Gen. James Cartwright takes part in a news conference at the Pentagon on April 21, 2011. (Alex Brandon, AP)
Taking U.S. and Russian missiles off high alert could keep a possible cyberattack from starting a nuclear war, a former commander of U.S. nuclear forces says, but neither country appears willing to increase the lead-time to prepare the weapons for launch.
Retired Gen. James Cartwright said in an interview that “de-alerting” nuclear arsenals could foil hackers by reducing the chance of firing a weapon in response to a false warning of attack.
Essentially adding a longer fuse can be done without eroding the weapons’ deterrent value, said Cartwright, who headed Strategic Command from 2004 to 2007 and was vice chairman of the Joint Chiefs of Staff before retiring in 2011.
The Obama administration has considered and rejected the idea before of taking nuclear missiles off high alert. There appears to be little near-term chance that Moscow would agree to pursue this or any other kind of nuclear arms control measure, given the deteriorating U.S.-Russian relations after Russia’s intervention in eastern Ukraine.
The U.S. and Russia also are at odds over a U.S. accusation that Moscow is violating a treaty banning medium-range nuclear missiles.
Robert Scher, the Pentagon‘s top nuclear policy official, told Congress this month that “it did not make any great sense to de-alert forces” because the administration believes the missiles “needed to be ready and effective and able to prosecute the mission at any point in time.”
An example of the high alert level of U.S. nuclear weapons is the land-based nuclear force. These are the 450 Minuteman 3 missiles that are kept ready, 24/7, to launch from underground silos within minutes after receiving a presidential order.
A study led by Cartwright proposes to adjust the missile command and control system so that it would take 24 hours to 72 hours to get the missiles ready for launch.
Cartwright said cyberthreats to the systems that command and control U.S. nuclear weapons demand greater attention. While the main worry once was a hacker acting alone, today it is a hostile nation-state, he said, that poses more of a threat even as the Pentagon has improved its cyberdefenses.
“The sophistication of the cyberthreat has increased exponentially” over the past decade, he said Tuesday. “It is reasonable to believe that that threat has extended itself” into nuclear command and control systems. “Have they been penetrated? I don’t know. Is it reasonable technically to assume they could be? Yes.”
Cyberthreats are numerous and not fully understood, officials say.
Could a hacker spoof early warning networks into reporting attack indications that lead to overreactions by national leaders? Could they breach firewalls to transmit unauthorized launch orders to crews in nuclear missile launch control centers?
Defense officials are tight-lipped about countering this type of cyber threat.
Last week the No. 2 official at the National Nuclear Security Administration, Madelyn Creedon, was asked at a Senate hearing about progress against this threat to nuclear command and control. She said the government is “doing better,” but she declined to publicly discuss details.
Two years ago the Pentagon’s Defense Science Board, an advisory group, reported that “most of the systems” in the U.S. nuclear arsenal had not been fully assessed to understand possible weak spots in the event of an all-out cyberattack.
Cartwright is the lead author of a report published Wednesday by the Global Zero Commission, an international group co-founded by a former Air Force nuclear missile launch control officer, Bruce Blair, now a research scholar at Princeton. The report calls for a phased approach to taking U.S. and Russian missiles off high alert, with 20 percent of them off launch-ready alert within one year and 100 percent within 10 years, under a legal or political agreement.
The report argues that lowering the alert levels should be preceded by both Russia and the U.S. eliminating a strategy known as a “launch on warning” — being prepared to launch nuclear missiles rapidly after early warning satellites and ground radar detect incoming warheads. It says this presents an unacceptable level of nuclear risk, and argues that vulnerability to cyberattack against the warning systems or the missile control systems is “a new wild card in the deck.”
“At the brink of conflict, nuclear command and warning networks around the world may be besieged by electronic intruders whose onslaught degrades the coherence and rationality of nuclear decision-making,” the report says.