Presentation is loading. Please wait.

Presentation is loading. Please wait.

PONI Summer Conference, Livermore, CA

Published byImogene May Modified over 6 years ago

Similar presentations

Presentation on theme: "PONI Summer Conference, Livermore, CA"— Presentation transcript:

1 PONI Summer Conference, Livermore, CA
Nuclear Command and Control in the 21st Century Maintaining Surety in Outer Space and Cyberspace Jared Dunnmon Stanford University June 21, 2017 PONI Summer Conference, Livermore, CA

2 Brief overview of Nuclear command, control, and communication (NC3)
Links nuclear forces to presidential authority Space-borne and terrestrial early warning Facilities to interpret early warning information Terrestrial and airborne command and control posts Communications infrastructure: satellite, RF, and Land-line link nuclear forces to presidential authority; this is accomplished via a complex system that includes space-borne and terrestrial early warning radar, facilities to interpret early warning information, various terrestrial and airborne command and control posts, and communications infrastructure comprised of satellite, radio frequency (RF), and land-line communications Image: Nuclear Matters Handbook, 2016

3 Challenges for 21st century nc3
“Assured and reliable NC3 is critical to the credibility of our nuclear deterrent. The aging NC3 system continues to meet its intended purpose, but risk to mission success is increasing. Our challenges include operating aging legacy systems and addressing risks associated with today’s digital security environment.” dire consequences of an NC3 architecture compromised by cyber incursion, including false alarms, inadvertent launches, loss of contact with nuclear weapons, premature detonation, and a fundamental loss of nuclear strategic stability. (Futter) C.D. Haney. Statement to Senate Committee on Armed Services, 2014.

4 Increased US reliance on space-based Nc3
“The United States in particular is deeply reliant upon space. While such reliance enables the United States and our allies and partners to undertake a range of operations in support of peace and security, this reliance has increasingly been viewed by potential adversaries as a vulnerability to be exploited through the development of counterspace capabilities.” dire consequences of an NC3 architecture compromised by cyber incursion, including false alarms, inadvertent launches, loss of contact with nuclear weapons, premature detonation, and a fundamental loss of nuclear strategic stability. (Futter) Rose” deputy assistant secretary of state for defense policy and verification operations F. Rose. “Using Diplomacy to Advance the Long-Term Sustainability and Security of the Outer Space Environment,” 2016.

5 Nc3 vulnerabilities in outer space
Laser-based systems EM jamming Physical asat systems Space debris cyberattack vectors At present, assumptions are that NC3 is secured via a combination of air gaps, technological superiority in outer space and cyberspace, and human intervention in the control loop. Unfortunately, this is not always the case. In the intercontinental ballistic missile (ICBM) program, for instance, documented vulnerabilities include potential entry into the firewalled NC3 system, phony orders being conveyed via a backup antenna, distributed denial of service (DDoS) attacks on the nuclear infrastructure, and even a direct attack on thousands of feet of cable of the Hardened Intersite Cable System.19 For the strategic ballistic missile submarine (SSBN) component, it has been widely publicized that the United States has chosen to use Linux-based operating systems in its SSBNs, as opposed to Windows XP-based architectures currently used by the British Trident program.20 While neither of these operating systems is inherently problematic, the fact that their use in specific functional domains has been published so widely will enable hackers to focus on the correct class of exploits to use against these systems.21 This observation, furthermore, hints at a distressing reality: with the emergence of ubiquitous cyber threats, the U.S. acquisition process has already begun moving toward increased levels of security and classification across the Department of Defense (DoD) enterprise, which hinders efficiency at all levels of the acquisition process. Without firing a shot, the opponent may well have caused substantial cost to the United States already due to the inefficiency resultant from broadly increased data security and classification procedures. With the bomber airborne component of the command, control, and communications triad, the Air Force has experienced several NC3 breakdowns in the past several decades, the most recent of which involved the inadvertent placement of several nuclear warheads in a strategic bomber that Image: Wikicommons, 2017

6 What is Cyberspace? “an operational domain framed by the use of electronics and the electromagnetic spectrum to create, store, modify, exchange, and exploit information via interconnected and internetted information systems and their associated infrastructure.” D. Kuehl. “From Cyberspace to Cyberpower: Defining the Problem,” 2009.

