GEORGE PERKOVICH, ARIEL (ELI) LEVITE, LYU JINGHUA, LU CHUANYING, LI BIN, FAN YANG, XU MANSHU
This paper was produced through a three-year dialogue led by Carnegie and the Shanghai Institute for International Studies, with inputs and review provided by American and Chinese technical and military experts.
The impact of cyber on nuclear stability is one of the most forward-looking and strategic topics in the current international security field. The Shanghai Institutes for International Studies (SIIS) and Carnegie Endowment for International Peace (CEIP) have conducted a joint study around this topic, aiming to provide a reference for the establishment of cyber and nuclear stability mechanisms among nuclear states.
Cyber attacks on nuclear command, control, and communications (NC3) systems have become a potential source of conflict escalation among nuclear powers. Yet major powers have not established effective risk-reduction mechanisms in this regard. While information technology strengthens nuclear strategic forces in many ways, including the modernization of NC3, it also poses an increasingly serious cyber threat to nuclear command and control systems. Cyber operations against the strategic command and control systems of nuclear states—including those probing major vulnerabilities in the command and control systems and satellite communications systems, cyber threats from third parties, and the lack of strategic trust in cyberspace—have exacerbated the impact of cybersecurity on nuclear stability.
Because of the unique nature of nuclear weapons, any cyber incidents concerning nuclear weapons would cause state alarm, anxiety, confusion, and erode state confidence in the reliability and integrity of nuclear deterrent. Cyber attacks against a nuclear command and control system would expose the attacked state to significant pressure to escalate conflict and even use nuclear weapons before its nuclear capabilities are compromised. At the same time, compared to the mature experience and full-fledged mechanisms in nuclear deterrence, crisis management, and conflict escalation/de-escalation among the traditional nuclear powers, states not only lack a comprehensive and accurate perception of the threat posed by cyber operations but also lack consensus on crisis management and conflict de-escalation initiatives.
Given that not enough attention has been paid to this new type of threat on the agenda of security dialogue between nuclear powers, SIIS and CEIP launched a joint research project on cyber and nuclear stability in U.S.-China relations in 2017, focusing on exploring the possibility of building consensus and agreement among nuclear states. It is hoped that the cyber-nuclear nexus will awaken national policymakers to the urgency of maintaining cyber stability and that nuclear states will fully recognize the dangers of cyber attacks and their respective vulnerabilities to such attacks, and thus take steps to reduce nuclear instability accompanying advancing cyber technologies and prevent nuclear war.
China and the United States are cyber powers with nuclear strategic capabilities. While the United States and China have differences of interests and priorities in cyberspace, there is still common interest in dialogue and cooperation for stability. I note that before taking office, U.S. President Joe Biden asked five questions about science and technology policy, including one on how the United States can “ensure the long-term health of U.S. science and technology.”1 China’s President Xi Jinping has repeatedly stressed the need to “ensure that the more than 1.3 billion Chinese people and people across the world can all enjoy the benefits of Internet development.”2 Obviously, with today’s evolving information technology, it is in the interest of both countries to avoid war and reduce conflicts that may escalate into war, and it is both the international responsibility of major powers and the common expectation of the international community. Hopefully, this joint study will promote in-depth dialogue and security cooperation between China and the United States and establish a corresponding workable and professional mechanism.
This joint study is a rigorous academic research project, a joint achievement of the Chinese and American research teams. The two teams have worked together for four years, with international seminars (in Shanghai on January 13, 2018, and in Beijing on March 25, 2019), working group meetings (in Washington on March 20, 2017, and in Beijing on June 4, 2017, October 24, 2018, and November 5, 2019, respectively), and more than ten online seminars. During this period, experts in relevant fields and government departments were closely consulted. Based on the final draft in English, teams from both sides translated, revised, and proofread word by word to form the final joint publication in English and Chinese.
This is an important joint study released by two prominent think tanks in China and the United States, hoping to improve mutual understanding between China and the United States on each other’s security concerns, interests and solutions to problems, promote stability in China-U.S. relations, and facilitate the healthy development of overall China-U.S. relations. I also believe it has important reference value for the two governments on how to bridge differences and forge consensus in sensitive areas. I would like to congratulate the research teams on their achievement and, in particular, thank the CEIP research team for their tireless efforts to travel between the United States and China many times and work closely with the Chinese research team. I also hope that SIIS and Carnegie will continue to conduct joint research around U.S.-China cybersecurity issues and make greater contributions to U.S.-China relations. As always, SIIS is grateful for financial support from the China-United States Exchange Foundation (CUSEF) to help SIIS taskforces conduct joint research on U.S.-China relations, including this pathbreaking work with CEIP.
