What are the
international implications of this threat? Should we be more worried about
certain regions, or is this a concern for any country with nuclear weapons?
The threat applies to all nuclear-armed states, but it
seems to be most serious for countries that keep systems on high alert–ready to
be used quickly; countries where nuclear and conventional weapons share command
and control and early warning systems; countries that exist in a heightened
threat environment; and countries that are geographically close to each other
making warning times shorter. Although the nuclear-cyber nexus is therefore
perhaps most pronounced in the U.S.-Russia and U.S.-China relationships,
perhaps the greatest worry is in South Asia. The threat is also dependent on
how digitally sophisticated and networked a nation’s nuclear systems are;
older, simpler systems with less pressure placed upon them will probably be
In the race to
protect nuclear weapons systems from hackers, who is winning?
Because so much of this information is classified,
it’s hard to tell. But it seems to me that states have (finally) woken up to
the possibly of hackers interfering with nuclear weapons systems in recent
years and have begun to include this in their planning. However, the move
toward more complex and interconnected systems for nuclear weapons and nuclear
weapons management is, in my opinion, a dangerous development that will
increase the risks of hackers getting in or simply of things going wrong. This is because more complex systems
will contain more software bugs and will be more difficult to understand, which
in turn increases the likelihood of mistakes, accidents and unintended
consequences. This is especially the case during a crisis where these systems will
be under enormous strain a time pressure.
don’t remember the Cold War, but they are very in touch with cyber-related
issues. How can we get more young people involved in understanding and helping
to address the cyber-nuclear threat?
I think one of the things that has worked really well
in the past when it comes to raising public awareness and the consciousness of
young people in particular, is the use of films and TV dramas. Dr Strangelove, Threads, War Games, When the Wind Blows, and The Day After Tomorrow, all raised
awareness of the nuclear threat in the past, and this might be a good way
forward today. Eric Schlosser’s book and film, Command and Control, have been really good in this regard, and I
would like to see more.
What should world
leaders be doing to address this threat?
The first thing is to recognize that this is an
international challenge–no country benefits from hackers getting into nuclear
systems and causing inadvertent or mistaken nuclear use. Some experts have
suggested a moratorium prohibiting attacks on nuclear command and control systems
to which all could sign up. Another option is to share best practices and
intelligence on threats to nuclear systems. It might also be a good idea to
start including discussions of cyber threats as part of broader nuclear arms
control talks–this might begin with some type of agreement about how the term “cyber”
is understood, what it includes, and how it is being used if we are to move
forward on any of these initiatives.
Above all, I would recommend that all nuclear-armed
states keep their nuclear systems secure
(well protected, isolated from the Internet, etc.), simple (avoiding digital complexity and unnecessary added
functionality and pressures), and separate
(from other weapons and control systems), in order to minimize the potential
Are there any
silver linings? Do you see any hope for progress on this issue?
Yes. The fact we are talking about it today is a good
start—governments officials, academics, and the media have clearly woken up to
this new challenge, and although work and thinking on the threat is just
beginning, we are certainly heading in the right direction.
If you could
tell the world one thing about this threat, what would it be?
The cyber threat to nuclear systems is unquestionably
real, but it is far more nuanced than it is often portrayed. For example, the
biggest risk by far is that of cyber-nuclear espionage—that is, stealing
nuclear operational or design secrets. Also, states are much more likely to
seek to disrupt or disable an opponent’s nuclear systems
than seek to cause a launch or explosion. Finally, although the risk of a third
party or cyber-terrorists hacking into a nuclear system and causing a launch is
real, it is arguably easier for, and more likely, that these groups will seek
to precipitate or deepen a nuclear crisis or cause inadvertent or mistaken nuclear