Air Force Staff and civilian personnel concentrate on exercise scenarios during “Cyber Guard 2015” in Suffolk, VA. (DoD pchoto by Marvin Lynchard.)
The hunt for mobile missiles is getting faster, cheaper, and better. Long recognized problems with mobile systems have combined with cyber technology breakthroughs to make these missiles vulnerable. But above all it is driven by strategic purpose. Mobile systems are used throughout the world with a conviction that they are less vulnerable to precision conventional attack, either by a local enemy or by the United States. They are the bedrock of deterrence in the new nuclear states in East Asia, South Asia, and the Middle East. Even major powers like Russia and China have shifted to mobile ICBMs.
The increased vulnerability of mobile missiles will have profound, long-range consequences. They are profound because they cut to the core of national survival for countries who rely on them for deterrence. And they are long term because the competition between hunter and hunted is likely to be the central arms race for decades to come.
The Cyber Threat to Nuclear Stability
The thesis of “The Cyber Threat to Nuclear Stability” (Orbis, Spring 2016) is that a spillover of cyber technologies to the precision strike and nuclear missions is radically improving the hunt for mobile missiles. This results from long-standing vulnerabilities in mobile systems and advances in cyber technologies. It is important to understand that technology advances alone aren’t making mobile missiles vulnerable. Mobile missiles were always more problematic than fixed systems like the silo-based ICBM. Herman Kahn, for example, had a section on “Problems of Mobile Systems ” in his 1960 tome On Thermonuclear War (pp. 264-68).
The new cyber technology exploits the inherent vulnerabilities of mobile systems. This is clear from even a cursory analysis. A fixed missile needs only to receive the “go” order. But a mobile missile also needs to be told where, when, and how to move. New locations need to be prepared with spare parts, supplies, and technicians. Target coverage changes with location, so new aim point data has to be sent to the missiles.
All of this requires communications — lots of it. This is done by radio in some form, because fixed lines cannot be laid down in advance without giving away locations. Furthermore, while firing drills for fixed missiles are easy to practice, this is not so for mobile missiles. Moving live missiles around, along with warheads (possibly nuclear) brings many new complexities into the picture. For one thing, a mobile guard force is needed. This force requires its own vehicles.
In addition, most countries separate the missile launch crew from the warhead crew as a basic safety measure. They don’t usually travel with their warheads mounted, especially if it is a nuclear warhead. Otherwise, there is a danger of accidental or unauthorized launch. The addition of guards and warhead crews adds another layer of communications.
These communications can be monitored and the vehicle movements tracked. This can be done by drones, satellites, hacked security cameras, or mobile phone cameras. Note that cyber technology is not limited to computer viruses or malware. Automatic license plate readers, computer vision, camera networks, and data analytics are very much part of this revolution. These technologies are necessary to include in any forecast of mobile missile survival.
Consider some examples, and their potential for hunting mobile missiles. Today, the police routinely track cars using automatic license plate readers. Special cameras mounted in a moving police car record thousands of license plates in a few minutes. These are run against a hot sheet that instantly alerts authorities when a “hit” is found.
Police also use phony cell phone systems called Sting Rays that trick mobile phones into giving away location and other information. These technologies track criminals, but could just as well track key personnel in a military command, political leaders, or technicians vital to the operation of a missile force.
The most advanced cyber technologies for mobile have developed in business. Uber, Lyft, FedEx, Amazon, and Walmart have organized or reengineered their entire business models around them. This isn’t just for tracking packages and cars. Companies have built supply chains to respond to shifting customer demand. Sensing customer needs before the fact is part of the business system. Uber sends cars to parts of a city they know will be busy at certain times. FedEx shifts airplanes to hubs when demand increases. Airport hotels set prices based on weather forecasts and number of flight cancelations. If a storm is coming, room prices increase, dramatically.
These are reactive systems that anticipate changes in their environment. They flood resources to spots with the best payoff. Now, think of “demand” in terms of geographic areas with mobile missiles. Search effort is increased to these areas — e.g., during an exercise or crisis, or from other information such as an intelligence plant in the enemy command. Next, resources (e.g., cruise missiles, strike aircraft, drones, saboteurs) react to the changes in the target complex with updated targeting assignments.
