Cyber Battles, Nuclear
Outcomes?
Dangerous New Pathways to Escalation
November 2019
By Michael T. Klare
In January 2018, details of
the Trump administration’s Nuclear Posture Review (NPR) were posted online by
the Huffington Post, provoking widespread alarm over what were viewed as
dangerous shifts in U.S. nuclear policy. Arousing most concern was a call for
the acquisition of several types of low-yield nuclear weapons, a proposal
viewed by many analysts as increasing the risk of nuclear weapons use.
A U.S. F-22 fighter shadows
a Russian Tu-95 bomber on May 20 in international airspace near Alaska.
Aircraft and missile detection systems rely heavily on electronic
communications, making them potential targets for cyberwarfare. (Photo: NORAD)
Another initiative
incorporated in the strategy document also aroused concern: the claim that an
enemy cyberattack on U.S. nuclear command, control, and communications (NC3)
facilities would constitute a “non-nuclear strategic attack” of sufficient
magnitude to justify the use of nuclear weapons in response.
Under the Obama
administration’s NPR report, released in April 2010, the circumstances under
which the United States would consider responding to non-nuclear attacks with
nuclear weapons were said to be few. “The United States will continue to…reduce
the role of nuclear weapons in deterring non-nuclear attacks,” the report
stated. Although little was said about what sort of non-nuclear attacks might
be deemed severe enough to justify a nuclear response, cyberstrikes were not
identified as one of these. The 2018 NPR report, however, portrayed a very
different environment, one in which nuclear combat is seen as increasingly
possible and in which non-nuclear strategic threats, especially in cyberspace,
were viewed as sufficiently menacing to justify a nuclear response. Speaking of
Russian technological progress, for example, the draft version of the Trump
administration’s NPR report stated, “To…correct any Russian misperceptions of
advantage, the president will have an expanding range of limited and graduated [nuclear]
options to credibly deter Russian nuclear or non-nuclear strategic attacks,
which could now include attacks against U.S. NC3, in space and cyberspace.”1
The notion that a
cyberattack on U.S. digital systems, even those used for nuclear weapons, would
constitute sufficient grounds to launch a nuclear attack was seen by many
observers as a dangerous shift in policy, greatly increasing the risk of
accidental or inadvertent nuclear escalation in a crisis. “The entire
broadening of the landscape for nuclear deterrence is a very fundamental step
in the wrong direction,” said former Secretary of Energy Ernest Moniz. “I think
the idea of nuclear deterrence of cyberattacks, broadly, certainly does not
make any sense.”2
Despite such admonitions,
the Pentagon reaffirmed its views on the links between cyberattacks and nuclear
weapons use when it released the final version of the NPR report in February
2018. The official text now states that the president must possess a spectrum of
nuclear weapons with which to respond to “attacks against U.S. NC3,” and it
identifies cyberattacks as one form of non-nuclear strategic warfare that could
trigger a nuclear response.
That cyberwarfare had risen
to this level of threat, the 2018 NPR report indicated, was a product of the
enhanced cybercapabilities of potential adversaries and of the creeping
obsolescence of many existing U.S. NC3 systems. To overcome these
vulnerabilities, it called for substantial investment in an upgraded NC3
infrastructure. Not mentioned, however, were extensive U.S. efforts to employ
cybertools to infiltrate and potentially incapacitate the NC3 systems of likely
adversaries, including Russia, China, and North Korea.
For the past several years,
the U.S. Department of Defense has been exploring how it could employ its own
very robust cyberattack capabilities to compromise or destroy enemy missiles
from such states as North Korea before they can be fired, a strategy sometimes
called “left of launch.”3 Russia and China can assume, on this basis, that
their own launch facilities are being probed for such vulnerabilities,
presumably leading them to adopt escalatory policies such as those espoused in
the 2018 NPR report. Wherever one looks, therefore, the links between cyberwar
and nuclear war are growing.
The Nuclear-Cyber Connection
These links exist because
the NC3 systems of the United States and other nuclear-armed states are heavily
dependent on computers and other digital processors for virtually every aspect
of their operation and because those systems are highly vulnerable to cyberattack.
