Wednesday, March 6, 2019

NUCLEAR WEAPONS AND CYBER ATTACKS: "The only winning strategy is not to play."

Depiction of computer-controlled nuclear warfare, c. 1983: WarGames.

Several weeks ago, I wrote a post about the nature of risk stemming from nuclear weapons. In that post, I focused on the singular and calamitous nature of that aggregate risk, and encourage people to avoid getting distracted by trying to pin down the precise probabilities associated with particular "what-ifs" (e.g. accident vs. superpower conflict vs. act of terrorism vs. . . . . ).

I have come to wonder, however, if there isn't one particular "what-if" that we should all study in more detail: cyberwar. As I learn more and more about cybersecurity (and cyberwar), it becomes apparent that no one is immune from hacking. You can try to minimize it, but you can't make yourself 100% immune. That means the only rational strategy is to minimize the danger of the thing that is vulnerable to hacking.

My hypothesis is that hacking poses such an enormous threat to the ability of the US military to maintain control over US nuclear weapons that very soon responsible military officers will begin to advise the US government that getting rid of these weapons is the only safe option. If this hypothesis is correct, I further hypothesize that there is a role for US citizens to play in counseling their representatives in Congress to be alert to these warnings and act accordingly.

The idea that the US military is relying more and more on autonomous weapons is not new to me. (See, for instance, my work on the No Drones Network.) Nor is the idea that humans are losing control to the machines. (See "Drone to Human: Leave the Thinking to Me") What does seem new is that Artificial Intelligence (AI) is entering the mainstream, and so is discussion of cyberwar as a major facet of armed conflict. This leads me to believe that this is a concern that every member of Congress will feel the need to be alert to.

As far back as 1983, the popular film WarGames painted a picture of what might happen if hackers successfully infiltrated nuclear weapons systems. In that fictional treatment, a super-intelligent computer played a game-turned-confrontation entitled "global thermonuclear war" -- and ultimately provided the counsel, "The only winning strategy is not to play." Will we be lucky enough to heed this advice in real life?

RESOURCES on nuclear weapons and cybersecurity

Recent articles

"Defense industry grapples with cybersecurity flaws in new weapons systems," by Aaron Gregg, Washington Post, October 14, 2018. This article reports on a full GAO report listed under Other related reports and documents below. "The threat is pervasive and dynamic — it isn’t going away and will never be fully defeated." What does this mean for nuclear weapons, in which even a single successful hack could result in millions of deaths?

"Cyber-attack risk on nuclear weapons systems 'relatively high' – thinktank," by Ewan MacAskill in The Guardian, January 10, 2018. Cites Chatham House report (below).

"As America’s Nukes and Sensors Get More Connected, the Risk of Cyber Attack Is Growing," by Patrick Tucker in Defense One, January 17, 2018. References the Chatham House report (below), plus pending study by the Air Force Scientific Advisory Board.

Recent books

Hacking the Bomb: Cyber Threats and Nuclear Weapons (2018), by Andrew Futter

The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age (2018), by David Sanger.

Command and Control: Nuclear Weapons, the Damascus Accident, and the Illusion of Safety (2013), by Eric Schlosser.

Other related reports and documents

"Missing from the 2019 Missile Defense Review: Cybersecurity," by Lauren Borja in Bulletin of the Atomic Scientists, February 22, 2019. See also report immediately below.

"Cyber Vulnerabilities and Nuclear Weapons Risks," by Lauren J. Borja and M. V. Ramana, American Physical Society Forum on Physics and Society. (Published subsequent to GAO 2018 report below.)

"WEAPON SYSTEMS CYBERSECURITY: DOD Just Beginning to Grapple with Scale of Vulnerabilities," US General Accounting Office (GAO), October 2018. Report submitted to Senate Armed Forces Committee.

"Cybersecurity of Nuclear Weapons Systems: Threats, Vulnerabilities and Consequences.," by Beyza Unal and Patricia Lewis at Chatham House, January 2018. "It is unlikely that nuclear weapons possessing governments will be forthcoming in public or with each other on the cyber vulnerabilities of nuclear weapons systems. . . . [I]t is vital that academics, thinktanks and NGOs press for information and reassurances from governments that such issues are being addressed, and that those governments are holding open discussions with the public, including the media and parliamentarians. After all, it is the public that will pay the ultimate price for complacency regarding cybersecurity of nuclear weapons systems."

Final Report of the Defense Science Board (DSB) Task Force on Cyber Deterrence, February 2017. Includes as one of its guiding principles this sobering statement: " practice cyber arms control is not viable ..." (How then to keep a nuclear arsenal "safe"?)

"Thermonuclear cyberwar" by Erik Gartzke and Jon R. Lindsay in Journal of Cybersecurity, March 2017.

Department of Defense Directive 3150.02 "DoD Nuclear Weapons Surety Program" (update August 31, 2018)

"Nuclear Deterrence in Cyber-ia," by Stephen J. Cimbala, Air and Space Power Journal, Fall 2016.

"Nuclear Deterrence and Cyber: The Quest for Concept," by Stephen J. Cimbala, Air and Space Power Journal, March-April 2014.

No comments:

Post a Comment