ARGUMENT: CYBERTHREATS & NUCLEAR CREDIILITYThe Cyber Threat to Nuclear Non-Proliferation
Most cyber scholars looking at the nexus of cyber campaigns/operations and the nuclear weapons enterprise—command and control, communications, and delivery systems—focus on the consequences of targeting the enterprise through cyber operations during militarized crises or armed conflicts between nuclear powers. Michael P. Fischerkeller writes that there is, however, a third geopolitical condition—competition short of crisis and armed conflict—where the consequences, although of a different ilk, are no less severe.
Most cyber scholars looking at the nexus of cyber campaigns/operations and the nuclear weapons enterprise—command and control, communications, and delivery systems—focus on the consequences of targeting the enterprise through cyber operations during militarized crises or armed conflicts between nuclear powers.
Michael P. Fischerkeller writes in Lawfarethat there is, however, a third geopolitical condition—competition short of crisis and armed conflict—where the consequences, although of a different ilk, are no less severe. “Whereas analyses in crises and armed conflicts center on the consequence of dyadic nuclear strategic instability between the opponents, the consequence in a condition of competition could be global geostrategic instability resulting from nuclear proliferation,” he writs, adding:
The United States provides extended strategic deterrence (a “nuclear umbrella”) for around 30 nonnuclear allied countries (many within the North Atlantic Treaty Organization) and also has notable arrangements of this type with South Korea, Japan, and Australia. Such guarantees are not limited to the United States. In December 2013, Ukrainian President Viktor Yanukovych and Chinese Communist Party leader Xi Jinping signed a bilateral treaty and published a joint statement in which China reaffirmed a 1994 agreement in which it pledged “to provide Ukraine nuclear security guarantee when Ukraine encounters an invasion involving nuclear weapons or Ukraine is under threat of a nuclear invasion.” Additionally, as a key member of the Collective Security Treaty Organization, Russia ascribes to the language of Article 4 of the organization’s treaty, which establishes that an aggression against one signatory would be perceived as an aggression against all.
If a state’s nuclear enterprise suffers a cyber intrusion that is revealed in a condition of competition, the credibility of the nuclear security guarantees that state may provide to other states would be undermined—a second strike would no longer be assured.
States that formerly benefited from nuclear security guarantees could decide to pursue security through alternative ways and means, including significantly increasing their investments in conventional capabilities and force structure, or pursuing nuclear weapons development programs. The former could lead to arms races that destabilize regional subsystems, and the latter would further complicate global nuclear dynamics as states abandon their commitments to the Nuclear Non-Proliferation Treaty.
Are cyber intrusion revelations and these consequences plausible? The recent discovery and disclosure that North Korea compromised a Russian missile engineering company, and a “natural experiment” in which the commitment of the nuclear umbrella was called into question, suggests that they are. This should further incentivize nuclear states to cultivate an explicit norm that declares the nuclear weapons enterprise a “no touch” zone for cyber campaigns.
Fischerkeller concludes:
A scenario in which a nuclear weapons enterprise is compromised through cyber ways and means might even turn proliferation optimists into pessimists. In 1990, John Mearsheimer considered alternative futures for Europe following the collapse of the Soviet empire and proposed that the least dangerous scenario for maintaining peace in Europe was one in which nuclear weapons proliferate in Europe through a well-managed process overseen by the then-nuclear powers. Importantly, however, Mearsheimer commented that “it is not likely that proliferation would be well-managed.” Moreover, he commented that “proliferation is more likely to happen under disadvantageous international conditions than in a period of calm,” which in turn places an even greater burden on management.
It is likely that the disclosure, accidental or otherwise, of a cyber-enabled disruption would be an unexpected and thus a “sudden” event, as are the disclosures of most significant cyber campaigns/operations. This, coupled with the reality that several states that currently enjoy security guarantees are nuclear latent states, suggests that a revelation could result in unanticipated and rapid proliferation, thereby putting managed proliferation at risk. Additionally, the poor state of relations between the U.S. and China and the U.S and Russia, and the hostility between Europe and Russia and many Indo-Pacific countries and China, arguably represents “disadvantageous international conditions” and thus further strains managed proliferation.
For over a decade, states have been experimenting in and through cyberspace to identify novel cyber ways and means short of threats and uses of force to secure and/or advance their national interests in a geopolitical condition of competition. A successful compromise of another’s nuclear weapons enterprise in competition carries with it the risk of discovery and disclosure, which in turn could fuel global geostrategic instability, a significant consequence that has received little attention. States could, of course, seek to reassure allies about technical reliability much as they do with credibility of will. Alternatively, there ought to be reinvigorated efforts to develop an explicit nuclear power agreement to forego cyber campaigning in competition that targets nuclear weapons enterprises. Credible nuclear possession is vitally important for the U.S., China, and Russia, and thus the basis for formally negotiated parameters ought to be viable.