Every nuclear force is composed, most basically, of weapons, early-warning
radars, launch facilities, and the top officials, usually presidents or prime
ministers, empowered to initiate a nuclear exchange. Connecting them all,
however, is an extended network of communications and data-processing systems,
all reliant on cyberspace. Warning systems, ground- and space-based, must
constantly watch for and analyze possible enemy missile launches. Data on
actual threats must rapidly be communicated to decision-makers, who must then
weigh possible responses and communicate chosen outcomes to launch facilities,
which in turn must provide attack vectors to delivery systems. All of this
involves operations in cyberspace, and it is in this domain that great power
rivals seek vulnerabilities to exploit in a constant struggle for advantage.
The use of cyberspace to
gain an advantage over adversaries takes many forms and is not always aimed at
nuclear systems. China has been accused of engaging in widespread cyberespionage
to steal technical secrets from U.S. firms for economic and military
advantages. Russia has been accused, most extensively in the Robert Mueller
report, of exploiting cyberspace to interfere in the 2016 U.S. presidential
election. Nonstate actors, including terrorist groups such as al Qaeda and the
Islamic State group, have used the internet for recruiting combatants and
spreading fear. Criminal groups, including some thought to be allied with state
actors, such as North Korea, have used cyberspace to extort money from banks,
municipalities, and individuals.4 Attacks such as these occupy most of the time
and attention of civilian and military cybersecurity organizations that attempt
to thwart such attacks. Yet for those who worry about strategic stability and
the risks of nuclear escalation, it is the threat of cyberattacks on NC3
systems that provokes the greatest concern.
Gen. Paul M. Nakasone,
commander of U.S. Cyber Command, testifies during a Senate Armed Services
Committee hearing on February 14. He warned that China and Russia are
conducting sustained cybercampaigns against the United States. (Photo: Mark
Wilson/Getty Images)
This concern stems from the
fact that, despite the immense effort devoted to protecting NC3 systems from
cyberattack, no enterprise that relies so extensively on computers and
cyberspace can be made 100 percent invulnerable to attack. This is so because
such systems employ many devices and operating systems of various origins and
vintages, most incorporating numerous software updates and “patches” over time,
offering multiple vectors for attack. Electronic components can also be
modified by hostile actors during production, transit, or insertion; and the
whole system itself is dependent to a considerable degree on the electrical
grid, which itself is vulnerable to cyberattack and is far less protected.
Experienced “cyberwarriors” of every major power have been working for years to
probe for weaknesses in these systems and in many cases have devised
cyberweapons, typically, malicious software (malware) and computer viruses, to
exploit those weaknesses for military advantage.5
Although activity in
cyberspace is much more difficult to detect and track than conventional
military operations, enough information has become public to indicate that the
major nuclear powers, notably China, Russia, and the United States, along with
such secondary powers as Iran and North Korea, have established extensive
cyberwarfare capabilities and engage in offensive cyberoperations on a regular
basis, often aimed at critical military infrastructure. “Cyberspace is a
contested environment where we are in constant contact with adversaries,”
General Paul M. Nakasone, commander of the U.S. Cyber Command (Cybercom), told
the Senate Armed Services Committee in February 2019. “We see near-peer
competitors [China and Russia] conducting sustained campaigns below the level
of armed conflict to erode American strength and gain strategic advantage.”
Although eager to speak of
adversary threats to U.S. interests, Nakasone was noticeably but not
surprisingly reluctant to say much about U.S. offensive operations in
cyberspace. He acknowledged, however, that Cybercom took such action to disrupt
possible Russian interference in the 2018 midterm elections. “We created a
persistent presence in cyberspace to monitor adversary actions and crafted
tools and tactics to frustrate their efforts,” he testified in February.
According to press accounts, this included a cyberattack aimed at paralyzing
the Internet Research Agency, a “troll farm” in St. Petersburg said to have
been deeply involved in generating disruptive propaganda during the 2016
presidential elections.6
Other press investigations
have disclosed two other offensive operations undertaken by the United States.
One called “Olympic Games” was intended to disrupt Iran’s drive to increase its
uranium-enrichment capacity by sabotaging the centrifuges used in the process
by infecting them with the so-called Stuxnet virus. Another left of launch
effort was intended to cause malfunctions in North Korean missile tests.7 Although not aimed at either of the U.S.
principal nuclear adversaries, those two attacks demonstrated a willingness and
capacity to conduct cyberattacks on the nuclear infrastructure of other states.
