By: Erica Borghard

What is the kernel of the issue?

Several US presidents have identified nuclear modernization as a priority for defense policy. One aspect of nuclear modernization includes incorporating digital technologies across the legs of the nuclear triad (bombers, intercontinental ballistic missiles, and submarines), as well as nuclear command, control, and communications systems (NC3). However, there are risks associated with greater reliance on digital technologies and infrastructure, given their inherent vulnerabilities.

Why is the issue important?

As more elements of US nuclear forces and command and control systems become reliant on digital technologies, the opportunities for adversaries to exploit cyber vulnerabilities to gain access to and potentially conduct cyber attacks against these systems increases. Furthermore, inadvertent escalation could occur even if an adversary is detected in critical networks, without a cyber attack occurring.

What is the recommendation?

The Biden administration should immediately address this challenge through establishing establish a review process for identifying areas of greatest risk and consequence, where analog or other resilient, redundant systems should be required, as well as designating an entity in DoD to be responsible for conducting recurring assessments of and rapidly remediating cyber vulnerabilities across nuclear forces and NC3. Additionally, the Biden administration should establish cybersecurity requirements and best practices across all elements of US nuclear modernization programs at the earliest possible stage, rather than addressing cybersecurity issues after the fact.