How Cyber Ops Increase the Risk of Accidental Nuclear War
Five factors exacerbate a U.S.-Chinese security dilemma.
The risk of the United States and China going to war, leading to a nuclear exchange, is growing by the day. Cyber operations by either or both countries increase the risk significantly, as each side is tempted to use cyber tools to gain warning and an early edge in a crisis.China’s arms buildup and assertiveness in the South and East China seas and its intimidation of Taiwan are animating calls in Washington to reinforce U.S. commitments and military power, including shifting from long-standing “strategic ambiguity” regarding the defense of Taiwan. The risk of “accidental” war is even higher, with collisions in the air or at sea leading to skirmishes that could escalate as leaders feel they must show their resolve and strength. China could use cyber operations to help neutralize the United States’ projection of conventional forces into China’s vicinity and in the process could become entangled with U.S. command and control systems that also are important for nuclear forces.
The U.S. has thousands more nuclear weapons than China does and an array of precise conventional strike weapons and missile defenses that threaten Beijing’s ability to strike back. Unlike with Russia, the United States has never agreed to base its strategic relationship with China on mutual vulnerability – the Reagan-Gorbachev idea that a nuclear war between them could not be won and so must never be fought.
Chinese analysts worry that the U.S. will thus use cyber operations to help pre-emptively destroy China’s nuclear deterrent before it could be used. Conversely, the United States worries that China might use cyber attacks to disable America’s advantage in nuclear forces. This is a classic security dilemma: each side feels it is acting defensively to blunt threats posed by the other and both feel less secure as a result.
Five factors exacerbate the dilemma. First, secrecy shrouds both sides’ nuclear arsenals and especially the systems of satellites, radars, and communication networks they use to command and control their nuclear weapons. Second, it is inherently difficult if not impossible to know whether a cyber intrusion is just to gather intelligence or is a precursor to a disabling attack. Third, parts of both countries’ command-and-control systems serve both conventional military and nuclear functions. An attack to disable these systems in a skirmish could be easily misinterpreted as a prelude to a nuclear strike. Fourth, the effects of cyber operations are inherently difficult to control – malware can go to unintended places and do unexpected harm. Fifth, cyber warriors and nuclear warriors operate in siloes and rarely work together; cyber warriors, especially, may not understand how their actions on the digital battlefield could look to the other side’s nuclear warriors and senior leaders.
Taken together, these factors create a serious possibility that cyber operations in and around U.S. and Chinese nuclear command-and-control systems could trigger responses that would inadvertently escalate a conventional conflict into a nuclear one. After a four-year collaborative research project with Chinese counterparts, we concluded that there is no way to eliminate this risk, but that both sides share interests in pursuing measures to reduce it.
Most importantly, senior political leaders on each side must have particularly close oversight of cyber operations that involve penetrating highly sensitive systems (whether to intelligence or prepare for military operations). They must assume that these operations will eventually be discovered and assess accordingly how their adversaries would likely react (and how they would if the situations were reversed). Leaders also need to ask whether the precedent of a potential cyber operation would strengthen or weaken international norms that both countries should seek to solidify rather than weaken.
To better inform themselves, both leaderships should mandate that independent “red teams” assess the risks of sensitive cyber operations. It’s too dangerous to let the proposers or conductors of such operations review themselves. Red teaming must consider the possibility and consequences that cyber weapons may spread more than intended and could be reverse engineered for use against one’s own government, businesses, or friends.
China and the United States don’t need to wait for one another to take these steps. Doing this unilaterally, and quickly, will lower the likelihood of an accidental nuclear war that could destroy them both. Ideally, both leaderships – as representatives of great powers – will overcome their political inhibitions and agree to have adult conversations about what more they can do. The longer they wait, the greater the responsibility they will bear for the war that could come.
