Stability was an overriding concern at last week’s Senate Foreign Relations Committee hearing on nuclear command authority, the first in four decades. Senators wondered aloud whether one individual — the American president — should have the sole authority to direct a nuclear attack. The focus is understandable, but there are other challenges to nuclear stability that deserve more attention than they’re getting.
In particular, advances in cyberweapons and counter-space capabilities are creating new pressures on concepts of nuclear deterrence as traditionally construed. As a result, and as we outlined in a recent report, there exists a real and growing possibility of rapid and unintended escalation of any U.S.-Russia crisis or conflict.
Consider three potentially overlapping scenarios.
First, as is increasingly clear, activities that originate in cyberspace could provoke crisis and spread beyond the cyber domain. Over the past several weeks alone, startling new reports have detailed the extent of Russian efforts to influence the 2016 U.S. presidential election and to undermine our democratic system. The Wall Street Journal, for instance, reports that Russian Twitter accounts posing as Americans began their campaign much earlier than previously thought — in June 2015, more than a year before the election. Google reported recently that Russian operatives spent tens of thousands of dollars on Google search, Gmail, and YouTube ads. And Facebook now says that over 120 million users viewed fake content created by Russian operatives.
Such efforts have not been limited to the United States. More than 400 fake Russian-origin Twitter accounts were used to influence the British Brexit vote, according to recent research conducted by the University of Edinburgh. As investigations continue, we will no doubt learn more about Russian influence operations in the United States, the UK, France, and elsewhere.
At the same time, Symantec and other cyber security firms have identified Russian government hackers in widespread penetrations of the U.S. energy sector. The head of Britain’s National Cyber Security Centre announced that Russia had infiltrated his country’s energy, telecommunications, and media sectors.
Cyber penetrations of critical infrastructure amount to what the military calls “preparation of the battlespace.” Russian cyber implants in the United States and other NATO countries provide potential leverage in a crisis, and – if push comes to shove – the ability to impose significant pain through non-kinetic, non-lethal cyber attacks.
The use of such tools is not some hypothetical distant possibility. Russia undertook cyber attacks on Estonia more than a decade ago, and it employed cyber weapons in support of its invasion of Georgia in 2008. Moscow used them again in 2014, both in support of its annexation of Crimea and its military intervention in eastern Ukraine.
Cyber weapons are not, of course, the sole preserve of Russia. Washington has acknowledged its own development of them, and senior U.S. officials have highlighted their use against ISIS.
Their possession by both Russia and the United States complicates traditional notions of strategic stability. Using non-kinetic, non-lethal cyber tools is likely to be very attractive in a crisis, and certainly in a conflict. Yet with both sides possessing the means to disrupt or destroy the other’s military systems and critical infrastructure – both war-supporting infrastructure as well as purely civilian infrastructure - a small “cyber-spark” could prompt rapid escalation. Such an attack could inadvertently “detonate” a cyber weapon that had been intended to lay dormant in the other side’s systems. Or a spark produced by sub-national actors – “patriotic hackers” inside or outside the government – could generate unintended cascading effects. The spark could even come via a false flag attack, with a third-party trying to pit the United States and Russia against one another.
A second scenario could appear if armed conflict looks likely. At the outset, there would exist strong incentives to use offensive cyber and counter-space capabilities early, in order to negate the other side’s military. The U.S. and Russian militaries depend (though not equally) on information technology and space assets to collect and disseminate intelligence, as well as for command, control, and communications.
Hence the incentive to use non-kinetic cyber or space attacks to degrade the other side’s military, with few if any direct casualties. By moving first, the cyber- or space-attacker could gain military and coercive advantage, while putting the onus on the attacked side to dare escalate with “kinetic” lethal attacks. Would the United States or Russia respond with, say, missile strikes or a bombing campaign in response to some fried computers or dead robots in outer space? Given the doubt that they would, large-scale cyber and space attacks – before a kinetic conflict even starts – are likely to be seen as a low-risk, high-payoff move for both sides.
A third scenario plays out if one side believes that its critical infrastructure and satellites are far less vulnerable than the other side. In that case, a severe crisis or conflict might prompt the country to threaten (and perhaps provide a limited demonstration of) cyber attacks on civilian critical infrastructure, or non-kinetic attacks on space assets. Such a move would require the attacked side to respond not in kind but by escalating.
So far, the three scenarios we have described could well undermine stability between the United States and Russia, but need not implicate nuclear stability. Yet consider this: U.S. and Russian nuclear forces rely on information technology and space assets for warning and communications. Attack the right satellites, or attack the right computers, and one side may disrupt the other’s ability to use nuclear weapons – or at least place doubt in the minds of its commanders. As a result, a major cyber and space attack could put nuclear “use-or-lose” in play early in a crisis. While we are generally accustomed to thinking about nuclear use as the highest rung on the escalatory ladder, such pressures – generated via non-nuclear attacks – could bring the horrors of a nuclear exchange closer rather than substituting for them.
There is an array of steps the United States and Russia should take to manage these kinds of possible slides down the slippery slope. The first one, however, is understanding the interplay between advances in cyber and counter-space weapons and bilateral nuclear stability. The implications are potentially vast – and deserve close attention both in the ongoing Nuclear Posture Review and by the Congress.
The views expressed in this article are those of the authors and do not reflect the official policy or position of the Department of Defense or the U.S. government.