Nukefest17: Experts Address Cyber Weapons and Strategic Stability

As a long-time fan of former Under Secretary of Defense for Policy Michèle Flournoy, I jumped at the chance to see her moderate a panel on Cyber Weapons and Strategic Stability at the 2017 Carnegie International Nuclear Policy Conference. Not only would a woman I admire be moderating, but the discussion would be directly relevant to a project I work on at NTI—our Cyber-Nuclear Weapons Study Group. This group of former senior military and government officials is working to determine the implication of cyber threats to nuclear command and control systems for U.S. nuclear policies and force postures.

Flournoy guided three panelists—Dr. Emily Goldman, of the U.S. Cyber Command/National Security Agency Combined Action Group; Sir David Omand of King’s College London (and, importantly, former Director of the British Government Communications Headquarters (GCHQ) from 1996-1997); and Captain Xu Manshu of the National Defense University of the People’s Liberation Army—through a wide-ranging discussion of some of the most salient questions in this space.

Three key takeaways emerged:

First, the increasing prevalence of cyber can have a serious and escalatory effect in a crisis situation. Finding malware on a sensitive system in peacetime would be unsettling enough—but making that discovery in wartime could have significant, potentially unintended consequences. That makes efforts to re-evaluate nuclear policy and force posture in light of the cyber threat all the more important. 

Second, the fact that cyber weapons can be discovered, reverse-engineered, and re-tooled for use against a different adversary could, over time, make sophisticated cyber weapons more accessible to more people. One example of this phenomenon occurred after Stuxnet was revealed publicly. Soon thereafter, the code that had taken nation-state level resources to construct was dissected and re-used in new cyberweapons. This means that although the most powerful cyber capabilities may be mostly the purview of nation-states today, there is no guarantee that this will hold indefinitely.

Finally, panelists generally agreed that there are few ways to meaningfully apply the theoretical models developed for use in nuclear policy (like deterrence and arms control, for example) in the cyber realm, due to the vast differences between the weapons in question. Where nuclear strikes are attributable, cyberattacks are not always. While we have scientific methods for verifying compliance with nuclear arms control agreements, there are no such solutions in cyberspace. Where a nuclear strike automatically carries serious consequences, a cyberattack does not have to. While an exploded nuclear weapon provides little insight about how to defend against it in the future, a publicly-revealed cyber weapon can be reverse-engineered and, subsequently, defended against—rendering the remainder of a cyber arsenal potentially less useful.

Sir Omand closed out the panel with words that may well prove to be prophetic (and if so, you heard it here first!) He declared of cyberspace, “this is the biggest revolution in human affairs since moveable type.” He also counseled, “We’ve got to learn to live safely with the world we’ve been given.”

NTI is on it. 

March 21, 2017

Most Popular