How Cyber Ops Increase the Risk of Accidental Nuclear War
Five factors exacerbate a U.S.-Chinese security dilemma.
www.defenseone.com
China-U.S. Cyber-Nuclear C3 Stability
The impact of cyber on nuclear stability is one of the most forward-looking and strategic topics in the current international security field. The Shanghai Institutes for International Studies (SIIS) and Carnegie Endowment for International Peace (CEIP) have conducted a joint study around this topic, aiming to provide a reference for the establishment of cyber and nuclear stability mechanisms among nuclear states.Cyber attacks on nuclear command, control, and communications (NC3) systems have become a potential source of conflict escalation among nuclear powers. Yet major powers have not established effective risk-reduction mechanisms in this regard. While information technology strengthens nuclear strategic forces in many ways, including the modernization of NC3, it also poses an increasingly serious cyber threat to nuclear command and control systems. Cyber operations against the strategic command and control systems of nuclear states—including those probing major vulnerabilities in the command and control systems and satellite communications systems, cyber threats from third parties, and the lack of strategic trust in cyberspace—have exacerbated the impact of cybersecurity on nuclear stability.
Because of the unique nature of nuclear weapons, any cyber incidents concerning nuclear weapons would cause state alarm, anxiety, confusion, and erode state confidence in the reliability and integrity of nuclear deterrent. Cyber attacks against a nuclear command and control system would expose the attacked state to significant pressure to escalate conflict and even use nuclear weapons before its nuclear capabilities are compromised. At the same time, compared to the mature experience and full-fledged mechanisms in nuclear deterrence, crisis management, and conflict escalation/de-escalation among the traditional nuclear powers, states not only lack a comprehensive and accurate perception of the threat posed by cyber operations but also lack consensus on crisis management and conflict de-escalation initiatives.
Given that not enough attention has been paid to this new type of threat on the agenda of security dialogue between nuclear powers, SIIS and CEIP launched a joint research project on cyber and nuclear stability in U.S.-China relations in 2017, focusing on exploring the possibility of building consensus and agreement among nuclear states. It is hoped that the cyber-nuclear nexus will awaken national policymakers to the urgency of maintaining cyber stability and that nuclear states will fully recognize the dangers of cyber attacks and their respective vulnerabilities to such attacks, and thus take steps to reduce nuclear instability accompanying advancing cyber technologies and prevent nuclear war.
China and the United States are cyber powers with nuclear strategic capabilities. While the United States and China have differences of interests and priorities in cyberspace, there is still common interest in dialogue and cooperation for stability. I note that before taking office, U.S. President Joe Biden asked five questions about science and technology policy, including one on how the United States can “ensure the long-term health of U.S. science and technology.”1 China’s President Xi Jinping has repeatedly stressed the need to “ensure that the more than 1.3 billion Chinese people and people across the world can all enjoy the benefits of Internet development.”2 Obviously, with today’s evolving information technology, it is in the interest of both countries to avoid war and reduce conflicts that may escalate into war, and it is both the international responsibility of major powers and the common expectation of the international community. Hopefully, this joint study will promote in-depth dialogue and security cooperation between China and the United States and establish a corresponding workable and professional mechanism.
This joint study is a rigorous academic research project, a joint achievement of the Chinese and American research teams. The two teams have worked together for four years, with international seminars (in Shanghai on January 13, 2018, and in Beijing on March 25, 2019), working group meetings (in Washington on March 20, 2017, and in Beijing on June 4, 2017, October 24, 2018, and November 5, 2019, respectively), and more than ten online seminars. During this period, experts in relevant fields and government departments were closely consulted. Based on the final draft in English, teams from both sides translated, revised, and proofread word by word to form the final joint publication in English and Chinese.
This is an important joint study released by two prominent think tanks in China and the United States, hoping to improve mutual understanding between China and the United States on each other’s security concerns, interests and solutions to problems, promote stability in China-U.S. relations, and facilitate the healthy development of overall China-U.S. relations. I also believe it has important reference value for the two governments on how to bridge differences and forge consensus in sensitive areas. I would like to congratulate the research teams on their achievement and, in particular, thank the CEIP research team for their tireless efforts to travel between the United States and China many times and work closely with the Chinese research team. I also hope that SIIS and Carnegie will continue to conduct joint research around U.S.-China cybersecurity issues and make greater contributions to U.S.-China relations. As always, SIIS is grateful for financial support from the China-United States Exchange Foundation (CUSEF) to help SIIS taskforces conduct joint research on U.S.-China relations, including this pathbreaking work with CEIP.
China-U.S. Cyber-Nuclear C3 Stability
Cyber threats to nuclear command, control, and communications systems (NC3) attract increasing concerns. Carnegie and partners have developed a platform of unclassified knowledge to enable U.S.-China engagement on this issue.
carnegieendowment.org
Full Report
