As scholar Greg Austin notes, “Strategic nuclear stability may be at risk because of uncertainty about innovations in cyber attack capability.”5
Russia already is acutely worried about the vulnerability of its strategic nuclear systems to cyberinterference and may even see cyberattacks as the greatest challenge at the strategic level, while China’s limited nuclear arsenal and posture make it particularly susceptible to disablement through cyber means or otherwise. The worst-case scenario is that “one state could hack into the nuclear command-and-control systems of another, render its weapons unusable, and use the temporary monopoly of power to coerce its target.”6 Although it is highly unlikely that the United States could or would want to hack into enemy systems as the precursor to a disarming first strike against an adversary’s nuclear forces, it will be difficult for China and Russia to get this worst-case thought out of their minds. The fact that the stated U.S. desire to be able to strike strategic assets anywhere in the world in either “30 minutes or 300 milliseconds” through conventionally armed missiles or cyberweapons could theoretically be directed toward any adversary seems unlikely to help build trust in the nuclear realm.7 For full-spectrum missile defense, these perceptions matter as much as capabilities or intent.
Utilizing cyberattack capabilities for full-spectrum missile defense will almost certainly further undermine strategic stability with Russia and place considerable pressure on the strategic balance with China. Tensions between Washington and Moscow are already high, and cooperation on nuclear security has been suspended. Although both parties continue to implement the New Strategic Arms Reduction Treaty, the prospects for further arms control or reduction measures appear bleak. The introduction of cybercapabilities that could undermine the Russian nuclear deterrent is highly unlikely to help ease these strains.8 In fact, the threat of cyber disablement, combined with the development of other U.S. capabilities as part of the full-spectrum missile defense mission, is likely to add to Russia’s desire to modernize and upgrade its nuclear forces and keep them on high alert.9 The direct result of the United States using cyberattacks in this way could be increased instability, creating another major impediment to the maintenance of nuclear arms control regimes between Russia and the United States and to the idea of further nuclear cuts. Keeping nuclear missile forces on high alert is also seen by some as a major cyber risk because this makes them vulnerable to a cyberattack that could directly or indirectly lead to a launch.10
The potential implications of full-spectrum missile defense are perhaps even more acute for China, given its smaller and less sophisticated nuclear arsenal. Chinese planners are concerned about the possibility of a U.S. non-nuclear first strike involving precision missile attacks backed up with increasingly capable missile interceptor systems.11 The idea that China’s deterrent could be compromised through cyberattacks as well will be a major concern. As with Russia, it is difficult to see how adding new cyberattack options to the U.S. arsenal will help improve relations or engender greater trust with Beijing. The new U.S. capability is much more likely to force reconsideration of Beijing’s no-first-use policy and create another incentive for China to build up and diversify its nuclear arsenal. Indeed, China and Russia are looking at developing new high-tech capabilities for the nuclear deterrence mission in response to growing concerns about U.S. plans.12
The introduction of cyberattack capabilities also creates a whole range of worrying dynamics for crisis stability and management, given that it will likely never be possible to know whether nuclear weapons systems have been breached and compromised or whether they will work as planned when needed. This problem is magnified in Russia due to the degradation of its strategic forces, problems with early-warning systems, and recent moves to increase the role of nuclear weapons in Russian strategy. In China, Beijing’s rumored sharing of certain components of its command-and-control infrastructure between nuclear and conventional systems raises the prospect that a cyberattack on conventional systems might be interpreted as an attack on nuclear systems.13 Including cyberattacks as part of the full spectrum of missile defense may well lead to a compressed escalation ladder, a shortened time frame for nuclear decision-making during a crisis, and a greater incentive to “use them or lose them.” Commanders may incorrectly think they are under attack, fear that nuclear systems had been or could be compromised, or worry cyberattacks might be used to directly cause a nuclear launch. Each of these anxieties might increase the pressure to act first. As analyst Sydney Freedberg has pointed out, “The best defense may be a good offense, but that raises the unsettling possibility that the US might strike first.”14 It is not inconceivable to see this as the beginning of a possible transition to a condition of Mutually Unassured Destruction, or MUD.15
In the quest to secure the United States against the threat of missile attack, the employment of cyber- and other new technological capabilities seems likely to create many of the problems it seeks to solve. The deployment of increasingly capable ballistic missile defense systems has become a major impediment in nuclear arms control discussions with Russia. Yet, although a full-spectrum missile defense approach by the United States may mean that the deployment of kinetic interceptors can be slowed or even capped, replacing interceptors with cyber- and other capabilities is unlikely to unblock the road to greater bilateral nuclear cuts or produce stability. The general idea behind U.S. plans to develop cyberwarfare capabilities is almost certain to target rogue actors and limited missile threats, but it will be very difficult to convince others, notably China and Russia, that these capabilities are not directed or at least usable against them. Convincing Beijing and Moscow that the nascent kinetic-based missile defense program is not directed against them has been difficult enough; the unknowns associated with cyberattacks intertwined with the clear possibility for pre-emptive strikes raise the stakes considerably.
