In 1956 Henry Kissinger speculated in Foreign Affairs about how the nuclear stalemate between the United States and the Soviet Union could force national security officials into a terrible dilemma. His thesis was that the United States risked sending a signal to potential aggressors that, faced with conflict, defense officials would have only two choices: settle for peace at any price, or retaliate with thermonuclear ruin. Not only had “victory in an all-out war become technically impossible,” Kissinger wrote, but in addition, it could “no longer be imposed at acceptable cost.”
His conclusion was that decision-makers needed better options between these catastrophic extremes. And yet this gaping hole in nuclear response policy persists to this day. With Russia and China leading an alliance actively opposing Western and like-minded nations, with war in Europe and the Middle East, and spiraling tensions in Asia, it would not be histrionic to suggest that the future of the planet is at stake. It is time to find a way past this dead end.
Seventy years ago only the Soviet Union and the United States possessed nuclear weapons. Today there are eight or nine countries that have weapons of mass destruction. Three of them—Russia, China, and North Korea—have publicly declared irreconcilable opposition to American-style liberal democracy.
Their antagonism creates an urgent security challenge. During its war with Ukraine, now in its third year, Russian leadership has repeatedly threatened to use tactical nuclear weapons. Then, earlier this year, the Putin government blocked United Nations enforcement of North Korea’s compliance with international sanctions, enabling the Hermit Kingdom to more easily circumvent access restrictions on nuclear technology.
Thousands of nuclear missiles can be in the air within minutes of a launch command; the consequence of an operational mistake or security miscalculation would be the obliteration of global society. Considered in this light, there is arguably no more urgent or morally necessary imperative than devising a means of neutralizing nuclear-equipped missiles midflight, should such a mistake occur.
Today the delivery of a nuclear package is irreversible once the launch command has been given. It is impossible to recall or de-activate a land-based, sea-based, or cruise missile once they are on their way. This is a deliberate policy-and-design choice born of concern that electronic sabotage, for example in the form of hostile radio signals, could disable the weapons once they are in flight.
And yet the possibility of a misunderstanding leading to nuclear retaliation remains all too real. For example, in 1983, Stanislav Petrov literally saved the world by overruling, based on his own judgement, a “high reliability” report from the Soviet Union’s Oko satellite surveillance network. He was later proven correct; the system had mistakenly interpreted sunlight reflections off high-altitude clouds as rocket flares, indicating an American attack. Had he followed his training and allowed a Soviet retaliation to proceed, his superiors would have realized within minutes that they had made a horrific mistake in response to a technical glitch, not an American first strike.
A Trident I submarine-launched ballistic missile was test fired from the submarine USS Mariano G. Vallejo, which was decommissioned in 1995.U.S. Navy
So why, 40 years later, do we still lack a means of averting the unthinkable? In his book Command and Control, Eric Schlosser quoted an early commander in chief of the Strategic Air Command (SAC), General Thomas S. Power, who explained why there is still no way to revoke a nuclear order. Power said that the very existence of a recall or self-destruct mechanism “would create a fail-disable potential for knowledge agents to ‘dud’” the weapon. Schlosser wrote that “missiles being flight-tested usually had a command-destruct mechanism—explosives attached to the airframe that could be set off by remote control, destroying the missile if it flew off course. SAC refused to add that capability to operational missiles, out of concern that the Soviets might find a way to detonate them all in midflight.”
In 1990, Sherman Frankel pointed out in Science and Global Security that “there already exists an agreement between the United States and the Soviet Union, usually referred to as the 1971 Accidents Agreement, that specifies what is to be done in the event of an accidental or unauthorized launch of a nuclear weapon. The relevant section says that “in the event of an accident, the Party whose nuclear weapon is involved will immediately make every effort to take necessary measures to render harmless or destroy such weapon without its causing damage.” That’s a nice thought, but “in the ensuing decades, no capability to remotely divert or destroy a nuclear-armed missile...has been deployed by the U.S. government,” Frankel says. This is still true today.
The inability to reverse a nuclear decision has persisted because two generations of officials and policymakers have grossly underestimated our ability to prevent adversaries from attacking the hardware and software of nuclear-equipped missiles before or after they are launched.
The systems that deliver these warheads to their targets fall into three major categories, collectively known as the nuclear triad. It consists of submarine-launched ballistic missiles (SLBMs), ground-launched intercontinental ballistic missiles (ICBMs), and bombs launched from strategic bombers, including cruise missiles. About half of the United States’ active arsenal is carried on the Navy’s 14 nuclear Trident II ballistic-missile submarines, which are on constant patrol in the Atlantic and Pacific oceans. The ground-launched missiles are called Minuteman III, a 50-year-old system that the U.S. Air Force describes as the “cornerstone of the free world.” Approximately 400 ICBMs are siloed in ready-to-launch configurations across Montana, North Dakota, and Wyoming. Recently, under a vast program known as Sentinel, the U.S. Department of Defense embarked on a plan to replace the Minuteman IIIs at an estimated cost of US $140 billion.
