Bringing the world back from the brink requires establishing norms against dangerous behavior.
Nuclear stability depends on the principle of mutually assured destruction, which is guaranteed when nuclear-armed states have a secure second-strike capability (SSC). In order to preserve these conditions, states’ nuclear command, control, and communications (NC3) systems must be uncompromised and able to detect and interpret any inbound missiles. However, hypersonic missiles — which travel at speeds of Mach 5 or greater — are nearly impossible to track. To make matters worse, states are developing the capability to conduct preemptive, “left of launch” cyber attacks on adversary NC3 systems that could further compromise their response. The combination of these two technological developments threatens confidence in SSC and thus also in nuclear deterrence. With great power relations already at their worst since the Cold War, it is crucial that states develop norms restricting the deployment of nuclear-armed hypersonic missiles and left of launch cyber attacks, ideally on both a multilateral and US–Russia bilateral basis.
Hypersonics Are Here to Stay
It’s likely too late to stop the proliferation of hypersonic missiles; both Russia and China already have well-developed programs, and the United States is working to catch up. All three powers are developing missiles with “glide” capabilities that flout defenses by combining blistering speed with unpredictable maneuvers.
Last year, Russia deployed a missile that it claimed is capable of traveling at up to twenty times the speed of sound while carrying a two-megaton nuclear weapon. China’s hypersonic DF-17 missile, which became operational in 2019, has a range of up to 2,500 km. The United States recently started devoting additional funding to its hypersonic program, though it’s historically gone through fits and starts and the missiles are not being designed to carry nuclear weapons.
The United States’ missile defense system doesn’t stand a chance against an onslaught of these hypersonic glide vehicles, but that theoretically shouldn’t make a difference in nuclear stability. After all, data suggest that even under the most favorable conditions against more predictable ballistic missiles, defense interceptors destroy their target just forty to fifty percent of the time. Defense systems simply aren’t reliable, and in any case, attackers are more likely to be deterred by the prospect of return fire than they are by their own missiles being destroyed.
Nevertheless, there are two reasons that a hypersonic missile arms race is of grave concern. First, politicians tend to operate under the assumption that defense systems are dependable — or at least declare that they are — and this pushes adversaries to innovate new weapons that could break through them. The Russians accelerated their hypersonic weapons program in response to the US withdrawal from the Anti-Ballistic Missile (ABM) Treaty, and they have made clear that any future arms control agreements with the United States must include provisions limiting missile defense systems. In the meantime, they and the Chinese have continued to develop advanced missile technologies. A spiraling, back-and-forth race to build up missiles and new defense technology raises tensions and suspicions.
The second reason is that, even if missile defense systems wouldn’t be able to stop every incoming hypersonic missile, a key component of nuclear stability is NC3 systems’ ability to quickly detect an incoming strike and determine the nature of its target. The speed and maneuverability of hypersonics make that difficult.
Cyber Attacks Are Another Threat to NC3 Systems
NC3 systems would likely need to be in peak condition to detect hypersonic missiles, making left of launch cyber attacks against NC3 systems an even greater threat. Such attacks may already be occurring; at the very least, officials are contemplating the idea. An operation run by the National Security Administration and U.S. CYBERCOM aims to disrupt North Korean missile test launches; from the program’s revamping in 2014 through early 2017, eighty-eight percent of North Korean test launches failed. While the complexity of missile launches makes it impossible to know exactly what — or who — was really behind the failures, Vice President Mike Pence left room for speculation during a 2017 speech at the demilitarized zone in which he stated that “all options are on the table” to maintain stability on the Korean peninsula. Even though North Korea is not known to be developing hypersonic missiles at this time, normalizing cyber attacks on any state’s command, control, and communications systems could provoke an especially perilous escalation if hypersonic- and nuclear-armed Russia, the United States, or China becomes involved.
Consider what could happen if a country did—or didn’t—discover that its NC3 system had been breached. For the US’s part, its 2018 Nuclear Posture Review states that an attack on its command and control systems could be considered a “significant non-nuclear strategic attack” entitled to a nuclear response. Researchers like James Acton have expressed concern that even just the fear that an NC3 system may become compromised in the future could prompt states to act under a “use it or lose it” mindset.
From a different angle, Gartzke and Lindsay warn that nuclear war may actually be more likely when a compromised NC3 system goes undetected, because war often erupts when two adversaries have different perceptions about how a conflict would play out. Mixing nuclear and cyberweapons is extremely risky because, as they note, nuclear stability depends on full transparency, while cyber offense by its very nature must be deceptive.
New norms and agreements are needed to address these threats
President Biden has extended the New START nuclear arms treaty with Russia. Unfortunately, that won’t be enough to prevent the proliferation of hypersonics. Former National Security Adviser John Bolton has said one reason the Trump administration was uninterested in renewing the treaty was that new weapons like hypersonic glide vehicles “are simply not effectively covered by New START,” and the short time window between Biden’s inauguration and the treaty’s upcoming expiration on February 5 meant there wasn’t time to negotiate new language that would cover them. Even if there were, it wouldn’t have involved the other countries working on hypersonic weapons technology, which include not just China but Australia, India, France, and Germany.
For now, the most promising way forward may be to focus on developing an international norm prohibiting cyber attacks on NC3 systems in light of the known risks of escalation. The United Nations’ Group of Governmental Experts (GGE) and Open-Ended Working Group (OEWG) could provide an avenue for this. The current GGE, entitled “Advancing Responsible State Behavior in Cyberspace in the Context of International Security,” has published summaries of consultations with intergovernmental organizations that show a clear interest in not just the development but the logistics of implementing norms and confidence-building measures. The OEWG, however, has faced stagnation due in part to a lack of Russian cooperation, and neither UN group has explicitly addressed a norm specific to cyber attacks on NC3 systems. Revitalizing such international forums, perhaps through the proposed Programme of Action, is crucial for opening the discussion on the dangers of mixing cyber attacks and NC3 systems, particularly when missiles are getting faster and more unpredictable than ever before.
Meanwhile, progress on the US-Russia bilateral front can be pursued through a US agreement to reimpose limits on missile defense systems and a Russian promise to limit the deployment of nuclear-armed hypersonics. Both sides should also commit not to conduct left of launch cyber attacks. Such an agreement would help bring nuclear stability between these two powers back to the status quo maintained prior to the termination of the ABM Treaty in 2002.
With the proliferation of hypersonic missiles taking off and cyber attacks on NC3 systems becoming a known tool of advanced cyber forces, threats to nuclear stability abound. However, there is still time to get back on track for sustained nuclear stability. The sooner nuclear and cyber powers can come to the table to mitigate these risks, the safer the world will be.
