Patrick Tucker | Defense One | December 30, 2016 | 0 Comments

Hacking Into Future Nuclear Weapons: US Military’s Next Worry

An unarmed Minuteman III intercontinental ballistic missile launches during an operational test Feb. 20. Kyla GIfford/U.S. Air Force

Future nuclear missiles may be siloed but, unlike their predecessors, they’ll exhibit “some level of connectivity to the rest of the warfighting system,” according to Werner J.A. Dahm, the chair of the Air Force Scientific Advisory Board. That opens up new potential for nuclear mishaps that, until now, have never been a part of Pentagon planning. In 2017, the board will undertake a study to see how to meet those concerns.

“Obviously, the Air Force doesn’t conceptualize systems like that without ideas for how they would address those surety concerns,” Dahm said.

It’s no simple or straight-forward undertaking. The last time the United States designed an intercontinental ballistic missile was 1975. At the end of the December, the Air Force Science Board announced in 2017, it would explore safety and practical concerns of making a missile for the modern age along with other nuclear weapons that fall under the command of the Air Force.

“We have a number of nuclear systems that are in need of recapitalization,” said Dahm, referring to LRSOs, ICBMs and the B-21 stealth bomber. In the future, he said, “these systems are going to be quite different from the ones that they may replace. In particular, they will be much more like all systems today, network connected. They’ll be cyber-enabled.”

That connectivity will create new concerns in terms of safety and certification that will almost certainly require changes or additions to current DOD directives.

The study comes at a critical time for the future of U.S. nuclear weapons. On Dec. 22, Donald Trump confused and alarmed the world when he tweeted he would both strengthen and expand America’s nuclear weapons capability. But there was less news in the announcement than might actually appear.

In fact, the Obama administration was already working to fulfill the “strengthening” part of that same promise, having already put the United States on track to spend more than $1 trillion on the modernization of U.S. nuclear weapons.

For the U.S. Air Force, the modernization list includes replacing LGM-30 Minuteman with a new intercontinental ballistic missile (also called a ground-based strategic deterrent), developing a controversial nuclear-armed cruise missile called the long-range standoff weapon, or LRSO, and building and deploying an entirely new B-21 stealth bomber.

What are “surety concerns?” Read that to mean how do you make sure your fancy networked nuclear warfare control system can’t be hijacked or go off accidentally.

Before the United States can modernize its nuclear weapons, it must first make certain it understands everything that can possibly go wrong. Think back to the classic film (and book) "Dr. Strangelove," a story very much about surety failure. A crazed Air Force general sends his B-52 wing to destroy their targets in the Soviet Union. Of course, only the president is supposed to be able to call for a nuclear strike, but an obscure contingency plan (Wing Attack Plan R) allows a lower-level commander to issue the order in the event the normal command and control has been disrupted.

The Pentagon can’t call back the wing because the B-52s can no longer receive transmissions unless preceded by specific three-letter code only the general knows, part of a poorly thought-out safety scheme to protect the airmen from false orders.

Even after the recall code is issued and most of the plans abort their missions, one continues on to a new tertiary target, as the plane’s radio has been damaged in combat. (Somehow, the drafters of Wing Attack Plan R forgot to insert a rule ordering pilots back to base when their radios are damaged, rather than continue to target.) The lone B-52 hits its target and sets in motion the end of the world.

Surety failure squared.

According to Defense Department Directive 3150.02, which outlines the Air Force’s Nuclear Surety Program. The directive assigns “responsibilities for DOD nuclear weapons surety for the oversight of safety, security and control of U.S. nuclear weapons and nuclear weapon systems in DOD custody.”

“We have formal Air Force documents that detail the formal certification process for nuclear weapons. To what extent do the current models for certifying nuclear systems carry over into these modern, network enabled systems and how would you reconceptualize certification for systems that are likely to come out of these recap programs?” Dam asked.

The 2017 Air Force Scientific Advisory Board study will attempt to answer those questions. The board consists of 50 members appointed by the secretary of defense and are drawn from academia, industry and elsewhere. Members serve for four years.

The fact that future nuclear weapons will be far more networked (though not necessarily to the open internet) will create better safety and oversight, and allow for more coordinated operations. But more connectivity also introduces opens up new potential vulnerabilities and dangers.

“You have to be able to certify that an adversary can’t take control of that weapon, that the weapon will be able to do what it’s supposed to do when you call on it,” Dahm said. “It isn’t just cyber. That’s definitely the biggest piece, but … When was the last time we built a new nuclear system? Designed and built one? It’s been several decades now. We, as an Air Force, haven’t done certification of new nuclear systems in a long time. These systems are different … What are the surety vulnerabilities for such a system, so to speak? How would you address them? How would you certify that the system will work when you need it to work and will do what it’s supposed to do?”

That’s what the study will cover.

Comments
JOIN THE DISCUSSION