U.S. Nuclear Weapons Modernization - Security and Policy Implications of Integrating Digital Technology - Nuclear Threat Initiative
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
U.S. Nuclear Weapons Modernization
Security and Policy Implications of
Integrating Digital Technology
ERIN D. DUMBACHER
PAGE O. STOUTLAND, PH.D
NOVE M B E R 2020
NTI is a nonprofit, nonpartisan global security organization focused on reducing nuclear and biological threats imperiling humanity. The views expressed in this publication do not necessarily reflect those of the NTI Board of Directors or institutions with which they are associated. © 2020 Nuclear Threat Initiative This work is licensed under a Creative Commons Attribution- NonCommercial-NoDerivatives 4.0 International License.
Contents
Acknowledgments.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii
Executive Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Recommendations.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
About this Report.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Policy Context for U.S. Nuclear Modernization.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
PART 1: Digital and Advanced Tools in U.S. Nuclear Modernization. . . . . . . . . . . . . . 7
A Digital, Partially Automated Triad.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Nuclear Command, Control, and Communications: Full-Scale Modernization. . . . . . . 12
Bringing in Advanced Tools: New Process Automation
and Machine Learning Applications.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Examples of New Automation or Machine Learning Tools.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
PART 2: Benefits and Risks to Digitizing and Automating.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
The Need to Modernize.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Track Record for Weapons System Cyber
and Supply Chain Security Is Wanting.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Cybersecurity Initiatives Lag Modernization’s Acquisitions Progress. . . . . . . . . . . . . . . . . . . . . 21
Accountability and Oversight Challenges of a Digital Modernization.. . . . . . . . . . . . . . . . . . . 23
Machine Learning Applications Add Complexity to Nuclear Modernization. . . . . . . . . 24
Additional Challenges: Balancing Integration with Entanglement.. . . . . . . . . . . . . . . . . . . . . . . . . 27
RECOMMENDATIONS: Confidence through Managing Trade-offs.. . . . . . . . . . . . . . . 29
Recommendation 1: Prioritize Digital Security and Reliability
alongside Cost, Schedule, and Performance.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Recommendation 2: Establish Tailored Test and Evaluation Controls .. . . . . . . . . . . . . . . . . . . 31
Recommendation 3: Consider the Implications of
Digitization for U.S. Nuclear Policy and Posture.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
About the Authors.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Appendix.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Methodology.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Sample of Nuclear Modernization Programs.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Endnotes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
ii ∞ U.S. NUCLEAR WEAPONS MODERNIZATION
Acknowledgments
The authors are grateful to Nuclear Threat We also thank members of NTI’s commu-
Initiative (NTI) Co-Chair and CEO Ernest J. nications team—Carmen MacDougall,
Moniz, President and COO Joan Rohlfing, Mimi Hall, and Deepika Choudhary, as well
and Executive Vice President Deborah as Hillary Coggeshall—for their support in
Rosenblum for their leadership on the developing this report. We thank Catherine
important security issues raised in this Crary for her diligent work, and we appreci-
report, and we thank the Smith Richardson ate support from NTI’s development team.
Foundation for its support of this analysis.
In the spring and summer of 2020, a
We acknowledge the important guidance number of U.S. nuclear, defense, and cyber
we received from members of NTI’s policy expert interviewees participated
Scientific and Technical Advisory Group; in our research and offered important
members Jill Hruby and James Gosler insights. We are grateful for their involve-
also served as special consultants on the ment, which was crucial to the success
project, providing indispensable expertise of this project, and reinforce that they are
and counsel throughout. At NTI, we thank not responsible for, nor do they necessarily
experts Lynn Rusten, Mark Melamed, endorse, these recommendations.
and James McKeon for their input on
Finally, the authors acknowledge the
nuclear policy matters. Research and
essential support of their partners and
communications support from NTI interns
childcare providers, without whom this
David Bernstein and Melissa Robbins was
work would not have been possible.
fundamental to and animated our findings.
Erin D. Dumbacher
Senior Program Officer, Scientific and Technical Affairs, NTI
Page O. Stoutland, Ph.D.
Vice President, Scientific and Technical Affairs, NTI
Executive Summary
A
n expansive, complex undertaking planning tools, this U.S. nuclear weapons
to modernize the United States’ recapitalization, like past modernizations,
nuclear bombs and warheads, will be a product of its time.
their delivery systems, and the command,
Once the process is complete, the mod-
control, and communications infrastructure
ernized U.S. nuclear triad will rely on more
around them is underway. It is a project
digital components and will include limited
that carries the potential for great benefits
automation. Machine learning applications
through an increase in digital systems
will provide some essential functions
and automation, as well as the addition of
relevant to nuclear decision-making,
machine learning tools into the U.S. nuclear
and analog systems at or beyond their
triad and the supporting nuclear weapons
expected end of life will largely be replaced.
complex. But it also is one that carries
significant risks, including some that are
In the recent past, the Departments of
not fully understood. If it does not take the
Defense and Energy have struggled to
time to protect the new systems integrated
respond to cybersecurity and supply chain
with some of the deadliest weapons on
threats to major weapons development
earth from cyberattack, the U.S. govern-
programs. In many cases, efforts to
ment will be dangerously outpaced in its
address cybersecurity have lagged behind
ability to deter aggressors.
the acquisitions process, creating chal-
lenges for protecting against vulnerabilities
Given the stakes, why take on new risks at
in new or modified weapons systems. In
all? The reason to integrate digital technol-
addition, outside pressures often place a
ogies into U.S. nuclear weapons systems is
premium on meeting ambitious cost and
clear: this is the first significant upgrade of
schedule commitments, sometimes at the
U.S. nuclear weapons systems in nearly 40
expense of performance and reliability,
years, and the old systems need replacing.
even in the face of evolving cybersecurity
The most efficient way to update the full
risks and challenges presented by new
nuclear triad of bombers, submarines,
tools such as machine learning. Risks to all
and ground-based missiles, as well as the
digital and machine learning systems are
bombs, warheads, and command, control,
myriad: attacker intrusions, lack of access
and communications network, is to use
to critical systems amid a crisis, interfer-
today’s technology, including digital tools.
