The recently reported compromise of the US Department of Energy and National Nuclear Security Agency (NNSA), whose mission is to maintain safety, security and effectiveness of the country’s nuclear weapons stockpile, poses serious questions around securing the nuclear enterprise from cyberattacks.
And, as a Chatham House survey on nuclear deterrence shows, there are mixed messages and conflicting views on how best to deter an adversary from conducting cyber operations against nuclear weapons systems.
In the survey of more than 80 experts, including government officials, representatives of international organizations, civil society, academia and retired officials, most indicate the need to establish a code of conduct whereby states agree not to attack each other’s nuclear assets. But some favour the ‘hack-back’ option, even going so far as advocating the adoption of a policy allowing cyberattacks to elicit nuclear responses, such as launching a limited nuclear strike.
Although there is value in maintaining flexibility by keeping all options open, these policies do all come with their own limitations and therefore, need scrutiny. Three of them are outlined here.
Option 1: Cyber diplomacy
The nuclear community has long been calling for a multilateral agreement, or at least a code of conduct, whereby states commit to refrain from cyber operations against nuclear assets. But political and technical challenges tend to get in the way of this diplomatic route.
The UN Group of Governmental Experts (UN GGE) and the UN Open Ended Working Group that are addressing responsible state behaviour in cyberspace are unlikely to achieve a multilateral agreement or code of conduct in the near term. Governments are at an early stage in their discussions of how international law applies in cyberspace and there are stark divisions on many issues.
Verifying compliance in an era of emerging technologies is hard anyway, although the challenge is less about threat identification and attribution and more about the presentation of evidence such as forensic analysis and intelligence findings to the international community without compromising national security. Nuclear weapons architecture is highly classified and design knowledge alone could give enough information to a potential attacker.
The more rigid, monolithic approaches to arms control appear to have particularly backfired in the current security environment, as non-compliance with treaties such as the INF Treaty and the Open-Skies Treaty has led states to leave these agreements, destabilizing and weakening the rules-based international order.
One possible way to address this in the short-term is to focus on shaping, changing, and even restraining states’ behaviour and actions through voluntary instruments such as political declarations, ensuring the security environment is conducive to long-term, legal commitments to sustain responsible behaviour which reduces the risk of inadvertent nuclear escalation. The UK has recently started such an initiative under responsible state behaviour in outer space.
Option 2: The hack-back
Respondents supporting this approach in the survey tend to indicate the fear of hack-back may deter the adversary to attack in the first place. The US favours pre-emptive offensive cyber operations to detect threats in outside servers to protect US networks, a policy it refers to as ‘defending forward’. But although the threat of hack-back signals intent, shows potentially destructive capability to the adversary, and deters potential attacks, the stakes are so high in the nuclear field that risks by far outweigh potential benefits.
The first critical step to a hack-back policy is successful attribution of an attack. In the NNSA hack, the United States has not yet attributed the attack to any government; although experts are placing the blame on Russia. Attribution can be a long process taking weeks or months to conduct forensic analysis and gather intelligence evidence to support and substantiate claims. Hack-back may not be viable in a potential nuclear crisis where tides can turn in a short period. Plus, once an attack is attributed, choosing to hack-back could only prolong the crisis as well as quash all chance of de-escalation.
Hacking back non-nuclear weapons systems may also lead to escalation, as these systems are inherently complex and may have unknown connections to nuclear weapons systems. Although complex systems can be protected against system failure, it is not so much about the direct damage from the attack itself but that one small, unexpected shock in the system can lead to misinterpretation and miscalculation and result in nuclear escalation with catastrophic consequences.
A hack-back that reached the threshold of use of force would be prohibited under the UN Charter unless it took place in self-defence. In the case of use or threat of nuclear weapons, the International Court of Justice has held that they might only be lawful in self-defence in circumstances where ‘the very survival of the State would be at stake’.
If a state is the victim of an internationally wrongful act by another state, it is entitled to take countermeasures in exceptional circumstances. But in practice the rules on the use of countermeasures significantly limit the type of hack-back that would be permissible: countermeasures must be non-forcible, necessary, proportionate and as far as possible reversible in their effects. The victim state must also notify the responsible state of the illegal act and allow time for the responsible state to remedy the violation, which is impracticable for hack-backs. States are in any event still at an early stage of reaching agreement on how international rules on countermeasures apply in the cyber context.
Option 3: Asymmetrical response
Some survey respondents say the best deterrence strategy is to adopt a flexible policy which signals the possibility of an asymmetrical response to a cyberattack, including a limited nuclear strike. This is problematic as it extends the role of nuclear weapons and their potential use as a response in the non-nuclear realm.
Although such a posture could provide a strong deterrent effect, the failure of any such policy could create highly escalatory consequences that may not be reversible and lead to a nuclear war. There is also the question of whether any nuclear strike can truly be limited at all, given its disproportionate impact. An asymmetrical response that involved the use of force by one state on another state in these circumstances would also breach international law.
Resilience is the best way forward
Within the three options discussed, the diplomatic route is the least costly and carries the lowest escalatory risks and so, in parallel to improving cyber resilience, it is vital states start reflecting on new and innovative compliance measures, including future-proof verification mechanisms and behavioural incentives.
Considering the high implications at stake, it is critical for states to invest in cyber resilience across nuclear systems, which starts with incorporating resilience into their architecture design and the interlinked assets forming part of the wider command, control, and communications ecosystem.
Inherent resilience can be established through:
adopting systems approach to cybersecurity by identifying critical assets and mapping out systems architecture
developing diversity and redundancy of critical systems, such as communication systems in order to develop alternative courses of action
designing systems that ‘remain functioning’ even under stress and to be able to manage consequences
establishing forward-looking resilience with reliable interference detection capability
The full analysis of the survey will be published in 2021 as part of the Deterrence Perspectives in the 21st Century project.