By Rafal Rohozinski*
Nuclear weapons formed the basis of strategic stability between the nuclear superpowers for the past seventy years. The threat of instantaneous and mutual annihilation helped concentrate minds, including the establishment of clear and unambiguous “rules of the game” among the nuclear superpowers. States continued to compete, but competition was never allowed to compromise overall strategic stability.
Nuclear deterrence was based on a simple calculus. Once launched, nuclear weapons were nearly impossible to stop and even limited use would result in civilization ending consequences. In former US President Reagan’s words, nuclear war was “unthinkable”. The knowledge that entire nations could be obliterated was a sufficient guarantor of strategic stability based on Mutually Assured Destruction (MAD).
The shared confidence in MAD that underpinned the nuclear regime started changing during the 1990s. New research and development into anti-ballistic missile systems improved raised concerns over the durability of nuclear deterrence. Specifically, the Russian government interpreted the placement of radars and ballistic missiles in Eastern Europe as an existential threat to Russia’s nuclear deterrence capability, and not a bulwark against supposed rogue states as alleged by the US and its allies.
Even so, MAD survived into the early twenty first century, keeping the nuclear threat on the back-burner. Cooperation between the major nuclear powers to disarm also reached an all-time high. Both the US and Russia focused on reducing their nuclear stockpiles with admirable results. Working with the United Nations, the focus was on the threat of loose nukes, rather than a confrontation between nuclear-armed foes. Tensions, which persisted, were treated by all sides as manageable and negotiable.
All of this changed with the Internet. The Internet shares a coincidental heritage with the nuclear age. Indeed, it was conceived as a decentralized and distributed communications network that could survive a nuclear war and preserve a command and control. In the post Cold War era, its principal significance is not so much military as the news backbone of the global digital economy. These two worlds – the nuclear and the digital – are now converging. They are also giving rise new risks, three of which stand out.
The first risk relates to bringing nuclear command-and-control systems into the digital age. The existing nuclear weapons infrastructure is for the most part analog and predates the Internet era. As Russian and US nuclear command and control systems are modernized over the next few years their dependence on digital technologies will increase. Modernization necessarily increases complexity – and complexity creates new possibilities for error.
The planet came perilously close to a nuclear exchange on several occasions over the past half century. A nuclear calamity was only averted by the courageous actions of men such as Lt Col. Stanislav Petrov, who in September 1983 deliberately ignored sensor data that falsely reported the Soviet Union under a massive nuclear attack from America. With nuclear command and control systems increasingly dependent on artificial intelligence, there are less opportunities for human intervention.
There are also the risks of hacking and digital manipulation. The Stuxnet case is a reminder that this possibility is more science than fiction. The implanting of malware designed to destroy Iran’s capacity to separate uranium demonstrated emphatically the utility and feasibility of strategic cyber attacks. Interventions designed to disrupt and destroy the command and control systems of nuclear weapons are the Internet equivalent of Ronald Reagan’s Strategic Defence Initiative. They dangerously entangle cyber warfare and nuclear stability. There are just 9 nuclear armed states, but over 140 countries are actively developing cyber warfare capabilities.
The second risk is that the world´s dependence on cyber actually increases the deterrence value of acquiring even a few nuclear weapons. Due to their blast, radioactive and electromagnetic pulse (EMP) effects, nuclear weaponry is especially effective against states that are hyper-connected and reliant on digital technologies. They can disable and destroy electrical grids, data farms and computer and communication systems – wreaking havoc on everything from financial systems to water and food supplies.
A new suite of hydrogen bombs are being developed with the EMP impacts in mind. The weapons tested by North Korea are reportedly based on Russian design and intended to have an enhanced electromagnetic effects, a fact publicized by North Korea´s leadership. New research from Accenture strategy and Oxford Economics suggests that roughly 25% of all global GDP will be tied to the digital economy by 2020. The detonation of just one EMP in the upper atmosphere above North America or Western Europe could cripple their digital infrastructures for years. Even outgunned, North Korea is potentially holding world´s digital economy hostage.
The third risk is perhaps most unsettling risk is that nuclear first strikes are becoming thinkable as a viable option to stop the use of similar weapons by states like North Korea. Recall that nuclear deployment systems are based on electronics. These electronic systems may be resistant to offensive cyber attacks. It is not inconceivable that in a moment of crisis, EMP-enhanced nuclear weapons could be deployed to prevent a rogue nuclear state from launching its ballistic missiles. Such an action may even appear rational, or the lesser of two evils.
All of the risks outlined above are still hypothetical. But as the digital and nuclear worlds become increasingly entangled, reality is catching-up. The strategy of deterrence is being redefined and the implications are deeply worrying. The launch of cyber-attacks and precision nuclear strikes using EMP against the weapons systems of adversaries no longer seems as far-fetched as it once was. With nuclear war becoming thinkable again, we are clearly entering uncharted waters.
About the author:
*Rafal Rohozinski is the CEO of the SecDev Group, and a senior fellow for cyber security and emerging conflict at the London-based International Institute for Strategic Studies.