ence with physical security systems that
From digital displays on bomber aircraft
protect nuclear weapons, and inaccurate
to advanced early-warning sensors and
data and information, among others. All
machine-learning-enabled nuclear options
1
2 ∞ U.S. NUCLEAR WEAPONS MODERNIZATION
these risks, if not addressed, could under- as the United States has nuclear weapons,
mine confidence in a nuclear weapon or they continue to be safe, secure, and
related system. effective, it is important that as U.S. nuclear
policies evolve, they take into account the
Integrating new technologies with old is
benefits and risks of digital and advanced
a perpetual engineering challenge, but
tools to the modernized nuclear deterrent.
for the U.S. nuclear deterrent, it is one
with implications that go far beyond the
Recommendations
significant risks posed by cyber threats
This report provides three
and digital malfunctions. Effective
recommendations:
nuclear deterrence requires confidence
that nuclear forces will always be ready if 1. Prioritize digital security and
needed but never be used without proper reliability alongside cost, schedule,
authorization. and performance. In addition to
these essential, traditional objectives
If the new digital systems integrated into for developing weapons, program
U.S. nuclear weapons are not protected managers must focus on ensuring that
from escalating cyber threats, or if added digital systems perform as needed,
automation cannot be trusted, the high including in the presence of a deter-
confidence U.S. leaders (as well as adver- mined adversary, enabling confidence
saries) place in nuclear weapons systems in the deterrent. Digital systems should
will erode, undermining nuclear deterrence meet clearly established security and
and, potentially, strategic stability. reliability thresholds before joining the
nuclear enterprise.
Given the multiple risks associated with
today’s nuclear modernization program,
NTI drew on open-source information,
including budget requests, official state- R E C O M M E N D AT I O N S
ments, and press reports, to determine
Prioritize digital security
how digital systems and automation are 1 and reliability alongside
included in the nuclear weapons enterprise cost, schedule, and
modernization and to develop recommen- performance.
dations for military and civilian leaders in
the Departments of Defense and Energy,
Establish tailored
as well as those in oversight roles in the 2 test and evaluation
executive branch and Congress.
controls.
It is crucial—now, before it becomes an
even more difficult task to secure the Consider the implications
modern systems, and before they are 3 of digitization for U.S.
deployed or operational—that the technical nuclear policy and
risks posed by new technologies be recog- posture.
nized and mitigated. To ensure that as long
NUCLEAR THREAT INITIATIVE ∞ 3
2. Establish tailored test and evaluation 3. Consider the implications of digi-
controls. Digital systems present new tization for U.S. nuclear policy and
testing and evaluation challenges, and posture. U.S. nuclear deterrence policies
procedures must be in place to confirm are updated on a regular basis1 to
that a system is ready for operational accommodate the current geopolitical
use. This is especially critical for situation and other factors. As modern-
high-consequence systems, first and ization proceeds in the coming decades,
foremost the nuclear deterrent. U.S. nuclear policies, strategy, and force
posture must take into account the
implications of a digitized deterrent.
About this Report
This report explores the risks and benefits related to the modernization of U.S.
nuclear weapons systems and addresses implications for the national security
community to consider as the process moves forward. The report is divided
into three parts:
Part 1, drawing only on publicly available information, explores the scale
and scope of the digitization and automation of the U.S. nuclear modern-
ization drive.
Part 2 addresses the need to balance the new technology’s risks against
its benefits.
Part 3 offers recommendations for managing the implications of adding
digital, automation, or machine learning tools to U.S. nuclear weapons
and related systems.
This report does not comment on specific systems or the technical merits or
limitations of bringing these new tools into the nuclear weapons complex. It is clear
that modernizing nuclear weapons brings new burdens and opportunities related
to maintaining the “always/never” commitment to launch only on a president’s
legal order.2 Only through ongoing management of trade-offs—including cost,
schedule, and cybersecurity concerns, among others—can a modern U.S. nuclear
weapons system be safe, secure, and effective in the 21st century.
4 ∞ U.S. NUCLEAR WEAPONS MODERNIZATION
Policy Context for U.S. Nuclear
Modernization
Since developing nuclear weapons in floppy disks to networked systems.4
the 1940s, the United States has twice Modernization of delivery vehicles will
upgraded its nuclear capabilities, first include the following upgrades
in the 1960s and then in the 1980s, at or replacements:
the height of the Cold War. Many of the
The current sea-based leg of the nuclear
weapons and related systems put into
triad entered service between 1984
service in the 1980s are still in service.
and 1997 and consists of 14 Ohio-class
U.S. nuclear deterrence policy seeks to submarines carrying Trident D5 ballistic
prevent a nuclear attack on the United missiles.5 At least 12 new Columbia-class
States or its allies by ensuring that an submarines are expected to enter into
adversary could not confidently destroy all service beginning in 2031 to replace the
U.S. nuclear weapons in a first strike, and Ohio-class submarines.6
would therefore be subject to retaliation.
