Analysts: U.S. nuclear modernization plan under-invests in cybersecurity
WASHINGTON — Since a leaked draft of the Defense Department’s nuclear posture review was revealed by the Huffington Post, analysts and arms control experts have sounded alarms about language in the document that suggests the Trump administration would broaden the scenarios where it would be acceptable to use nuclear weapons.
“For the first time in a long time there is an expansion of the circumstances under which a president would use nuclear weapons,” said Tom Countryman, chairman of the board of the Arms Control Association. One of those circumstances is a cyber attack.
The idea that the United States would respond to a non-nuclear threat — like a cyber attack — with a nuclear strike has baffled policy experts. It also has stirred concerns that if the cyber threat is indeed that serious, why not do more to protect military command networks and communications satellites so they are not so vulnerable to begin with?
The Pentagon intends to continue the nuclear modernization plan started by the Obama administration — a trillion-dollar investment in a new “triad” of land-based ballistic missiles, submarine-launched ballistic missiles and nuclear-capable bombers. But the new nuclear strategy is more offensively postured. It hints that the administration would seek new offensive capabilities like low-yield, “tactical” nuclear weapons.
The nuclear posture review specifically mentions “expanding threats in space and cyberspace.” It anticipates enemies will seek to disrupt, by electronic means, critical infrastructure and command-and-control systems on the ground, as well as space-based networks.
“If we’re going to threaten the use of nuclear weapons in response to a cyber attack, why aren’t we investing more money in our own cyber capability?” asked Jon Wolfsthal, a former director for arms control and nonproliferation at the National Security Council under President Obama.
Speaking on Tuesday at a news conference at the Carnegie Endowment for International Peace, Wolfsthal recalled that Obama endorsed a plan in 2016 to invest $19.5 billion in cyber capabilities. “How much are we going to spend on any one leg of the nuclear triad?” he asked. One nuclear-armed cruise missile program alone will cost $25 billion to $30 billion. “More than what we spend annually on cyber,” Wolfsthal noted.
One of the messages of the nuclear posture review is that the damage that could be done to the United States through cyber is consequential. The spending priorities, however, say that the United States is trying to “recreate some Cold War nuclear capability that doesn’t match up with the threats that we face today,”Wolfsthal said. Capabilities to defend U.S. critical infrastructure, communications, energy grids, nuclear early warning command and control satellites, “those would be at the top of my list,” he added. “I would want to make sure that we’re doing defense to the extent necessary to protect communications, command and control.”
The Pentagon for years has voiced concerns about the vulnerability of satellites that perform critical functions in conventional wars and would be essential in a nuclear conflict. “If we’re so vulnerable that a country could bring our communications down, we should be spending more to protect it and defend it.”
The protection of space assets and cybersecurity are “things you constantly hear program officers and cabinet officers demanding more resources,” Wolfsthal said. “And yet there’s a large pot of money here that, in my view, isn’t matched up against the threat we face.”
The Russians are aware of their nuclear weaknesses vis-à-vis the U.S. arsenal, he said. Their attitude is, “We can’t fight you in a fair fight, we don’t want to fight fair.” A successful cyber attack would give them the upper hand. “And they shouldn’t be convinced they can get away with that,” Wolfsthal said. “To spend more money on some new capability that doesn’t solve that problem strikes me as throwing bad money after good.”
As to why the Pentagon isn’t being more forceful in advocating for these capabilities, Wolfsthal speculated that cyber and space lack strong champions within the military bureaucracies. The nuclear posture review, said Wolfsthal, is a “stove piped product of the nuclear establishment.” They have “programs of record” and that is what they push. “If they were in the room with the intelligence, space or cyber people, my guess is that they would lose. But this is a nuclear posture review.”
Congress may have to “come in and prioritize,” he said. “But of course there are stove pipes in Congress as well. People that handle nuclear don’t handle cyber, or conventional.”
Kingston Reif, director for disarmament and threat reduction policy at the Arms Control Association, described the Pentagon’s nuclear posture as one where “everything looks like a nuclear nail so everything is solved by a nuclear hammer.”
Undersecretary of Defense for Policy John Rood and Gen. Paul Selva, vice chairman of the Joint Chiefs of Staff met with members of the Senate Armed Services Committee on Tuesday for a classified briefing on the nuclear posture review, which is expected to be released in the coming days.