Efforts by strategic rivals
of the United States to infiltrate and eventually degrade U.S. nuclear
infrastructure are far less documented but thought to be no less prevalent.
Russia, for example, is believed to have planted malware in the U.S. electrical
utility grid, possibly with the intent of cutting off the flow of electricity
to critical NC3 facilities in the event of a major crisis.8 Indeed, every major power, including the United
States, is believed to have crafted cyberweapons aimed at critical NC3
components and to have implanted malware in enemy systems for potential use in
some future confrontation.
Pathways to Escalation
Knowing that the NC3 systems
of the major powers are constantly being probed for weaknesses and probably
infested with malware designed to be activated in a crisis, what does this say
about the risks of escalation from a nonkinetic battle, that is, one fought
without traditional weaponry, to a kinetic one, at first using conventional
weapons and then, potentially, nuclear ones? None of this can be predicted in
advance, but those analysts who have studied the subject worry about the
emergence of dangerous new pathways for escalation. Indeed, several such
scenarios have been identified.9
The first and possibly most
dangerous path to escalation would arise from the early use of cyberweapons in
a great power crisis to paralyze the vital command, control, and communications
capabilities of an adversary, many of which serve nuclear and conventional
forces. In the “fog of war” that would naturally ensue from such an encounter,
the recipient of such an attack might fear more punishing follow-up kinetic
attacks, possibly including the use of nuclear weapons, and, fearing the loss
of its own arsenal, launch its weapons immediately. This might occur, for
example, in a confrontation between NATO and Russian forces in east and central
Europe or between U.S. and Chinese forces in the Asia-Pacific region.
Speaking of a possible
confrontation in Europe, for example, James N. Miller Jr. and Richard Fontaine
wrote that “both sides would have overwhelming incentives to go early with
offensive cyber and counter-space capabilities to negate the other side’s
military capabilities or advantages.” If these early attacks succeeded, “it
could result in huge military and coercive advantage for the attacker.” This
might induce the recipient of such attacks to back down, affording its rival a
major victory at very low cost. Alternatively, however, the recipient might
view the attacks on its critical command, control, and communications
infrastructure as the prelude to a full-scale attack aimed at neutralizing its
nuclear capabilities and choose to strike first. “It is worth considering,”
Miller and Fontaine concluded, “how even a very limited attack or incident
could set both sides on a slippery slope to rapid escalation.”10
U.S. servicemen conduct a
defensive cyberoperations exercise at Ramstein Air Base, Germany, on March 8.
(U.S. Air Force photo by Master Sgt. Renae Pittman)
What makes the insertion of
latent malware in an adversary’s NC3 systems so dangerous is that it may
not even need to be activated to increase the risk of nuclear escalation. If a
nuclear-armed state comes to believe that its critical systems are infested
with enemy malware, its leaders might not trust the information provided by its
early-warning systems in a crisis and might misconstrue the nature of an enemy
attack, leading them to overreact and possibly launch their nuclear weapons out
of fear they are at risk of a preemptive strike.
“The uncertainty caused by
the unique character of a cyber threat could jeopardize the credibility of the
nuclear deterrent and undermine strategic stability in ways that advances in
nuclear and conventional weapons do not,” Page O. Stoutland and Samantha
Pitts-Kiefer wrote in 2018 paper for the Nuclear Threat Initiative. “[T]he
introduction of a flaw or malicious code into nuclear weapons through the
supply chain that compromises the effectiveness of those weapons could lead to
a lack of confidence in the nuclear deterrent,” undermining strategic
stability.11 Without confidence in the reliability of its
nuclear weapons infrastructure, a nuclear-armed state may misinterpret
confusing signals from its early-warning systems and, fearing the worst, launch
its own nuclear weapons rather than lose them to an enemy’s first strike. This
makes the scenario proffered in the 2018 NPR report, of a nuclear response to
an enemy cyberattack, that much more alarming.