Chen Dongxiao, President of the Shanghai Institutes for International Studies
THOMAS CAROTHERS
Military and national security experts increasingly warn that the most likely cause of major warfare—conventional or nuclear—between the United States and China is a minor conflict that escalates sharply, even despite the desires and efforts by one or both countries to avert such a spiraling disaster. Cyber operations, whether by China against the United States, or vice versa, are especially prone to provoking an escalation. It is very difficult for officials who detect an intruder in their country’s strategic computer networks to determine the intruder’s intentions. These intentions might be primarily defensive—seeking to gain warning of a future attack. But they might be offensive—precursors of efforts to disrupt or destroy the functioning of warning systems and/or command and control and communications systems related to a nuclear deterrent. Without knowing what an intruder is seeking to do, those who detect the digital footprints of an intrusion may well assume the worst. Pressure could thus mount quickly to strike first, before the other side can make this more difficult or even impossible.
Such risks are especially evident between the United States and China because these two powers, unlike the United States and Russia, have never defined their strategic relationship as one of mutual vulnerability, with attendant understandings of how to stabilize it. The asymmetry between their nuclear forces and other offensive and defensive capabilities may incline Chinese officials to assume that the United States will at some point act on the temptation to negate China’s nuclear deterrent. Chinese actions, especially in the cyber domain, to try to avoid such a possibility might make U.S. officials fear that China is seeking to impede the U.S. nuclear deterrent.
These risks will grow as dual-use systems—satellites, missiles, or command and control systems that are used both for potential conventional and nuclear warfare—are deployed by one side or the other. An adversary may intend only to preempt or retaliate against conventional war-fighting capabilities, but the target of the attack could perceive them to be directed against or at least affecting its own nuclear forces.
This pathbreaking paper, which is being published in English and Mandarin, calls attention to these rising dangers. It is the product of a unique multi-year joint venture between the Shanghai Institute for International Studies and the Carnegie Endowment for International Peace. It aims to provide a robust open-source foundation for discussion of these issues in both China and the United States, overcoming the barriers of high classification and institutional compartmentation that frequently impede analysis and deliberation. The co-authorship of the paper by Chinese and U.S. teams also aims to overcome (at least partially) barriers of culture and language that render mutual understanding in this domain so difficult.
The paper begins by detailing plausible scenarios of grave concern and providing a framework for analyzing them. It then explores steps that the U.S. and Chinese governments—and, with their encouragement, nongovernmental groups such as think tanks in both countries—could take to diminish inadvertent cyber threats to nuclear command, control, and communication systems. These are steps that could be undertaken unilaterally or bilaterally, through reciprocity or negotiation. The report also offers topics for dialogue that relevant officials—whether diplomats, military officers, cyber operators, computer emergency response teams, or others—could pursue to help stabilize relations and sketches an agenda for confidence-building that they might pursue.
Both groups of authors consulted with former and current experts from their governments to ensure a close grounding in current policy and technological realities. Although official relations between the two governments deteriorated significantly during the span of the project, the two teams of authors and the host organizations remained constructively focused on the critical objectives of enhancing mutual understanding of the risks that both countries face at the cyber-nuclear nexus and finding a cooperative path for reducing risks. At the personal and institutional levels, they found it simple to remain cooperative given the stakes involved, a dynamic that has become unfortunately elusive in the overheated discourse of strategic rivalry within and between both countries.
The Carnegie Endowment is grateful to the Carnegie Corporation of New York for financial support that helped make this paper possible, and for many years of partnership in working to help reduce the global risks of nuclear conflict.
Thomas Carothers, Interim President of the Carnegie Endowment for International Peace
SUMMARY
Cyber threats to nuclear command, control, and communications systems (NC3) attract increasing concerns.3 Prominent experts in the West have published reports and articles analyzing the full scale of risks. They conclude that cyber operations could threaten—intentionally or unintentionally—the functions of nuclear systems and thus unleash highly adverse strategic dynamics. These dynamics could turn crises into armed conflicts and armed conflicts into nuclear war. Chinese scholars and officials do not explicitly discuss these concerns, but they use past examples like Stuxnet to flag ways that cyber attacks could undermine nuclear stability.