Each SLBM and ICBM can be equipped with multiple independently targetable reentry vehicles, or MIRVs. These are aerodynamic shells, each containing a nuclear warhead, that can steer themselves with great accuracy to targets established in advance of their launch. Trident II can carry as many as 12 MIRVs, although to stay within treaty constraints, the U.S. Navy limits the number to about four. Today the United States has about 1,770 warheads deployed in the sea, in the ground, or on strategic bombers.
While civilian rockets and some military systems carry bidirectional communications for telemetry and guidance, strategic weapons are deliberately and completely isolated. Because our technological ability to secure a radio channel is incomparably improved, a secure monodirectional link that would allow the U.S. president to abort a mission in case of accident or reconciliation is possible today.
U.S. Air Force technicians work on a Minuteman III’s Multiple Independently-targetable Reentry Vehicle system. The reentry vehicles are the black cones.U.S. Air Force
ICBMs launched from the continental United States would take about 30 minutes to reach Russia; SLBMs would reach targets there in about half that time. During the 5-minute boost phase that lifts the rocket above the atmosphere, controllers could contact the airframe through ground-, sea-, or space-based (satellite) communication channels. After the engines shut down, the missile continues on a 20- or 25-minute (or less for SLBMs) parabolic arc, governed entirely by Newtonian mechanics. During that time, both terrestrial and satellite communications are still possible. However, as the reentry vehicle containing the warhead enters the atmosphere, a plasma sheaths the vehicle. That plasma blocks reception of radio waves, so during the reentry and descent phases, which combined last about a minute, receipt of abort instructions would only be possible after the plasma sheaths subside. What that means in practical terms is that there would be a communications window of only a few seconds before detonation, and probably only with space-borne transmitters.
There are several alternative approaches to the design and implementation of this safety mechanism. Satellite-navigation beacons such as GPS, for example, transmit signals in the L- band and decode terrestrial and near-earth messages at about 50 bits per second, which is more than enough for this purpose. Satellite-communication systems, as another example, compensate for weather, terrain, and urban canyons with specialized K-band beamforming antennas and adaptive noise-resistant modulation techniques, like spread spectrum, with data rates measured in megabits per second (Mb/s).
For either kind of signal, the received-carrier strength would be about 100 decibels per milliwatt; anything above that level, as it presumably would be at or near the missile’s apogee, would improve reliability without compromising security. The upshot is that the technology needed to implement this protection scheme—even for an abort command issued in the last few seconds of the missile’s trajectory—is available now. Today we understand how to reliably receive extremely low-powered satellite signals, reject interference and noise, and encode messages, using such techniques as symmetric cryptography so that they are sufficiently indecipherable for this application.
The signals, codes, and disablement protocols can be dynamically programmed immediately prior to launch. Even if an adversary was able to see the digital design, they would not know which key to use or how to implement it. Given all this, we believe that the ability to disarm a launched warhead should be included in the Pentagon’s extension of the controversial Sentinel modernization program.
What exactly would happen with the missile if a deactivate message was sent? It could be one of several things, depending on where the missile was in its trajectory. It could instruct the rocket to self-destruct on ascent, redirect the rocket into outer space, or disarm the payload before reentry or during descent.
Of course, all of these scenarios presume that the microelectronics platform underpinning the missile and weapon is secure and has not been tampered with. According to the Government Accountability Office, “the primary domestic source of microelectronics for nuclear weapons components is the Microsystems Engineering, Sciences, and Applications (MESA) Complex at Sandia National Laboratories in New Mexico.” Thanks to Sandia and other laboratories, there are significant physical barriers to microelectronic tampering. These could be enhanced with recent design advances that promote semiconductor supply-chain security.
Towards that end, Joe Costello, the founder and former CEO of the semiconductor software giant Cadence Design Systems, and a Kaufman Award winner, told us that there are many security measures and layers of device protection that simply did not exist as recently as a decade ago. He said, “We have the opportunity, and the duty, to protect our national security infrastructure in ways that were inconceivable when nuclear fail-safe policy was being made. We know what to do, from design to manufacturing. But we’re stuck with century-old thinking and decades-old technology. This is a transcendent risk to our future.”
Kissinger concluded his classic treatise by stating that “Our dilemma has been defined as the alternative of Armageddon or defeat without war. We can overcome the paralysis induced by such a prospect only by creating other alternatives both in our diplomacy and our military policy.” Indeed, the recall or deactivation of nuclear weapons post-launch, but before detonation, is imperative to the national security of the United States and the preservation of human life on the planet.
John R. Allen is a retired Marine Corps four-star General, and former commander of the NATO International Security Assistance Force and US Forces, Afghanistan. From 2006 to 2008, he served as the deputy commanding general of Multinational Forces West and II Marine Expeditionary Force in Al Anbar Province, Iraq.
Peter L. Levin is the co-founder and CEO of Amida Technology Solutions, and a senior adjunct fellow at the Center for a New American Security. In an earlier role, as Chief Technology Officer at the Department of Veterans Affairs, he co-created and led the deployment of the VA’s disability claims management system and the consolidated electronic health record portal, with the Department of Defense.