Yet another pathway to
escalation could arise from a cascading series of cyberstrikes and
counterstrikes against vital national infrastructure rather than on military
targets. All major powers, along with Iran and North Korea, have developed and
deployed cyberweapons designed to disrupt and destroy major elements of an
adversary’s key economic systems, such as power grids, financial systems, and
transportation networks. As noted, Russia has infiltrated the U.S. electrical
grid, and it is widely believed that the United States has done the same in
Russia.12 The Pentagon has also devised a plan known as
“Nitro Zeus,” intended to immobilize the entire Iranian economy and so force it
to capitulate to U.S. demands or, if that approach failed, to pave the way for
a crippling air and missile attack.13
The danger here is that
economic attacks of this sort, if undertaken during a period of tension and
crisis, could lead to an escalating series of tit-for-tat attacks against ever
more vital elements of an adversary’s critical infrastructure, producing
widespread chaos and harm and eventually leading one side to initiate kinetic
attacks on critical military targets, risking the slippery slope to nuclear
conflict. For example, a Russian cyberattack on the U.S. power grid could
trigger U.S. attacks on Russian energy and financial systems, causing widespread
disorder in both countries and generating an impulse for even more devastating
attacks. At some point, such attacks “could lead to major conflict and possibly
nuclear war.”14
These are by no means the
only pathways to escalation resulting from the offensive use of cyberweapons.
Others include efforts by third parties, such as proxy states or terrorist organizations,
to provoke a global nuclear crisis by causing early-warning systems to generate
false readings (“spoofing”) of missile launches. Yet, they do provide a clear
indication of the severity of the threat. As states’ reliance on cyberspace
grows and cyberweapons become more powerful, the dangers of unintended or
accidental escalation can only grow more severe.
‘Defending Forward’
Under these circumstances,
one would think the major powers would seek to place restrictions on the use of
offensive cyberweapons, especially those aimed at critical NC3 systems. This
approach, however, is not being pursued by the United States and the other
major powers.
Under the Obama
administration, the Department of Defense was empowered to conduct offensive
cyberstrikes on foreign states and entities in response to like attacks on the
United States, but any such moves required high-level review by the White House
and were rarely approved. This approach was embedded in Presidential Policy
Directive 20 (PPD-20), adopted in October 2012, which states that any
cyberaction that might result in “significant consequences,” such as loss of
life or adverse foreign policy impacts, required “specific presidential
approval.”
Officials in the Trump
administration found this requirement unduly restrictive and so persuaded the
president to rescind PPD-20 and replace it with a more permissive measure. The
resulting document, National Security Presidential Memorandum 13 (NSPM-13), was
approved in September 2018 but has not been made public. From what is known of
NSPM-13, senior military commanders, such as Nakasone, enjoy preapproval to
undertake offensive strikes against foreign entities under certain specified
conditions without further White House clearance. In accordance with the new policy,
military planners can prepare for offensive cyberattacks by seeking
vulnerabilities in adversarial computer networks and by implanting malware in
these weak spots for potential utilization if a retaliatory strike is
initiated.15
As translated into formal
military doctrine, this approach is described as “defending forward,” or
seeking out the originators of cyberattacks aimed at this country and
neutralizing them through counterstrikes and the insertion of malware for
future activation. “Defending forward as close as possible to the origin of
adversary activity extends our reach to expose adversaries’ weaknesses, learn
their intentions and capabilities, and counter attacks close to their origins.”16
In embracing this strategy,
Nakasone and other senior officials insist that their intention is defensive:
to protect U.S. cyberspace against attack and deter future assaults by letting
opponents know their own systems will be crippled if they persist in malicious
behavior. “For any nation that’s taking cyber activity against the United
States,” said National Security Advisor John Bolton when announcing the
adoption of NSPM-13, “they should expect…we will respond offensively as well as
defensively.”17 For any potential adversary following these developments,
defending forward will certainly be interpreted as preparation for offensive
strikes in the event of a crisis, inviting stepped up defensive and offensive
moves on their part.
Much less is known about the
strategic cyberwar policies of other powers, but they likely parallel those of
the United States. China, for example, has long been known to employ cyberspace
to spy on U.S. military technological capabilities and steal what they can for
use in developing their own weapons systems. Russia has been even more
aggressive in its use of cyberspace, employing cyberweapons to cripple
Ukraine’s electrical grid in 2015 and to influence elections. That Moscow has
also sought to infiltrate the U.S. electrical grid suggests that it too intends
to defend forward, by preparing for possible cyberattacks on U.S. command,
control, and communications capabilities, including NC3 facilities.