Recognizing the shared interest in diminishing the prospects of accidents, inadvertent conflict, and escalation, the Carnegie Endowment for International Peace convened experts from the United States and China to discuss generic cyber-nuclear challenges, analyze pertinent scenarios of cyber threats to NC3, and recommend possible steps that both countries could take unilaterally or collaboratively to ameliorate them. Drawing on public sources of information, we have developed a common base of pertinent unclassified knowledge in both English and Chinese that could serve as a platform for more discreet engagements between the respective authorities of both countries.
This paper begins by briefly setting the context in which concerns arise about cyber operations against NC3. As China-U.S. relations evolve toward intense great-power competition, the classical security dilemma has intensified in recent years. Each side questions the other’s conception of strategic stability and doubts their intention to maintain it, however stability is defined. Neither sees the other restraining itself from competitive, if not aggressive, actions. There is no apparent effort to build mutual trust.
Perkovich works primarily on nuclear strategy and nonproliferation issues; cyberconflict; and new approaches to international public-private management of strategic technologies.
The United States worries especially that China will not eschew the use of force in territorial disputes with its neighbors, several of whom are U.S. allies or partners. American strategists worry that China is increasing its cyber, conventional, and nuclear capabilities in order to undermine the United States’ extended deterrence guarantees and prevent it from defending its allies. China’s principal concern, on the other hand, stems from perceptions that the United States seeks superior cyber, conventional, and nuclear capabilities that could be used to conduct first strikes against China’s nuclear deterrent and blunt its retaliatory capability.
These conflicting threat perceptions, together with the significant disparity in the two countries’ nuclear arsenals, make it extremely difficult to produce and negotiate a common approach toward strategic stability that each side can trust and verify.
Although the United States and China had until recently maintained a dialogue and engaged in some cooperation, friction in the cyber domain has become incessant and increasingly intense. Capabilities to conduct cyber operations for espionage, covert operations, and attack are alluring for many reasons. They are relatively inexpensive, nonlethal, often effective, and not clearly illegal. Because they seem—and often are—less destructive, more temporary in their effects, and generally less provocative than the use of human spies and certainly kinetic weapons, cyber operations pose a lower risk of escalation. Their secrecy may also diminish the associated risks: because the targeted party’s public will not know about the attack, leaders don’t face public pressure to respond. Thus, both China and the United States have increased their cyber capabilities and elevated the role these capabilities play in their overall security postures. And, because both sides place so much value on their nuclear deterrent, each is deeply alarmed by the possibility that the other would be tempted to threaten it with cyber weapons.
Despite their shared interest in understanding and mitigating cyber-nuclear risks, two fundamental factors have impeded American and Chinese policymakers. First, deep distrust pervades the bilateral relationship—neither side is confident that their reassurances would actually bolster stability. Second, the two sides differ on what must be done to begin making progress. The United States insists that little can be done if China will neither publicly acknowledge possession of offensive cyber capabilities nor profess a willingness to discuss their use. China, on the other hand, wants the United States to acknowledge that Washington has superior cyber capabilities and that its cyber strategy could threaten China’s second-strike deterrent. Finally, there is a thorny political-psychological factor: Chinese officials believe that trust must be built before concrete conflictual issues can be resolved; U.S. officials believe, conversely, that concrete actions (often involving self-restraint) constitute the primary way to build trust.
Against this background, this paper describes types of cyber operations that states could be tempted to direct against an adversary’s NC3 system. Espionage comes first. The temptation is strong—and this challenge severe—because intelligence gathered by penetrating NC3 systems would be highly valuable. Early-warning intelligence, which could inform whether and when an adversary is preparing to conduct nuclear strikes, is especially desirable. And such intelligence—or the belief that an adversary can acquire it—can then strengthen deterrence. The complexity, secrecy, and compartmentation of NC3 architecture further exacerbate the challenges. Cyber intrusions can enable cyber attacks even if the conductor is only intending to spy. The commonality and dual-use potential inherent in cyber operations obscure the aggressor’s motivations, making it difficult for either side to predict the implications or potential consequences of any operation. The possibility that third-party actors—including other states, terrorists, or political subversives—may seek to use cyber operations to foment China-U.S. conflict adds complexity to the situation. China or the United States could also disguise themselves as a third party when attacking the other (known as a false-flag operation), or activate proxies to conduct cyber operations against the other.
