Q&A: Herbert Lin On Cyber Threats And Nuclear Weapons

Wednesday, January 5, 2022
Hoover Institution, Stanford University

By Jonathan Movroydis

Herbert Lin is the Hank J. Holland Fellow in Cyber Policy and Security at the Hoover Institution.

In this Q&A, Lin discusses his recently released book Cyber Threats and Nuclear Weapons. He explains that until this publication, the literature about cyber technology’s impact on the nuclear enterprise has been relatively sparse.

Lin asserts that although policy makers have made incredible achievements in the reduction of nuclear weapons around the world, these inventions nevertheless still represent an existential threat to humanity today. This threat is further compounded by the reality that computers are intimately involved in every step of the operation of weapons systems. As computing technology has advanced, nuclear weapons systems have become more complex and thus more vulnerable to cyberattacks from America’s adversaries, who can disrupt the decision-making process on the use of nuclear weapons. Ultimately, Lin ponders how to best manage the trade-off between technologically advanced systems with numerous capabilities and simplified systems that can provide a higher level of security in the nuclear enterprise.

Why did you write Cyber Threats and Nuclear Weapons?

Herbert Lin:  I realized that in looking at the literature on nuclear weapons, there was very little treatment about cyber’s impact on all elements of the nuclear enterprise, which includes the nuclear weapons themselves, the laboratories supporting their deployment, the delivery systems that carry weapons from base to target, and the infrastructure for command, control, and communications that enables the president—and only the president—to order nuclear weapons into use. Cyber affects every aspect of this enterprise.

It seems that cyberattacks don't concern the American public that much. The SolarWinds attack in 2020 didn’t draw that much interest. For example, it seems that a cyberattack would have to reach a high threshold to prompt a response by US national security decision makers. Why do you think we should pay more attention to this specific threat, especially as it relates to nuclear weapons?

Herbert Lin: Cyberattacks are a big deal for every aspect of American society. I’ve spent a career trying to convince US government officials and the attentive public to worry about such breaches to our national security. When I think about how computers are also used in the nuclear enterprise, it becomes a whole lot more concerning.

During the 1980’s, there were around 70,000 nuclear weapons in the world.  One could say, “Well, that number has gone down by around a factor of ten, depending on how you count them. Aren't we better off today?” Yes, of course we are better off, but in an absolute sense, do those thousands of nuclear weapons still pose an existential threat to humanity? You bet they do!

It’s one thing for my computer to crash for some unknown reason while I am working on a document. That happens from time to time. Sometimes you go to a website, and you sit there with that spinning icon on your screen. It’s inconvenient that we must experience these small problems in everyday life. But do you want that little spinning icon to appear when you’re trying to manage a nuclear weapon? That is a big deal to me. And it should be a big deal to anybody who thinks about existential threats.

How dependent is our nuclear enterprise on our information technology infrastructure?

Herbert Lin: Our nuclear weapons are both very dependent and not at all dependent on our technology infrastructure. I will explain. They are not dependent if what you mean is that the president just pushes a button and the missiles launch. There may be something like that in other countries, but certainly, that's not true in the United States. Human intervention is required at multiple points to launch a nuclear missile.

That said, the nuclear enterprise depends on computers at many points. For example, ever since we stopped nuclear testing in 1992, our judgments about the reliability of the stockpile of existing US nuclear weapons has been based on a process that relies heavily on computers. Can those computers be hacked? In principle, yes. I believe that the security of those computers, managed by the US Department of Energy, is pretty good, but it is not perfect.

Computers are also intimately involved in the operation of weapons systems. That will always be the case. Computers control the thrust of missiles and guide and determine their speeds. Computers help pilots find their targets, and they open the bomb bay doors so that the airplane can drop a nuclear bomb. There the security story isn’t so good, at least not as told by the US Government Accountability Office.