The ground-based leg of the nuclear
This policy is enabled by a diverse nuclear triad, the Minuteman family of ICBMs,
force consisting of land-, air-, and sea- has been in service since 1962; the
based delivery platforms. Submarines and 440 Minuteman III missiles currently
the nuclear ballistic missiles they carry in service were first deployed in 1970.7
are recognized as the most survivable The Ground Based Strategic Deterrent
leg of the triad, unlikely to be destroyed (GBSD) is expected to replace the
in a first-strike attack. Ground-based Minuteman missiles beginning in 2028
intercontinental with a deployed force of 400. 8
The U.S. nuclear deterrent
ballistic missiles
Nuclear-capable bombers have been
is in the process of a (ICBMs) are the
in operation for over 50 years: the
most responsive leg
recapitalization effort that B-52H Stratofortress was first deployed
of the triad—able to
would take the strategic force in the 1960s, and the B-2A Spirit was
be launched within
deployed in 1994.9 The B-21 Raider is
from an era of floppy disks to minutes—but also
expected to replace those bombers; at
the most vulnerable
networked systems. least 100 new B-21s are slated to enter
to a first strike. 3
service beginning in the late 2020s.10
Finally, nuclear-capable bombers are visible
and flexible, enabling their use as signals to
Additional modernization programs
allies and adversaries. include a replacement for the air-
launched cruise missile (the long-range
The U.S. nuclear deterrent is in the process standoff weapon, slated for production
of a recapitalization effort that would of roughly 1,000 missiles beginning
take the strategic force from an era of
NUCLEAR THREAT INITIATIVE ∞ 5
in 2026), the dual-capable F-35A Joint detect and manage alerts of incoming
Strike Fighter, and a guided tail kit for attacks.13 The systems include four airborne
the B61 nuclear bomb to increase the command centers built in the 1980s, com-
weapon’s accuracy. 11
munications satellites of varying vintage
The communications systems within in orbit, ground-based sensors to gather
new or refurbished delivery vehicles are and process incoming satellite data, and
slated to be upgraded, along with the an Advanced Extremely High Frequency
nuclear command, control, and communi- satellite communications system that
cations systems. permits the National Security Council and
the president to communicate with forces
The National Nuclear Security “up to and through nuclear war.”14 Plans
Administration (NNSA) within the U.S. for modernizing the command, control,
Department of Energy is refurbishing aging and communications, and early-warning
nuclear bombs and warheads: the B61 first system—collectively known as NC3—have
entered service in 1968 and the W78 and yet to be finalized, but many of the existing
W80 warheads were first deployed in 1979 systems date to 1970s designs and 1980s
and 1981, respectively. Table 1 outlines
12
development.15 U.S. Strategic Command
current U.S. nuclear forces and the mod- serves as the “enterprise lead” for the
ernizations planned. modernization, filling a coordination gap
among the military services responsible
A complex system of command, control,
for the air, space, and ground systems that
communications, and early-warning
keep all aspects of the triad connected to
technologies permits operators to com-
one another and to the president.16
municate with commanding officers and
TABLE 1
Current U.S. Nuclear Forces and Planned Modernizations
REPLACEMENT OR
AGING SYSTEM(S) RE-FURBISHED SYSTEM(S)
At sea Ohio-class submarines Columbia-class submarines
On ground Minuteman III Ground Based Strategic
Deterrent
In the air B52 and B2 bombers; Air- B21 bombers; Long-Range
launched cruise missile Standoff cruise missile
Bombs & warheads B-61, W-76, W-78, W-80 B61 tail kit and refurbishment;
warhead life extension programs
Command, control, e.g., Advanced Extremely e.g., Evolved Strategic SATCOM
communications High Frequency satellites
PART 1 Digital and Advanced Tools in U.S. Nuclear Modernization
8 ∞ U.S. NUCLEAR WEAPONS MODERNIZATION
A
n extensive drive to modernize that the deterrent “must be modernized to
the nuclear weapons enterprise remain credible.”19 Without an increase in
is now underway in the United the size of the nuclear stockpile and with
States. It is a decades-long process that plans to maintain levels of strategic forces
includes refurbishments to bombs and compliant with the 2011 New Strategic Arms
warheads, replacement delivery systems, Reduction Treaty (New START), leaders at
and a new command and control infra- the Departments of Defense and Energy
structure to permit enhanced communica- aim to modernize in such a way that the
tion with decision-makers. Whereas these effort is a “largely one-for-one replacement
upgrades—the first major nuclear system of the Cold War-era triad and stockpile.”20
upgrades undertaken since the 1980s—are New weapon delivery vehicles such as the
intended to ensure a safer, more secure, Columbia-class ballistic missile submarine,
and more effective deterrent, the modern the B-21 strategic bomber, and the GBSD
process of digitizing and automating the are the centerpieces of this round of U.S.
nuclear triad and command, control, and nuclear modernization, yet the broader
communications systems also brings risks. effort will include upgrades to associated
systems. Many of these systems are still in
Nuclear systems long have included
research and development phases and will
some digital and semi-autonomous
require extensive testing before they are
systems, but the current round of mod-
deployed. Public sources and unclassified
ernization expands the use of digital and
interviews with experts reveal that an
automation components into the U.S.
active, broad, and significant series of
nuclear deterrence architecture. Nuclear
software, hardware, and systems engineer-
delivery vehicles, planning systems, and
ing development efforts is underway.21
early-warning sensors all will receive new
digital and automated tools.17 As the United
A Digital, Partially
States develops, procures, and transitions
Automated Triad
to new fleets of ballistic missile submarines,
strategic bombers, With the incorporation of digital compo-
Once this effort is completed, and ICBMs, it is nents into new systems and in upgrades to
“embarking on existing systems, modernization will result
the U.S. nuclear triad will rely
the largest, most in a different nuclear triad and command
on digital tools and include complex nuclear and control system from that of the Cold
War era. Among a sample of 46 Air Force,
limited automation. modernization
effort in its history.”18 Navy, Space Force, and Department of
Once this effort is completed, the U.S. Energy initiatives included in or related to
nuclear triad will rely on digital tools and the nuclear modernization drive,22 41 are
include limited automation. incorporating new or upgraded digital
components (Table 2).23 Notably, almost 9
Senior Department of Defense officials out of 10 planned nuclear modernization
state that the modernization plans are programs involve at least some new digital
“sensible … reasonable and affordable” and components or upgrades, and nearlyNUCLEAR THREAT INITIATIVE ∞ 9
TABLE 2
Digital and Automation Elements Planned in U.S. Nuclear Modernization
TOTAL NUCLEAR DIGITAL COMPONENTS AUTOMATION OR MACHINE
MODERNIZATION PROGRAMS OR UPGRADES LEARNING ADDITIONS
Air Force 25 23 (92%) 4 (16%)
Space Force 6 6 (100%) 2 (33%)
Navy 8 8 (100%) 5 (63%)
Dept. of Energy 7 4 (57%) 0 (0%)
Total 46 41 (89%) 11 (24%)
NOTES: (1) Estimates are based upon publicly available information, primarily budget requests, for fiscal years 2020 and 2021. (2) Many of the nuclear
command and control modernization systems are not included as distinct programs in the data reviewed for this study. (3) Given the distinctions between
the development processes between DOD and DOE and the practice of sourcing to the national laboratories, the availability of DOE documents is more
limited. These factors may affect the quantitative findings.