Although occurring largely
in secret, what can aptly be called “an arms race in cyberspace” is underway.
Where this might lead is difficult to foresee, but it is certain to involve the
development of ever more potent cyberweapons. Each nuclear power will seek to
enhance its defenses against future cyberattack. Yet, just as is the case in
missile warfare, it is easier and cheaper to devise new offensive cybersystems
than defensive ones. In the event of a crisis, then, there will be a strong
temptation to employ the new technologies early in the encounter, when they
might be used to maximum effect, setting in motion an escalatory process
resulting in nuclear weapons use. As noted, the mere fact that disruptive
malware is known to have been embedded in the vital command-and-control systems
of a nuclear power could lead it to distrust its early-warning and intelligence
systems and, in a panicky response to ambiguous signals, assume the worst and
launch its nuclear weapons.
Arms Control in Cyberspace
Given the various ways in
which conflict in cyberspace could result in nuclear weapons use, steps must be
taken to minimize the risk of escalation from one domain to the other, but
conceiving of agreements to curb malicious and escalatory behavior in
cyberspace is no easy task. Computer software cannot readily be classified and
counted the way planes and missiles can, and states do not agree on definitions
of offensive and defensive cyberweapons, let alone on measures to control them.
Nevertheless, some efforts have been made to develop rules and protocols to
restrain the destabilizing use of cybertechnologies, and these provide a
framework for further consideration.
French President Emmanuel
Macron speaks November 12, 2018 at the Internet Governance Forum in Paris,
where he introduced the “Paris Call for Trust and Security in Cyberspace."
The call for international cooperation has been signed by more than 50 nations,
but not the United States. (Photo: Ludovic Marin/AFP/Getty Images)
Perhaps the most extensive
effort to adopt rules for acceptable behavior in cyberspace has been undertaken
by the United Nations, in accordance with a series of General Assembly
resolutions on the topic. This process first gained momentum in December 2011,
when that body, “expressing concern” that emerging cybertechnologies “can potentially
be used for purposes that are inconsistent with the objectives of maintaining
international stability and security,” established a group of governmental
experts to assess the dangers in cyberspace and consider “possible cooperative
measures to address them, including norms, rules, or principles of responsible
behavior of States.”18
In its initial report, released
in June 2013, the experts group warned of increasing threats to the safety of
what it described as the realm of information and communications technology
(ICT). “States are concerned,” it noted, “that embedding harmful hidden
functions in ICTs could be used in ways that affect secure and reliable ICT
use…and damage national security.” With this in mind, it affirmed a basic
principle: “International law, and in particular the Charter of the United
Nations, is applicable” in the ICT domain. On this basis, it called on member
states to work together in “the application of norms derived from existing
international law relevant to the use of ICTs.” Furthermore, as part of this
effort, it recommended the crafting of confidence-building measures, such as
the creation of information-sharing mechanisms to investigate serious
cybersecurity incidents, aimed at minimizing the risk of unintended
consequences.19
As the evidence of dangerous
developments in cyberspace multiplied, UN General Assembly Resolution 68/243,
called for the formation of a new experts group to consider restraints on ICT
malpractice. That body released its report in July 2015, providing the most
comprehensive blueprint to date for the management of cyberspace. Building on
the earlier experts group report, it articulated a set of norms that should
govern behavior in this realm. Foremost among these was the precept that states
“should not conduct or knowingly support ICT activity contrary to its
obligations under international law that intentionally damages critical
infrastructure or otherwise impairs the use and operation of critical
infrastructure” of another country. Other norms articulated in the report
include the proviso that states should not allow their territory to be used for
“internationally wrongful acts using ICTs” and should seek to “prevent the
proliferation of malicious ICT tools and techniques and the use of harmful
hidden functions.”20
By articulating a set of
fundamental norms, the 2015 experts group report provides a useful starting point
for further consideration of arms control in cyberspace. Lacking any
decision-making authority, however, the UN group in advocating for those norms
called only for conversations among states on their implementation and the
adoption of “voluntary, non-binding norms” for responsible behavior. The
General Assembly, addressing the topic on several occasions since then, has
only reiterated the principles of the 2015 report and called on member states
to follow its guidance without achieving any obvious, genuine progress.
