The oldest information system the government operates might also be the most crucial one. No, not the IRS master file system. It’s the technology that controls nuclear weapons. It dates to the 1950s. Yet imagine if the control systems were online in the age of ransomware. Our guest has thought about exactly that. A long time scholar and researcher in cybersecurity, he’s written a book called Cyber Threats and Nuclear Weapons. Stanford University Fellow Dr. Herb Lin joined Federal Drive with Tom Temin.
Tom Temin: Dr. Lin, good to have you on.
Insight by Ciena: In this exclusive executive briefing, experts will discuss the wide-area broadband about to go out of this world.
Dr. Herb Lin: Thanks for having me.
Tom Temin: And your book deals really with two parts of the surrounding control of the nuclear enterprise, one is the very ancient systems that have launch control and communications among the silos. And then there are the larger DoD communication systems that overlay that. And those are the ones at this point that are vulnerable in a cyber sense. But tell us what’s going on with those lower level systems that were installed when the silos were built.
Dr. Herb Lin: What you’re talking about is the fact that a lot of the command and control systems and the stuff that’s responsible for actually launching the weapons and so on do date back a long way. No missile silos of the sort that you’re talking about in the 1950s, but certainly in the 1960s. That’s absolutely true. And there is computer technology, and that is actually pretty ancient. So the concern there is how you maintain old technology, even though it’s working properly, the manufacturers go out of business and so on, and now you have to buy parts on eBay or something like that. On the other hand, the old system precisely because it’s so old tends to be a lot more resistant to today’s cyber threats. For example, they’re not connected to the internet directly. That’s one thing. Another thing of course is that a hack, a software hack that you wrote for some modern machine and so on, just wouldn’t run on one of these machines. So from a cybersecurity standpoint, the old system is a whole lot more secure.
Tom Temin: And there is a gambit to – the programs have been going on for some years, and Congress funds them and they don’t fund them, they go back and forth depending on the administration – to upgrade and modernize a lot of that, not the warheads themselves, but everything leading up to the warheads. So is the danger that if they modernize those systems, they would just default toward an internet based communications system, and then the nuclear weapons are right there, along with some database of names and numbers?
Dr. Herb Lin: I would say that that’s an overly simplified way of looking at it. But I think that the general point that you’re making, I think, is at least one that people have to take into account, which is that whenever you upgrade in from an old system to basically a completely new system, what you’re doing is you’re introducing the possibility of new problems coming in because you have a new system. And a new system, by definition hasn’t been around for a very long time. And the way you shake out bugs and problems in a system is you let it operate for a long time, and then you find the bugs in operation and so on. And this funny glitch here is investigated, and then you fix it and so on. By definition, a new system hasn’t had a wealth of experience behind it, of operational experience behind it. And every computer person knows that those are the circumstances under which you reveal problems. So as you bring new stuff online, there’s always a risk of increasing the possibility of more bugs and more problems in the system. That doesn’t mean by the way that you should not upgrade, it just means that when you upgrade, you got to do this very, very carefully. And in my book, I talk about some of the ways of making sure that you get it right.
Tom Temin: We’re speaking with Dr. Herb Lin, he is senior research scholar at the Center for International Security and Cooperation and a fellow at Stanford University. And what about the other parts of the nuclear enterprise that are connected to the internet? Because they’re connected to other DoD systems, command and control systems, communications to the White House, I guess, or to that so called football they carry. What about the cyber threats there? You’ve written about that also.
Dr. Herb Lin: Well, one of the things about the Department of Defense is that their technology, in fact, most of the Department of Defense is in fact more modern than the stuff that’s used on the nuclear side of house, it probably isn’t as modern as what’s on your desk. And so it’s instead of being 1960s and 70s technology, its 1980s and 90s technology or something like that, not 2019. And so there’s that problem. So when you say are there vulnerabilities in the rest of the Department of Defense command and control system, of course there are vulnerabilities in them. Dealing with those vulnerabilities was one of the rationales for why they put a US Cyber Command to help defend against them. That was back in I guess in 2010 or 2009, something like that. So the department is very well aware of the cyber vulnerabilities in the rest of the networks and tries its best to fix them, but even DoD would not say there are no vulnerabilities
Tom Temin: And why have so far nothing disastrous happened do you think, say from North Korea, for example, which seems to have pretty good cybersecurity hacking chops from what we can tell it? Is it that they are just waiting for the right moment to do what they’re capable of doing, or if they haven’t quite figured everything out yet?
