Almost 35 years ago, US President Ronald Reagan settled down in the White House to watch the latest Hollywood blockbuster WarGames as part of his regular Sunday film night. The film, starring a young Matthew Broderick, depicted a teenage computer hacker accidentally breaking into top-secret Pentagon supercomputers that controlled US nuclear weapons.
The result was very nearly (a fictional) nuclear World War Three with the Soviet Union. Reagan was so taken by the film that he ordered secret review to be conducted into whether US nuclear weapons could be vulnerable to Computer Network Attacks, and whether hackers could somehow launch a US nuclear weapon without authorisation by interfering with computers. Officials reported back to the President that the threat was real and possibly far worse than they expected. What started with a 1983 movie would result in the first proper recognition that nuclear systems were vulnerable to cyberattacks.
A generation later this threat has multiplied considerably. Far more aspects of nuclear operations – from the weapons and delivery vehicles to the command and control apparatus and targeting software – rely on increasingly complex computer code, making them potential targets for malicious attackers. All nuclear-armed states also have plans to modernise their nuclear systems and to incorporate more rather than less computer technology, and to exploit the possibilities offered by digital networking and programming. At the same time, there is a growing recognition of the threat posed by hackers to all types of computer systems, including those that control critical national infrastructure. The Stuxnet attack on the Iranian enrichment facility at Natanz discovered in 2010 is perhaps the best-known example, but cyberattacks have become a regular occurrence and never far from the minds of military planners. In fact, most nations now have units in their militaries and associated doctrines dedicated to offensive cyber operations, and some have even spoken of cyber warfare. Taken together we stand at a point today where all nations’ nuclear weapons could be vulnerable to a cyberattack. A fact recognized by, amongst others, the US Defence Science Board in a 2013 report.
The good news is that this threat is still to some extent in its infancy, and there is time to ‘get ahead’ and perhaps mitigate its worst aspects before they fully materialise and become normalised. The bad news is that US–Russia relations and prospects for arms control are at their nadir for a generation, and both (and maybe others too) may actively be pursuing the ability to hack into an adversary’s nuclear weapons systems. This paper is a call for renewed cooperation in the nuclear realm and makes the case for moratoria between the US and Russia, and hopefully others, that prohibits cyberattacks against nuclear systems. As will be explained below, all states – and everyone on the planet – would be better off without hackers messing around inside the systems that control nuclear weapons.