Cyber-Nuclear Nexus: How Uncertainty Threatens Deterrence
By Eva-Nour Repussard. Originally published on 10 May 2023 by Next Generation Nuclear Network on its website.
The cyber-nuclear nexus—or, simply put, cyberattacks on nuclear weapons and their delivery systems—poses a threat to second strike certainty.
As nuclear weapons and their delivery systems become more advanced and reliant on computers, they intrinsically become more vulnerable to cyberattacks. Such increased reliance on computers can be seen with the French future generation of strategic bomber Rafale F4, which will be heavily connected. The more networked a system is, the more vulnerable it is to cyber-attacks: Indeed, according to the United States Government Accountability Office, the F-35 might be extremely vulnerable to cyberattacks due to its heavily networked ‘Autonomic Logistics Information System’.
The potential vulnerability of nuclear or nuclear-capable systems to cyberattacks, combined with the difficulty of detecting those attacks, creates second strike uncertainty for Nuclear Weapons States (NWS) and thereby threatens strategic stability. Advanced cyber operations, such as presence based cyberattacks, are often secretive and, unlike kinetic attacks, can hide their infiltration into their target’s system so the targeted entity has no knowledge that its system has been breached. Cyberattacks can thus pose a latent threat to nuclear systems. The infamous Stuxnet worm clearly illustrates this possibility—Iranian authorities only identified the breach in 2010, four years after an early version of Stuxnet had seemingly infiltrated the facilities.
In this article, I first discuss how the cyber-nuclear nexus poses a direct threat to second strike capability certainty and then discuss the consequences of said uncertainty for strategic stability. Finally, I propose solutions to maintain second strike certainty, notably through the reduction of nuclear weapons systems’ vulnerability, declaratory policies on restraint, and cyber resilience.
The Cyber-Nuclear Nexus and Threats to Second Strike Capability
The cyber-nuclear nexus—or, simply put, cyberattacks on nuclear weapons and their delivery systems—poses a threat to second strike certainty. Deterrence by punishment requires second-strike capability: a state’s assured ability to respond to a nuclear attack with a nuclear attack. If nuclear-armed rivals do not have second-strike certainty, strategic stability is jeopardized, since they will face stronger incentives for first use.
There are several ways in which a cyberattack could succeed in disabling or preventing a successful nuclear launch: for example, it could disrupt early-warning systems, interrupt communications so that a ‘go code’ can’t be received, create clandestine pathways to missile command and control systems, compromise delivery systems’ software or hardware, etc. No nuclear system is invulnerable to cyberattacks—not even air-gapped systems, such as SSBNs. Air-gapped systems are isolated from unsecured networks and not directly connected to the internet. They are also physically isolated, meaning that data can only be passed to them physically (through a USB for example). While air-gapping offers an additional layer of protection, it does eliminate vulnerability; the Natanz facility mentioned earlier was known to be air-gapped but malware still reached the facilities’ computers, possibly through an employee’s USB drive.
Due to the secrecy of both the nuclear and cyber domains, there are very few unclassified examples of cyberattacks on nuclear weapons and their delivery systems. However, it is believed that the United States successfully carried out left-of-launch cyberattacks against North Korea in 2017, which may have resulted in faulty launches by the DPRK. There is publicly available information showing that the United States has been seeking to counter North Korean nuclear missile threat through cyberattacks since at least 2014, rather than solely countering the threat through more standard and costly ways, such as ballistic missile defense systems. While there is no concrete evidence that the failed North Korean tests were the result of U.S. cyberattacks, the consequences for strategic stability remain the same: decision makers must now account for the fact that their deterrence capabilities are increasingly vulnerable to disabling cyberattacks.
Implications for Strategic Stability
Strategic stability, understood as ‘the absence of incentives for any country to launch a first nuclear strike’, requires two key components: second-strike capability certainty and mutual vulnerability. Uncertainties regarding the positive command and control of nuclear weapons affect nuclear-armed states’ decision-making processes and nuclear strategies, and thereby impact strategic stability. To maintain its second-strike capability in light of possibly disabling cyberattacks, decision makers could expand their states’ arsenal of delivery systems or develop a nuclear triad to increase their options in case one of their means of delivery has been disabled. Such actions could be perceived by other states as aggressive, generating spiraling military competition. Cyberattacks could also be used to support a counterforce strategy, thus increasing temptations by states to start and win a nuclear war. On the other hand, if decision-makers believe that their systems have been breached and fear they might have lost second strike capability entirely, they may be tempted to pre-emptively use their nuclear weapons in a ‘use-it-or-lose-it’ scenario. Cyberattacks are thus extremely destabilizing, as their existence alone can instill doubt, and thereby trigger inadvertent escalation.
Protecting Second Strike Capability
Fortunately, there are a few ways in which NWS can unilaterally secure their second-strike capabilities against cyberattacks. First and foremost, NWS should seek to increase the cost and the difficulty for a potential aggressor to successfully carry out a cyberattack. This can be achieved through cybersecurity measures such as reducing the attack surface (i.e., reducing the number of points where an attacker can try to access a system). For example, air-gapping can effectively increase the cost of a cyberoperation: Stuxnet cost hundreds of millions of dollars to carry out. Second, NWS should, in both de facto and declaratory policy, refrain from launching cyberattacks against adversaries’ nuclear systems. Even without verification, proscribing cyberattacks against nuclear systems in official policy will set norms in the cyber-nuclear nexus space and potentially reduce adversaries’ fears of cyberattacks. This will also prevent a targeted country from copying malware used against it for use against its initial attacker (as has happened before).
Conclusion
Cyberattacks represent a genuine threat to nuclear weapons and their delivery systems—however, such threats are still in their infancy: the risk of debilitating cyberattacks will increase as cyber capabilities grow (notably with the help of AI) and nuclear weapons and their delivery systems become more reliant on computers. While there are unilateral measures that NWS can take to protect their second-strike capabilities against cyberattacks, those measures will not address the root of the problem. In the interest of strategic stability—and despite the current security environment—NWS should now start to think about how to create a verifiable and implementable arms control regime around the cyber-nuclear nexus, before it is too late.
The views expressed in this article do not represent the views of the Center for Strategic and International Studies or the Project on Nuclear Issues.