Challenges for the U.S.
At the same time that it creates concerns for other states by pursuing cybercapabilities, the United States is highly likely to become vulnerable to the use of cybercapabilities to undermine its own nuclear weapons systems. Concerns in the United States about relying on computers for nuclear weapons management can be traced back as far as the 1960s and early 1970s,16 but anxieties have grown considerably in the past few years. In 2013 the U.S. Defense Science Board cautioned that U.S. nuclear weapons might be vulnerable to cyberattacks and that future cyberthreats to U.S. nuclear systems “might be impossible to fully defend against.”17 Two years later, retired General James Cartwright, former head of U.S. Strategic Command, warned that “[t]he sophistication of the cyber threat has increased exponentially…. It is reasonable to believe that the threat has extended itself into [our] nuclear command and control systems.”18
Although U.S. nuclear weapons and associated command-and-control systems are well protected and “air gapped” where possible, and therefore physically separated from unsecured networks, they are by no means invulnerable to hackers seeking to disable these systems or at least stop them from working as planned. The increasing reliance of all aspects of the nuclear mission on complex software and endless lines of code and the requirement for ever greater connectivity among nodes mean that hackers have numerous potential points of entry. Indeed, a backdoor into naval broadcast systems used to transmit nuclear launch orders was discovered in the 1990s,19 and in 2012, Thomas D’Agostino, head of the Department of Energy’s National Nuclear Security Administration, revealed that U.S. nuclear weapons and associated systems “are under constant attack” from a “full spectrum of hackers.”20 Although recent moves to bolster the defense of U.S. nuclear systems against cyberattacks,21 as well as the establishment of in-house hacker teams at the Pentagon,22 should be welcomed, they are unlikely to be foolproof. This is particularly true in light of the ongoing development of technologies to “jump” the air gap and widespread attempts by U.S. adversaries to use cyberespionage to steal sensitive nuclear-related secrets about these systems from U.S. government agencies, research laboratories, and contractors, possibly as a precursor to future attack.
The problem is particularly pressing given the ongoing upgrade of the U.S. nuclear command-and-control infrastructure and possible plans to replace all three legs of the nuclear triad in the years ahead. The Pentagon has been clear that this involves a transition to relying on “internet like networks” for command and control, and all of these modernization programs almost certainly will entail a greater reliance on computers, software, and code.23 Although modernization may well allow for greater functionality, processing speed, control, and real-time management, it also makes U.S. nuclear weapons systems and missile defense systems much more vulnerable to hackers and those seeking to interfere with or gain access to sensitive nuclear infrastructure. It also makes the systems increasingly difficult to protect. As General C. Robert Kehler, head of U.S. Strategic Command, put it, “The age of the [U.S.] command and control system might inadvertently offer some protection against the latest hacking techniques.”24 This is because some parts of the system are so old that current cyberattack techniques do not apply to them.
The cyberthreat extends across the U.S. nuclear weapons enterprise and will include all components that rely on networked computers and software, including weapons and delivery platforms, early-warning and command-and-control systems, and secret design and operational information produced and stored by defense contractors and research laboratories.25 The cybersecurity challenge will also include information about the humans that operate these systems.