There are other kinds of cyber technology relevant to the search for mobile missiles. Insurance companies have developed tiny sensors attached to cars to measure speed, acceleration, braking severity, the frequency of left turns, and night driving time. Each driver is assigned a risk and importance factor, for how likely they are to get into an accident and the expected size of the insurance payout. It isn’t hard to see the applicability of this to mobile missiles. Each missile has a “risk” measure, the probability it will be found in a given spot. Its “importance” is the payload it carries, and how quickly it can move to another location.
Cyber is getting even more high-tech than these examples suggest. Consider beacon technology. Stealthy communications link customers with nearness to certain products, and generate instant offers tailored to the buying habits of the customer. Suppose you are walking down a store aisle where mouthwash is sold. You’re not thinking about mouthwash. Miniature transceivers called beacons ping your cell phone for an app. You may not know you even have the app on your phone, but a “dark app” has been stealthily downloaded into it. Perhaps you’ve played a game, or opened an attachment that opened you to the insertion. Your phone detects a beacon that pings it, and starts a process in the micro geography of the store aisle.
If the beacon scores a hit — i.e., if you have the dark application on your phone — a link to a data base in the cloud is established. It searches your buying patterns from dozens of data bases tied to your identity. This is data analytics. An algorithm gins up a discount offer based on this data — especially tailored for you. Buy one mouthwash, get one free. A coupon instantly appears on your phone. The whole process, from walking into the aisle to getting the coupon takes only a few seconds.
In a similar manner radio beacons can be coded for “hits” when cell phones of an enemy missile crew pass by. It is unlikely that discounts would be offered, however. These beacons link to a data base of strike resources. They cue up drones or cruise missiles — or Claymore mines planted by agents, for attack of the target.
The linchpin technology to make all of this work is big data analytics. This is true in business, or in war. In military terms, without data analytics the search becomes a random hash of drone and phone videos, lucky cell phone intercepts, and random sightings by agents. It’s like searching the ocean for a submarine in the cold war. You might get some lucky finds of enemy submarines, but you are not likely to get enough of them to launch a first strike attack that takes out enough of them to minimize the retaliatory blow to an acceptable level.
Data analytics provides the framework for building an analytical picture of the search effort. With it, drones, agents, cell phone surveillance, etc. can be allocated to geographic areas likely to give a “find” — a mobile missile, a vehicle in the caravan, or a key individual in the command. Then strike resources (airplanes, cruise missiles, attacks by insider agents) can react to a changing target system.
A system for finding mobile missiles can’t be thrown together overnight. It requires years of dedicated work. It is similar to what Walmart, Amazon, Uber and countless others have done. Indeed, the interesting thing is how such business innovations can be models of military system design as well.
Technology has upset military stability before. Submarine warfare, poison gas, Blitzkrieg, and aerial bombing nearly turned the tide in two world wars. In the cold war, multiple independently targeted reentry vehicles (MIRVs), increased ICBM accuracy, and missile defenses threatened at various times to upset nuclear stability. These challenges were handled in various ways. Arms control (SALT/START, the ABM Treaty) capped some of them. Self-restraint also helped. But instability was not entirely offset by these measures.
The nuclear war scare of 1983 shows this. It arose from political and technology changes which changed the context from the détente that had begun in the mid-1960s. In 1983, Ronald Reagan was president, and he was pressing the Soviets. At the same time, new technology had come into the forces. MIRVs, improved ICBM accuracy, and missile defense together gave the theoretical potential for a successful first strike. This condition hadn’t existed — even on paper — since the 1950s.
The Soviets at the time believed that the United States might launch a nuclear attack against them. They took several dangerous alerting actions in response. The improved technology was the context for Moscow’s paranoia of what Washington was up to. Most observers, including the author, believe that the risk of nuclear war went up in the early 1980s as a result.
It is this confluence of political and technological trends that is dangerous. In the cold war it waxed and waned. It wasn’t a static equilibrium — as the 1983 war scare shows. Today, we are facing a situation wherein the international system has nine nuclear weapon states and counting. Barring a radical restructuring of the global order, such as world government or a total ban on nuclear weapons altogether, we are asking this system to remain stable for a long time. Quite possibly, it will have to last longer than the fifty years of the cold war.
This suggests a basic question. As technology advances, with nuclear weapons, arsenals spread over many countries, cyber weapons, drones, and increased vulnerability of mobile missiles, can stability last? Can we get through a second nuclear age, this time with its multiple nuclear decision-making centers, and declining power of the United States and other major countries?
