Cyber plus nuclear equals Uh-Oh

Cyber weapons are different. If you are a state and you let potential enemies know about your arsenal of cyber attacks, you are giving them the opportunity to fix their information systems so that they can neutralize the threat. This means that it is very hard to use cyber weapons to make credible threats against other states. As soon as you have made a credibly-specific threat, you have likely given your target enough information to figure out the vulnerability that you want to exploit.

This means that offensive cyber weapons are better for gathering intelligence or actually taking out military targets than for making threats. In this regard, they are the opposite of nuclear weapons, which are more useful as threats than as battlefield options. Nuclear weapons can create stability because they deter attacks. In effect, they create a stable system of beliefs where no state wants to seriously attack a nuclear power, for fear that this might lead to a conflict that would escalate all the way to nuclear war.

Nuclear weapons and cyber attacks don’t mix well.

Unfortunately, this means that the advantages of cyber operations become an important liability for nuclear deterrence when they are used for “left of launch” attacks on nuclear launch systems. By secretly penetrating another state’s launch system, you may undermine the stable system of beliefs that discourages an attack.

Consider what might happen in a tense standoff between two states that both have nuclear weapons, where one state has penetrated the other state’s launch system, so that it could stop a nuclear counter attack. The state that has penetrated the launch system knows that it has a military advantage. However, if  it reveals the advantage to the target state, the target state will be able to patch its system, destroying the advantage. The target state does not know that it is at a disadvantage, and it cannot be told by the attacker.

The result is that the two states have very different perceptions of the situation. The attacker thinks that there is an imbalance of power, where it has the advantage. The target thinks that there is a balance of power, where both states have nuclear weapons and can deter each other. This means that the first state will be less likely to back down, and might escalate conflict, secure in the knowledge that it can neutralize the other state if necessary. However, the target state may too behave in provocative ways that raise the stakes, since it mistakenly believes that at a certain point the other state will have to back down, for fear of nuclear war. Thus, this creates a situation where each side may be more willing to escalate the tense situation, making it more likely that one state will decide to move toward war.

That is from Eric Gartzke and Jon R. Lindsay, there is more interesting material at the link.


Another way that cyber-weapons are different is that the blueprints are almost identical to the weapon itself. A target which kept voluminous enough logs and backups in a separate secure location could, given sufficient skilled effort, learn everything there was to know about the weapon it was attacked with. Remember, for instance, the analysis of Stuxnet.

So a sustained cyber-weapon attack on N.Korea would have the effect of transferring the technology used in those attacks to N.Korea. A very old quote which may be relevant goes something like 'the Spartans knew “they should not make war often, or too long, with the same enemy, lest they should train and instruct them in war”

Just what we need to calm this, Twitter diplomacy:

I've always wondered what key makes the smile part of that text graphic you are now using for your screen name. If you tell me I won't reveal that you are anon/Rags.

Keys? You are really old.

No doubt.

The ツ symbol is the unicode code point called "katakana letter tu". The code point is 12484 decimal, 0x30C4 hex. To enter it, you need either some combination of keyboard and software that allows entering this range of unicode code points, or you just copy/paste it from any page that shows it, such as unicode tables like this: or this one:

All states have to assign a certain probability that their C4ISR has been, or rapidly can be, penetrated

In the movies, it's possible to hack into any system. In real life, it is easy to protect a critical system like a nuclear weapon launch control system from this form of attack: simply make it an isolated network. Don't hook it up to the internet or any standard PCs that people are doing things like plugging USB sticks into. Then there is no route in for an attacker.

Weapons manufacturing/development is different, because you have a large operation with networked controllers and desktop PCs for employees, the latter of which are a vulnerability. This is how Stuxnet worked. But you wouldn't have Stuxnet for a launch control system, absent an incredibly stupid design.

The command to launch the missiles still has to be given. If the systems involved in giving the command have been compromised, then retaliation becomes more difficult.

What about smoke signals?

Nuclear weapons systems existed in 1965. In the worst case, why can't the (unhackable) launch systems of 1965 be used?

I question whether the cyber-superior state would even know for sure that they can truly stop a launch without actually testing it, which would be suicidal. The nuclear triad is one known example of redundancy, but there are likely many more that are secret. Not just in the US but all nuclear states.

But they have viruses now that can jump the air gap (at least for Windows OS machines). Might they come up with something equivalent for older systems? Maybe something you can beam and jam a old analog system with?


Simply don't build TCP/IP or USB stacks into nuclear launch systems. They should only run on embedded systems with no external ports, besides a keyboard for public-key verification. Keep input bandwidth physically rate-limited to 100 bytes/minute. Wipe and reset any transient state at the end of each hour.

Even if an attacker gains physical access to the port somehow, and even if an exploit is found, it would be far to difficult to inject. An attacker is limited to 6 KB of input. For comparison the Stuxnet exploit relies on at least several MB of injection.

It's not the launch system you want to hack. In terms of MAD, we wouldn't want to be able to remote issue launch orders for Russia's missiles. It's the system that issues the authorization to launch that you want to hack.

