The Logic of the Chips Escalation
The cyber threat to nuclear command and control
Jake Sullivan is the man in the cockpit. As the president’s national security advisor and the head of the national security council, he is America’s top security principal. His office sits atop the vast ensemble of offices that together constitute the national security state. Every datum of any importance to national security—from terrorist threats to developments in adversaries’ nuclear postures—immediately flows up to his desk. The president, together with his principal advisors, sets the overall agenda. But the president has lots of other responsibilities beyond security. So, it is Jake’s office that directly supervises the activities and direction of the security state.
This concentration of authority in the national security advisor’s office is not a historical accident. The design is imposed by the internal logic of the security state—above all, the requirements of deterrence. The national security advisor is not on the presidential line of succession. If Biden were assassinated, incapacitated by a heart attack, or killed in a decapitation strike, Jake’s job will be to advise his successor.
The chips escalation emerged from his office. Despite tremendous push-back from major centers of private power, economists, foreign policy professionals and the intelligence community, Jake has held the line. US policy is to cut-off Chinese access to ‘three families of technologies’: computing, biotech, and clean-tech. The last has arguably been abandoned, likely due to tenuous connections to national security and the potential harm to the global energy transition given China’s world position in green tech. Biotech has similar win-win characteristics and bioweapons research is already tightly controlled. The heart and the secret soul of the small yard and high fence is computing: microelectronics, quantum information systems, and artificial intelligence.
My working hypothesis was that Jake had bought into Eric Schmidt’s ideas on the outsized role that AI may play in the global balance of power. This was hardly outlandish—Schmidt chaired the National Security Commission on AI, and Google is known to have enjoyed cozy relations with the Obama administration where most members of the Biden team made their bones.
But could it be that America’s security principals had fallen for the AI hype? that they would wreck our relations with the Chinese based on fantasies about AGI? that they were the going to undermine America’s world position in the grip of Anglo-Saxon technophilia?
[W]hichever country develops the technology first will have a massive advantage, since it could then use AGI to develop ever more advanced versions of AGI, gaining an edge in all other domains of science and technology in the process.
Eric Schmidt, “Innovation Power,” Foreign Affairs, March/April 2023.
I couldn’t help avoid the feeling that my working hypothesis was not quite right. Something important seemed to be missing. As it turns out, something considerably more interesting and important is going on behind the scenes.
In what follows, I will argue that the driver of the chips escalation is concerns over the cyber security of US nuclear command and control. The US is trying to maintain its supremacy in cyber warfare because experts and policymakers have become convinced that if China or Russia were to gain the upper hand in this realm, it would undermine the credibility of US nuclear deterrence. This is why Jake won’t budge—this is the logic of the chips escalation.
In order to appreciate the threat posed by cyber operations to nuclear deterrence, we must begin not with computing but with the requirements of deterrence. The US monopoly on intercontinental strategic arms during the short-lived bomber era yielded to the missile age in the 1960s once the Soviets fielded ICBMs capable of delivering thermonuclear warheads to the continental United States. Analysts worried that missiles in their silos and strategic bombers caught on the ground could all be taken out in a comprehensive disarming first-strike. The US began keeping many strategic bombers on constant air-borne alert and fielded invulnerable nuclear submarines armed with sea-launched ballistic missiles. This triad of strategic arms was supposed to guarantee retaliation even in the event of a surprise first-strike.
But was that enough? Did the triad actually buy a true second-strike capability? Could the US actually absorb a "‘bolt out of the blue” first-strike and still respond with a devastating counterblow? A number of analysts became worried that the problem was more difficult than standard calculations suggested. The most important of these scholars was Bruce Blair.
In Strategic Command and Control (1985), Blair showed that the most vulnerable component of the US deterrence capabilities was not any leg of the triad but the command and control system. The leadership was exposed to a decapitation strike on Washington, DC; communications with missile launch control centers, bombers and submarines were vulnerable to nuclear strikes—not just through direct blast effects, but more worryingly, to the effects of the electromagnetic pulse (EMP) known to be generated by nuclear detonations. Indeed, he showed that, by directly attacking the command system, the Soviets would need to commit only a small fraction of their arsenal to disarm America, thereby raising the specter of strategic surrender.
