Cyber Threats and Nuclear Weapons
Herbert Lin


Contents and Abstracts
1 Introduction and Background
chapter abstract

This chapter motivates the cyber-nuclear nexus. Cyber attackers use access paths to reach vulnerabilities so that they can compromise the confidentiality, integrity, or availability of a targeted computer system, which may be connected to other devices, including devices that respond to and affect the physical world. Attackers also target the vulnerabilities of human users to gain access. Defensive measures can make technical improvements in the hardware and software, and can also make human users less vulnerable to compromise. U.S. nuclear forces are built around a triad of nuclear missile-carrying submarines, land-based nuclear intercontinental ballistic missiles, and bombers carrying nuclear bombs and cruise missiles. The operation of these forces is directed and coordinated through an extensive system for nuclear command, control, and communications. All elements of the nuclear enterprise make significant use of computers and are thus potentially vulnerable to cyber attacks.

2 The Cyber-Nuclear Connection
chapter abstract

This chapter briefly identifies several important aspects of the cyber-nuclear connection. A Trump administration review of nuclear strategy raised the possibility of using nuclear weapons to respond to a cyber attack of strategic significance, and thus drew substantial public attention to the link between cyber and nuclear matters. One of the most important aspects of that link is the potential vulnerability of the computing embedded in the nuclear enterprise to cyber attack. Several prominent cyber incidents over the past decade or so have drawn attention to cybersecurity as a national security issue. A number of -government reports on the cyber vulnerabilities in nuclear command and control have appeared over the past few years, mostly focusing on the possibility that these systems could be hacked.

3 The U.S. Nuclear Enterprise
chapter abstract

This chapter applies a cybersecurity lens to the various elements of the U.S. nuclear enterprise—the nuclear weapons complex that is responsible for various aspects of U.S. nuclear weapons; the nuclear delivery systems and platforms responsible for carrying weapons to targets; and the nuclear command, control, and communications system needed to operationalize orders from U.S. nuclear command authorities to the forces in the field. These forces are also being modernized. Possible cyber vulnerabilities in each of these elements are discussed. The nuclear enterprises of other nations are subject to many of the same kinds of cyber risks, but their risk profiles are somewhat different, because they are generally less technologically sophisticated and have different force structures. Finally, senior officials in the Department of Defense are aware of cyber risks, at least rhetorically, but the Congress has expressed some serious doubts as to whether they have taken sufficient remedial action.

4 Cybersecurity Lessons for Nuclear Modernization
chapter abstract

This chapter reviews certain critical aspects of cybersecurity that are often underappreciated outside (and even inside!) the technical community but are particularly relevant to the nuclear enterprise. Increasing functionality of a system generally leads to increased complexity, and increased system complexity generally leads to a weaker cybersecurity posture. All else being equal, attention paid to improving cybersecurity and resilience will have a negative impact on the schedule for project development, especially in an environment of changing performance requirements. Cybersecurity measures almost always lead to lower ease of use and reduce operational efficiency. Cybersecurity is a holistic, emergent property of a complex system, a point that is particularly relevant to an inevitably complex NC3 system. Use of Silicon Valley techniques for software development are often unsuitable for software that affects the nuclear enterprise.

5 Cyber Risks in Selected Nuclear Scenarios
chapter abstract

This chapter presents a number of hypothetical scenarios describing how cyber risks might play out in a nuclear context. Cyber espionage can be mistaken for a real cyber attack. Cyber attacks on conventional systems can be mistaken for attacks on nuclear systems. Cyber attacks done secretly could cause escalation because of incomplete knowledge of the targeted party. Cyber attacks could damage leader confidence in nuclear forces. Social media corruption of the information environment could prompt impulsive decision-making. Social-media-based information operations could provoke war. Some common threads include the need for multiple disciplines to anticipate adversary actions; the importance of psychology in decision-making; differing perspectives of attackers and defenders on their relative strengths and weaknesses; and the importance of inadvertent and accidental escalation.

6 Designing the Cyber-Nuclear Future: Observations and Imperatives
chapter abstract

This chapter presents seven observations relevant to cyber risks and the nuclear enterprise and identifies a number of imperatives for overseers of the U.S. nuclear enterprise that follow from these observations. Vulnerabilities to adversary cyber operations on the nuclear enterprise are not limited to technical attacks on NC3 components. Entanglement of conventional and nuclear functions in operational systems increases the risk of inadvertent nuclear escalation. Short decision-making timelines increase cyber risk. The legacy NC3 system has not failed catastrophically since 1985. The tension between keeping up with a rapidly changing environment and maintaining an adequate cybersecurity posture cannot be resolved—only managed. The cybersecurity posture across the U.S. nuclear enterprise is highly heterogeneous, with some elements having weaker cybersecurity than others.

7 Moving Forward
chapter abstract

This chapter concludes with thoughts on moving forward relevant to a changing administration. It identifies inadvertent or accidental escalation resulting from differing interpretations of the intent behind cyber activities that are not intentionally conducted to affect the nuclear enterprise adversely as a cyber risk that must be mitigated in addition to the risks associated with deliberate cyber attacks on the U.S. nuclear enterprise. Additionally, the chapter points out that high-level policy attention to cybersecurity does not necessarily translate into improved cybersecurity practices on the ground. Paying attention to the observations and imperatives of chapter 6 would not ensure adequate cybersecurity for the nuclear enterprise, but ignoring them will guarantee its inadequacy.