How is the probability that cyber attacks can successfully stop nuclear weapons different from the probability that a missile defense system can do this? Sure the former might be higher than the latter, but that simply means that you need more nuclear weapons to deter an attack and sustain the previous set of beliefs. They still take a value between 0 and 1.

I think that we can expect to see an increase in the number of nuclear missiles in the future. There might also be different launch systems which will decrease the number of missiles. Although, this might also increase the probability of an accident.

It is much more likely that the probabilities related to a missile defense system could be reasonably accurate, thus avoiding the situation behind the escalationary situation presented.

It's mainly contingent on the one party not knowing about the vulnerability.

The parties in the model will know the structure of the model. They will know that they are vulnerable and that the other party will not let them know about it. This let's them adjust their probability. It's no different that one party might not let them know that they have a superior missile defense system.

It's harder to hide a missile defense system than a package of code. For starters, the testing is rather conspicuous.

Part of the problem with a missile defense system is that it does indeed destabilize the balance of terror. If on side started deploying a massive missile defense system that could take out hundreds or thousands of incoming missiles, there's a strong argument that the other side should take their fleeting shot at a first strike before the system comes online.

So, cyber weapons are pretty much the equivalent of a supposedly effective (but untested) anti-missile defense? Except for being more secret, of course.

And does anyone seriously think that a minor (India, Pakistan, etc.) nuclear power's launch systems (think aircraft and cruise missiles and medium range ballistic missiles) can be taken down by a single cyber weapon? Or that the defenses that such a nuclear power have to stop an attack (think anti-aircraft systems, including something like the Russian S300 or America's Patriot) are also open to cyber attack? Odd as this might sound, not everything is hooked up to networked computers.

And to think that North Korea is particularly vulnerable to cyber weapons is truly amusing - the North Koreans have basically been holding Seoul hostage for decades, without nuclear weapons. And though undoubtedly the North Koreans are working as diligently as possible, their 'H-bomb' has a yield around that of Fat Man in 1945.

Yes, the link is also mandatory -

Cyber plus nuclear equals Uh-Oh

Did anyone else read that and think "Gundam vs. Godzilla"? It is probably in production already.

Machiavelli said that any stabbing that does not kill its target is inevitably fatal. Messing with another country's nuclear facilities is asking for a whole world of hurt. You may think that you can do it anonymously and comprehensively, but can you be sure? Not even the US has messed around with North Korea's nuclear program.

War Games (1983) is a film that involves some related scenarios and issues.

Of course, the cyber attack and the nuclear threat could come from different states. For example, Russia and North Korea. Why would Russia collaborate with North Korea? But here's the current conundrum: accuracy and yield. America has been developing weapons with much greater accuracy and much lower yield, the former permitting the latter. Indeed, the yield of the most advanced weapons can be adjusted while it's on the way to the target. Why lower yield? To reduce casualties: less accurate weapons require greater yield, to make sure the target is hit. More accurate weapons means fewer casualties. Now give that some thought. The main deterrent to a first strike is the likely large number of casualties. Reduce the number of casualties, reduce the deterrent. That these new weapons can be adjusted mid-flight certainly gives me pause, but greater comfort they won't be used in a first strike (because of the risk of a cyber attack). The thought of Trump up during the night contemplating a strategic first strike with one of these weapons should keep all of us up during the night. Maybe Trump will let us know of his order for a first strike via twitter.

Game Theory 101 with information assymetry.

Let's assume that each country faces a probability that its systems were degraded, or that one party claims the other's system IS degraded but that person will never know it until it tries to use the system. Assume that one party has many more weapons, weapon systems, and platforms.

Let's assume that the party whom the other claims has degraded weapons has relatively few weapons and faces a budget constraint (a riotous public clamoring for food), and has a choice of expanding the number of warheads (at great cost) or keeping weapons and denying the claim of the other party, or spending much time and effort to check its existing systems.

Figure out the equilibrium.

Now ask: what if the information is false. With the misinformation you have caused the other party to expend more money to check systems, or to expend more money to buy many more weapons, some of which, in their mind, may also be defective.

The smartest people in the world are on this, and that isn't us, so why worry?

This is the specific reason why nuclear weapons' security is low tech, and they are usually non-networked.
Famously, the British nuclear deterrent has no electronic securities whatsoever. It is strongly suspected that the same holds true for the Indian and Pakistani ones, that is probably held in non-ready state.

It seems to me that the simple way to solve this problem is for the country that fixed the software to prevent an intrusion states that they did so. It reminds me of this exchange from Dr. Strangelove:

Dr. Strangelove: Of course, the whole point of a Doomsday Machine is lost, if you *keep* it a *secret*! Why didn't you tell the world, EH?

Ambassador de Sadesky: It was to be announced at the Party Congress on Monday. As you know, the Premier loves surprises.

I'm quite disappointed. I was just on US Missile Command's web site, and for some reason they wanted a 5 digit pin and user lD to get to the launch page. I'll let you know if my IGropeMelanijaNightly1 ID works.

Looks like I have to throw out my copies of On Thermonuclear War -- and -- On Escalation -- by Herman Kahn -- after all this time.

Comments for this post are closed