Our systems rely on computers to display information about aggressors and how many missiles are being launched toward us. The president relies on computers for his communications with advisors. And there is an extensive communications network used to communicate with forces in the field. The Department of Defense says that this network is pretty cybersecure today, but in the future it will be facing an array of cyber threats that aren’t as important today.

What are some of the system’s glaring vulnerabilities?

Herbert Lin: There are foreign actors trying to break into our cyber infrastructure on a constant basis. According to an audit conducted by the Government Accountability Office in 2018, our Department of Defense wasn’t doing a sufficient job of preventing cyberattacks and cyber espionage. How we address this deficiency is a major lesson of this book, which I will allow readers to discover on their own.

The other major lesson is that as computers have made major advancements over the past two decades, more complexity has been created. Every cybersecurity expert will tell you that more complexity is the enemy of security. There are more features that can become dysfunctional and that are more vulnerable to attack. The adversary only has to find one of those targets to exploit. What is scary about the new world of nuclear weapons is that we’re asking our technology to do more. For example, we are applying particular technologies to facilitating the integration of our conventional and nuclear functions, whereas before, these technologies have solely been directed toward the support of nuclear weapons.

It might be worth it to simplify these systems from a security standpoint. Nobody in our government has considered that trade-off as far as I can tell. Our military leadership, especially, wants more functionality, but will that give us the best security? Our system security people should be pushing back and saying, “No, general, you shouldn't be asking for that feature. That makes the system too complicated.”

What are some of the miscalculations that can take place as a result of complex systems?

Herbert Lin: Nuclear weapons have two interesting restrictions placed on them that push in opposite directions. You never want to use a nuclear weapon without proper authorization. At the same time, you always want to be able to use it with proper authorization. Never use it without proper orders. Always use it with proper orders. 

How do you know what a proper order is? The US government, I think, has done an admirable job in trying to develop a system that distinguishes between proper and improper orders. It has a robust process that ensures that only the president is giving those orders. However, there are potential glitches within the system that can obstruct an authorized order. If you are an anti-nuclear person, you could very well make the argument that that would be a good thing. But it kind of defeats the purpose of having nuclear weapons in the first place.

On the other hand, there have been several instances where we have come close to thinking that we were under attack and we were, in fact, not. Fortunately and luckily, the various safeguards in the system prevented our leadership from ordering a counterattack with nuclear weapons.

What deterrence measures can be taken to prevent a cyberattack on our nuclear weapons systems?

Herbert Lin: I think the answer is nobody knows. We haven’t been able to figure out a way of deterring cyberattacks against any of our other infrastructure. Why should this be any different? Deterrence can be defined as “how to impose costs on adversaries so that it would not be worth their while to attack you.” Currently, we haven’t figured out what to do if an adversary hacks into our nuclear command and control system, especially since any cyberattack thus far hasn’t had disastrous consequences. We haven’t launched a nuclear weapon by mistake. We haven’t been struck by any nuclear weapons. The interesting question would be, “Could something happen that is below the threshold of a nuclear attack that would make us really upset enough to take some action?” And the answer to that thus far has been no. As you pointed out, what have we done in response to SolarWinds?

What role will modern technologies such as artificial intelligence (AI) play, if it all, in nuclear weapons systems?

Herbert Lin: I tend to be a skeptic about AI for high-stakes systems. Today, AI is what you call something that works some of the time.  It may even work more often than not. But there’s no guarantee it will work. And you can’t predict when it will and when it won’t work. When you look at its not working, you can't explain why it didn't work, and you don't know how to fix it.  And even when it does work, you don’t know why it worked. Thus, the idea that we would trust the future of the planet to a technology that we don’t understand and a behavior we can’t predict, that to me is a very scary thing. I haven’t done a systematic analysis of AI’s potential impact on the command and control of nuclear weapons, but from my 50,000-foot vantage point, the lack of clarity into what is really going on inside the system is the consequence that I most worry about with the introduction of new technologies.