14 May 2021

How Cyber Ops Increase the Risk of Accidental Nuclear War

By GEORGE PERKOVICH and ARIEL LEVITE

The risk of the United States and China going to war, leading to a nuclear exchange, is growing by the day. Cyber operations by either or both countries increase the risk significantly, as each side is tempted to use cyber tools to gain warning and an early edge in a crisis.

China’s arms buildup and assertiveness in the South and East China seas and its intimidation of Taiwan are animating calls in Washington to reinforce U.S. commitments and military power, including shifting from long-standing “strategic ambiguity” regarding the defense of Taiwan. The risk of “accidental” war is even higher, with collisions in the air or at sea leading to skirmishes that could escalate as leaders feel they must show their resolve and strength. China could use cyber operations to help neutralize the United States’ projection of conventional forces into China’s vicinity and in the process could become entangled with U.S. command and control systems that also are important for nuclear forces.

The U.S. has thousands more nuclear weapons than China does and an array of precise conventional strike weapons and missile defenses that threaten Beijing’s ability to strike back. Unlike with Russia, the United States has never agreed to base its strategic relationship with China on mutual vulnerability – the Reagan-Gorbachev idea that a nuclear war between them could not be won and so must never be fought.

Chinese analysts worry that the U.S. will thus use cyber operations to help pre-emptively destroy China’s nuclear deterrent before it could be used. Conversely, the United States worries that China might use cyber attacks to disable America’s advantage in nuclear forces. This is a classic security dilemma: each side feels it is acting defensively to blunt threats posed by the other and both feel less secure as a result.

Five factors exacerbate the dilemma. First, secrecy shrouds both sides’ nuclear arsenals and especially the systems of satellites, radars, and communication networks they use to command and control their nuclear weapons. Second, it is inherently difficult if not impossible to know whether a cyber intrusion is just to gather intelligence or is a precursor to a disabling attack. Third, parts of both countries’ command-and-control systems serve both conventional military and nuclear functions. An attack to disable these systems in a skirmish could be easily misinterpreted as a prelude to a nuclear strike. Fourth, the effects of cyber operations are inherently difficult to control – malware can go to unintended places and do unexpected harm. Fifth, cyber warriors and nuclear warriors operate in siloes and rarely work together; cyber warriors, especially, may not understand how their actions on the digital battlefield could look to the other side’s nuclear warriors and senior leaders.

Taken together, these factors create a serious possibility that cyber operations in and around U.S. and Chinese nuclear command-and-control systems could trigger responses that would inadvertently escalate a conventional conflict into a nuclear one. After a four-year collaborative research project with Chinese counterparts, we concluded that there is no way to eliminate this risk, but that both sides share interests in pursuing measures to reduce it.

Most importantly, senior political leaders on each side must have particularly close oversight of cyber operations that involve penetrating highly sensitive systems (whether to intelligence or prepare for military operations). They must assume that these operations will eventually be discovered and assess accordingly how their adversaries would likely react (and how they would if the situations were reversed). Leaders also need to ask whether the precedent of a potential cyber operation would strengthen or weaken international norms that both countries should seek to solidify rather than weaken.

To better inform themselves, both leaderships should mandate that independent “red teams” assess the risks of sensitive cyber operations. It’s too dangerous to let the proposers or conductors of such operations review themselves. Red teaming must consider the possibility and consequences that cyber weapons may spread more than intended and could be reverse engineered for use against one’s own government, businesses, or friends.

China and the United States don’t need to wait for one another to take these steps. Doing this unilaterally, and quickly, will lower the likelihood of an accidental nuclear war that could destroy them both. Ideally, both leaderships – as representatives of great powers – will overcome their political inhibitions and agree to have adult conversations about what more they can do. The longer they wait, the greater the responsibility they will bear for the war that could come.

No comments: