“The more connected we get, the more we need to be concerned about security. The more we depend on technology, the more we need to be concerned about its reliability.” – Vint Cerf
Each aspect of society is at risk from cyber-based dangers, including the financial sector, the entertainment industry, department stores, and insurance organizations. When it comes to cyberattacks on their most important systems, governments face an even more serious threat. A successful cyberattack on a nuclear weapon or related system, such as a nuclear weapon, a delivery system, or the accompanying Nuclear Command, Control, and Communications (NC3) systems, might have existential repercussions.
Attacks on key infrastructure could have extreme implications. Cyberattacks could result in false attack warnings, disrupt access to information or vital communications, undermine nuclear delivery or planning systems, or even let an enemy gain control of a nuclear weapon. The resilience of nuclear systems may be negatively impacted by the increased use of digital technology. In historically resilient systems, like submarines or mobile missile launchers, new technology can improve performance and dependability but it can also create new vulnerabilities.
Although there haven’t been any known public cyberattacks on nuclear weapons systems, past occurrences give us some idea of what can happen. For instance, in 1980, missiles were detected to be heading for the USA by warning systems. The warning turned out to be a false alarm brought on by a defective computer chip in the minutes before the President would have had to issue an order for retaliation. More recently, in 2010, a computer system malfunction caused 50 nuclear-armed missiles to go down for about an hour. These missiles were based in Wyoming.
These are the kinds of occurrences that, particularly in times of crisis or conflict, could push leaders to the point of deciding to launch a nuclear attack based on incomplete intelligence and weaken their trust in military systems, which is necessary to prevent a serious error.
Everyone has an interest in averting a cyber-attack that either triggers a nuclear launch or explosion or that precedes, exacerbates, and intensifies a nuclear catastrophe. Therefore, the most urgent need is to bring nuclear-armed states together and seek consensus on preventing the most hazardous dynamics offered by the new cyber threat.
The human factor is also a significant concern in terms of cyber threats to nuclear weapons. In 2016, a security researcher discovered that the Minuteman III intercontinental ballistic missile system used an unsecured communications protocol that made it vulnerable to hacking. This vulnerability was caused by an insider who deliberately inserted the insecure protocol into the system.
Another potential cyber threat to nuclear weapons is through supply chain attacks, where attackers compromise the security of a third-party vendor or supplier that provides critical components or software to the nuclear weapons system. In 2017, malware known as “NotPetya” was able to spread globally through supply chain attacks, affecting several companies and causing billions of dollars in damage.
North Korean hackers have been linked to several cyber-attacks on nuclear-related targets. In 2014, a South Korean nuclear power plant operator was hacked, resulting in the leak of blueprints and other sensitive information. In 2017, a cyber-attack on a South Korean defense contractor resulted in the theft of sensitive military information, including plans for joint military exercises with the USA. These incidents demonstrate the potential for cyber threats to physically damage critical infrastructure and the need to maintain robust cybersecurity measures and regularly assess and address potential vulnerabilities in nuclear weapons management systems.
In 2013, a report by the International Institute for Strategic Studies (IISS) highlighted the vulnerabilities in Pakistan’s nuclear programme to cyber-attacks. The report stated that Pakistan had invested relatively little in cybersecurity and relied on outdated technology, making its nuclear facilities vulnerable to cyber-attacks. In 2014, a group of hackers claiming to be from India breached the computer systems of the Pakistan Atomic Energy Commission (PAEC) and leaked sensitive information. The attack was believed to be part of a larger cyber espionage campaign targeting Indian and Pakistani government agencies.
In 2015, the FBI arrested a Pakistani national in the USA who was attempting to sell sensitive information about Pakistan’s nuclear programme to an undercover FBI agent. The individual had previously worked as a contractor at Pakistan’s Chashma nuclear power plant.
These incidents suggest that Pakistan’s nuclear programme is vulnerable to cyber threats and underscore the need for robust cybersecurity measures. However, it is important to note that Pakistan has a policy of maintaining a low profile on its nuclear weapons programme and does not publicly disclose details about its nuclear arsenal or its security measures. Therefore, the extent of cyber threats to Pakistan’s nuclear weapons programme remains largely unknown. The consequences of a successful cyber-attack could be catastrophic, resulting in physical damage, loss of life, and potentially even nuclear war. A concerted global effort will be needed to address the cyber danger of nuclear weapons.
Everyone has an interest in averting a cyber-attack that either triggers a nuclear launch or explosion or that precedes, exacerbates, and intensifies a nuclear catastrophe. Therefore, the most urgent need is to bring nuclear-armed states together and seek consensus on preventing the most hazardous dynamics offered by the new cyber threat.