Three additional factors may exacerbate the potential for instability and conflict escalation in the China-U.S. context: the structure and doctrine of the two countries’ command and control systems differ significantly. The two governments diverge in their perceptions of the balance of cyber capabilities between them. And China and the United States are developing and deploying cyber and conventional forces and command and control systems whose potential uses could increasingly become entangled with nuclear operations. Such entanglement could be purposeful or inadvertent but, either way, carries significant potential for destabilization.
Instead of describing all the ways cyber operations could go wrong, this paper identifies categories of scenarios that highlight the most destabilizing factors and the most worrisome risks to strategic stability. Four types of scenarios deserve especially intense consideration:
cyber espionage collecting data on and inside the core of an adversary’s NC3 system;
cyber espionage occurring in dual-use systems or other elements that also support or are connected with NC3;
cyber attacks directed at dual-use (conventional alongside strategic) NC3 systems or auxiliary systems supporting or connected with NC3, without any intention to affect their nuclear functionality; and
circumstances that combine serious suspicions about the intentions of the other party with apprehensions about the vulnerability of one’s own NC3 to adversary cyber attacks.
These scenarios suggest four broad types of strategically worrisome consequences: 1) nuclear conflict; 2) inadvertent or accidental use of a nuclear weapon; 3) crisis escalation; or 4) long-term destabilizing impacts such as arms racing and ensuing crisis instability. These risks are caused in part by how difficult it is for either party to predict the effects of cyber operations in advance or assess them afterward. The risks are exacerbated by the potential that third-party actors could sow confusion and exacerbate crises, the challenges of attribution, and the implications of two adversaries with asymmetrical attribution capabilities.
To date, both China and the United States share the desire to avoid inadvertently sliding into armed conflict and are committed to averting escalation toward nuclear war. Hence, it is meaningful and feasible to discuss possible measures they could take unilaterally and/or collaboratively to diminish inadvertent cyber threats to NC3. This is true despite secrecy constraints, the profound distrust of each other’s intentions, divergent approaches to security challenges, and structural asymmetries in the two sides’ capabilities and ways of thinking and acting in the cyber and nuclear domains.
ASSURED DECISIONMAKING PROCEDURES FOR CYBER OPERATIONS
To reduce risks of ill-conceived cyber operations, the two sides should subject all such operations to robust oversight and risk management protocols. Mutual understanding of each side’s approach to oversight also could help avoid exaggerating the threats they pose to each other. Assessment and control procedures should operate at five levels:
domestic and foreign policy oversight by competent national authority;
technical oversight to assess the intended effects and potential unintended consequences of cyber operations;
operational oversight to verify positive control within an authorized chain of command;
intelligence oversight to assess the consequences of exposure and potential loss of intelligence sources and methods, as well as how the insights will be affected if the cyber operation or capability is discovered or revealed; and
legal oversight to assess both the capability and the operation as it applies to applicable domestic and international laws and agreements.
All of this could be done unilaterally and in secrecy. But bilateral dialogue on these issues could produce additional benefits and help build mutual confidence.
CREATING A MORE STABLE AND LESS VULNERABLE STRATEGIC CONTEXT
The United States and China are naturally taking steps to modernize their nuclear architectures and forces, including their NC3 systems. To avoid the worst effects of security dilemmas—or worst-case assessments—the two governments could adopt mitigating measures. They could recognize and communicate with each other that some types of response to perceived threats are prudent and can be stabilizing. Both sides may want to increase the number, diversity, and modes of deployment of nuclear systems over concerns about cyber attacks on their NC3. Both could also clarify their intentions and doctrines to help reduce the instabilities and risks of nuclear use and escalation, as they seek to lower restraints on readiness and nuclear use. Both sides can also work together to acknowledge that the development and deployment of new capabilities—such as anti-satellite weapons, space warfare, and artificial intelligence—will arouse concern about cyber-nuclear threats that deserve more attention.
Levite was the principal deputy director general for policy at the Israeli Atomic Energy Commission from 2002 to 2007.
MUTUAL COMMITMENTS ON RESTRAINTS
As neither side sees a lasting advantage in entering large-scale armed conflict or employing nuclear weapons to avoid losing, this paper intends to explore some measures to restrain cyber capabilities and/or actions that threaten each other’s NC3.
The first is the possibility of formally committing not to conduct any cyber intrusion into core NC3 systems. For heuristic purposes, this could take several forms: 1) both sides could agree on a generic description of core NC3 components; 2) each side could elect to designate some elements of its core NC3 systems and share the list with the other; or 3) without sharing with each other precisely what constitutes core NC3, each side could notify the other when it detects cyber intrusion from the other into some NC3 system elements that it believes play a core role, with the expectation that the intruder would then cease and withdraw immediately.