one-quarter involve automated or machine Stand Off Weapon all will complete the
learning systems. 24
Advanced Component Development
and Prototype phase (Milestone B in the
Such refurbishments or upgrades are
Defense Department acquisitions frame-
being introduced to already deployed
work) by the end of 2020 and will undergo
and operational systems, while other
operational testing before eventually
elements of the modernization program
transitioning to full-rate production. 26
are in earlier stages of the acquisition
The major modernization initiatives are
process. Of the 38 Department of Defense
progressing, but many designs are not
programs reviewed still in research and
yet final.
development, the majority are in or
nearing operational system development Of the nuclear modernization programs
(Figure 1). Department of Defense nuclear reviewed for this report—including but
modernization programs are in the not limited to command and control
“Advanced Component Development and systems—nearly half will be dual-capable
Prototypes” phase or beyond, indicating (supporting both nuclear and conventional
that component technologies are being or weapons) systems or capabilities.27 For
have been tested prior to their integration example, new ground components for
into nuclear weapons systems. This phase early-warning systems will process data
will end with the “decision point to enter from sensors and satellites that were not
development of a specific product with exclusively designed for detecting nuclear
an associated budget, suppliers, contract launches.28 Strategic air-delivery platforms,
terms, and schedule” and is “generally such as the legacy B-52 and developing B-21
considered the start of the program of bombers, as well as in-theater dual-capable
record.”25 The Columbia-class submarine, aircraft, will have the potential to carry both
GBSD ICBM, B-21 bomber, and Long Range conventional and nuclear payloads.10 ∞ U.S. NUCLEAR WEAPONS MODERNIZATION
FIGURE 1
Department of Defense Nuclear Modernization Programs and Progress, n=38
Research and Development Phases 1–7
1: Basic Research 0
2: Applied Research 0
3: Advanced Technology Development 0
4: Advanced Component Development
and Prototypes 8
5: System Development and Demonstration 9
6: Research, Development, Test & Evaluation
2
Management Support
7: Operational System Development 19
Digital Upgrades to art communications and information
Delivery Vehicles transfer techniques” for command and
control applications.31 The Columbia-class
The strategic bombers, submarines, and
submarines will share software with the
intercontinental ballistic and cruise missile
Virginia-class nuclear-powered attack sub-
fleets will incorporate a host of digital com-
marines, but it is not clear which upgrades
ponents in the modernization effort. The
are planned for the Columbia program.
Air Force plans to add operator-facing and
The Virginia-class submarines expect to
design improvements to the B-52, B-2, and
gain defenses for sonar and combat control
B-1B bombers to upgrade monitors, replace
programs, a forward compartment with a
missile warning systems, gain a multi-data-
secret-level local area network, new displays
link capability for in-flight retargeting with
and a fiber optic backbone in the command
an automated system to avoid fratricide,
and control systems, and automated
and replace navigation and targeting
sensors to integrate with the navigation and
pod functions. These improvements will
non-propulsion electronics systems.32
result in “enhanced targeting capability
through weapon hand-off navigational
Digital Upgrades to
updates for guided nuclear weapons”
the B61-12 Bomb
even when Global Positioning Service
data are unavailable as well as a “digital, The B61-12 nuclear bomb is replacing four
high-definition video-streaming targeting older variants of the B61 bomb and includes
pod” on new, multifunction display units. 29 significant digital upgrades. The B61-12
The air-launched cruise missile will gain includes a new tail kit assembly that “is
software upgrades and perform analysis designed to be mechanically mated” and
to “pro-actively identify components connected.33 Some of the delivery vehicles
which will degrade system reliability.”30 The carrying the B61-12 “will have an analog
replacement system for the Minuteman III interface with the B61-12 that is designed
ICBMs, the GBSD, will “exploit state-of-the to deliver the weapon in a ballistic mode,NUCLEAR THREAT INITIATIVE ∞ 11
with the tail kit in a fixed position,” whereas Department of Energy officials, however,
others “will have a digital interface with have been explicit that they intend to use
the B61-12,” which will permit use of the lessons learned to improve supply chain
new guidance system the tail kit assembly management in the future and, ultimately,
offers. This is the “first-ever digital
34
to reduce spending on nuclear weapons.42
interface to the B61 family of weapons,” The B61-12 weapon is expected to be deliv-
according to one of project leaders.35 ered in fiscal year 2022.43
The tail kit has undergone rigorous testing
Digital Upgrades to Strategic
since 2016 and has “demonstrated high
Satellite Systems
degrees of accuracy and reliability in
testing to date with no reliability failures.”36 Satellite modernization is underway with
Testing found that “[o]ne system compo- efforts to upgrade and eventually replace
nent presents a cybersecurity vulnerability, the aging MILSATCOM, Space Based
but mitigation or elimination of the vul- Overhead Persistent Infrared System, and
nerability appears feasible without a major Advanced Extremely High Frequency
investment of time or money.”37 Yet the system as well as the ground systems to
Government Accountability Office (GAO) receive and analyze data. Satellites and
found that in non-nuclear assemblies their ground stations will see improved
there were “problems with an electrical transmission speeds, upgrades to connec-
part” incorporated in both the B61-12 and tivity, better image quality, and wider fields
the modified W88 warhead that led to an of view. Cryptography upgrades for many
almost two-year delay and cost increases of systems will enhance their security while
up to $700 million for the B61-12 program user interfaces also will improve, allowing
alone.38 According to congressional testi- for more complete or custom views
mony from the NNSA, “[w]hile the problem- of data. Some of these improvements
atic components have worked during all will accelerate the use of algorithms,
system tests,” concerns remained that the
electrical parts would not function reliably
20 to 30 years from now.”39 This situation
demonstrates the potential supply chain
risks of relying on commercial off-the-shelf
technologies, especially given their quality
control in comparison with the rigorous
review for all microelectronic systems that
are developed at national laboratories.40
SOURCE: United States Air Force
The failure of even minor parts, such as
