Securing Command

Strategic commander worried about cyber attacks on nuclear command and control

March 12, 2013

U.S. strategic nuclear weapons and the command systems that control them are vulnerable to cyber attacks although most are hardened against many types of electronic attacks, the commander of the U.S. Strategic Command said on Tuesday.

Air Force Gen. C. Robert Kehler said during a hearing of the Senate Armed Services Committee that nuclear weapons and the communications used to control them are older and thus less vulnerable to disruption by computer network attacks.

"However, we are very concerned with the potential of a cyber related attack on our nuclear command and control and on the weapons systems themselves," Kehler said. "We do evaluate that."

The four-star general was responding to questions about the security of nuclear controls outlined in a Defense Science Board report.

The report from January stated that U.S. nuclear forces are regularly assessed for their reliability and readiness but said "most of the systems have not been assessed against a sophisticated cyberattack to understand possible weak spots."

Kehler said his command is considering a comprehensive review of the cyber security of nuclear weapons and the communications used to order and use them.

"I think that's homework for us to go and accomplish," he said.

"The nuclear command and control system and the nuclear weapons platforms themselves do not have a significant vulnerability that would cause me to be concerned," Kehler said.

But he then added: "We don't know what we don't know. And I think what the Defense Science Board pointed out is that we need a more comprehensive recurring way to evaluate such a threat."

Kehler said there is no critical vulnerability today that would prevent the use of nuclear weapons in a conflict or disconnect the command from the president who is the ultimate authority for the use of nuclear arms.

The nuclear command needs to do more in "exorcising such threats" and working with intelligence agencies to detect them and conduct "red-teaming" exercises that test security against cyber attacks, he said.

The command recently reviewed the cyber security of Minuteman intercontinental ballistic missiles and is looking at ways of securing strategic bombers and submarines from cyber attacks.

"We're confident in the connectivity to those," Kehler said. "But I think that this is something we're going to need to increase the volume of the game here on this whole issue."

Army Gen. Keith Alexander, commander of the U.S. Cyber Command who testified with Kehler, said his command and Strategic Command recently assessed nuclear command and control vulnerabilities and ways to address them.

Alexander said he is also worried about the commercial electric power and communications grids as a "source of concern" by foreign powers seeking to conduct cyber attacks against U.S. nuclear forces.

Nuclear forces are currently protected with back up generators and independent communications routes, he said.

"But [the backup system] complicates significantly our mission set," Alexander said. "And it gets back to, in the cyber realm, for how the government and industry work together to ensure the viability of those key portions of our critical infrastructure."

Asked how U.S. nuclear forces could operate if U.S. electric power was limited from nationwide cyber attacks, Kehler said: "The nuclear deterrent force was designed to operate through the most extreme circumstances we could possibly imagine. And so I am not concerned that a disruption in the power grid, for example, would disrupt our ability to continue to use that force if the president ever chose to do that or needed to do that."

However, Kehler said he is concerned about electromagnetic pulse (EMP) attacks that could disrupt electronics. EMPs, first discovered from nuclear tests in the 1950s, could disrupt all electronic devices in a 1,000-mile range of the blast.

Several nations, including the United States, are said to be developing weapons that simulate an EMP without the nuclear detonation.

"There's a continuing need to make sure that we are protected against electromagnetic pulse and any kind of electromagnetic interference, that sometimes we have debates over whether that's a Cold War relic," Kehler said. "And I would argue it is not. We need to be mindful of potential disruptions to that force. But I am not concerned about disruptions to the power grid, for example, or other critical infrastructure pieces impacting that force."

Alexander said U.S. infrastructure is vulnerable to attack.

"Generally speaking, all our systems today—our power systems, our water systems, our governments, our industry depend on computers, depend on computerized switches, depend on these networks, all are at risk," he said. "If an adversary were to get in, they could essentially destroy those components, make those so they either had to replace them or get somebody to come in and replace each part of that."

Senate Armed Services Committee Chairman Carl Levin (D., Mich.) questioned the generals about what he called the "real theft going on of our technology and our business strategies, our intellectual property by China particularly, not exclusively but by China" and whether intelligence agencies can pinpoint China as the origin of cyber attacks.

"I would say that the intelligence community has increased its capabilities in this area significantly over the last seven years," Alexander said.

"All right, because it's really important that we act," Levin said. "I think there's a consensus here in the Congress that this has got to stop and that we've got to find ways of preventing it, stopping it, responding to it in every way we can. This is a threat which is at the moment probably an economic threat but some day could be a physical and a military threat as well."

The Washington Free Beacon reported on Monday that the Obama administration two years ago rejected tough measures that would seek to deter China and its military from conducting aggressive cyber espionage and cyber reconnaissance attacks against both government and private sector networks.

The options rejected included economic sanctions and counter cyber strikes, according to administration officials who said the White House turned down the actions because they would have disrupted diplomatic relations with Beijing.

White House National Security Adviser Thomas Donilon said in a speech Monday that Obama administration is calling on China to halt the attacks but offered no specifics on what was planned to deter future strikes.