In Henry Kissinger’s World Order (2015) he calls for some kind of undefined new equilibrium. This is fine. But even this equilibrium is going to have to endure for a long time – in the face of geopolitical uncertainty and technological surprise. In the cold war there were two actors. Communication and bargaining was a lot easier because of this fact. Arms control and self restraint were simpler too, since there were few complications from third parties. The superpowers maintained high levels of bloc discipline. In particular, they stopped their clients from getting nuclear weapons of their own.
Technologically, there is a large difference with the cold war as well. The ultimate weapon of the cold war was the hydrogen bomb. But the underlying argument of “The Cyber Threat to Nuclear Stability” is that what threatens nuclear stability now are many individual technologies tied together: automatic license plate readers, hacked camera networks, computer vision, drones, cell phone hacking, cyber war, precision strike, data analytics. It is essentially impossible to corral these. They are central to modern business. Nuclear weapons, highly enriched uranium, and missiles had no commercial market in the cold war. This made technology a lot easier to control.
Aligning Cyber with the Strategic Environment
To date the environment for most cyber programs has been counter terrorism, espionage, and attacks on infrastructure. Russia and China have gone a little beyond this, for example in the Ukraine, the Baltics, and elsewhere. So has the United States with its cyber attacks on Iran’s uranium enrichment. These uses have shaped most of the thinking about cyber war.
This band of possibilities for cyber war is going to widen, considerably. The hunt for mobile missiles is one example. The tracking of enemy nuclear weapons is another. This environment for cyber will also extend to nuclear modernization of one’s own deterrent. Russia and China already have incorporated cyber into their new postures. Russia has invoked nuclear threats and cyber attack of other counties. The United States has to consider the nature of the challenge in designing its own modernization — i.e., that its principal nuclear enemies have incorporated cyber into their new nuclear forces.
China has integrated its cyberwar effort with conventional precision strike for the sea denial mission. There is a de facto spillover into China’s nuclear mission as well. Targets on the mainland of China define an escalation threshold for the United States regardless of what anyone says. If the new, manmade islands in the South China Sea become part of sovereign China — and Beijing shows every intention to make this happen — this enlarges the military geography of China considerably. The “lake” formed by Taiwan, the manmade islands, and nuclear North Korea may become like the Black Sea or the Gulf of Mexico. Technically, these are international waters. But any power who enters them does so with heightened risk. Operations in this Chinese “lake” are likely to be more intense and dangerous. Harassing moves against U.S. maritime forces, cyber attacks, nuclear head games from flushing mobile missiles from their home bases — all of these pose difficult choices for the United States and its allies in East Asia.
The hunt for mobile missiles is becoming faster, cheaper, and better. This increases crisis instability. The nuclear balance has to incorporate improvements in search – and not just improvements in accuracy. Radical improvements in accuracy and search are undermining nuclear stability.
The band of cyber war possibilities needs to expand to escalation as well as deterrence. Mobile missiles can be attacked with conventional or nuclear weapons. Or, they can be attacked with conventional weapons, and if this fails, nuclear strikes can finish the job. The choice isn’t between conventional or nuclear. It is a choice about sequencing — e.g., conventional, then nuclear if needed, or combined with a nuclear ultimatum if the other side doesn’t surrender. This sequential framework leads to scenarios not often analyzed in regional balance assessments.
Finally, while cyber looks likely to be resistant to “classic” treaty-based arms control, this is of course not an argument against arms control more broadly conceived. There are common interests among the major powers than can be pursued, for example. In many respects we are like the early architects of arms control. They had to fit the old disarmament theories with the new technological realties of the nuclear age. Our charge is in many ways the same, to think broadly and break up siloed thinking — e.g., remaking disarmament into arms control. This promises to be a significant conceptual and strategic exercise.
 On this, see the once highly classified The Soviet War Scare, Report of the President’s Foreign Intelligence Advisory Board, February 15, 1990; also Benjamin B. Fisher, A Cold War Conundrum: The 1983 Soviet War Scare, Center for the Study of Intelligence, CIA, 1997. The authors of these reports were unaware of the nuclear war game called Proud Prophet played by the U.S. leadership in June 1983. See Paul Bracken, The Second Nuclear Age, Strategy, Danger, and the New Power Politics (Times Books, 2012), pp. 84-90.