It is tempting for the United States to exploit its superiority in cyberwarfare to hobble the nuclear forces of North Korea or other opponents.
As a new form of missile defense, cyberwarfare seems to offer the possibility of preventing nuclear strikes without the firing of a single nuclear warhead. But as with many things involving nuclear weaponry, escalation of this strategy has a downside: United States forces are also vulnerable to such attacks.
Imagine the panic if we had suddenly learned during the Cold War that a bulwark of America’s nuclear deterrence could not even get off the ground because of an exploitable deficiency in its control network. We had such an Achilles’ heel not so long ago. Minuteman missiles were vulnerable to a disabling cyberattack, and no one realized it for many years. If not for a curious and persistent President Barack Obama, it might never have been discovered and rectified.
In 2010, 50 nuclear-armed Minuteman missiles sitting in underground silos in Wyoming mysteriously disappeared from their launching crews’ monitors for nearly an hour. The crews could not have fired the missiles on presidential orders or discerned whether an enemy was trying to launch them. Was this a technical malfunction or was it something sinister? Had a hacker discovered an electronic back door to cut the links? For all the crews knew, someone had put all 50 missiles into countdown to launch. The missiles were designed to fire instantly as soon as they received a short stream of computer code, and they are indifferent about the code’s source.
It was a harrowing scene, and apprehension rippled all the way to the White House. Hackers were constantly bombarding our nuclear networks, and it was considered possible that they had breached the firewalls. The Air Force quickly determined that an improperly installed circuit card in an underground computer was responsible for the lockout, and the problem was fixed.
But President Obama was not satisfied and ordered investigators to continue to look for similar vulnerabilities. Sure enough, they turned up deficiencies, according to officials involved in the investigation. One of these deficiencies involved the Minuteman silos, whose internet connections could have allowed hackers to cause the missiles’ flight guidance systems to shut down, putting them out of commission and requiring days or weeks to repair.
These were not the first cases of cybervulnerability. In the mid-1990s, the Pentagon uncovered an astonishing firewall breach that could have allowed outside hackers to gain control over the key naval radio transmitter in Maine used to send launching orders to ballistic missile submarines patrolling the Atlantic. So alarming was this discovery, which I learned about from interviews with military officials, that the Navy radically redesigned procedures so that submarine crews would never accept a launching order that came out of the blue unless it could be verified through a second source.
Cyberwarfare raises a host of other fears. Could a foreign agent launch another country’s missiles against a third country? We don’t know. Could a launch be set off by false early warning data that had been corrupted by hackers? This is an especially grave concern because the president has only three to six minutes to decide how to respond to an apparent nuclear attack.
This is the stuff of nightmares, and there will always be some doubt about our vulnerability. We lack adequate control over the supply chain for nuclear components — from design to manufacture to maintenance. We get much of our hardware and software off-the-shelf from commercial sources that could be infected by malware. We nevertheless routinely use them in critical networks. This loose security invites an attempt at an attack with catastrophic consequences. The risk would grow exponentially if an insider, wittingly or not, shares passwords, inserts infected thumb drives or otherwise facilitates illicit access to critical computers.
One stopgap remedy is to take United States and Russian strategic nuclear missiles off hair-trigger alert. Given the risks, it is dangerous to keep missiles in this physical state, and to maintain plans for launching them on early indications of an attack. Questions abound about the susceptibility to hacking of tens of thousands of miles of underground cabling and the backup radio antennas used for launching Minuteman missiles. They (and their Russian counterparts) should be taken off alert. Better yet, we should eliminate silo-based missiles and quick-launch procedures on all sides.
But this is just a start. We need to conduct a comprehensive examination of the threat and develop a remediation plan. We need to better understand the unintended consequences of cyberwarfare — such as possibly weakening another nation’s safeguards against unauthorized launching. We need to improve control over our nuclear supply chain. And it is time to reach an agreement with our rivals on the red lines. The reddest line should put nuclear networks off limits to cyberintrusion. Despite its allure, cyberwarfare risks causing nuclear pandemonium.
110 Reykjavik, Iceland