Cyber Threats & Nuclear Weapons

HMS Vanguard  is a  Trident ballistic missile -armed submarine of the Royal Navy which entered service in 1994.

A RUSI paper unpacks and demystifies the cyber challenge to nuclear weapons, placing it in context and providing a framework through which to understand, evaluate and ultimately address the emerging cyber–nuclear nexus.

The development and spread of cyber ‘weapons’, information-warfare capabilities and the new dynamics of the ‘cyber age’ are providing a considerable – albeit nuanced – challenge to the management, thinking and strategy that underpins nuclear weapons. 

While the nature and extent of these challenges varies between nuclear-armed states and across nuclear systems, they do, taken together, represent a noticeable shift in the context and environment in which we think about nuclear weapons and nuclear security, manage nuclear relationships and regulate global nuclear order. 

The result is a new collection of both direct and indirect challenges for nuclear forces, which have implications for current arms control agreements and regimes, the maintenance of stable nuclear balances, and the possibility of future nuclear reductions.

The safe, secure and reliable management of nuclear weapons has always been a complex business, plagued by uncertainties and risks, and the past is littered with accidents, miscalculation and near misses. 

But many of the challenges associated with the command and control (C2) of nuclear weapons are being magnified, aggravated and, in some cases, recast by the new tools, dynamics and capabilities that fall loosely under the rubric of cyber. Of particular significance is the growing threat posed by hackers seeking to gain access to, or interfere with, these highly sensitive systems, their infrastructure, and the weapons that they control.

While it has been over two decades since John Arquilla and David Ronfeldt warned, in a seminal article on the subject, that ‘cyberwar [was] coming’, and over 30 years since a teenage hacker broke into a top-secret Pentagon computer and nearly started a nuclear Third World War in the Hollywood blockbuster War Games, the nature, challenges and implications of this new cyber–nuclear nexus remain understudied and little understood and, as a contemporary dynamic, it remains largely unaddressed.

This paper seeks to address these challenges. It begins by clarifying what is meant by the term ‘cyber’ and presents a suitable framework through which to examine the nuclear weapons enterprise, before going on to explain how and in what ways nuclear weapons systems might be vulnerable to cyber threats. 

The paper then looks at the different challenges posed by hackers. These range from espionage and threats to systems and information security, through to sabotage and the risk of interference, destruction or even unauthorised nuclear use. The actors involved, and their intentions, also vary markedly, particularly with regard to the differences between the dangers posed by non-state actors and by nation states. The third part of the paper considers the implications of the cyber challenge for strategic stability and crisis management, nuclear strategy and the logic of seeking to deter cyber-attacks with nuclear weapons.

Finally, the paper's conclusion brings the central themes and arguments of the piece together, puts cyber in context alongside other emerging techno-military dynamics affecting the contemporary global nuclear environment, outlines the key challenges for the nuclear enterprise, and makes some recommendations for policy-makers and government officials for managing the cyber–nuclear nexus in the future.

RUSI

« Was The Internet Created In A Bar?
Cyber Attacks On Banks Prompt New Regulatory Safeguards »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Foundation for Strategic Research (FRS)

Foundation for Strategic Research (FRS)

The Foundation for Strategic Research is France's main independent think tank on strategic, defense and security issues. Cyber security is covered as part of the study areas.

Cyber Fusion Center - Maryville University

Cyber Fusion Center - Maryville University

Maryville University Cyber Fusion Center is a virtual lab for working on real-world cyber security challenges.

Kenna Security

Kenna Security

Kenna Security is a risk intelligence & vulnerability management platform that helps prioritize and remediate vulnerabilities.

European Organisation for Security (EOS)

European Organisation for Security (EOS)

EOS represents all domains of security solutions and services.providers including ICT information and communications technologies.

Assured Information Security (AIS)

Assured Information Security (AIS)

AIS is committed to providing our customers with critical information security products, services, and training. We support diverse needs throughout business and industry.

Ntrepid

Ntrepid

Ntrepid products provide protection from web threats and enable organizations to safely conduct their online activities.

RiskIQ

RiskIQ

RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence.

LaoCERT

LaoCERT

LaoCERT is the national Computer Incident Response Team for Laos.

Lineal Services

Lineal Services

Lineal supports clients in meeting their digital forensics, cyber security and eDiscovery needs by providing bespoke solutions to complex problems.

Tehtris

Tehtris

TEHTRIS XDR Platform was developed to control and improve the IT security of private and public companies against advanced cyber threats such as cyber espionage or cyber sabotage activities.

Trustify

Trustify

Trustify is a Managed Security Service Provider offering a suite of world-class Cyber Risk Management services.

Curity

Curity

The Curity Identity Server brings identity and API security together, enabling highly scalable and secure user access to digital services.

PKI Solutions

PKI Solutions

PKI Solutions offers Public Key Infrastructure (PKI) products, services, and training to help ensure the security of organizations now and in the future.

Retruster

Retruster

Protect your users against phishing emails, ransomware & fraud with the most advanced, user-friendly, non-intrusive solution available.

Gem Security

Gem Security

Gem is on a mission to help security operations evolve into the cloud era, and stop cloud threats before they become incidents.

GitLab

GitLab

GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software.