New report from the Nuclear Threat Initiative: "Nuclear Weapons in the New Cyber Age"

Large-scale use of nuclear weapons is a prominent scenario for anthropogenic global catastrophic risk.

It has been so since the 60s, with the creation of giant weapon stockpiles in the USA and the USSR and the establishment of Mutually Assured Destruction (MAD). Decades-long experience of the ever-present threat of nuclear war (and the possibility of nuclear winter) led to the creation of an elaborate set of global and national institutions responsible for governing the risk and keeping it "under control". The steady-state nature of the risk, and the national security secrecy barrier, means this risk is not often examined by CSER and other centres in the GCR/X-Risk space, but when we do (e.g. the set of excellent papers by the Global Catastophic Risk Institute [GCRI] and the video by the Future of Life Institute [FLI]) the results suggest a state-risk that is not entirely comfortable.

In addition to the steady-state risk of nuclear war, we also need to be mindful of factors that change the probability of nuclear war - changes in norms, geopolitical changes, proliferation of nuclear weapons, and technological changes. One aspect of the changing technological landscape affecting nuclear weapons is the growing capacity by state and non-state actors to carry out sophisticated cyberattacks, the focus of a new report by the Nuclear Threat Initiative (NTI). They find that nuclear weapons and related systems are increasingly vulnerable to sophisticated cyberattacks, and nuclear-armed states must cooperate and accelerate efforts to prevent an attack that could have catastrophic consequences.

The report finds that cyber threats to nuclear weapons and related systems — including nuclear planning systems, early warning systems, communication systems, and delivery systems — increase the risk of unauthorised use of a nuclear weapon, increase the risk of nuclear use as a result of false warnings, and could undermine confidence in the nuclear deterrent. This is because the speed, stealth, unpredictability, and challenges of attribution of any particular cyberattack make it increasingly difficult to anticipate, deter, and defend against all cyber threats.

“The world’s most lethal weapons are vulnerable to stealthy attacks from stealthy enemies—attacks that could have catastrophic consequences”

“The world’s most lethal weapons are vulnerable to stealthy attacks from stealthy enemies—attacks that could have catastrophic consequences,” Study Group Co-Chairs Ernest J. Moniz, Sam Nunn, and Des Browne write in the foreword to the report. “Today, that fact remains the chilling reality. Cyber threats are expanding and evolving at a breathtaking rate, and governments are not keeping pace. It is essential that the U.S. government and all nuclear-armed states catch up with — indeed, get ahead of — this threat.”

The Study Group analysed four plausible scenarios that illustrate the implications of the cyber threat to nuclear weapons. Using the scenarios as a framework for discussion and debate, NTI, with input from the Study Group, recommends that governments work to mitigate the threat by:

• Developing options to increase decision time to account for threats to early warning systems
• Establishing norms to restrict cyber weapons use against nuclear weapons systems
• Enhancing survivability and resilience of nuclear systems and command, control, and communications systems
• Securing and diversifying critical systems
• Prioritising addressing cyber risks in modernisation plans
• Maintaining a cadre of experts
• Enhancing security of nuclear weapons, and reviewing the vulnerabilities of nuclear weapons to combined physical and cyber attacks
• Initiating bilateral dialogue with Russia
• Increasing international cooperation to reduce the cyber threat.

“Addressing these threats will require changes to U.S. nuclear policies and posture,” the report says. “Moreover, because the implications to strategic stability have global effects and because other countries also face cyber threats, a global approach to address the problem is necessary.”

The NTI report joins a series of reports looking at threats at the intersection of nuclear weapons and information technology, including cyber threats, machine learning and autonomy. Other recent reports in this space include an analysis of the changing landscape of nuclear weapons risks by the United Nations Institute for Disarmament Research (UNIDIR), a report on the cybersecurity of nuclear weapons systems by Chatham House, and a report on nuclear weapons and artificial intelligence by the Rand Corporation. There is also much ongoing work by the Stockholm International Peace Research Institute (SIPRI) to explore risks at the interface of nuclear weapons, machine learning and autonomy.

In September, CSER held a workshop on the potential for catastrophic risks from cyber threats to nuclear weapons systems, under the heading of 'Plutonium, Silicon and Carbon'. While we are still working through the material collected at the workshop, we strongly endorse the NTI findings and recommendations. While the NTI report focuses on direct risks to weapons systems and nuclear command and control, the workshop suggests there are also significant risks at second- and higher-order systems, with worrying overlaps with some of the scenarios outlined in the Malicious Use of Artificial Intelligence report. We look forward to being part of more work in this space aimed at reducing the long-term catastrophic risk from nuclear weapons.