This paper will identify, raise awareness of, and help reduce risks to NATO’s nuclear weapon systems arising from cybersecurity vulnerabilities. It aims to respond to the need for more public information on cyber risks in NATO’s nuclear mission, and to provide policy-driven research to shape and inform nuclear policy at member-state level.
Appendix II: Nuclear Sharing
The concept of nuclear sharing was developed during the Cold War as a means by which to both improve the Alliance’s readiness to respond to attack from the USSR and provide a more comprehensive deterrent. By the 1950s, the US had deemed that the only feasible way in which to counter the conventional threat posed by the USSR in Europe was to station nuclear weapons throughout Western Europe.204 This led to the first nuclear weapons being stationed in Europe in September 1954; however, it is recorded that non-nuclear components, including bomb casings or assembles, were transported to the UK as early as 1950.205 Subsequently, the US has stationed nuclear weapons throughout Europe. The exact numbers are not known, but experts have estimated current stockpiles as detailed in the table below.206
Airbase |
Location |
Operated by |
2019 estimated stockpiles |
---|---|---|---|
Aviano |
Italy |
NATO (US) |
25–35 US non-strategic B-61 gravity bombs |
Ghedi Torre |
Italy |
Italy |
20 US non-strategic B-61 gravity bombs |
Büchel |
Germany |
Joint: US & Germany |
10–20 US non-strategic B-61 gravity bombs |
Volkel |
Netherlands |
Netherlands |
10–20 US non-strategic B-61 gravity bombs |
Kleine Brogel |
Belgium |
Belgium |
10–20 US non-strategic B-61 gravity bombs |
Incirlik |
Turkey |
Turkey |
50 US non-strategic B-61 gravity bombs |
As the table above identifies, the US currently has solely B-61 gravity bombs at the listed airbases. These bombs are stored in an underground weapon security and survivability system (WS3),207 with electronic monitoring and control units that include sensors, electronic-data transmission units, motion detectors, video cameras, etc. At the depths of the Cold War, these numbers were greater and additional airbases also served as host to US nuclear weapons.208 While the US has provided the munitions, the host states have been responsible for the vehicles to deliver the payloads, which includes their maintenance. This again contributes to the sharing of the burden among NATO member states; this element of the agreement has presented challenges, which will be considered later.
From the early 1960s, codified nuclear sharing agreements between NATO members began to develop in order to govern the use of these weapons, beginning with the establishment of consultation procedures, which have their roots in the revision of the NATO doctrine under then US Secretary of Defense Robert McNamara.209 Given the highly confidential and sensitive nature of this process, publicly available information on how this consultation takes place, and by what means, is rather limited. However, one of few resources in the public domain notes that the entire request and release sequence would take 24 hours when accounting for transmission of request.210 While the technology used for the purpose of conveying commands has developed significantly throughout subsequent decades, reducing the time required in order to relay messages, open source material provides interesting insights into the procedures involved in the approval of a nuclear mission from a host state. Of particular note is that, notwithstanding the purpose of the consultation process to allow for the possibility of a host or potentially affected state to veto the use of nuclear weapons, this consultation process has historically been established to take place ‘time and circumstances permitting’.211 This proviso serves to undermine the basis of the consultation process, rendering it non-mandatory and opening the possibility that it could be bypassed in conditions in which time frames are often compressed. However, and regardless of the consultation process, nuclear host countries have been part of the NPG, and in practical terms control of the military bases that weapons would deploy out of are under their control, so they can veto at the planning stage on a scenario basis and can in practice prevent a decision if they really wanted to. On balance, therefore, the use of nuclear weapons by host countries without US consent is in all probability the most concerning scenario, rather than vice versa.