7 Nc3 vulnerabilities in cyberspace
Heterogeneous networked systems create large attack surface Documented vulnerabilities Increasing complexity Cost of proving system security At present, assumptions are that NC3 is secured via a combination of air gaps, technological superiority in outer space and cyberspace, and human intervention in the control loop. Unfortunately, this is not always the case. In the intercontinental ballistic missile (ICBM) program, for instance, documented vulnerabilities include potential entry into the firewalled NC3 system, phony orders being conveyed via a backup antenna, distributed denial of service (DDoS) attacks on the nuclear infrastructure, and even a direct attack on thousands of feet of cable of the Hardened Intersite Cable System.19 For the strategic ballistic missile submarine (SSBN) component, it has been widely publicized that the United States has chosen to use Linux-based operating systems in its SSBNs, as opposed to Windows XP-based architectures currently used by the British Trident program.20 While neither of these operating systems is inherently problematic, the fact that their use in specific functional domains has been published so widely will enable hackers to focus on the correct class of exploits to use against these systems.21 This observation, furthermore, hints at a distressing reality: with the emergence of ubiquitous cyber threats, the U.S. acquisition process has already begun moving toward increased levels of security and classification across the Department of Defense (DoD) enterprise, which hinders efficiency at all levels of the acquisition process. Without firing a shot, the opponent may well have caused substantial cost to the United States already due to the inefficiency resultant from broadly increased data security and classification procedures. With the bomber airborne component of the command, control, and communications triad, the Air Force has experienced several NC3 breakdowns in the past several decades, the most recent of which involved the inadvertent placement of several nuclear warheads in a strategic bomber that Image: Motherboard, 2015

8 Major classes of exploitable flaws
hard-coded credentials: undocumented credentials that can authenticate in documented interfaces undocumented protocols: protocols not intended for end users insecure protocols: end-user protocols that pose a security risk Backdoors: mechanisms used to access features not intended for end users “A Wake-up Call for SATCOM Security.” IOActive, 2014.

9 Technological tools for risk mitigation
Advanced forensics and network defense Minimizing the code base Small-scale launch + inexpensive hardware Decrease reliance on space- based NC3 Image: Rocket Lab, 2015; Planet, 2017

10 Policy tools: Adapting Old rules to new domains
Jurisdiction: What can we reasonably know? Responsibility: espionage vs. attack? Use of force: third parties? Self-defense: what is “the last window”?

11 Closing scenario: AEHF satellite malfunction
Mechanism? Consequences? Aggressor? Cyberattack? CC3 or NC3? Response? John Hyten in a recent interview – this has been an issue for a long time Image: Lockheed Martin, 2010

Download ppt "PONI Summer Conference, Livermore, CA"

Similar presentations

Department of Homeland Security Site Assistance Visit (SAV)

Department of Homeland Security Site Assistance Visit (SAV)
Homeland Security at the FCC July 10, 2003. FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.

Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.
April 6, 2010 1. 2010 NPR in Context Third comprehensive review of U.S. nuclear policies and posture –Previous reviews in 1994 and 2001 Conducted by DoD.

April 6, NPR in Context Third comprehensive review of U.S. nuclear policies and posture –Previous reviews in 1994 and 2001 Conducted by DoD.
International CyberSecurity Collaboration: The Technical Cooperation Program Approved for public release; distribution is unlimited. 09 March 2010 Joshua.

International CyberSecurity Collaboration: The Technical Cooperation Program Approved for public release; distribution is unlimited. 09 March 2010 Joshua.
Brian Connett, LCDR, USN US NAVAL ACADEMY

Brian Connett, LCDR, USN US NAVAL ACADEMY
CYBERSPACE A Global War-fighting Domain Every minute of every day, Airmen in the United States Air Force are flying and fighting in cyberspace.

CYBERSPACE A Global War-fighting Domain Every minute of every day, Airmen in the United States Air Force are flying and fighting in cyberspace.
The U.S. Coast Guard’s Role in Cybersecurity

The U.S. Coast Guard’s Role in Cybersecurity
Australia and Cyber Warfare by Ian Dudgeon A presentation to the AIIA Queensland Branch 14 June 2011.

Australia and Cyber Warfare by Ian Dudgeon A presentation to the AIIA Queensland Branch 14 June 2011.
Distribution Statement A: Approved for Public Release; Distribution is unlimited. 1 Electronic Warfare Information Operations 29 MAR 2011 Val O’Brien.

Distribution Statement A: Approved for Public Release; Distribution is unlimited. 1 Electronic Warfare Information Operations 29 MAR 2011 Val O’Brien.
13 January 2005 Slide 1 National Defense University – Institute for National Strategic Studies China’s Strategic Force Modernization Dr. Phillip Saunders.

13 January 2005 Slide 1 National Defense University – Institute for National Strategic Studies China’s Strategic Force Modernization Dr. Phillip Saunders.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Chapter 1 – Introduction

Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.

FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
U.S. PERSPECTIVES ON SPACE SECURITY* Joan Johnson-Freese Naval War College Newport, RI April 23, 2007 * The views expressed in this article are the author’s.

U.S. PERSPECTIVES ON SPACE SECURITY* Joan Johnson-Freese Naval War College Newport, RI April 23, 2007 * The views expressed in this article are the author’s.
Future nuclear weapon policies James M. Acton

Future nuclear weapon policies James M. Acton
Organization Theory and Nuclear Proliferation History 5N: The Challenge of Nuclear Weapons.

Organization Theory and Nuclear Proliferation History 5N: The Challenge of Nuclear Weapons.

Similar presentations

Ads by Google