A team of Air Force Global Strike Command Airmen from the 90th Missile Wing at F.E. Warren Air Force Base, Wyo., launched an unarmed Minuteman III intercontinental ballistic missile equipped with a test re-entry vehicle from Vandenberg Air Force Base, CA.

A team of Air Force Global Strike Command Airmen from the 90th Missile Wing at F.E. Warren Air Force Base, Wyo., launched an unarmed Minuteman III intercontinental ballistic missile equipped with a test re-entry vehicle from Vandenberg Air Force Base, CA. AIR FORCE / IAN DUDLY

Hacking Into Future Nuclear Weapons: The US Military’s Next Worry

Warheads will be networked, and that presents unique challenges for the U.S. Air Force.

Future nuclear missiles may be siloed but, unlike their predecessors, they’ll exhibit “some level of connectivity to the rest of the warfighting system,” according to Werner J.A. Dahm, the chair of the Air Force Scientific Advisory Board. That opens up new potential for nuclear mishaps that, until now, have never been a part of Pentagon planning. In 2017, the board will undertake a study to see how to meet those concerns. “Obviously the Air Force doesn't conceptualize systems like that without ideas for how they would address those surety concerns,” said Dahm.

It’s no simple or straight-forward undertaking. The last time the United States designed an intercontinental ballistic missile was 1975. At the end of the December, the Air Force Science Board announced that in 2017 they would explore safety and practical concerns of making a missile for the modern age along with other nuclear weapons that fall under the command of the Air Force.

“We have a number of nuclear systems that are in need of recapitalization,” said Dahm, referring to LRSO, ICBMs and the B-21 stealth bomber. In the future, he said, “these systems are going to be quite different from the ones that they may replace. In particular, they will be much more like all systems today, network connected. They'll be cyber enabled.” That connectivity will create new concerns in terms of safety and certification that will almost certainly require changes or additions to current DoD directives.

The study comes at a critical time for the future of U.S. Nuclear Weapons. On December 22, Donald Trump confused and alarmed the world when he tweeted that he would both strengthen and expand America’s nuclear weapons capability. But there was less new in the announcement than might actually appear. In fact, the Obama Administration was working to fullfill the “strengthening” part of that same promise, having already put the United States on track to spend more than $1 trillion on modernization of U.S. nuclear weapons.

For the United States Air Force, the modernization list includes replacing the LGM-30 Minuteman with a new intercontinental ballistic missile (also called a ground-based strategic deterrent,) developing a controversial nuclear-armed cruise missile called the long-range standoff weapon, or LRSO, to building and deploying an entirely new B-21 stealth bomber.

What are “surety concerns?”  Read that to mean how do you make sure that your fancy networked nuclear warfare control system can’t be hijacked or go off accidently.

Before the United States can modernize its nuclear weapons it must first make certain it understands everything that can possibly go wrong. Think back to the classic film ( and book ) Dr. Strangelove, a story very much about surety failure. A crazed Air Force general sends his B-52 wing to destroy their targets in the Soviet Union. Of course, only the President is supposed to be able to call for a nuclear strike, but an obscure contingency plan (Wing Attack Plan R) allows a lower level commander to issue the order in the event that the normal command and control has been disrupted.

The Pentagon can’t call back the wing because the B-52s can no longer receive transmissions unless preceded by specific three-letter code that only the general knows, part of a poorly thought-out safety scheme to protect the airmen from false orders. Even after the recall code is issued and most of the plans abort their missions, one continues on to a new tertiary target, as the plane’s radio has been damaged in combat. (Somehow, the drafters of Wing Attack Plan R forgot to insert a rule ordering pilots back to base when their radios are damaged, rather than continue to target.) The lone B-52 hits its target and sets in motion the end of the world.

Surety failure squared.

According to Defense Department Directive 3150.02 , which outlines the Air Force’s Nuclear Surety Program, the directive assigns “responsibilities for DoD Nuclear Weapons Surety for the oversight of safety, security, and control of U.S. nuclear weapons and nuclear weapon systems in DoD custody.”

“We have formal Air Force documents that detail the formal certification process for nuclear weapons. To what extent do the current models for certifying nuclear systems carry over into these modern, network enabled systems and how would you reconceptualize certification for systems that are likely to come out of these recap programs?” asked Dahm. The 2017 Air Force Scientific Advisory Board study will attempt to answer those questions. The board consists of 50 members that are appointed by the Secretary of Defense and are drawn from academia, industry, and elsewhere. Members serve for four years.

The fact that future nuclear weapons will be far more networked (though not necessarily to the open Internet) will create better safety and oversight, and allow for more coordinated operations. But more connectivity also introduces opens up new potential vulnerabilities and dangers.

“You have to be able to certify that an adversary can't take control of that weapon, that the weapon will be able to do what it's supposed to do when you call on it,” said Dahm. “It isn't just cyber. That's definitely the biggest piece, but …When was the last time we built a new nuclear system? Designed and built one? It's been several decades now. We, as an Air Force, haven't done certification of new nuclear systems in a long time. These systems are different … What are the surety vulnerabilities for such a system, so to speak? How would you address them? How would you certify that the system will work when you need it to work and will do what it's supposed to do?”

That’s what the study will cover.