Research paper

Threats, Vulnerabilities and Consequences

Image source/description: Launch Control Center control panel for the Minuteman III nuclear intercontinental ballistic missiles located in New Ramer, Colorado.
Cybersecurity of Nuclear Weapons Systems

Summary

  • Nuclear weapons systems were first developed at a time when computer capabilities were in their infancy and little consideration was given to potential malicious cyber vulnerabilities. Many of the assumptions on which current nuclear strategies are based pre-date the current widespread use of digital technology in nuclear command, control and communication systems.
  • There are a number of vulnerabilities and pathways through which a malicious actor may infiltrate a nuclear weapons system without a state’s knowledge. Human error, system failures, design vulnerabilities, and susceptibilities within the supply chain all represent common security issues in nuclear weapons systems. Cyberattack methods such as data manipulation, digital jamming and cyber spoofing could jeopardize the integrity of communication, leading to increased uncertainty in decision-making.
  • During peacetime, offensive cyber activities would create a dilemma for a state as it may not know whether its systems have been the subject of a cyberattack. This unknown could have implications for military decision-making, particularly for decisions affecting nuclear weapons deterrence policies.
  • At times of heightened tension, cyberattacks on nuclear weapons systems could cause an escalation, which results in their use. Inadvertent nuclear launches could stem from an unwitting reliance on false information and data. Moreover, a system that is compromised cannot be trusted in decision-making.
  • Possible cyber resilience measures include taking a holistic approach in creating trustworthy systems based on rigorous risk assessments. These should incorporate an analysis of a combination of threats, vulnerabilities and consequences.
  • It is the responsibility of nuclear weapons states to incorporate cyber risk reduction measures in nuclear command, control and communication systems. Although some information is publicly available on US weapons systems, there is very little information regarding other nuclear weapons states. Academia and civil society should be encouraged to bring this issue to the attention of their government.
Top