U.S. Nuclear Modernization: How to Manage the Security and Policy Implications of Going Digital
Watches, doorbells, and now even nuclear weapons systems — once simple and analog, these devices increasingly feature digital parts that bring welcome functional benefits as well as cyber security risks. When it comes to the deadliest weapons on earth, these risks demand attention.
American nuclear weapons are being modernized in the first significant upgrade in nearly 40 years. Many of the weapons and systems in place today were designed and built in the 1980s, or before, and need replacing. The most efficient way to update the nuclear triad of bombers, submarines, and ground-based missiles, as well as their bombs, warheads, and command, control, and communications networks, is to use today’s technology, including digital tools.
But if the new digital systems integrated into U.S. nuclear weapons are not more stringently protected from escalating cyber threats, or if added automation cannot be trusted, the high confidence that U.S. leaders place in nuclear weapons systems could erode, undermining nuclear deterrence and, potentially, strategic stability. A cyber attack on nuclear forces or command-and-control systems could trigger a decision to use nuclear weapons.
In a review of public nuclear modernization plans last year, our research at the Nuclear Threat Initiative found that almost 90 percent of weapons systems will gain new digital components and nearly a quarter will feature new automation or machine learning. Once the modernization is completed, the U.S. nuclear triad will rely on digital tools and include limited automation like never before.
The risks that accompany digital and machine learning tools should be addressed now, before it becomes even more difficult to secure the systems. Contentious budget debates about nuclear weapons modernization are already underway. Policymakers should remember that the cost, schedule, or performance of acquired systems cannot come at the expense of digital security and reliability. The Joe Biden administration and Congress should ensure that digital systems meet clear and high security and reliability thresholds before they are integrated into the nuclear arsenal. The Departments of Defense and Energy, which manage the U.S. nuclear weapons systems and stockpile, should incorporate more stringent procedures to check that digital or machine learning systems are and remain ready for operational use. As nuclear policies evolve, leaders should ensure that they take into account the benefits and the risks of digital and advanced tools to the modernized U.S. nuclear deterrent, and potentially to the nuclear systems of other states with nuclear weapons.
Upgrades Brings Benefits and Risks
In 2016, then-Secretary of Defense Ash Carter told servicemembers that if the United States did not replace its nuclear weapons and related systems, they were destined to become “unsafe, unreliable and ineffective.”
“It’s not a choice between replacing these platforms or keeping [them],” he said, “it’s really a choice between replacing them or losing them.”
Secretary of Defense Lloyd Austin and Deputy Defense Secretary Kathleen Hicks have committed to review schedules and resources, but voiced general support for the nuclear modernization program.
The recapitalization will take the strategic force from an era of floppy disks to one of networked systems. For example, the U.S. Air Force plans to add design improvements to the B-52, B-2, and B-1B bombers to upgrade monitors, replace missile warning systems, build in-flight retargeting systems with automation to avoid fratricide, and replace navigation and targeting pod functions. The Department of Energy is busy replacing four older variants of the B61 nuclear bomb with a new version including significant digital upgrades. Early warning satellites and ground stations will see faster transmission speeds, connectivity upgrades, and better image quality. Estimates show that more than 150 nuclear command, control, and communications systems will either need significant modernization or integration across the nuclear triad.
Along with the functional advantages of using today’s technology, each digital upgrade brings cyber security risks and requires the assurance of complex digital and physical supply chains. While this is true of any program — digital, analog, or otherwise — the stakes are especially great when dealing with nuclear weapons. Imagine an intrusion that disrupts data flow to a nuclear bomber or submarine, or the corruption of information in a command-and-control channel. Lack of access to critical systems or the input of inaccurate “spoofed” information amid a crisis could lead to a tragic decision to use nuclear weapons. As long as the United States has a nuclear stockpile and delivery systems standing by, they should be safe, secure, and reliable.
Machine Learning and the “Dead Hand” Debate
The modernization agenda also features a growing role for machine learning in the nuclear mission. Nearly a quarter of the nuclear modernization programs will have new automation or machine learning additions.
