Urgent need to mitigate nuclear cyber risk

There is now a critical need for a global diplomatic approach to address growing nuclear-related cyber risks, including, where possible, through cooperation between the United States and Russia, according to a new report.

The report, Reducing Cyber Risks to Nuclear Weapons: Proposals from a U.S.-Russia Expert Dialogue, from thinktank NTI, claims that despite significant current geopolitical tensions, the United States and Russia have a mutual interest in avoiding the use of nuclear weapons and an obligation to work together to do so based on the understanding that a cyberattack on a nuclear weapons system could trigger catastrophic and unintended conflict and escalation.

Prior to the start of the war in Ukraine, NTI in 2020 and 2021 said it convened a group of American and Russian non-government experts to develop a mutual understanding of the risks, explore potential risk-reduction measures, and develop recommendations for the US and Russian governments. 

While acknowledging the challenges posed by an already charged political environment, the dialogue emphasised the importance of maintaining cooperation between the United States and Russia on key nuclear security issues, the value of unilateral risk reduction actions, and the benefit of developing ideas for cooperative steps to be advanced when the political situation improves.

The dialogue yielded six recommendations intended to reduce cyber risks, improve strategic stability, and prevent the catastrophic use of nuclear weapons. The United States and Russia should:

  1. Refrain from cyber interference in nuclear weapons and related systems, including nuclear command, control, communications, delivery, and warning systems
  2. Evaluate options to minimise entanglement and/or integration of conventional and nuclear assets
  3. Continue to improve the cybersecurity of their respective nuclear systems, including through unilateral “fail-safe” reviews
  4. Increase transparency and expand communications during periods of increased tension
  5. Adopt procedures to ensure that any cyber, information, or other operation involving information and communications technologies emanating from the United States or Russia with the potential to disrupt another nation’s nuclear deterrence mission be approved at the same level as required for nuclear use
  6. Eliminate policies that threaten a nuclear weapons response to cyberattack.

The report calls on the United States and Russia to simultaneously pursue multiple approaches to drive progress on the range of risk-reduction measures designed to minimise the potential for a nuclear crisis triggered by a cyber-attack or other interference with nuclear weapons or systems.