From left, Vice President Mike Pence speaks with Capt. Kevin O'Neill, 91st Missile Maintenance Squadron maintenance operations officer, beside a LGM-30 Minuteman III intercontinental ballistic missile near Lansford, N.D., Oct. 27, 2017.

From left, Vice President Mike Pence speaks with Capt. Kevin O'Neill, 91st Missile Maintenance Squadron maintenance operations officer, beside a LGM-30 Minuteman III intercontinental ballistic missile near Lansford, N.D., Oct. 27, 2017. U.S. Air Force photo by Senior Airman J.T. Armstrong

Science & Tech

As America’s Nukes and Sensors Get More Connected, the Risk of Cyber Attack Is Growing

Future nuclear weapons will be more sophisticated and better integrated with other equipment. That has benefits and drawbacks.

Patrick Tucker

|
Patrick Tucker
By Patrick Tucker
Science & Technology Editor, Defense One

Building nuclear weapons and warning systems that can be relied upon is harder than it was during the Cold War, thanks to the growing number of digital connections between various parts of the nuclear enterprise. Those links are intended to improve everything from commanders’ response times to the accuracy of missile defenses, but they also provide more avenues of attack and make it harder to know your exact level of readiness, according to new reports from U.S. Air Force advisors and a London think tank.  

The U.S. military is planning to revamp its nuclear weapons arsenal, including the gear that would detect enemy launches and the command-and-control systems that would facilitate a response. A draft of the Nuclear Posture Review that leaked to the Huffington Post urges the United States to “Strengthen Protection Against Cyber Threats” in order to “ensure the continuing availability of U.S.-produced information technology necessary for the [nuclear command, control, and communication] system.” But it also calls for a lot more digital links between the various parts of the nuclear enterprise, particularly among the systems intended to spot enemy missiles.

More sensors trading more data can give leaders more time to respond to launch reports, help prevent false alarms, increase the chance of intercepting incoming missiles, and give leaders more time to decide how to respond to data indicating an incoming missile. But more links and data exchanges also makes cybersecurity harder.

Last September, the Air Force Science Board released a major study into “surety” for next-generation nuclear weapons — that is, making sure that control networks can’t be incapacitated or, worse, made to convey incorrect information. The board, which hadn’t certified a nuclear program since the B-2 bomber, found that surety has become a bigger task in the era of interconnected weapons.

Board chair James Chow noted that the United States is about to build many new weapons and pieces of equipment, including a new bomber, new ICBMs, and new nuclear cruise missiles.

“These nuclear systems are increasingly reliant on cyber-enabled components. The adversary has advanced its capability to threaten those nuclear weapon systems, including that cyber and supply chain. The demand for the capability to certify this advanced number … of new systems that will be coming online and be able to protect them in this new type of threat environment …there certainly were resource constraints that might limit their ability to certify that number of upcoming systems,” Chow told reporters.

When asked if more digital interlinks among weapons made it harder to certify and secure them, Chow took a diplomatic evasion. Difficult was not the right word. “It’s more complicated,” he said. “The proliferation of those sorts of technologies, its a fact of life of on our weapons systems. There are new tools to provide cyber resilience to reduce your risk… the study found we need to consider those and come up with metrics that can help the decision maker.” Resilience in the context of digital and computer program functioning generally means ensuring that programs or systems continue to function as designed even when under cyber attack.    

A new report from London-based think tank Chatham House notes that while some risks associated with nuclear weapons have been around for decades, “new technology has exacerbated these risks. With each new digital component embedded in the nuclear weapons enterprise, new threat vectors may emerge.”

During the Cold War, for instance, the United States could much better guarantee the provenance of the microchips, microelectronic components, and other pieces of computer and digital equipment. In 2018, that becomes harder to do, especially as you loop in more pieces of complex equipment.

It’s not just a U.S. problem. Take North Korea, which imports almost all of the camera equipment, pressure transmitters, and computer parts used in its nuclear weapons program.

“With such a number of outsourced items it seems clear that the North Korean missile programme is vulnerable to cyber infiltration, at least through the supply chain,” says the report.

“The vulnerability of North Korea’s nuclear weapons programme to cyber infiltration in turn raises questions regarding the cybersecurity of other nations that possess nuclear weapons,” the report concludes.

The review says that the U.S. should rely on domestic sourcing for components, but as the number of sensors, satellites, and pieces of IT aimed at the North Korean problem grows — and as those pieces become more complex — that becomes harder to do.

Consider the Space-Based Infrared System satellites, which watch for the heat of rocket launches and missile tests. Unlike the older constellation they are replacing, SBIRS satellites have two sensor systems: one to scan wide areas and one to zoom in on suspected launches. They are intended to give military commanders more time to react, and to feed tracking data to anti-missile defenses.

“I can think of two areas of vulnerability here,” said Chatham House researcher Beyza Unal. Both concern SBIRS’ ground-based command-and-control links and its backup mission control station. “One is the physical security of these locations from any incoming attacks, especially considering the possibility of a low-yield nuclear weapons use or limited nuclear war scenario. Second is the possibility of manipulation of hardware or software in these locations. What happens if hardware or software is compromised? The Enhance Integrated Tactical Warning and Attack Assessment—which is mentioned both in the [posture review] and in our report—may not be able to detect attacks in a timely manner or the information it receives may not be reliable or have been compromised,” Unal said.

So cyber insecurity is more than just a complicating factor for the United States as it builds new nuclear weapons. It changes the entire cost-benefit analysis. North Korea doesn’t have to hack locations or components, it just has to credibly threaten to do so. If you can’t be sure that your nuclear response has not been hacked, then you aren’t effectively deterring anything. And that’s the only reason to have nuclear weapons.

“A compromised nuclear system that cannot be trusted and lacks credibility will undermine nuclear deterrence and its rationale. Additionally, the assurances that nuclear weapons states make to allies would likely lose their reliability if an adversary could successfully hack into the nuclear weapons systems on which several countries rely,” the report notes.

NEXT STORY: DHS Offers to Vet States’ Voting Systems. But Will They Ask for Help?

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.