Chinese participants generally welcome such measures of self-restraint, but American experts largely find them either inadvisable or impractical. However, this does not entirely negate the value of internally analyzing the desirability and feasibility of such approaches and facilitating bilateral discussion of them.
A second form of restraint could be committing to subject cyber operations targeting NC3 to authorization by senior leadership in each country.
A third restraint worth exploring is whether the two governments could agree not to target space-based strategic assets of particular importance for NC3.
Fourth, both countries could address concerns over third-party cyber intervention in NC3 systems by committing to exercise effective oversight and control over actors that are: 1) under their direction; 2) using their territory to conduct operations; 3) employing capabilities developed by them; or 4) allies over whom they wield considerable influence. U.S. experts emphasize the shared interest in such steps while Chinese experts have doubted their feasibility in the current political environment. Nevertheless, we believe this form of restraint merits further consideration and dialogue.
DIALOGUE AND INFORMATION SHARING
This entire paper and the preceding summary remarks point to the importance of sustained dialogue and information sharing. Whereas sustained dialogue has enabled the United States and Russia to create shared understanding of strategic stability and crisis management, no such foundation exists between the United States and China. This is especially disconcerting to China (and, therefore, more broadly) because mutual nuclear vulnerability has not been acknowledged as a basic condition of the relationship. The absence of this foundation makes it exceedingly difficult to redress each other’s concerns over nuclear postures and cyber threats. Indeed, the two countries’ conflicting views on whether and how to discuss military dimensions of cyber competition compound the challenge of conducting dialogue on cyber threats to strategic stability.
This paper identifies three main topics that would be essential to address in appropriate official settings. The first is to develop mutual understanding of the steps that one or both states find destabilizing and those that both agree are stabilizing. These would include capabilities, decisionmaking procedures, operations involving cyber instruments, and operations involving nuclear forces and NC3. A second topic would be the potential benefits and risks of offensive cyber operations, especially as they pertain to the cyber-nuclear nexus. Recognizing the extreme sensitivity and classification of these issues, such dialogue would necessarily operate at a general/generic level. Third, China and the United States could explore whether and how to share information on these issues during peacetime.
The subjects covered in this paper could be explored in new bilateral forums but could also tap existing ones. Among existing forums, the following could be utilized:
the Diplomatic and Security Dialogue for high-level officials to express concerns over policy changes and share major developments;
two Memoranda of Understanding (MOUs) for both militaries to discuss basic principles of conduct for cyber operations;
the U.S.-China Joint Staff Dialogue for mid-level officials to discuss capabilities and intentions of cyber forces and concerns about perceived cyber threats to NC3 systems;
the established channels between designated higher-level officials for communication during major cyber incidents or crises;
the existing coordination mechanism between both countries’ computer emergency response teams (CERTs) for continued cooperation and possibly broader information on threats with potential strategic consequences; and
the existing hotline between the Chinese Ministry of National Defense and the U.S. Department of Defense for communication on cyber issues pertaining to NC3.
Ultimately, the threats that cyber operations could pose to NC3 and strategic stability are important enough that designing or choosing modalities for understanding and addressing them is a minor challenge. The real challenge is to generate the will to overcome the doubts, suspicions, and political fear that keep leaders of both countries from taking the initial steps necessary to convince each other that constructive moves will be reciprocated. This paper seeks to encourage such moves by laying down an unclassified agenda for discussion, clarifying the stakes involved, and suggesting possible steps the two countries could take to reverse dangerous trends—especially those that increase the risk of unintendedly escalating crises or conflict.
INTRODUCTION
Prominent experts around the world worry that cyber operations could threaten—intentionally or unintentionally—the functions of nuclear command, control, and communications systems (NC3). This could unleash highly adverse strategic dynamics, including even increased risks that crises could escalate to armed conflict and that armed conflict could escalate to nuclear war.4 In crises or conventional military conflicts between nuclear-armed states, the presence—or suspected presence—of external cyber intrusions anywhere in their NC3 systems could cause human reactions and technical malfunctions that may be escalatory or otherwise highly destabilizing. This could happen even if the leaders of the states involved did not intend to escalate. Such dynamics could be caused by one or both conflicting states—or by third parties, including nonstate actors.
No comments:
Post a Comment