The threat is bifurcated between attacks designed to disable U.S. systems and prevent them from working and those designed to enable them by indirectly exacerbating a crisis or spoofing systems or directly seeking to cause an unauthorized launch or explosion. The disablement attacks are more likely to come from states, as discussed above; the enablement scenarios are more likely to be perpetrated by nonstate actors. As the Global Zero Commission warned, “Questions abound: could unauthorized actors—either state or non-state—spoof early warning networks into reporting attack indications that precipitate overreactions? Could such hackers breach the firewalls, the air gaps, and transmit launch orders to launch crews or even to the weapons themselves? What if an insider colluded with them to provide access and passwords to the launch circuitry? Might they acquire critical codes by hacking?”26
Protecting against these two different types of cyberthreats arguably requires different and to some extent antagonistic requirements. For example, greater security and protection against both state and nonstate threats might mean a reduction in usability. The problem is that the United States, as well as Russia and to a lesser extent China, appears determined to prioritize the threat of disablement and therefore the ability to ensure weapons can be used over measures that might be taken to guard against outside interference designed to enable nuclear use. This in turn means that there are more opportunities for nonstate actors to attack these nuclear systems, either directly or indirectly through manipulation of information or through so-called false-flag attacks, in which attacks by one party are designed to look like they are conducted by another.27 Bruce Blair, a former missileer and the co-founder of Global Zero, has argued it is at least possible that terrorist groups or other unauthorized actors might have taken advantage of the loss of control of 50 Minuteman missiles at F.E. Warren Air Force Base in Wyoming in October 2010 and caused a nuclear launch.28 Moves to make the use of cybercapabilities against nuclear systems routine are a double-edged sword: using cyberattacks to undermine missile threats from U.S. adversaries might also expose significant vulnerabilities in U.S. systems to other states and other nonstate actors.
Conclusion
The use of cybercapabilities to undermine missile threats to the United States by disabling the missiles before they are launched might seem at first like an attractive, cost-effective, and sensible way of bolstering protection against a serious and growing challenge. Yet, the idea is inherently problematic for a number of reasons, and thought needs to be given before the Pentagon turns this concept into reality. First, the use of cybercapabilities conspicuously transforms the ballistic missile defense mission from one of protection to one of pre-emption. Second, it will add further pressure for states to focus more on the credibility of using their nuclear forces rather than on safety and security against harmful interference by nonstate actors. Third, such moves appear antithetical to virtually all U.S. nuclear proliferation, arms control, and nuclear security objectives. Fourth, it sets a precedent and creates a norm that such attacks or at least planning for them, is acceptable. Finally, it is far from clear that the United States will retain a comparative advantage in this field in future years as capabilities spread, and the United States may find its own nuclear and missile systems vulnerable to cyberattack.
A far better approach to the emerging cyber-nuclear nexus is to consider how an increasingly diverse nuclear environment can best be managed and how an array of new threats can be mitigated and perhaps overcome. The focus of U.S. policymakers should be on how nuclear forces and associated command-and-control systems of all states might be better protected against cyberinterference and how to ensure that hackers cannot cause a nuclear crisis or, in a worst-case scenario, facilitate a nuclear launch. Although better security, training, and understanding are a must for protecting against cyberattacks, the United States might also consider reaching out to other nuclear-armed states in the hope of building trust through various confidence-building measures, perhaps through sharing best practices or exchanging data and intelligence on nonstate threats. This approach also might conceivably lead to discussion of constraints on targeting each other’s weapons or command-and-control systems with cyberattacks and to formal discussion within broader nuclear arms control dialogues and within global forums such as the review conferences for the nuclear Nonproliferation Treaty. The goal of the discussions would be to reach agreement on a moratorium or other constraints on targeting each other’s weapons or command-and-control systems with cyberattacks.
This is undoubtedly a difficult task, not least because of problems of verification, attribution, transparency, and trust. It is worth pursuing because it might help reduce some of the uncertainties and worst-case thinking that surround the cyber challenge. It might even provide a basis for moving toward a safer nuclear environment.