a $5 capacitor, to perform at the same
rigorous standard of review or variations in
quality from different producers can lead to
nearly $1 billion cost overruns. Some experts
have criticized the cost of the B61-12.41 Advanced Extremely High Frequency System12 ∞ U.S. NUCLEAR WEAPONS MODERNIZATION
leveraging “large data sets generated by The SACCS, first fielded in 1963, permits
emerging large format focal planes” and decision-makers to communicate with
will “expand technical intelligence and nuclear forces and transmits Emergency
battlespace awareness processing and Action Messages to commanders in the
data dissemination tools.” 44
field.48 The system is currently undergoing
a series of upgrades, but it was recently
Nuclear Command, Control, ”running on an IBM Series/1 Computer,
and Communications: which is a 1970s computing system,”
according to the GAO.49 Recently, the
Full-Scale Modernization
SACCS finally stopped using 1970s-era
It is estimated that the more than 150
floppy disks; the system now uses a ”highly
existing nuclear command, control, and
secure solid state digital storage solution.”50
communications systems (NC3) will
need either significant modernization or For example, the Integrated Broadcast
integration with new assets and delivery Service, which provides integrated intel-
vehicles. 45
The Strategic Automated ligence, surveillance, and reconnaissance
Command and Control System (SACCS), information to operators, will become a
necessary to maintain communication and scalable system to “accommodate growth
execute nuclear launch orders in a crisis, as the virtual world grows and cyber opera-
was still using floppy disks until late 2019; it tions change.”51 The modernized system will
now has new hardware and software. 46
increase output to 100 million messages per
day, as well as increase the flow, searchabil-
The age of the existing system necessitates
ity, and storage of information.
replacement, but replacement introduces
important cybersecurity questions. The The new Joint All Domain Command and
NC3 architecture must maintain uninter- Control (JADC2) system will integrate
rupted communica- conventional and nuclear information “in
Modernization efforts also tion with all relevant an attempt to move data at machine speed
members of the and execute joint all domain operations.”52
will need to prioritize the
nuclear mission General Hyten, vice chair of the Joint Chiefs
resiliency and survivability when needed. of Staff and former commander of U.S.
of all NC3 systems. Legacy systems Strategic Command, has noted that JADC2
must be upgraded and NC3 “are intertwined because, well,
to connect with new delivery vehicles, NC3 will operate in elements of JADC2.”53
sometimes even if the legacy system will Modernization efforts also will need to prior-
be retired before the new delivery vehicles itize the resiliency and survivability of all NC3
are fully operational. New NC3 systems systems, including U.S. space-based NC3
must reliably connect to both legacy and systems, which face growing threats from
modernized delivery capabilities. 47
counterspace weaponry and an increasingly
congested orbital environment.54NUCLEAR THREAT INITIATIVE ∞ 13
requests cross-referenced with
open-source literature reflect
SOURCE: Robert Gauthier/Los Angeles Times via Getty Images
decisions and processes from
nearly a decade of planning
and initiatives to advance
the military’s use of modern
tools, including artificial
intelligence (AI).56
Targeted applications of auto-
mation should be distinguished
from lethal autonomous
Missile combat crew member at Malmstrom Air Force Base
inside the launch control center in 2014
weapons and automation
of nuclear launch decisions
without human decision-mak-
Bringing in Advanced Tools:
ing. Today, nuclear launch decisions in
New Process Automation
the United States require presidential
and Machine Learning approval, and this research did not identify
Applications any consideration of the U.S. adopting a
Some automation additions to nuclear “Dead Hand,” or removing humans from
systems incorporate conventional process the decision-making loop for launching
automation approaches; other investments nuclear weapons.
take advantage of the gains machine
learning techniques have made in recent It is noteworthy that current plans for
years, for example, to analyze early-warning, nuclear modernization do not include
ballistic missile sensor data rapidly. systems with the highest degrees of
machine control—which are more akin
In recent budget requests, just over 20 to general AI or autonomy—in which
percent of a sample of nuclear moderniza- computers make decisions without human
tion programs have included automation or intervention. This
machine learning efforts. Of the surveyed
55
choice is consistent
It is noteworthy that
nuclear modernization programs, 11 antici- with the Defense current plans for nuclear
pate incorporating automated components Department’s AI
modernization do not include
that will process high volumes and sources ethical principles,
of data or improve security (see Table 1). which recommend systems with the highest
Automation or machine learning features that human beings
degrees of machine control.
will automate backup power switches, “exercise appropri-
streamline acquisition and maintenance ate levels of judgment and remain respon-
efforts, rapidly identify and patch cyber sible for the development, deployment,
vulnerabilities, advance the speed of use, and outcomes of DoD AI systems,” in
planning systems, analyze sensor data for addition to calling for the department’s use
early-warning systems, or improve the tar- of AI systems to be equitable, traceable,
geting accuracy of a gravity bomb. Budget reliable, and governable. 5714 ∞ U.S. NUCLEAR WEAPONS MODERNIZATION
Examples of New Automation States to accurately locate adversary ballis-
or Machine Learning Tools tic missile submarines in crises.62 Another
effort devised a “digital twin” of ship power
Automated Power plants to record all relevant data on power
Backups plant performance.63 Another project
Automated components are replacing enabled the use of sensor data to order
outdated capabilities in legacy systems for necessary F/A-18 Super Hornet parts pro-
targeted purposes. The aging Minuteman actively and predictively for maintenance,
III ICBM squadrons, for example, will reducing repair time by 45 percent and the
have an automated switching unit that number of parts ordered per repair by 40
will replace “software and electronics to percent.64 This project parallels efforts to
measure incoming and standby power use data analytics and develop algorithms
characteristics.” 58
The current system has to streamline maintenance operations.65
become outdated, leading Minuteman III Such work demonstrates the targeted
missiles to inadvertently switch between role for machine learning and advanced
the primary and backup power sources; data science and the potential impact on
these incidents “have increased the military operations.
