Experts are now claiming that the recently discovered cyberattack on the software manufacturing company SolarWinds has potentially become one of the greatest surveillance attacks against the United States in history. A former homeland security adviser to Donald Trump, Tom Bossert claimed in a New York Times op-ed that “the magnitude of this ongoing attack is hard to overstate.” The SolarWinds hack has been traced back to March, and since then has allowed hackers to survey various U.S. governmental organizations and companies’ networks globally. Details on the virtual assault are still unfolding, with big companies like Microsoft, Malwarebytes, and Cisco coming forward as victims of the attack and currently over 18,000 companies being confirmed to have been hit in the attack. One of the many victims of this attack is Los Alamos National Laboratories in New Mexico, a government facility famous for the production of nuclear weapons, and a terrifying example of the type of target that could result in an accidental nuclear war.
It’s hard to tell how often and how long hackers were openly browsing governmental agencies and websites. It’s even harder to tell how much information they were able to access and what will be done with that information. In the case of Los Alamos Laboratories, Russian hackers had open access to a governmental entity that is actively producing nuclear weapons. Luckily, there wasn’t a threat of the hack directly leading to a launch. However, components to produce a nuclear weapon are still dangerous and can cause damage on their own. There is always a possibility of a fake “under attack” alert that could lead to a dangerous escalation.
A false first strike alert would be a hair-trigger reaction. Top personnel would have to make a momentary decision to either retaliate and launch a nuclear weapon or take the time to consider that the threat might be false. This decision would be most likely made before a nuclear weapon is even detonated on their territory.
Historically, there have been many false first strike alerts, and any one of these could have resulted in a cataclysmic exchange of nuclear weapons. A false launch command would result in a global catastrophe like the world has never seen. In fact, in a recent study, scientists found that it would only take 100 nuclear weapons launched to do enough damage to the environment to completely destabilize the globe and end life as we know it. In comparison, the United States currently has 5,800 nuclear warheads and is actively still producing more.
Not only has the United States been the only country to launch a nuclear strike, but they have also been careless. Historically, the U.S. has admitted to thirty-two broken arrows worldwide, six of which have never been recovered. Broken arrows are nuclear weapons that have been lost, accidentally detonated, or even stolen. Past broken arrows have been due to human error and logistical problems, but cyber attacks open a whole new area of risk.
The United States is throwing its money at sites responsible for warhead modernization. During the year 2020, the Trump administration increased the NNSA Nuclear Plan budget significantly and proposed an additional increase of 19 percent in the FY2021 budget. This proposal was pitched during a global pandemic and recession unlike anything in recent history. Los Alamos National Laboratories was included in this plan, with details to increase its warhead production pit capacity. We should be spending money on cybersecurity to secure the weapons we have, rather than plowing it into new weapons like the NNSA is currently planning. Better yet we could eliminate the weapons and eliminate the risk entirely.
The fact is that these weapons are capable of so much damage that a single mistake or miscalculation could result in worldwide annihilation. The United States prioritizes nuclear weapons as its genocidal line of defense, pouring more and more money into it every year. Yet, as history has shown, the systems that govern these weapons are unstable. Mistakes are likely to be made, even without a hacking scandal.
In reality, even if nuclear command and control operations remain secure from cyberattacks—something the SolarWinds hack may put into doubt—this lack of checks and balances creates other cyber vulnerabilities. This October, a hacker guessed the password to Donald Trump’s Twitter (maga2020!). What if they had posted a fake tweet about launching a nuclear attack against North Korea? How restrained would we expect the North Koreans to be while verifying the tweet?
Right now, at this very moment, we have a real opportunity under Joe Biden to pass policies to ensure a better, safer future. This future starts with bettering our approach to cyber security. The Russian cyberattack has snowballed into something far bigger than just SolarWinds. As Ami Luttwak the co-founder of Wiz claimed “what started out as the SolarWinds attack is slowly turning out to be perhaps the most sophisticated and wide-reaching cyber-campaign we have ever seen.” As Biden chooses his new cybersecurity team in the midst of the continually ongoing fallout from the SolarWinds breach, we have an opportunity to do better. Instead of pouring more money into nuclear weapons, we can start investing more resources into security surrounding it.
Nuclear weapons are not just an issue of the 1950s, and there is no hiding under desks to ignore them anymore. These weapons are not monolithic, untouchable relics of the past, but rather threats to society today. The security measures that govern them are outdated and risky. Improving our cybersecurity is key, but safer policies are what is truly crucial. The new Biden administration and incoming Congress could pass a No First Use Policy and take a huge step in that direction. Such a policy would publicly state that the United States will not be the first country to launch a nuclear strike. That would mitigate the threat of a false first strike that hacks make eerily possible.
Rachel Traczyk works with Beyond the Bomb to help recruit and train the next generation of anti-nuclear advocates.