The military was aware of these vulnerabilities and a number of countermeasures were put in place. In the event of surprise attack everything on the ground was expected to be vulnerable, so the command and control of the nuclear arsenal would have to be airborne. Early warning satellites and radar arrays would detect inbound ICBMs. Upon receipt of this tactical warning, NORAD would inform the White House and the president would go immediately airborne. The president would have minutes to issue the order to retaliate before the missiles arrived. Airborne command posts of the SAC and the navy would relay the release authorization to missile launch crews overseeing the ICBM silos, the bombers in the air, and the submarines at sea. Communication links remained vulnerable and so did the airborne command system. But they did what was possible to ensure the survivability of the national command authority and its ability to control the nuclear arsenal even under nuclear attack.
The vulnerability of the command system, Blair argued in The Logic of Accidental Nuclear War (1993), forced both cold war adversaries to adopt ‘launch on warning’ nuclear postures. The lodestar of nuclear strategy, a secure second-strike capability—the ability to absorb a first-strike and still respond with a devastating counterblow—was not actually feasible. If retaliation was to be assured, the release authorization had be issued before the inbound missiles arrived. The problem of time pressure became even more intense after the Soviets fielded sea-launched ballistic missiles on submarines that began to patrol near the US coastline, which cut down the time available to issue the release authority from thirty minutes to ten.
The command system is meant to satisfy the ‘always-never’ criterion: it must always be able to exercise ‘positive control’ (firing the weapons when directed by legitimate authority) and ‘negative control’ (never allow any unauthorized launches) at all times. It is the most safety-critical of all safety-critical systems. Once one appreciates the seriousness of this issue, one has the proper context to understand the threat posed by cyber operations.
Nuclear Command, Control, and Communications (2022), a volume edited by James J. Wirtz and Jeffrey A. Larsen spells it out.
[The command system must] be able to survive “left-of-launch” efforts to degrade its capabilities. These preconflict operations may include cyberattack, EMP effects generated by a high-altitude nuclear burst, or even direct kinetic attack on ground-based or space-based elements of the network by hypersonic weapons, precision-guided conventional weapons, or antisatellite weapons. The system must also be resilient enough to withstand possible insider threats, such as espionage or sabotage by disaffected individuals.
Larsen, p. 86. Emphasis mine.
By dramatically compressing the time available for the national command authority to respond, hypersonic missiles potentially pose a major risk of a disarming first-strike. Antisatellite weapons hold at risk a critical node of the command system, again undermining deterrence. China has already made great strides in both. But the focus of present concerns is on ‘left-of-launch’ threats. This is where cyber operations come in.
The threat is not just that adversaries could hack into the command system directly. The two chapters by Wade L. Huntley spell out a large set of vulnerabilities. These go all the way up the supply chain.
[O]ne of the most critical potential physical cyber vulnerabilities for the National Military Command System … may be the supply chain of hardware procurement in this period of modernization. … [C]ommercial off-the-shelf procurement [means that] cyber vulnerability is imported into the defense sphere, thereby weakening resilience and reducing the credibility of our deterrent.
Huntley, p. 151. Emphasis mine.
The threat posed by ‘extended supply-chain vulnerabilities’ was brought home by the Solar Winds hack, when Russian hackers gained access to ‘tens of thousands of US government and private-sector networks by compromising updates to network-monitoring software provided by a single common vendor’ (p. 153).
The chapter by Jon R. Lindsay examines the cyber capabilities of the great powers. ‘The United States stands head and shoulders above the rest in terms of intelligence capacity and political-economic advantages in cyberspace. Russia and China have even larger programs, although their comparative advantages in information warfare or “active measures” (Russia) and political surveillance and industrial espionage (China) are not necessarily fungible to offensive cyber operations targeting’ the command system (p. 134).