use and accelerated the wear on” these
The Joint Artificial Intelligence Center
components. 59 The upgraded automatic
(JAIC) “is a focal point of the DoD AI
switching unit is intended to reduce stress
Strategy.”66 The JAIC coordinates predictive
on these critical systems and help maintain
maintenance efforts given that “commer-
reliability should the primary power source
cially developed AI-based applications have
be cut. The Defense Department estimates
the potential to predict more accurately
that “all Launch Facilities and Missile Alert
maintenance needs on equipment.” 67 The
Facilities will be impacted by this program
Air Force has recently increased coordi-
at all missile wings.”60 These automated
nation with the JAIC on condition-based
components will process data and perform
maintenance and enhanced reliability
a single function; failures in these compo-
centered maintenance operations.68
nents could stress systems but would not
Lt. General John N.T. “Jack” Shanahan
affect launch controls for the missiles.
(ret.), the first director of the JAIC, called
integrating AI into the Department of
Acquisition Systems and
Defense “a multi-generational problem
Problem-Solving
requiring a multi-generational solution
To improve integration of data science [that] demands the right combination of
across the Navy, the Digital Warfare Office tactical urgency and strategic patience.”69
was established in December 2016 and Shanahan has stated that AI will not be
drives “the push to apply AI and machine incorporated into the NC3 architecture:
learning to operations.”61 Projects include “You will find no stronger proponent of
an effort to incorporate machine learning integration of AI capabilities writ large into
to analyze acoustics in the undersea the Department of Defense...but there is
domain, which could allow the United one area where I pause, and it has to doNUCLEAR THREAT INITIATIVE ∞ 15
with nuclear command and control.”70 information from all sources, Navy attack
General Shanahan’s comments reaffirm surfaces and network operations” to
that the United States does not intend to improve “network and operational system
adopt a ”Dead Hand” launch system con- hardening and remediation efforts,”
trolled by AI; however, budget requests do according to the former commander of the
include targeted roles for machine learning U.S. Fleet Cyber Command, current Chief of
applications and other automated systems Naval Operations Admiral Michael Gilday.75
for NC3 systems.
The program looks at “ways to utilize data
analytics, machine learning, and other
Cyber Defense and
automation technologies” for enhancing
Situational Awareness
cybersecurity defenses.76 Rear Admiral
Cybersecurity upgrades in military systems Danelle Barrett (ret.), who served as the
will incorporate machine learning and Navy Cyber Security Division director until
automation to rapidly detect and patch November 2019, found that, consistent
cyber vulnerabilities.71 To address emerging with many private sector cyber defense
cybersecurity vulnerabilities, unclassified practices, “[a]nything that we can do to
documents propose using automated tools automate the cybersecurity protection of
for red-teaming, both to identify vulnera- our network at Internet speed—lightning
bilities and to teach personnel about the speed—is what we’re interested in.”77
variety of vulnerabilities a cyber system
may encounter.72
Nuclear Planning
U.S. Navy documents outline automation
Systems
efforts to enhance the cyber resiliency of U.S. Strategic Command operates the
NC3 systems. Defensive cyber operations Integrated Strategic Planning and Analysis
missions will “incorporate Nuclear Network (ISPAN) to design comprehensive
Command, Control, and Communications nuclear attack plans.78 Automated infor-
Navy (NC3) missions” within environments mation system technologies allow ISPAN
that allow “for better overall situational to develop, process, and display a variety
awareness and improved speed of response of nuclear targeting plans in regional and
to the most dangerous malicious activity by global contexts. Public details on the system
leveraging the power of machine learning remain scant, because “[i]t is one of DoD’s
and artificial intelligence to harness most complex classified computer systems
existing knowledge more rapidly.” 73
Budget and the only national force level planning
documents outline how these efforts will system.”79 Humans seem to remain in the
enhance the Navy’s nuclear command, loop, but this semi-automated tool is “right
control, and communications as well as in the decision-making process.”80
ballistic missile defense cybersecurity.74
ISPAN is composed of a digital planning
Another Navy program, the Continuous system that allows for leaders at the com-
Hardening and Monitoring Program batant command and strategic levels to
“brings together current and historical jointly coordinate and execute battle plans16 ∞ U.S. NUCLEAR WEAPONS MODERNIZATION
and a second system that uses “Machine- Early Warning
to-Machine collaboration” to speed up
Next Generation Overhead Persistent
the joint planning process and to create a
Infrared (Next-Gen OPIR) early-warning
comprehensive digital interface displaying
satellites are rapidly being developed
all relevant information to execute those
and acquired to replace the legacy
plans. 81 The second system also offers
Space-Based Infrared System satellite
“rapid distributed Course of Action (COA)
architecture. Next-Gen OPIR satellites
development and global situational
will occupy positions in geosynchronous
awareness supporting both contingency
and polar orbits, which will allow them to
and crisis planners.”82 Initial contract
persistently monitor the earth for signs of
opportunity language called for creation of
ballistic missile launches. The program is
“an automated ‘Courses of Action’ suite.”83
fully funded in FY2021 and being rapidly
However, contracts to automate COAs
prototyped, with the goal of launching
were never awarded, and efforts have been
Next-Gen OPIR satellites by 2025 and the
delayed to January 2021. 84
complete constellation by 2029. 89
The second system within the ISPAN is
Automation and machine learning are
the Mission Planning and Analysis System
planned for incorporation into the Future
(MPAS), “an automated information
Operationally Resilient Ground Evolution
system to support Global Strike nuclear
(FORGE) ground system for the program.