A debate in War on the Rocks has played out about the need for an American “dead hand,” an artificially intelligent or automated design that can prompt the use of nuclear weapons without human control. Our research at the Nuclear Threat Initiative found no current plans for “dead hand”-like systems with the highest degrees of machine control. Machine learning applications will, however, provide some essential functions relevant to nuclear decision-making in nuclear early-warning analysis, and the risks of these tools may not yet be fully understood.
It often is not clear, even to technologists, how a machine learning system makes its decisions. Such opaqueness can be particularly dangerous in high-consequence contexts such as those involving nuclear weapons. If a military leader or programmer in any nuclear weapons state were to encounter data issues or misunderstand algorithms, it could lead to misjudgments and prompt mistakes. The history of using machine learning applications in the private sector, the JASON science and technology advisory group to the U.S. government on defense matters warns, “suggests that it’s very hard to think of all of [the potential errors] in advance.”
Machine learning applied to essential functions could make some tasks, like early-warning indications of an incoming nuclear attack, more reliable. Once modernized, the Department of Defense plans to handle some early-warning data analysis with machine learning to quickly process and transmit relevant information. But a false alarm, coupled with an inability to understand why it occurred, could be catastrophic. False alarms have happened before.
Other planned upgrades to nuclear planning systems, automated power back-ups, cyber defense, and situational awareness are more straightforward additions of automation into the nuclear decision-making process. All bring risks common to machine-enabled systems as well as cyber security risks that continue to confound the U.S. government.
Acquisition Could Outpace Cyber Security Measures
Most nuclear modernization programs already are in the latter stages of the Department of Defense’s research and development process, yet important cyber security measures are relatively immature. The absence of such consistent, well-implemented measures creates acute challenges for the U.S. nuclear mission.
In the recent past, the Departments of Defense and Energy have struggled to respond to cyber security and supply chain threats to major weapons-development programs. Although the Defense Department has revised policies and guidance to address cyber vulnerabilities, managers and technologists are working to catch up. Cyber security practices are uneven across the modernization effort. Some efforts to address cyber security have lagged behind the acquisitions process, creating challenges for protecting against vulnerabilities in new or modified weapons systems.
Until recently, there was no lead organization within the Defense Department responsible for defending the defense industrial base against cyber threats. Instead, defense contractors and other firms were trusted to manage their own cyber security risks. The recent revelation of the Solar Winds hack is a further reminder that the U.S. government struggles to defend digital systems built and managed through a complex web of suppliers.
Twenty-one nuclear modernization programs have already progressed to the latter phases of Defense Department research and development. The Columbia-class submarine, the new intercontinental ballistic missile program, the B-21 bomber, and the Long Range Stand Off Weapon were scheduled to complete the advanced component development and prototype phase (Milestone B in the acquisitions framework) by the end of 2020.
Defense acquisition programs, including those for nuclear modernization, face great pressure to meet ambitious cost and schedule commitments, sometimes at the expense of performance and reliability — even in the face of evolving cyber security risks and challenges that new tools like machine learning present. The harsh reality could be that schedule or performance requirements, even for the hallmark modernization programs, should shift to prioritize digital security and reliability.
Entanglement and New Challenges for U.S. Nuclear Policy and Operations
The task of addressing the implications of modernization does not fall exclusively to technologists and the industrial base. Policymakers, especially those leading any nuclear policy or posture reviews, as well as lawmakers in oversight roles, should consider what digitizing the nuclear arsenal means for deterrence and disarmament.
A critical advantage of digital and information technologies in national security is the interoperability and integration opportunities: joining data streams to improve information for decision-makers, providing operators with additional context, improving situational awareness, and more. Yet the transition to digital tools, especially within the nuclear command, control, and communications system, could accelerate entanglement risks if a nuclear weapons state were to interpret an attack on conventional or dual-use capabilities as an attack on a nuclear system.