Although it may be true that cyberthreats and nuclear strategy will become increasingly commingled in the future,29 this does not mean that such a nexus should be desired or sought. It is far from clear that the United States will remain immune from the myriad threats to its own nuclear systems posed by cyberattacks. At the same time, it is clearly in the national interest not to make other governments feel increasingly vulnerable and suspicious. The next U.S. president faces a big choice on the future shape of U.S. missile defense, the use of cybercapabilities for pre-emptive attacks on enemy systems, and the full-spectrum concept more generally. Although various techno-military developments undoubtedly will make the nuclear future more uncertain and potentially more complex, a strong decision now to forswear or at least limit the use of cyberattacks against nuclear assets would be an important benchmark for managing this challenge and minimizing the risks of nuclear weapons use in the longer term.
ENDNOTES
1. See Riki Ellison, “Left of Launch,” Missile Defense Advocacy Alliance, March 16, 2015, http://missiledefenseadvocacy.org/alert/3132/; Bill Gertz, “Pentagon Developing Pre-launch Cyber Attacks on Missiles,” Washington Free Beacon, April 14, 2016, http://freebeacon.com/national-security/pentagon-developing-pre-launch-cyber-attacks-missiles/.
2. Brian P. McKeon, Statement before the Senate Armed Services Subcommittee on Strategic Forces, April 13, 2016, http://www.armed-services.senate.gov/imo/media/doc/McKeon_04-13-16.pdf.
3. Thomas Karako, remarks at the Center for Strategic and International Studies (CSIS), Washington, D.C., April 12, 2015, http://csis.org/files/attachments/151204_full_spectrum_transcript.pdf.
4. Admiral Archer Macy, remarks at CSIS, Washington, D.C., April 12, 2015, http://csis.org/files/attachments/151204_full_spectrum_transcript.pdf.
5. Greg Austin, “Costs of American Cyber Superiority,” China-U.S. Focus, August 6, 2013, http://www.chinausfocus.com/peace-security/costs-of-american-cyber-superiority/.
6. Martin Libicki, Crisis and Escalation in Cyberspace (Santa Monica, CA: RAND Corporation, 2012), p. 128.
7. See General James Cartwright, “Whither the Forward-Basing of U.S. Troops?” MP3 audio, 01:34:14, June 4, 2009, http://c689403.r3.cf2.rackcdn.com/090604_militaryforum.mp3.
8. See Andrew Korybko, “U.S. ‘Missile Defense’: Satellites, Lasers, and Electromagnetic Railguns,” Russian Institute for Strategic Studies, September 22, 2015, http://en.riss.ru/analysis/18912/.
9. William Broad and David Sanger, “Race for the Latest Class of Nuclear Arms Threatens to Revive Cold War,” The New York Times, April 16, 2016.
10. See Global Zero Commission on Nuclear Risk Reduction, “De-alerting and Stabilizing the World’s Nuclear Force Postures,” April 2015, http://www.globalzero.org/files/global_zero_commission_on_nuclear_risk_reduction_report_0.pdf.
11. Andrew Futter and Benjamin Zala, “Coordinating the Arm Swing With the Pivot: Nuclear Deterrence, Stability and U.S. Strategy in the Asia-Pacific,” The Pacific Review, Vol. 28, No. 3 (July 2015): 377.
12. Martin Matishak, “The Next Arms Race for the U.S., China and Russia: Hypersonic Weapons,” The Fiscal Times, March 2, 2016, http://www.thefiscaltimes.com/2016/03/02/Next-Arms-Race-US-China-and-Russia-Hypersonic-Weapons.
13. Joshua Pollack, “Emerging Strategic Dilemmas in U.S.-Chinese Relations,” Bulletin of the Atomic Scientists, Vol. 65, No. 4 (July-August 2009): 56.
14. Sydney J. Freedberg Jr., “Joint Staff Studies New Options for Missile Defense,” Breaking Defense, September 16, 2015, http://breakingdefense.com/2015/09/joint-staff-studies-new-options-for-missile-defense/.