and conventional target development and
FORGE “is being designed as an open
weaponeering.”85 Through recent digitiza-
architecture, meaning it will be able to
tion of 1980s technologies, MPAS processes
incorporate data from other sensors” to
data on strategic effects of various nuclear
amplify missile launch detection capabil-
systems and rapidly outputs an even wider
ities.90 “Essentially, this is a smartphone
variety of targeting recommendations. 86
model,” said Dave Wajsgras, president of
The Air Force says these modernization
Raytheon ISS: “We’ve built an operating
efforts will assist leaders in making
system that everyone can build applica-
informed, decisive, and efficient decisions
tions for—from Raytheon to the Air Force
during crises by displaying the effects
to universities to small companies. These
of both conventional and nuclear strike
applications allow the system to process
options. 87 Meanwhile, the Air Force is
specific types of data.”91
rapidly developing ISPAN Increment 5,
which will primarily include extensive, To handle data analysis, FORGE will use
ongoing software upgrades to the MPAS machine learning and algorithm devel-
nuclear planning system until fiscal year opment to rapidly process and transmit
2024, after which a decision to transition to early-warning information to relevant
full deployment must be made. 88 parties as well as rely on cloud storage.92
The Defense Department reports that the
automated capability will process dataNUCLEAR THREAT INITIATIVE ∞ 17
from a wider variety of sources than legacy other significant technical risks.” Efforts to
systems and allow for more rapid commu- upgrade the cybersecurity of the Next-Gen
nication across the nuclear mission. 93
OPIR satellites are limited; program
officials report “they plan to generally reuse
The U.S. Space Force points to the
software from the Space Based Infrared
Next-Gen OPIR program as an example
System (SBIRS) GEO programs, ground
of successful rapid acquisition efforts.94
system, and other programs.” It is also
However, recent GAO reports have
possible that the “the future ground system
“assessed the schedule as highly aggressive
may not be ready when the first GEO satel-
and high risk, given concurrent develop-
lite is delivered.”95 Despite these warnings,
ment efforts … and complex integration
the first two Next-Gen OPIR payloads have
that includes first-time integration of
passed preliminary design review.96
a new payload and spacecraft, amongPART 2 Benefits and Risks to Digitizing and Automating
20 ∞ U.S. NUCLEAR WEAPONS MODERNIZATION
T
he reason to integrate digital Although both the Obama and Donald
technologies into U.S. nuclear Trump administrations supported mod-
weapons systems is clear: the old ernization of the U.S. nuclear deterrent,
systems are outdated or nearing end of life the scope of the program is a matter of
and today’s replacements are likely to be ongoing debate within the nuclear policy
digital. Through modernization, the U.S. community. Key issues include the expense
nuclear weapons systems will benefit from of the effort, what sorts of upgrades are
the addition of digital or automated com- required, whether the force structure
ponents. At the same time, though, risks should be modified, and the international
abound, and leaders must address them security implications of U.S. nuclear force
in a timely way. Unfortunately, the cyber- policy and posture. The ramifications of
security and supply chain security practices incorporating new digital systems during
at the Departments of Defense and Energy the modernization process remain on the
lag behind the acquisitions process. periphery of analysis and debate.
The Need to Modernize Track Record for Weapons
The Barack Obama administration System Cyber and Supply
determined that a broad modernization of Chain Security Is Wanting
nuclear weapons systems was necessary to Experts have documented the need for
maintain a safe, secure, and effective deter- incorporating the best cybersecurity
rent. In 2016, then–Secretary of Defense practices into weapons development;
Ashton Carter reasoned that “it’s not a this report will not enumerate the full
choice between replacing these platforms scope and series of risks, nor the relative
or keeping, it’s really a choice between difficulty of mitigating and managing
replacing them or losing them.”97 The need them across the defense industrial base.100
to modernize nuclear weapons systems It is important to note, however, that the
that were last updated in the 1980s is well absence of consistent, well-implemented
documented.98 While upgrades and life cybersecurity measures across all weapons
extensions have occurred over the years, system research and development creates
much of the U.S. nuclear deterrent—includ- acute challenges for the U.S. nuclear
ing delivery vehicles, command, control, mission. Historically, cybersecurity has
and communications, and the weapons been an add-on or an afterthought in
themselves—dates to the 1970s and 1980s. major defense weapons system design.
Some elements of U.S. nuclear forces, such Program management incentives have not
as the B-52 bombers, date to the 1950s. been structured to encourage managers
From delivery vehicles to command and to prioritize the need for mitigating cyber-
control networks to early-warning satellites, security vulnerabilities over time.
the platforms, as well as the technologies
and systems upon which they rely, are The GAO has raised alarm regarding the
increasingly difficult to reliably maintain. 99 Defense Department’s lack of focus onNUCLEAR THREAT INITIATIVE ∞ 21
combating cyber threats to critical systems. Cybersecurity Initiatives Lag
A 2018 GAO report found that the depart- Modernization’s Acquisitions
ment’s weapons systems are increasingly
Progress
networked and more software reliant than
Although the Defense Department
in years past, creating an expansive attack
has taken actions including revising
surface.101 Operations testing revealed mis-
cybersecurity policies and guidance and
sion-critical cyber vulnerabilities even while
has been directed by Congress to address
Defense Department program officers
cyber vulnerabilities, these actions are
understood the systems to be secure.