Experts and policymakers have thus come to believe that cyberwarfare poses great risks to the command systems of the great nuclear powers; that the US still enjoys primacy in this realm; and that US primacy in the cyber realm must be extended far into the future to underwrite US nuclear deterrence. US security principals have come to believe that this objective can be achieved through the chips escalation.
Over the past decade, Congress has paid greater and greater attention to the security of the command system. The 2018 National Defense Authorization Act required Strategic Command and Cyber Command to “conduct an assessment of the sufficiency and resiliency of the nuclear command and control system to operate through a cyber attack from the Russian Federation [or] the People’s Republic of China” (Malley, p. 194). The Pentagon has named the commander of the Strategic Command as the “NC3 enterprise lead.” In turn, Strategic Command has created an “NC3 Enterprise Center,” which is being led by Elizabeth Durham-Ruiz. A major overhaul is underway. Durham-Ruiz told an interviewer in 2019 that “all architecture-design options are on the table.”
The problem of making the command system resilient to cyber operations is a hard problem. Experts are correct to worry, and Congress is right to demand concerted action from the military. The effort to secure the supply chains of everything used by the command system is obviously justified. The US should also try to maintain its lead in the cyber realm.
The question is whether the chips escalation is the right approach to secure this critical objective. Or whether the US attempt to arrest the growth of Chinese computing capabilities risks driving the Chinese into a cyber-nuclear arms race that they at least have a non-trivial chance of winning. At the very least, unrestrained competition in this realm poses considerable escalation risks. Beyond computing, the Chinese will respond to the US attempt at strangulation through other measures that in themselves, and through their interactions with the response functions of third parties, may greatly harm US interests. Some twenty percent of US assets are risk of decoupling, as are the futures of America’s most successful manufacturing firms, Apple and Tesla. And that’s just for starters. We have to realize that China is not the Soviet Union. The world is not unipolar; it’s bipolar. We could very well lose a cold war against China.
The alternative to the chips escalation is some sort of cooperative arrangement to deal with the specific challenge that has Jake so worried. It is, after all, in the American interest that not only the US command system but the Chinese and Russian command systems be invulnerable to compromise by third parties. Even if the great powers want to undermine each other’s positive control of nuclear weapons, they all have a shared interest in ensuring that negative control of nuclear weapons is never compromised. This shared interest, which is now a permanently operating factor in great power relations, can serve as the foundation of cooperative solutions to the challenges posed by cyber operations to the integrity of nuclear command and control systems. There’s precedent for this. The US spent many billions securing the Soviet arsenal during the 1990s.
The point of this dispatch is not to convince Jake to change his mind, of course. It is to trigger public debate on what are otherwise considered to be highly technical issues. I think that the administration has not done a good job of communicating the real concerns driving the chips escalation. By spelling out the logic of the chips escalation, I am hoping that we have a more informed debate about how the underlying problem can be solved without wrecking our relations with the Chinese, a policy choice that I believe is decidedly not in the American interest.
Interesting piece. Is there any documented pushback from the IC - "Despite tremendous push-back from major centers of private power, economists, foreign policy professionals and the intelligence community"? That goes against what I have heard but it is a big system
At this point, preventing China from world leading position in computing technology is unrealistic. The fight is going to be for the US to gain the #2 position (leapfrogging Taiwan, South Korea, and Japan), and then maintain that position.
That "Jake" at any time seriously considered US having "leadership" in clean tech -- a plain old industrial field of competition, is perhaps the most interesting data point here. China cranks out something over 1GW of solar capacity every day (exporting 60% of it for the time being). Oh and it should be noted that today's commodity computing technology, as indicated by trends of Bitcoin mining when that was at its peak, are energy-limited. Although that'd change.
It is perhaps biotech that's the most interesting. And again, not an area where the numbers are promising for the US (current-generation postdocs, lets say, and all the expensive labs they require). Again regardless of whether or not the US tries to stop those third parties it still firmly controls, ie Europe, from doing business with China.