Atomic Pulse

Cyber Threats to Nuclear Weapons: Should We Worry? A conversation with Dr. Andrew Futter

Last year, in an article
for the European Leadership
Network
,
Dr.
Andrew Futter
, an associate professor of international politics at
the University of Leicester in the United Kingdom, asked an important question:
Is the United Kingdom’s nuclear arsenal safe from cyberattack?

 NTI has convened a group
of former military and government officials
, as well as
other experts, to try to answer this question with respect to U.S. nuclear
weapons and develop policy recommendations for addressing the cyber threat to
nuclear weapons. As a leading voice on this topic, Dr. Futter is a key member
of this group.

 Here, in his first interview for Atomic Pulse, Dr.
Futter talks about why we should be concerned about cyber threats to nuclear
weapons.

For our
readers who are new to this topic, what does “cyber” actually mean?

 The term “cyber” is used differently by different
people and states. But it is perhaps best thought of as involving computers,
digital networks, and information technology. In this sense, “cyber” is both a
context that impacts every aspect of our daily lives and a set of capabilities,
tools, and possibly weapons.

Could a hacker
actually detonate a nuclear weapon or launch a nuclear missile?

 I think that we must assume the answer is yes,
although in my view it is very, very unlikely and varies according to the
actor and system involved. The most vulnerable systems are probably those that
are the most modern and complex, and particularly those systems that control nuclear
weapons held on high alert. Nuclear weapons software and associated systems could
be altered as they are being built, electronic signals might somehow be sent to
nuclear weapons, or perhaps hackers could seek to precipitate nuclear use
indirectly by misleading those systems and manipulating the information that they
rely upon.

 However, we must also consider who would want to do
this. The most sophisticated hackers are state based and it is difficult to see
why they would want to cause a nuclear launch or explosion. It is more likely
that these hackers would want to stop the systems from working.
 

What first brought your attention to this issue?

Cyber hype appeared to be everywhere, and everything was apparently vulnerable to “hackers,” but no one seemed to have given much thought about what this might mean for nuclear weapons. The obvious question was, “Could hackers cause a nuclear launch?” 

Given my previous work on ballistic missile defense, advanced conventional weapons, and challenges to nuclear stability, this seemed an obvious question to explore.    

What is the
most surprising fact you have learned in your research on this issue?

I was surprised by three things. First, was the
overwhelming confidence of government and military officials in several countries
that I spoke with that their systems could not be hacked. Second, was the way
that so much of the cyber debate is hindered by a lack of an accepted
definition or common understanding of what cyber means.
  Third, was the extent to which humans and the
human-computer interface are often the easiest target and biggest security risk
in cyber operations.

 

What are the
international implications of this threat? Should we be more worried about
certain regions, or is this a concern for any country with nuclear weapons?

The threat applies to all nuclear-armed states, but it
seems to be most serious for countries that keep systems on high alert–ready to
be used quickly; countries where nuclear and conventional weapons share command
and control and early warning systems; countries that exist in a heightened
threat environment; and countries that are geographically close to each other
making warning times shorter. Although the nuclear-cyber nexus is therefore
perhaps most pronounced in the U.S.-Russia and U.S.-China relationships,
perhaps the greatest worry is in South Asia. The threat is also dependent on
how digitally sophisticated and networked a nation’s nuclear systems are;
older, simpler systems with less pressure placed upon them will probably be
more secure.
 

In the race to
protect nuclear weapons systems from hackers, who is winning?
 

Because so much of this information is classified,
it’s hard to tell. But it seems to me that states have (finally) woken up to
the possibly of hackers interfering with nuclear weapons systems in recent
years and have begun to include this in their planning. However, the move
toward more complex and interconnected systems for nuclear weapons and nuclear
weapons management is, in my opinion, a dangerous development that will
increase the risks of hackers getting in or simply of things going wrong.
This is because more complex systems
will contain more software bugs and will be more difficult to understand, which
in turn increases the likelihood of mistakes, accidents and unintended
consequences. This is especially the case during a crisis where these systems will
be under enormous strain a time pressure.

Young people
don’t remember the Cold War, but they are very in touch with cyber-related
issues. How can we get more young people involved in understanding and helping
to address the cyber-nuclear threat?

I think one of the things that has worked really well
in the past when it comes to raising public awareness and the consciousness of
young people in particular, is the use of films and TV dramas.
Dr Strangelove, Threads, War Games, When the Wind Blows, and The Day After Tomorrow, all raised
awareness of the nuclear threat in the past, and this might be a good way
forward today. Eric Schlosser’s book and film,
Command and Control, have been really good in this regard, and I
would like to see more.

What should world
leaders be doing to address this threat?

The first thing is to recognize that this is an
international challenge–no country benefits from hackers getting into nuclear
systems and causing inadvertent or mistaken nuclear use. Some experts have
suggested a moratorium prohibiting attacks on nuclear command and control systems
to which all could sign up. Another option is to share best practices and
intelligence on threats to nuclear systems. It might also be a good idea to
start including discussions of cyber threats as part of broader nuclear arms
control talks–this might begin with some type of agreement about how the term “cyber”
is understood, what it includes, and how it is being used if we are to move
forward on any of these initiatives.

Above all, I would recommend that all nuclear-armed
states keep their nuclear systems
secure
(well protected, isolated from the Internet, etc.),
simple (avoiding digital complexity and unnecessary added
functionality and pressures), and
separate
(from other weapons and control systems), in order to minimize the potential
risks.

Are there any
silver linings? Do you see any hope for progress on this issue?

Yes. The fact we are talking about it today is a good
start—governments officials, academics, and the media have clearly woken up to
this new challenge, and although work and thinking on the threat is just
beginning, we are certainly heading in the right direction.
 

If you could
tell the world one thing about this threat, what would it be?

The cyber threat to nuclear systems is unquestionably
real, but it is far more nuanced than it is often portrayed. For example, the
biggest risk by far is that of cyber-nuclear espionage—that is, stealing
nuclear operational or design secrets. Also, states are much more likely to
seek to disrupt or disable an opponent’s nuclear systems
than seek to cause a launch or explosion. Finally, although the risk of a third
party or cyber-terrorists hacking into a nuclear system and causing a launch is
real, it is arguably easier for, and more likely, that these groups will seek
to precipitate or deepen a nuclear crisis or cause inadvertent or mistaken nuclear
use. 

Stay Informed

Sign up for our newsletter to get the latest on nuclear and biological threats.

Sign Up


Blundering into a nuclear war in Ukraine: a hypothetical scenario

Atomic Pulse

Blundering into a nuclear war in Ukraine: a hypothetical scenario

Vladimir Putin’s invasion of Ukraine is a prime example of a regional conflict that could inadvertently escalate beyond any of the protagonists’ expectations. History is replete with similar instances of humanity stumbling into devastating conflict.


NTI Seminar: Chris Painter on Avoiding Nuclear Escalation from Cyberattacks

Atomic Pulse

NTI Seminar: Chris Painter on Avoiding Nuclear Escalation from Cyberattacks

What happens “if we can’t rely on the information we have,” asks Christopher Painter, former top U.S. cyber diplomat. In an NTI seminar on January 25, Painter posed this critical question and discussed a range of issues at the intersection of cyber and nuclear security.


See All

Close

My Resources