late, according to the GAO.106 The Air Force
The GAO declared that the department is
has requested nearly $70 million for cyber
“just beginning to grapple with the scale”
resiliency of weapon system programs in
of the vulnerabilities to critical weapons
FY2021, a roughly 80 percent increase from
systems.102 Similar challenges appear at the
the prior year, with funding for the Cyber
Department of Energy/NNSA in securing
Resiliency Office for Weapon Systems,
the supply chain of critical components.103
which trains acquisitions workers and
Until recently, there was no lead organi- provides system security engineering.107
zation within the Department of Defense Additional information system security
responsible for defending the defense and information technology development
industrial base against cyber threats; programs work toward protection and
defense contractors and other firms were defense against cyber risks.108 The Navy
trusted to manage their own cybersecurity has recently completed congressionally
risks. The result was compromised systems mandated “cyber vulnerability assess-
and military readiness at risk. 104
A 2018 ments of major Navy weapons systems
MITRE study recommends that “[a]ccount- and cyber vulnerability assessments of
ability for integrity and mission readiness critical shore infrastructure.”109 Roughly $42
[…] be blended across the acquisition, million went toward vulnerability assess-
operations, and sustainment communities, ments in fiscal year 2019. Then the secre-
with a clear chain of command directly to tary of the Navy published the sobering
the Secretary of Defense.”105 Accountability Cybersecurity Readiness Review summa-
for ensuring that department-wide rizing various cybersecurity risk analyses
cybersecurity procedures apply to nuclear and recognizing the extensive cultural and
modernization programs or surfacing and institutional challenges to enhancing cyber
managing AI safety issues is unclear. The resiliency in the Navy, particularly as there
cross-cutting cybersecurity policies meant are “no uniform or effective cybersecurity
to defend military assets and systems metrics to quantify the threat, influence
against cyber or supply chain attacks at the resourcing, or operational planning.”110
Defense Department are still immature, The Navy is taking numerous steps, both
presenting the possibility that the nuclear technical and organizational, to mitigate
weapons modernization could outpace the cyber vulnerabilities but acknowledges its
policy frameworks. efforts’ limitations.11122 ∞ U.S. NUCLEAR WEAPONS MODERNIZATION
There now is a set of policies and guidelines free from compromise throughout the
for managing cybersecurity risk in place development and operations life cycle.117
for major Defense Department weapons Existing approaches to securing weapons
development programs. 112
These relatively systems amount to a set of “whack-a-mole”
new structures include delineation of task efforts—as each vulnerability is revealed,
ownership as well as checklists to be used it is patched, and so on.118 The approach
before granting authorization to connect of chasing and reacting to vulnerabilities
a digital tool to other weapons platforms has an impact on overall program cost and
or systems. There also are necessary, schedule, and raises concerns about the
cross-department initiatives to speed up system’s performance over time.
software development and reform acqui-
The retention of a highly skilled and
sitions processes to accommodate the
sought-after cybersecurity workforce
realities of digital technologies.113 Experts
also is affected by delayed or deficient
interviewed by NTI describe the various
cybersecurity practices. A 2019 RAND
efforts underway as “necessary, but not
Corporation study cited concerns that “the
sufficient” in the face of cyber threats to
Air Force simply is not structured in a way
high-consequence systems.114
that allows for the flexibility that is ideal for
The initiatives underway are important and cutting-edge cyber operations, or for being
could aid the nuclear mission and modern- proactive (as opposed to reactive) in cyber
ization efforts, but support and maintenance.”119
The approach of chasing and the GAO has noted
Some experts have called management of
that in the race to
reacting to vulnerabilities has digital risks the “fourth pillar” of Defense
develop and deploy
an impact on overall program Department acquisitions, and initiatives
digital technologies
are underway to improve the defense
cost and schedule, and raises (both software
acquisitions workforces’ understanding
and hardware) for
concerns about the system’s prior, conventional
of cybersecurity.120 In early 2020, the
Defense Department announced the
performance over time. military missions,
Cybersecurity Maturity Model Certification
key information,
Initiative to encourage basic cyber hygiene
planning, and decision-making steps
throughout the department’s industrial
were omitted, and the initiatives are not
base. The department’s risk-management
models for high-consequence strategic
framework, based on National Institute
technology and system developments.115
of Standards and Technology recommen-
Cybersecurity and software development
dations, is in place, and work has focused
practices remain inconsistent, and critical
on new training and integrating of cyber-
assessments delay progress.116
security concerns early in the process.121
Vulnerability management is a central
In just one recent example that demon-
concern across weapons system develop-
strates the severity of the risk, the Defense
ment but is not sufficient to confirm that
Department’s inspector general found
critical systems and their components are
that insufficient and inconsistent securityNUCLEAR THREAT INITIATIVE ∞ 23
practices have made ballistic missile responsibility—the enterprise lead—for
defense installations vulnerable to physical nuclear command and control moderniza-
and cyber threats, jeopardizing classified tion, but a number of Defense Department
technical information. 122
The GAO also civilian leaders, as well as the Air Force and
continues to find lackluster cyber hygiene Navy, remain responsible for the acquisi-
practices at the department.123 As of June tion and sustainment of NC3 assets.127
2020, cybersecurity of major defense
For delivery systems, individual program
acquisitions still suffered from “inconsistent
managers are responsible and report
software development and practices.”124
through the Office of the Undersecretary of
Defense for Acquisitions and Sustainment.
Accountability and Oversight
For warhead and bomb modernization,
Challenges of a Digital
the Office of Defense Programs at the
Modernization Energy Department’s NNSA is responsible.
Lack of accountability for meeting key The Nuclear Weapons Council, with
milestones is an ongoing challenge for representatives from both Defense and
major weapons development programs. Energy, “is the focal point for interagency
Structural issues, including the number activities to sustain and modernize the U.S.
of personnel involved in decisions with nuclear deterrent [and] endorses military
distinct motivations or incentives—who can requirements, approves trade-offs, and
slow or stymie programs (but not cancel ensures alignment between DoD delivery
them)—have come to light as initiatives systems and National Nuclear Security
to accelerate software development have Administration (NNSA) weapons,” according
met resistance, according to the Defense to The Nuclear Matters Handbook 2020..128
Innovation Board: “These oversight actors
often have overlapping or unclear roles and Requirements for cybersecurity practices
authorities, as well as competing interests lagged behind some weapons system
and incentives.”125
In the drive to bring inno- development, and today, assessments are
vation to the nuclear weapons complex, not yet a permanent, institutionalized part
accountability concerns are similar. of the acquisitions process.129 At least four
of the 46 nuclear modernization programs
NTI interviewees questioned the level reviewed in this study do not describe
within the departments at which the explicit, unique cybersecurity protocols in
strategic choices and trade-offs are being public documents; instead, they rely on
made in the modernization effort. Some department-wide cybersecurity resources
noted that the Office of the Secretary of for weapons systems. The National
Defense and entities such as the Nuclear Institute of Standards and Technology, in its
Weapons Council have recently provided update to the Department of Defense Risk
more limited strategic guidance than Management Framework, advises that test
in previous administrations. 126
Former and evaluation processes for information
Secretary of Defense James Mattis system security occur prior to awarding
assigned U.S. Strategic Command development contracts.130You can also read