Several other initiatives
have been undertaken by states and nonstate entities to promote restraint in
cyberspace. In February 2017, Brad Smith, the president of Microsoft, called
for the formulation of a “Digital Geneva Convention,” modeled on the existing,
post-World War II Geneva Conventions, aimed at protecting civilians from the
negative consequences of cyberattacks.21 Some academics, including scholars at the Notre
Dame Institute for Advanced Study, have carried this notion further, calling
for the worldwide embrace of "cyberpeace" based on the adoption of
common norms and rules.22 “Just as the world’s governments came together
in 1949 to adopt the Fourth Geneva Convention to protect civilians in times of
war,” he declared, “we need a Digital Geneva Convention that will commit
governments to implement the norms that have been developed to protect
civilians on the internet in times of peace.”
President Emmanuel Macron of
France has advocated for similar measures at the international level. In
November 2018, he unveiled the “Paris Call for Trust and Security in
Cyberspace” at a major gathering in the French capital. Essentially a rewording
of past UN resolutions and the 2015 experts group report, it called for
international cooperation in reducing malicious behavior, especially cybercrime
and political warfare.23 Although signed by leaders of more than 50 countries,
including France, Germany, Italy, Japan, and the United Kingdom, President
Donald Trump refused to endorse the Paris call, presumably because it might
infringe on U.S. plans to employ cyberweapons in an offensive mode (no reasons
were provided for the U.S. refusal to sign).24
At this point, the
likelihood that the United States, Russia, and China will adopt and respect
international constraints on the use of cyberweapons aimed at the critical
information and communications systems of their adversaries appears virtually
nil. Nevertheless, it is vitally important that UN officials, industry figures,
and prominent national leaders continue to articulate such norms and call for
their adoption. Hopefully, these precepts will form the basis for binding
international agreements, when enough key governments are prepared to embrace
such measures. In the meantime, it is essential that policymakers and arms
control advocates pursue other routes to arms control in cyberspace.
Perhaps the most promising
approach in this regard is the adoption of formal or informal agreements to eschew
certain behaviors that would increase the risk of unintended or accidental
nuclear escalation. This would involve meetings between U.S. and Russian
officials, possibly under the auspices of the currently suspended Strategic
Stability Dialogue; between U.S. and Chinese officials; or possibly all three
together aimed at identifying certain rules of the road to which all sides
would agree to adhere, such as a ban on the implantation of malware in the NC3
systems of their adversaries.
A precedent for such high-level
accords is provided by U.S. President Barack Obama’s September 2015 agreement
with Chinese President Xi Jinping to bar the use of cyberspace for the theft of
intellectual property. Although there is widespread debate over the extent to
which China has abided by the 2015 accord, there is general agreement that it
did result for a time in a diminished level of Chinese cyberespionage in the
United States.25
Such an approach was
advanced by Stoutland and Pitts-Kieter in their 2018 study of cyberweapons and
nuclear stability. “As a priority first step,” they said, “the United States
should seek to initiate a bilateral dialogue with Russia” intended to “develop
mutual understanding on how cyber threats can affect deterrence and strategic
stability.” Such talks, they wrote, “should be held with a view toward
developing a shared understanding of our mutual interest in minimizing that
risk and identifying practical ways to address it bilaterally and
multilaterally.”26
At present, none of these
approaches for the control of cyberspace appears to be making any headway. As a
consequence, the arms race in cyberspace is rapidly gaining momentum, greatly
increasing the likelihood that future confrontations among the major powers will
entail the early use of sophisticated cyberweapons, magnifying the risk of
rapid and uncontrolled nuclear escalation. Because this danger has received far
less attention than other pathways to escalation, it is essential that
policymakers and arms control advocates devote far more effort to controlling
cyberspace than they have up until now.
ENDNOTES
1. U.S. Department of Defense, Nuclear Posture
Review (draft), January 2018, p. 17, at https://fas.org/nuke/guide/usa/npr2018-draft.pdf.
2. Aaron Mehta, “Nuclear Posture Review Draft Leaks,”
Defense News, January 12, 2018, https://www.defensenews.com/space/2018/01/12/nuclear-posture-review-draft-leaks-new-weapons-coming-amid-strategic-shift/.
