Members of the 576th Flight Test Squadron monitor an operational test launch of an unarmed Minuteman III missile March 27, 2015, at Vandenberg Air Force Base, Calif.

Members of the 576th Flight Test Squadron monitor an operational test launch of an unarmed Minuteman III missile March 27, 2015, at Vandenberg Air Force Base, Calif. Michael Peterson / U.S. Air Force

Ideas

Cyber and Space Weapons Are Making Nuclear Deterrence Trickier

If you can’t trust your networks or satellite communications in a crisis, ‘use-or-lose’ scenarios get a lot closer.

James Miller and Richard Fontaine

|
By James Miller and Richard Fontaine

Stability was an overriding concern at last week’s Senate Foreign Relations Committee hearing on nuclear command authority, the first in four decades. Senators wondered aloud whether one individual — the American president — should have the sole authority to direct a nuclear attack. The focus is understandable, but there are other challenges to nuclear stability that deserve more attention than they’re getting.

In particular, advances in cyberweapons and counter-space capabilities are creating new pressures on concepts of nuclear deterrence as traditionally construed. As a result, and as we outlined in a recent report, there exists a real and growing possibility of rapid and unintended escalation of any U.S.-Russia crisis or conflict.

Consider three potentially overlapping scenarios.

First, as is increasingly clear, activities that originate in cyberspace could provoke crisis and spread beyond the cyber domain. Over the past several weeks alone, startling new reports have detailed the extent of Russian efforts to influence the 2016 U.S. presidential election and to undermine our democratic system. The Wall Street Journal, for instance, reports that Russian Twitter accounts posing as Americans began their campaign much earlier than previously thought — in June 2015, more than a year before the election. Google reported recently that Russian operatives spent tens of thousands of dollars on Google search, Gmail, and YouTube ads. And Facebook now says that over 120 million users viewed fake content created by Russian operatives.

Such efforts have not been limited to the United States. More than 400 fake Russian-origin Twitter accounts were used to influence the British Brexit vote, according to recent research conducted by the University of Edinburgh. As investigations continue, we will no doubt learn more about Russian influence operations in the United States, the UK, France, and elsewhere.

At the same time, Symantec and other cyber security firms have identified Russian government hackers in widespread penetrations of the U.S. energy sector. The head of Britain’s National Cyber Security Centre announced that Russia had infiltrated his country’s energy, telecommunications, and media sectors.

Cyber penetrations of critical infrastructure amount to what the military calls “preparation of the battlespace.” Russian cyber implants in the United States and other NATO countries provide potential leverage in a crisis, and – if push comes to shove – the ability to impose significant pain through non-kinetic, non-lethal cyber attacks.

The use of such tools is not some hypothetical distant possibility. Russia undertook cyber attacks on Estonia more than a decade ago, and it employed cyber weapons in support of its invasion of Georgia in 2008. Moscow used them again in 2014, both in support of its annexation of Crimea and its military intervention in eastern Ukraine.

Cyber weapons are not, of course, the sole preserve of Russia. Washington has acknowledged its own development of them, and senior U.S. officials have highlighted their use against ISIS.

Their possession by both Russia and the United States complicates traditional notions of strategic stability. Using non-kinetic, non-lethal cyber tools is likely to be very attractive in a crisis, and certainly in a conflict. Yet with both sides possessing the means to disrupt or destroy the other’s military systems and critical infrastructure – both war-supporting infrastructure as well as purely civilian infrastructure - a small “cyber-spark” could prompt rapid escalation. Such an attack could inadvertently “detonate” a cyber weapon that had been intended to lay dormant in the other side’s systems.  Or a spark produced by sub-national actors – “patriotic hackers” inside or outside the government – could generate unintended cascading effects. The spark could even come via a false flag attack, with a third-party trying to pit the United States and Russia against one another.

A second scenario could appear if armed conflict looks likely. At the outset, there would exist strong incentives to use offensive cyber and counter-space capabilities early, in order to negate the other side’s military. The U.S. and Russian militaries depend (though not equally) on information technology and space assets to collect and disseminate intelligence, as well as for command, control, and communications.

Hence the incentive to use non-kinetic cyber or space attacks to degrade the other side’s military, with few if any direct casualties. By moving first, the cyber- or space-attacker could gain military and coercive advantage, while putting the onus on the attacked side to dare escalate with “kinetic” lethal attacks. Would the United States or Russia respond with, say, missile strikes or a bombing campaign in response to some fried computers or dead robots in outer space? Given the doubt that they would, large-scale cyber and space attacks – before a kinetic conflict even starts – are likely to be seen as a low-risk, high-payoff move for both sides.

A third scenario plays out if one side believes that its critical infrastructure and satellites are far less vulnerable than the other side. In that case, a severe crisis or conflict might prompt the country to threaten (and perhaps provide a limited demonstration of) cyber attacks on civilian critical infrastructure, or non-kinetic attacks on space assets. Such a move would require the attacked side to respond not in kind but by escalating.

So far, the three scenarios we have described could well undermine stability between the United States and Russia, but need not implicate nuclear stability. Yet consider this: U.S. and Russian nuclear forces rely on information technology and space assets for warning and communications. Attack the right satellites, or attack the right computers, and one side may disrupt the other’s ability to use nuclear weapons – or at least place doubt in the minds of its commanders. As a result, a major cyber and space attack could put nuclear “use-or-lose” in play early in a crisis. While we are generally accustomed to thinking about nuclear use as the highest rung on the escalatory ladder, such pressures – generated via non-nuclear attacks – could bring the horrors of a nuclear exchange closer rather than substituting for them.

There is an array of steps the United States and Russia should take to manage these kinds of possible slides down the slippery slope. The first one, however, is understanding the interplay between advances in cyber and counter-space weapons and bilateral nuclear stability. The implications are potentially vast – and deserve close attention both in the ongoing Nuclear Posture Review and by the Congress.

The views expressed in this article are those of the authors and do not reflect the official policy or position of the Department of Defense or the U.S. government. 

NEXT STORY: Inside Pakistan’s Biggest Business Conglomerate: The Pakistani Military

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.