15. Richard J. Danzig, “Surviving on a Diet of Poisoned Fruit: Reducing the National Security Risks of America’s Cyber Dependencies,” Center for a New American Security, July 2014, p. 6, http://www.cnas.org/sites/default/files/publications-pdf/CNAS_PoisonedFruit_Danzig_0.pdf.
16. Gordon Corera, Intercept: The Secret History of Computers and Spies (London: Weidenfeld and Nicholson, 2015), pp. 71-72; James P. Anderson, “Computer Security Technology Planning Study,” ESD-TR-73-51, October 1972, http://csrc.nist.gov/publications/history/ande72.pdf.
17. Defense Science Board, “Task Force Report: Resilient Military Systems and the Advanced Cyber Threat,” January 2013, pp. 2, 6, http://www.acq.osd.mil/dsb/reports/ResilientMilitarySystems.CyberThreat.pdf.
18. Robert Burns, “Former U.S. Commander: Take Nuclear Missiles Off High Alert,” Associated Press, April 29, 2015, http://bigstory.ap.org/article/2ae0a33fa1c7402999afb6d55046e2cc/former-us-commander-take-nuclear-missiles-high-alert. When asked about the vulnerability of U.S. systems, retired General James Cartwright responded, “Have they been penetrated? I don’t know. Is it reasonable technically to assume they could? Yes.”
19. Jason Fritz, “Hacking Nuclear Command and Control,” International Commission on Nuclear Non-proliferation and Disarmament, July 2009, http://icnnd.org/documents/jason_fritz_hacking_nc2.pdf.
20. Jason Koebler, “U.S. Nukes Face Up to 10 Million Cyber Attacks Daily,” U.S. News and World Report, March 20, 2012, http://www.usnews.com/news/articles/2012/03/20/us-nukes-face-up-to-10-million-cyber-attacks-daily.
21. Benjamin D. Katz, “U.S. Beefs Up Cyber Defense to Thwart Hacks of Nuclear Arsenal,” Bloomberg, March 24, 2016, http://www.bloomberg.com/news/articles/2016-03-24/u-s-beefs-up-cyber-defenses-to-thwart-hacks-of-nuclear-arsenal.
22. Colin Clark, “As GAO Finds DoD Wobbly on Cyber Policies, Carter Launches HackerOne,” Breaking Defense, April 7, 2016, http://breakingdefense.com/2016/04/as-gao-finds-dod-wobbly-on-cyber-policies-carter-launches-hackerone/.
23. Office of the Assistant Secretary of Defense for Nuclear, Chemical, and Biological Defense Programs, U.S. Department of Defense, “Nuclear Command, Control and Communications System,” in Nuclear Matters Handbook, 2011, p. 53.
24. Eric Schlosser, Command and Control: Nuclear Weapons, the Damascus Accident, and the Illusion of Safety (London: Allen Lane, 2013), p. 475.
25. For more information, see Andrew Futter, “Cyberthreats and Nuclear Weapons,” RUSI Occasional Paper (forthcoming) (copy on file with author).
26. Global Zero Commission on Nuclear Risk Reduction, “De-alerting and Stabilizing the World’s Nuclear Force Postures.”
27. See Andrew Futter, “War Games Redux? Cyber Threats, U.S.-Russian Strategic Stability and New Challenges for Nuclear Security and Arms Control,” European Security, Vol. 25, No. 2 (2016): 163-180.
28. Bruce Blair, “Could Terrorists Launch America’s Nuclear Missiles?” Time, November 11, 2010, http://content.time.com/time/nation/article/0,8599,2030685,00.html.
29. Stephen Cimbala and Roger McDermott, “A New Cold War? Missile Defenses, Nuclear Arms Reductions, and Cyber War,” Comparative Strategy, Vol. 34, No. 1 (2015): 103.
Andrew Futter is a senior lecturer in international politics at the University of Leicester in the United Kingdom. He is the author of Ballistic Missile Defence and US National Security Policy (2013) and editor of the forthcoming book The United Kingdom and the Future of Nuclear Weapons. His current work into cyberthreats and nuclear strategy is funded by the UK Economic and Social Research Council.