The Defense Department needs a “more comprehensive, recurring way” to evaluate the potential of cyber-related attacks on its nuclear command and control (C2) and weapon systems, according to the head of DoD’s nuclear enterprise.
U.S. Strategic Command (STRATCOM) chief Air Force Gen. Robert Kehler testified before the Senate Armed Services Committee (SASC) Tuesday that while he is confident that the nuclear C2 and weapons systems aren’t significantly vulnerable, they do need a complete test to determine potential weak spots against a cyber-related attack.
“In terms of an end-to-end comprehensive review, I think that’s homework for us to go and accomplish,” Kehler said.
Committee Chairman Carl Levin (D-Mich.) cited a January Defense Science Board report, Resilient Military Systems and the Advanced Cyber Threat, that said “our nuclear deterrent is regularly evaluated for reliability and readiness, however, most of the systems have not been assessed (end-to-end)…against a (sophisticated) cyber attack to understand possible weak spots.”
Kehler said while DoD is already concerned about the potential of a cyber-related attack on the nuclear arsenal, it also needs to do more. Kehler added that STRATCOM needs to work more with U.S. Cyber Command (CYBERCOM) and the federal government’s intelligence agencies to put together such an evaluation.
Those efforts were not only underway, Kehler said, but the pace of such efforts has increased. Kehler said STRATCOM recently completed a review of the Minuteman III ICBM system, the land-based arm of the nuclear triad. Kehler also said though he’s “confident in the connectivity” of the sea-based nuclear submarines and the air-based bomber fleet, that won’t preclude additional analysis.
“I think that this is something we’re going to need to increase the volume of the game, here, on this whole issue,” Kehler said.
CYBERCOM chief Army Gen. Keith Alexander, also the head of the National Security Agency (NSA), told SASC Wednesday Kehler has led a series of meetings on nuclear C2, working with both NSA and CYBERCOM to look at, and address, vulnerabilities. Alexander said they’ve “done a great job” and are moving forward in the right direction. Alexander testified with Kehler Tuesday.
Kehler said much of DoD’s nuclear C2 system is a legacy system that, in some cases, is “point-to-point” hardwired, which he said makes it very difficult for an external cyber threat to emerge.
The nuclear triad includes 450 ground-based Minuteman IIIs; strategic missiles deliverable by 85 active B-52s and 20 B-2 bombers and 14 Navy Ohio-class submarines that launch submarine-launched ballistic missiles (SLBM) (Defense Daily, Feb. 8).
Kehler also testified Tuesday he’s not concerned that a disruption in the nation’s power grid or other critical infrastructure would disrupt its ability to use the nuclear arsenal. The U.S. is concerned foreign enemies could use cyber attacks to shut down or interfere with power grids, water supplies or financial institutions.
But Kehler did advocate that the United States be protected against electromagnetic pulse and any kind of electromagnetic interference, arguing that electromagnetic worries are not a “Cold War relic.”
“We need to be mindful of potential disruptions to that force,” Kehler said.