U.S. nuclear modernization facilitates the shift towards integration of nuclear and conventional military assets. Because American, Chinese, and Russian command-and-control systems would similarly serve dual conventional and nuclear missions, the targeting of any of them in a conventional conflict could be interpreted as an attack on a nuclear system. More integrated, digital systems like the Joint All Domain Command and Control that are at risk of attack during conventional warfighting could lead to “misinterpreted warning.” The obfuscation between conventional and nuclear missions can be a feature as well as a risk of a nuclear posture, and some degree of nuclear and conventional entanglement may prove inevitable for cost and efficiency reasons. But U.S. military leaders now believe that the United States can “no longer expect our potential adversaries [to] act within our long-standing self-imposed constraints […] between conventional and nuclear.”
This modernization effort takes place at a time of already high chances of a mistaken or accidental move that could prompt the use of a nuclear weapon, with tensions among nuclear powers rising, insufficient dialogue, and few remaining tools and agreements to help leaders to manage strategic relationships. As nuclear policies under the Biden administration continue to evolve, the policy community should continually consider the impact of introducing digital — sometimes integrated and partially automated — tools into the U.S. nuclear deterrent. And as modernization advances, changes to nuclear operations may be required to maintain confidence in the nuclear deterrent. For example: If early-warning sensor analysis applies machine learning tools and digital interpretations of raw radar data, at what point in the analysis or alert process could or should a human verify the information? How will new information sources be presented and managed in a crisis?
Difficult Decisions to Maintain Confidence in Deterrence
Effective nuclear deterrence requires confidence that nuclear forces will always be ready if needed but will never be used without proper authorization. Operators and policymakers need to trust new digital systems integrated into U.S. nuclear weapons so that they help maintain deterrence and strategic stability.
Balancing the budgets, schedules, quality, security, and reliability of nuclear modernization programs is challenging. These competing pressures are especially acute since some systems like the Ohio-class submarines, B-52 bombers, and Minuteman III ballistic missiles already have or will soon exceed their life expectancy. Delaying target dates for replacement systems may not be a realistic option. In such cases, sufficient resources should be allocated to ensure confidence in the digital or machine learning systems. In other cases, schedule or performance requirements may need to shift in favor of digital security and reliability. Put simply, for leaders to have confidence in modernized nuclear weapons, trade-offs may be required.
Tailored test and evaluation controls should confirm all digital systems’ readiness for use in U.S. nuclear weapons systems. The existing directives and practices for test and evaluation are insufficient for including digital tools into nuclear systems. Some modernization programs have invested in cyber security measures early and often through the acquisitions process. But progress is uneven across the more than forty modernization programs that we reviewed. Programs already in the latter stages of research and development may not have continuous monitoring, test, and evaluation defined in requirements or comprehensive cyber security strategies. A 2020 Defense Department report acknowledged that many defense systems are unable to “self-monitor continuously for anomalies” and that cyber security vulnerability assessments “are good” but gaps remain, even as testing of systems becomes increasingly rigorous. The directives and practices in place are necessary but not sufficient.
Although sound development and management can minimize the risk of cyber attack — and automated monitoring can help — designing completely secure software is a serious challenge. Moreover, the limited ability of designers to explain how machine learning works in diverse contexts prompts experts to recommend that the Department of Defense “go beyond checking that requirements are satisfied … to probe outside the boundary of expected behavior to try to uncover unexpected weaknesses.”
Oversight and programmatic efforts should, whenever possible, emphasize the importance of digital reliability early and throughout the program’s development lifecycle. High levels of cyber security should be confirmed not only during research and development but also continually once a system is operational. And although technology should not determine policy, policymakers need to recognize the implications of technological change to ensure that deterrence, and confidence in it, is not weakened.
Today’s modernization calls for more than just the construction of replacement nuclear weapons and delivery systems. It also requires the reimagining of Cold War-era operations and policies. Functional advantages and risks from digital and machine learning systems are myriad. Only through urgent and ongoing management of trade-offs — including cost, schedule, and cyber security concerns — and proper oversight can a modern U.S. nuclear weapons system be safe, secure, and reliable in the 21st century.
Erin D. Dumbacher (@erin_dian) is a senior program officer at the Nuclear Threat Initiative focusing on technology and nuclear security. She is a former strategy and research director in the private sector and received her M.A. from the Johns Hopkins University School of Advanced International Studies. She began studying cyber and international security issues in Estonia in 2010 through a Fulbright fellowship.