Russia’s Basic Principles and the Cyber-Nuclear Nexus
June 2020 saw the public release of the Basic Principles of State Policy of the Russian Federation on Nuclear Deterrence – for the first time ever, as previous versions of this document were classified. This has implications for how adversaries should interpret Russian concerns over potential threat.
The Basic Principles is not a war-fighting manual (those generally do not deal with such conceptual areas), nor a declaration. Its main importance is in the broadening of nuclear-related sections of the ‘general’ Military Doctrine of the Russian Federation (1). It is a specific type of strategic planning document, regularly prepared and updated for different areas, including civilian, and is used as a basis for development and acquisitions planning, the legislative process and other bureaucratic work.
Without diving deep into questions of nuclear deterrence, and the roles of nuclear and non-nuclear capabilities, it is important to take note of the conditions set out in the Basic Principles document that might lead to nuclear use by Russia.
In general, the list of conditions follow the traditional Russian approach: nuclear weapons prevent the use of Weapons of Mass Destruction and/or large-scale aggression against Russia and/or her allies. However, there is an important update. Now threats to the nuclear weapons themselves are considered a condition for nuclear retaliation. This is a new as compared to the formulas that exist in the Military Doctrine.
Paragraph 19c of the Basic Principles states: “attack by an adversary against critical governmental or military sites of the Russian Federation, disruption of which would undermine nuclear forces response actions”. This effectively means any interference of any kind against civilian or military infrastructure, which would undermine nuclear retaliation capability. There is a wide consensus within the Russian expert community that this also includes possible cyber threats as well as other non-nuclear dangers. It is commonly understood that “critical sites” include military and civilian government command posts, nuclear forces battle management system, nuclear forces infrastructure and early warning systems. Malicious interference with these sites could lead to catastrophic consequences.
Perception of cyber threats
In general, the threat of cyberattack against Nuclear Command, Control and Communications (NC3) have been discussed at length over last several years with all of the five nuclear weapon states seemingly factoring this threat into their deterrence policies.
In the United States, a formulation similar to that of Russia’s is included in the 2018 US Nuclear Posture Review: “Significant non-nuclear strategic attacks include, but are not limited to, attacks on the U.S., allied, or partner civilian population or infrastructure, and attacks on U.S. or allied nuclear forces, their command and control, or warning and attack assessment capabilities.”
It is challenging to find links between cyber threats and nuclear use in public Chinese documents, especially given the No First Use policy declared and maintained by Beijing. Nevertheless, there are statements comparing consequences of cyber attacks to those of nuclear bombs. Research of the entanglement between non-nuclear and nuclear weapons related systems suggests that there is a serious cyber ‘flavour’ in such risks, and China must be looking for ways to address those.
French “vital interests” that are protected by nuclear weapons are intentionally ambiguous, but Paris pays great attention to the cyber domain. The link between cyber and nuclear threats is mentioned among the principles of the Paris Call for Trust and Security in Cyberspace.
While in the UK the possible cyber threat to NC3 and nuclear weapons systems themselves is acknowledged by officials, nothing suggests that such attacks might be considered among “the most extreme threats” to be deterred by nuclear weapons. However, London, without any doubt, will be interested in reducing the risks of nuclear use as a result of cyber interference.
Decision-makers and military must now account for the use of cyber weapons, hostilities in cyberspace, and the desire of state and non-state actors to gain an advantage by damaging nuclear weapons and the delivery systems of their adversaries. The vulnerability of nuclear weapons control systems is ‘enhanced’ by the high readiness of the nuclear forces. Theoretically, a crushing ‘decapitating’ and even ‘disarming’ strike could be delivered using cyber weapons. At the same time, awareness of the risk of a cyberattack incentivizes the need to increase the protection of nuclear forces-related networks from acts of unlawful interference, regardless of their source, which contributes to maintaining security.
Understanding the threats, relative symmetry between the US and Russian ‘declarations’ and understanding of the challenge by China, France and the UK provides an opening for potential joint actions, including within the P5 format: a forum of these five countries, recognized as nuclear-weapon states within the Nuclear Nonproliferation Treaty. One such action could be a statement of mutual understanding of the consequences of the interference with NC3 and aspiration to avoid actions that might be perceived as such interference by adversaries and partners.
There is no need to focus explicitly and exclusively on the cyber domain of non-nuclear attacks. P5 countries should attempt to define the crucial elements of their nuclear and other strategic weapons enterprise, any impact on which might lead to nuclear retaliation. For example, some states, or even all of them, may make it clear that they consider a serious threat posed by the use of electronic warfare capabilities for the purpose of “deceiving” the early warning and missile defense systems. This also will show that the line between cyber- and electronic warfare is blurry, to say the least.
Challenges and opportunities
There is a significant challenge with dealing with risks in the cyber domain, namely the attribution of the ‘perpetrator’. This is complicated by the fact that near-identical cyber tools can be used for espionage (collecting information) as well as for attacking the systems they have penetrated. A discussion on procedures for attack attribution and cyber weapon ‘dissection’ within the P5 might offer a platform for practical cooperation. Still, the main challenge is traditional: political will, or rather absence of such to participate in such discussions. ‘Cyber’ has become a toxic subject in relations between Russia, China and ‘the West’ due to mutual accusations and counter-accusations over election meddling, espionage and other ‘grey area’ actions. It will be naïve to expect a swift breakthrough. Nevertheless, cyberspace is officially becoming an operational domain for the military. Counterintuitively, it paves a way towards confidence building and risk reduction measures akin to ‘classic’ military domains. The nuclear domain is where such measures are of existential importance, so P5 countries should be ready for selective engagement.
The P5 format provides the best possible forum for inclusive discussions on nuclear doctrines and threat perceptions. Given the growing common understanding of the nexus between cyber and nuclear risks, the P5 countries can come up with a set of basic principles that deter nuclear use. The major principle should be to avoid making statements and building or acquiring weapons that might be seen as a push towards obtaining the very capability their P5 partners and adversaries are concerned with: to undermine nuclear retaliation capacity. Such principle could be augmented with another one: a requirement to explain intended missions for the capabilities that are perceived as threatening, should any P5 country express such concerns. Addressing the cyber-nuclear nexus therefore offers an unexpected opening for P5 collaboration and preserving the stability of deterrence between the nuclear weapon states.
(1) An updated version of the Military Doctrine is expected in 2020, or early 2021.
The opinions articulated above represent the views of the author(s) and do not necessarily reflect the position of the European Leadership Network or any of its members. The ELN’s aim is to encourage debates that will help develop Europe’s capacity to address the pressing foreign, defence, and security policy challenges of our time.