Journal of the Federation of American Scientists (F.A.S.)
Volume 51, Number 4 July/August 1998
CONTINUED FROM (I)
Nuclear War Implications
The Y2K Problem has attracted growing attention in the computer and commercial sectors, but it is only in recent weeks that the potential implications of this problem for the danger of nuclear war have become
public. Because of the secrecy and sensitivity of strategic warfighting systems, there are currently few definitive answers, but many important questions that must be addressed in coming months by the nuclear weapon states.
may also in turn manifest Y2K anomalies. System integrity may also face coincidental compromises from a variety of factors, ranging from solar-storm induced communications outages to heightened security due to warnings of terrorist attacks.
Difficult Choices
At this point, operators and commanders may face difficult choices between reducing the overall readiness of nuclear warfighting forces, and making changes in the operational practices of those forces
to compensate for degradations in command and control capabilities. Such difficult choices would not be made in isolation, but might simultaneously confront system operators in more than one country,
creating complex interactions among partially degraded command and control networks and nuclear warfighting forces. Random events, such as solar storms or sounding rocket launches, could further perturb the situation. In practice, such tightly-coupled interactions are all rather unlikely, given the poor track record of the American intelligence community in monitoring the alert status of Soviet forces during the Cold War. But technological "accidents" seem inexorably to result from seemingly trivial technical problems compounding in unlikely ways to produce surprising and occasionally catastrophic results.
There is obviously considerable potential for public alarm here, whatever the actual underlying risks of Y2K leading to accidental nuclear war. One obvious step would simply be to take all nuclear forces off alert, pending robust resolution of any lingering doubts concerning Y2K compliance. While there are certainly many compelling reasons for de-alerting nuclear forces, it would probably be counterproductive to suggest that the Y2K problem mandates immediate de-alerting as the only prudent step for ensuring that the new millennium dawn with a nuclear apocalypse.
Steps Needed to Address Y2K Issues
Several relatively straightforward steps are clearly called for, both to address the actual potential for the increased risk of accidental nuclear war due to Y2K, and to address potential public concerns.
The first step would be a continuation of Awareness Phase activities to include familiarizing information system operators with likely symptoms of Y2K non-compliance, to reduce the degree of confusion or
alarm that may accompany unexpected system performance. Because of the high level of vigilance that currently attends strategic command and control operations, care must be taken to ensure that
Y2K-induced glitches are not mistaken for malevolent assaults by adversaries.
The second step would be implementation of robust contingency planning detailing alternate means of fulfilling affected information system missions in the event of a critical failure induced by Y2K problems. These should include defaulting functions to appropriate manual operation if needed. It is exceedingly unlikely that Y2K problems would induce the generation of apparently valid launch authorizations, given the complexity and redundancy of existing launch authorization mechanisms and procedures. Nonetheless, given equally remote likelihood of a "bolt-from-the-blue" sneak attack, a requirement to verbally authenticate apparently valid launch orders would provide an additional risk reduction measure.
The third, and most critical, step would be direction from the National Command Authority that, as a matter of national policy, system operators and commanders should accept reductions in alert status and warfighting readiness pending resolution of Y2K induced problems, rather than attempting to sustain high alert rates through implementing or improvising contingency plans that could contribute to
increasing the risk of accidental or inadvertent nuclear war. These are not priorities that can be chosen by commanders on the scene, particularly when faced with puzzling or alarming system failures possibly induced by Y2K problems.
The next step would be the completion of an independent Y2K compliance audit of STRATCOM, USSPACECOM, and supporting intelligence activities. While the full report would surely be highly classified, some portion of the audit and Y2K compliance certification could surely be released to the public, confirming that the American strategic command and control system is Y2K compliant, and that
robust measures are in place to counter Y2K interface problems caused by potentially non-compliant American systems.
Y2K Certification from Nuclear States
An American working group, consisting of participants from nuclear weapons agencies and agencies concerned with information assurance issues, should be established to make formal Y2K compliance
presentations to all the other nuclear states (declared and otherwise). The focus of these activities would include a rehearsal of the nature of the problem, representations concerning American Y2K compliance initiatives, offers of technical assistance, and a request for reciprocal compliance certification.
Extending Secretary Cohen's initial June meetings, the United States should formally request that all nuclear weapons states implement formal Y2K compliance certification for their nuclear command and
control systems. This compliance certification should be validated by some independent entity within each country, consistent with domestic Y2K compliance procedures. The final outcome of this process would be formal public statements by the nuclear weapon states of their Y2K compliance.
None of these initiatives can guarantee the eradication of the millennium bug from nuclear command and control systems, just as there is no guarantee against nuclear war other than the elimination of nuclear weapons. But systematic initiatives taken today could significantly contribute to reducing the risk of accidental nuclear war, and certainly contribute to reducing public anxieties concerning this risk. |