Nuclear sharing was primarily developed as a means by which to share the burden of maintaining the NATO nuclear deterrent among Alliance members.212 As part of these agreements, US nuclear weapons have been hosted within the various member countries, remaining in the custody of the US until required for missions, at which point custody and responsibility would be transferred to the host nation for delivery.213 This also serves as the means by which NATO member states that do not possess nuclear weapons are able to host them without contravening the nuclear Non-Proliferation Treaty (NPT), as they remain, according to NATO, in the ‘absolute control and custody’214 of the nuclear weapon states of the Alliance during peacetime, with transfer of control and custody undertaken solely at time of war.215
Partially in response to increasing political pressure from host states, not least arising from a series of near misses at the various European host sites,216 ‘dual key’ arrangements were reportedly established to add an additional layer of security and to share the burden further. The dual key system requires the authorization of both the US and the host country in order for the weapons to be used.217 This mechanism involves the incorporation of electronic locks, also known as Permissive Action Links (PALs),218 which US personnel would have to deactivate prior to usage, after which point pilots from NATO host countries would have full control over the weapons until delivery.219
There are, however, numerous inherent challenges posed by the maintenance of these nuclear sharing agreements that, together, constitute security concerns deserving of consideration. As part of the nuclear sharing agreements between the US and host countries, ‘custody, repair and improvements to the weapons and the storage bunkers are the responsibility of the U.S. Air Force’, whereas ‘perimeter security (fences, monitors, and motion detectors) and access to the storage sites is the responsibility of the host nation’.220 This complicates matters, as the maintenance of both is essential to the secure storage and security of the weapons; however, as the arrangement seems to exist, the US and the host state are reliant on each other to uphold their respective commitment. Such circumstances can be detrimental to ensuring the safety and security of holding weapons in host states, as detailed in the US Department of Defense’s Blue Ribbon Report released in 2008.221 Notably, standards in both personnel and physical security measures were found to vary across the different host bases; and the ‘host nation support to maintain security infrastructure at nuclear-capable units’ was stated to remain an issue, with most in need of resources to meet the US Department of Defense security requirements.222 The US has limited scope to ensure that efforts are made to ameliorate such security threats beyond investing in modernizing these facilities and encouraging the host state to take the necessary security measures, thus exerting pressure on the sharing agreements.223
Concerns over the physical security of nuclear weapons hosted in Europe have been exacerbated in recent years by a combination of increasing regional instability in Europe and its near-neighbourhood, combined with the actions of non-state armed groups and paramilitary groups.224 It has been reported that the commander of the Incirlik Air Base was involved in the attempted coup in Turkey in 2016, and that the Turkish authorities cut off the power supply to the base in order to reduce the risk of conspirators using the facility.225 Officials and experts raised both safety and security concerns over Incirlik Air Base after this incident, as the US nuclear weapons had to rely on back-up power for a period of five days after the coup attempt was discovered. It had already been acknowledged in the early 2000s that there was a growing likelihood of a terrorist attack against a European NATO base hosting nuclear weapons;226 and this concern has latterly been fuelled by recent actions by Islamic State of Iraq and Syria (ISIS). Following the terrorist attacks in Paris and Brussels in late 2015 and early 2016, it emerged that ISIS operatives had been observing nuclear facilities in Belgium, leading to increased concerns that the group was aiming to target nuclear facilities and potentially acquire nuclear materials.227 This intelligence served to heighten existing concerns (including in the US government) over the security of nuclear sites in Belgium, which once more underscores the inherent vulnerabilities that exist as a result of NATO’s nuclear sharing agreements and the delegation of responsibility for ensuring that facilities are secure. The possibility of cyber intrusion into the nuclear enterprise also remains as a possibility, especially considering that Iranian civil nuclear centrifuges were affected by a malware (Stuxnet) in 2010,228 and that the US has reportedly infiltrated the North Korean ballistic missile system and caused failures during the testing stage.229
When NATO’s nuclear sharing agreements were first established, the threat landscape was dramatically different compared with that of the present day. Adversaries and the nature of threats have changed, as have theatres of warfare, as technological advancements have contributed towards new military approaches. These changes have led to reconsideration of the necessity of hosting US nuclear weapons in Europe,230 as well as of the existing nuclear sharing agreements.231 In particular, such reconsideration has been motivated by concerns over legacy infrastructure, not least in a context in which treaties are being abandoned, and nuclear infrastructure is being modernized with digital means, increasing the attack vector for cyberattacks.232 Presently, it is believed that Incirlik Air Base in Turkey, which is estimated to host around 50 US B-61 bombs, does not have permanent nuclear-capable aircraft (F-16s) and is thus unable to carry out joint nuclear missions at short notice, as envisaged under NATO nuclear sharing agreements.233 This has been complicated further by the recent removal of Turkey from the F-35 joint strike fighter programme as a result of its interest in purchasing the Russian S-400 air defence system.234 The F-35 had been intended to replace the previous nuclear-capable aircraft in Turkey; however, the US raised concerns over the capability of the Russian-developed air defence system to collect stealth information on the F-35. In particular, concerns have centred on the potential connectivity between the S-400 and the F-35’s Autonomic Logistics Information System (ALIS), which is core to operating it with a global fleet understanding.235 As such, this overlapping of C4ISR systems could provide unprecedented access to a host of sensitive information. At present, it appears that remaining nuclear-capable F-16s that are currently stationed at other airbases (Balıkesir and Akıncı) throughout Turkey would need to be used in order for Turkey to remain actively involved in the delivery of the weapons stationed at Incirlik.236 This complicates the timeline of deciding, planning and preparing for a tactical nuclear operation from Turkey,237 reducing the credibility of nuclear deterrence provided by the host country.
Taken together, these developments will likely provoke questions over the sustainability of the nuclear sharing agreement between the US and Turkey. It will also raise questions as to what type of cybersecurity arrangements exist between the host country and the US in order to protect the airbases in Europe against threat. Moreover, considering that most of the nuclear weapons have been in the European territory for several decades, their modernization has been in discussion within the US. Although modernization is fundamentally important for nuclear safety, it carries cybersecurity risks (e.g. new digital components integrated to legacy systems, patching, etc.) that should not be underestimated.