Digitization and Automation of U.S. Nuclear Arsenal Carries Significant Risks along with Benefits, Says New NTI Study

Security and Reliability Questions Must Be Answered Before New Technologies are Integrated with Nuclear Weapons and Systems

Washington, DC – A new report from the Nuclear Threat Initiative (NTI), U.S. Nuclear Weapons Modernization: Security and Policy Implications of Integrating Digital Technology, warns that the digitization and automation plans for the first major upgrade of the U.S. nuclear weapons systems in nearly 40 years carry significant risks and uncertainties alongside key benefits. The report calls on the U.S. government to prioritize protecting new digital systems from cyberattacks before they are integrated with the U.S. nuclear arsenal.

“There’s no question that many older systems need updating or replacing. But digital security against sophisticated adversaries must be as high a priority as performance,” said Ernest J. Moniz, Co-Chair and CEO of NTI. “Updates must be carefully evaluated and tested to ensure they don’t introduce new vulnerabilities to the most lethal weapons on the planet.”

The United States is engaged in an expansive and complex trillion-dollar program to update and modernize its entire nuclear arsenal of bombers, submarines, and ground-based missiles, as well as bombs, warheads, and command, control, and communication networks. The program will increase reliance on digital components and incorporate limited automation. Machine learning applications will provide some essential functions relevant to nuclear decision-making, and analog systems largely will be replaced with digital systems.

Cyber risks associated with the upgrades come in a variety of forms. For example, a cyberattack could deny access to critical systems in a crisis, interfere with physical security systems that protect nuclear weapons, or insert inaccurate data and information. If not addressed, such risks could undermine confidence in a nuclear weapon or related system.

Relying on open-source information—including budget documents, official statements, and press reports regarding how digital systems and automation will be included in the modernization effort—the report makes three key recommendations for military and civilian leaders in the Departments of Defense and Energy, as well as those in oversight roles in the executive branch and Congress:

1. Prioritize digital security and reliability alongside cost, schedule, and performance. In addition to these traditional objectives for developing weapons, program managers must focus on ensuring that digital systems perform as needed, including in the face of a determined adversary. Digital systems should meet clearly established security and reliability thresholds before joining the nuclear enterprise.
2. Establish tailored test and evaluation controls. Digital systems present new testing and evaluation challenges, and procedures must be in place to confirm that a system is ready for operational use. This is especially critical for high-consequence systems, first and foremost the nuclear deterrent.
3. Consider the implications of digitization for U.S. nuclear policy and posture. U.S. nuclear deterrence policies are updated on a regular basis to reflect the geopolitical situation and other factors. As modernization proceeds in the coming years and decades, U.S. nuclear policies, strategy, and force posture must take into account the implications of a digitized deterrent in the United States and in other countries with nuclear weapons.

“If the new digital systems integrated into U.S. nuclear weapons are not protected from escalating cyber threats, or if added automation can’t be trusted, the confidence that leaders in the United States and other nuclear weapons states place in nuclear weapons systems will erode, undermining nuclear deterrence and, potentially, strategic stability,” said Page Stoutland, NTI vice president for scientific and technical affairs and co-author of the report.

“The modernization of the U.S. nuclear deterrent will be a product of its time, incorporating digitization and in some instances, machine learning tools. It is essential to recognize and mitigate the technical risks posed by new technologies early in the development and acquisition process—before they are deployed or operational and become much more challenging to address,” said co-author Erin Dumbacher, senior program officer.

About the Authors

Erin D. Dumbacher is a senior program officer at NTI focusing on technology and nuclear security. She is a former strategy and research director in the private sector and received her M.A. from the Johns Hopkins University School of Advanced International Studies. She began studying cyber and international security issues in Estonia in 2010 through a Fulbright Fellowship.

Page Stoutland, Ph.D., is responsible for NTI’s scientific and technically related projects designed to strengthen nuclear security and reduce risks around the world. He spent 10 years at Lawrence Livermore National Laboratory where he held a number of senior positions. His previous reports include Nuclear Weapons in the New Cyber Age and Outpacing Cyber Threats: Priorities for Cybersecurity at Nuclear Facilities.

The Nuclear Threat Initiative (NTI) is a nonprofit global security organization focused on the reduction of nuclear and biological threats imperiling humanity.

###