Dr. Herb Lin: Part of the problem is that it’s not all that easy to hack into the DoD. The DoD is not bad. On the other hand, I think nobody who looks at this rests easy. When it looks at the capabilities of adversaries, and especially during a war, right, you don’t deploy in peacetime, or even in times of tension, you don’t deploy the capabilities that you would be using during wartime. So there’s no reason in particular to think that we’ve seen the worst that North Korea or China or Russia or anybody else could throw at us.
Tom Temin: And discuss the possibility of the wartime being a cyber event. And you also have some expertise in the offensive cyber operations that we know the Defense Department has, but they’ve been very reluctant, first of all, to talk about them that much, let alone to deploy them as far as we can tell. And so should there be a little bit more active use of cyber preventive measures, which might look like cyber aggression coming from our side to prevent what could happen from the other side?
Dr. Herb Lin: Let me rephrase what I think you just said, I think you asked the question, should we be penetrating them and hassling them in cyberspace a little bit more, in order to prevent their hassling us in the future? I think that’s what you asked.
Tom Temin: Yes. That’s why you’re the professor.
Dr. Herb Lin: Okay, right. And so the answer is that, in fact, in 2018, the US Cyber Command did, in fact, announce exactly such a doctrine, it’s what they call defend forward and persistent engagement. It’s all oriented towards defense in the sense that we’re trying to protect ourselves. And the theory behind this is that persistently engaging the adversary is going to force them to spend more of their efforts on defense, rather than on offense. The argument is, they have a limited amount of resources, there’s a certain balance of offense and defense that they use right now. And that if we hassled them some more, they’ll be forced to shift resources from offense into defense, thereby being able to harm us less. So the DoD has actually set this out quite straightforwardly in a doctrinal statement that’s on the web.
Tom Temin: All right. And get into your book, Cyber Threats and Nuclear Weapons, what’s the main message you’re trying to get across here?
Dr. Herb Lin: The main message that I’m trying to get across in the book of cyber threats affect all of the nuclear enterprise. So from soup to nuts, most people who have looked at the cyber threat to nuclear weapons have focused on the command and control system. And they should have, that has been a good thing. The lesson that I want to underscore is that cyber affects every aspect of the problem of the nuclear enterprise, not just the command and control. So there are potential possible issues with nuclear warhead reliability and the like, I’m less concerned about that, actually. But there are a lot of problems potentially, with nuclear weapons delivery systems. And there’s a lot of problems even within command and control people worried about the idea that somebody might penetrate the system and issue a false launch order or something, I’m not actually particularly worried about that. But there are all sorts of sensitive databases and so on that need to be protected. And that means it’s very complicated to run a nuclear delivery system. I mean, a whole architecture of weapon systems and command and control and so on, that will actually result in nuclear weapons being delivered where they’re supposed to be delivered.
Tom Temin: And also, there’s the issue of the many simulations that they do, head by head so to speak, because they can’t test them anymore. those tests are done on networks of supercomputers and done scientific.
Dr. Herb Lin: That’s right, and they’re not connected to the internet, but you don’t have to worry about the integrity of the data that they rely on its own. And as I say, I’m not all that worried about the Department of Energy. On the other hand, there are potential threats that they have to be aware of.
Tom Temin: Anything else you think they really need to know?
Dr. Herb Lin: Yeah, there is one other major point that I didn’t get to here, which is that one of the big deals that the new administration and the past administration has been pushing is this idea of conventional nuclear integration, that is a greater integration between the US conventional forces and nuclear forces. And they have a variety of doctrinal reasons for wanting and strategic reasons for wanting to do this. But whatever comes out of that, they would be calling for greater integration of nuclear and conventional forces. And that means a command and control system that is set up to do that will have to support conventional nuclear integration. Now, it seems to me that you have to believe that a command and control system that is set up to do both conventional and nuclear integration is going to be more complex than a system which is designed to support nuclear operations. And it seems to me that, take that as a premise and all of the history, all computer systems development suggests that when you make a system more complex, you make it more cyber vulnerable. That is, complexity is the enemy of security. Every computer professional will acknowledge that. So I worry a lot that as we start to demand more and more out of a nuclear command and control systems, like for example, trying to integrate into a conventional command control as well, that were actually insisting on systems whose security is going to be much more difficult to ensure. And I really worry about that. It’s not clear to me that the benefits are worth the risk. That’s a strategic decision that has to be made, but somebody needs to be worrying about that trade off. You can’t just say that, oh, we’re going to integrate it, we’re going to do this integration, and we’ll make it secure. I mean, you can’t just say that because there are trade offs there.
Tom Temin: Dr. Herb Lin is senior research scholar at the Center for International Security and Cooperation, a fellow at Stanford University, and author of Cyber Threats and Nuclear Weapons, published by Stanford. Thanks so much for joining me.
Dr. Herb Lin: Thank you very much for having me.