Could Cyber-War Trigger Nuclear War? Are the "Bad Old Days" Back to Stay?
Many of the war-studies types fear that a nuclear exchange could be triggered inadvertently. Nobody would plot to launch a nuclear exchange. Nobody would want it. The risk is that the parties might back themselves into it.
An article in Deutsche Welle warns that a cyber-war is underway and will probably never end. Think of it as major-power permawar.It's a war that pits states against states and criminals against corporations, often blurring the lines between who is who. And increasingly, civilians are getting caught up in it, either as direct targets or as the collateral damage of the digital age.
"You have a mix of state level and nonstate actors constantly probing and attacking networks around the world," said Martijn Rasser, a former CIA emerging technology analyst now at the prominent defense think tank, the Center for a New American Security. He was speaking in the recent DW documentary Future Wars — and How to Prevent Them.
"That's just the reality of 21st-century life and something that we'll have to deal with," he said.
NATO's Article 5 goes cyberThis reality is underlined by no fewer than 25 "cyber" mentions in the final communique of this week's NATO summit.
The allies signed off on a new "Comprehensive Cyber Defense Policy," affirming that, if serious enough, a cyberattack could lead to the invocation of NATO's core Article 5: that an attack on one member is considered an attack on all.
Kyiv and Washington blamed the Russian government, with the US even singling out a member of the GRU military intelligence agency in late 2020.
"These were the first reported destructive malware attacks against the control systems of civilian critical infrastructure," said John Demers, the US assistant attorney general at the time, announcing the charges.
"No country has weaponized its cyber capabilities as maliciously and irresponsibly as Russia."
"This is an issue that is enormously important — and exceptionally difficult to discuss," said James Acton, co-director of the Nuclear Policy Program at the Carnegie Endowment for International Peace in Washington. "Because it is so heavily classified."
Acton's concerns center on cyber intrusions not against nuclear weapons themselves, but the command and control systems surrounding them. "Nuclear command and control is everything apart from the physical weapons themselves that are needed to make those weapons work," he explained.
This is perhaps the most sensitive infrastructure in the world. It's so sensitive that the US explicitly said in its latest "Nuclear Posture Review" that if it comes under attack, it could respond with a nuclear strike.
Lethal uncertaintyThe lethal force driving that potential for escalation is uncertainty — about where malware comes from, and what it might do.
"If you find malicious code in your networks, it's very hard to know what that code does. It takes a long time to analyze the code and understand what the other side is doing," said Acton. "And this makes it very hard to know whether this malicious code is just for espionage or is also for offensive operations."
Don't trust, can't verifyThe lack of trust between the major powers remains a fundamental problem.
"When there is lack of trust, you tend to attribute all kinds of intentions to the other party," Amandeep Singh Gill, a veteran of efforts to curtail autonomous weapons at the United Nations in Geneva, told DW. "You tend to overestimate what they might be doing and overshoot in terms of your own response."
"Trust but verify" was former US President Ronald Reagan's mantra for coping with this risk in Cold War arms control negotiations, with verification usually a matter of counting warheads.
Today in the cyber realm, verification is not possible. There is nothing to count.
So as the world sinks deeper into the cyberwar era, finding anything approaching trust between the major powers might be the biggest challenge of all.