3. For background on these efforts, see Andrew Futter,
“The Dangers of Using Cyberattacks to Counter Nuclear Threats,” Arms
Control Today, July/August 2016, pp. 8–14.
4. For a comprehensive assessment of the cyberweapons
threat in all its forms, see
David E. Sanger, The Perfect Weapon (New York: Crown, 2018).
David E. Sanger, The Perfect Weapon (New York: Crown, 2018).
5. For a thorough assessment of these vulnerabilities,
see Beyza Unal and Patricia Lewis, “Cybersecurity of Nuclear Weapons Systems,”
Chatham House, January 2018, https://www.chathamhouse.org/sites/default/files/publications/research/2018-01-11-cybersecurity-nuclear-weapons-unal-lewis-final.pdf.
6. Julian E. Barnes, “Cyberattack Neutralized Russian
Trolls as U.S. Voted,” The New York Times, February 27, 2019.
8. David E. Sanger, “Russian Hackers Train Focus on U.S.
Power Grid,” The New York Times, July 28, 2018.
9. For a summary of such scenarios, see Page O. Stoutland
and Samantha Pitts-Kiefer, “Nuclear Weapons in the New Cyber Age: Report of the
Cyber-Nuclear Weapons Study Group,” Nuclear Threat Initiative, September 2018,
p. 12, https://media.nti.org/documents/Cyber_report_finalsmall.pdf.
10. James N. Miller Jr. and Richard Fontaine, “A New Era
in U.S.-Russian Strategic Stability,” Harvard Kennedy School Belfer Center for
Science and International Affairs and the Center for a New American Security,
September 2017, p. 18, https://s3.amazonaws.com/files.cnas.org/documents/CNASReport-ProjectPathways-Finalb.pdf.
12. See Ivan Nechepurenko, “Kremlin Warns of Cyberwar
After Report of U.S. Hacking of Electrical Grid,” The New York Times,
July 18, 2019.
15. Zachary Fryer-Biggs, “The Pentagon Has Prepared a
Cyberattack Against Russia,” Daily Beast, November 2, 2018, https://www.thedailybeast.com/the-pentagon-has-prepared-a-cyber-attack-against-russia.
16. U.S. Cyber Command, “Achieve and Maintain Cyberspace Superiority:
Command Vision for U.S. Cyber Command,” n.d., https://www.cybercom.mil/Portals/56/Documents/USCYBERCOM%20Vision%20April%202018.pdf?ver=2018-06-14-152556-010 (released
April 2018).
April 2018).
19. UN General Assembly, “Group of Governmental Experts on
Developments in the Field of Information and Telecommunications in the Context
of International Security: Note by the Secretary-General,” A/68/98, June 24,
2013 (containing the report).
20. UN General Assembly, “Group of Governmental Experts on
Developments in the Field of Information and Telecommunications in the Context
of International Security: Note by the Secretary-General,” A/70/174, July 22,
2015 (containing the report).
21. Brad Smith, “The Need for a Digital Geneva
Convention,” Microsoft, February 14, 2017, https://blogs.microsoft.com/on-the-issues/2017/02/14/need-digital-geneva-convention/.
22. Scott Shackelford, "The Meaning of Cyber
Peace," Notre Dame Institute for Advanced Study, https://ndias.nd.edu/news-publications/ndias-quarterly/the-meaning-of-cyber-peace/.
23. “Paris Call for Trust and Security in Cyberspace,”
November 12, 2018, https://www.diplomatie.gouv.fr/IMG/pdf/paris_call_cyber_cle443433-1.pdf.
24. David E. Sanger, “U.S. Declines to Sign Macron
Declaration Against Cyberattacks,” The New York Times, November 13,
2018.
25. See Adam Segal, “Is China Still Stealing Western
Intellectual Property?” Council on Foreign Relations, September 26, 2018, https://www.cfr.org/blog/china-still-stealing-western-intellectual-property.
Michael T.
Klare is a professor emeritus of peace and world security studies at Hampshire College
and senior visiting fellow at the Arms Control Association. This is the fourth
in the “Arms Control Tomorrow” series, in which he considers disruptive
emerging technologies and their implications for war-fighting and arms control.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.