Nuclear security in the digital age

The Shivshankar Menon roundtable this month was centred around three main issues related to nuclear security: the National Security Summit; the nexus between cyber and nuclear security; and the concept of strategic stability in the Indian nuclear doctrine.

The 4^th concluding Nuclear Security Summit (NSS) was held in Washington D.C. from March 31-April 1 this year. This summit was significant because it completes the cycle that was started by President Barack Obama in 2010 and also because Prime Minister Narendra Modi attended it for the first time. The three summits held since 2010 have tried to focus attention on the threat of nuclear sabotage, security of facilities and sites, safety of fissile materials including while in transportation and nuclear terrorism. With evolving global threats, the NTI Nuclear Security Index released in January this year also assesses for the first time how countries are protecting their nuclear facilities against cyberattacks. Given this backdrop, the roundtable discussion anchored by Ambassador Shivshankar Menon centred around three main issues related to nuclear security—the National Security Summit in Washington D.C.; the nexus between cyber and nuclear security; and the concept of strategic stability in the Indian nuclear doctrine.

National Security Summit 2016

The 2016 NSS was seen as a legacy summit since this was the last time U.S. President Obama hosted 53 participating countries and five institutions involved in the global nuclear security architecture. This summit attempted to reflect on the last six years of progress, identify the gaps that persist and follow up on future course of action. This NSS was seen as unique because it unveiled specific action plans for the five main international organisations and initiatives working to secure nuclear and radiological materials, namely the International Atomic Energy Agency (IAEA), United Nations (UN), INTERPOL, Global Initiative to Combat Nuclear Terrorism (GICNT), and Global Partnership Against the Spread of Weapons and Materials of Mass Destruction (Global Partnership). The IAEA is likely to play a central role in this process including coordination between different agencies.

In the Indian context, the summit process was successful in raising awareness about the safety and security of fissile material and also nuclear terrorism. In that, the summit has been instrumental in establishing solid government responses and positions on issues related to nuclear security. The summit has also resulted in a positive shift in the civilian aspects of nuclear capabilities. India has contributed substantially to the summit’s process since 2011. India announced a $1 million grant for the IAEA this year in addition to the $1 million it contributed in 2013. India also joined three ‘gift baskets’ or joint endeavours in priority areas including countering nuclear smuggling, the contact group in Vienna to carry on the work of the summit and sharing best practices through centres of excellence. India has also set up a global centre for nuclear security training and research and started national mechanisms to counter nuclear smuggling in coordination with law enforcement and intelligence agencies. While considerable progress has been made on nuclear security in this process, obvious limitations remain, requiring considerable work.

An important criticism of the summit process has been the non-participation of some key nuclear states such as Iran, Russia etc. due to geo-political reasons and therefore non-compliance by these states. Since the agenda of the NSS is not legally binding, it is difficult to elicit concrete actions from participating states. Also, the NSS only covers civil material and civilian stocks, which means that about 83 percent of the global weapons grade material in military stocks of countries is outside the purview of the summit agencies. The summit process had decided early on that the governance of nuclear material in military stocks would be a national responsibility to be discharged in light of respective countries’ international obligations, while safeguarding civil nuclear material would be the responsibility of the international community. This highlights the nuclear security challenge posed by rogue military regimes who might be in possession of nuclear material outside the purview of international agencies.

Disarmament and Strategic Stability

The NSS’ thrust since 2010 has been on governance and prevention of nuclear materials from being accessed by various undesirable elements. With this thrust, the larger issue of the danger from nuclear weapons themselves is not addressed. In the Indian context, the summit somewhat contradicts India’s commitment to disarmament. The global reality is that countries, big and small, are committed to increasing their nuclear arsenal and capability while undermining the international nuclear security architecture. India’s advocated stand on disarmament is therefore in danger of being sabotaged by the international community. In such a scenario it is worth debating if disarmament should still remain the mainstay of our position on nuclear weapons and whether we need a new set of policies to deal with the evolving strategic milieu. Some experts go so far as to say that the concepts of nuclear deterrence and nuclear disarmament are dead and do not apply anymore in the post-Cold War nuclear world. Strategic stability is another important aspect of the nuclear doctrine, especially in the context of India and countries in a similar strategic milieu. Strategic stability has been a mantra advocated by the P5 for a while now in an attempt to freeze the current status quo of nuclear capabilities. While the concept of strategic stability held relevance in the Cold War era, with U.S. and Russia being the only two nuclear powers, it is now largely irrelevant with countries like Pakistan, China and others striving for greater nuclear capabilities in civil as well as military domains. Advocating the freezing of nuclear programmes by P5 countries is unlikely to succeed because of the inherent inequality in positions and their refusal to roll back their own programmes.

Nuclear and Cyber Security 

Cyber security is an essential component of nuclear security and has been highlighted as such by NSS process. With evolving global threats, the NTI Nuclear Security Index released in January this year also assesses for the first time how countries are protecting their nuclear facilities against cyberattacks. Like other critical infrastructure, nuclear facilities are not immune to cyberattacks and theft of nuclear materials or sabotage. According to a study done by Chatham House documenting major cyber threats on civil nuclear plants, most cyberattacks are not wonton acts of aggression but simply a result of erroneous software updates and patches. Earlier, all civil and nuclear installations were air gapped i.e. there was no interface between the networks used by these installations and the national grid. However, most civil nuclear installations now are connected to the national grid because of their linkages to emergency response systems including law enforcement agencies. These pathways are then targeted by hackers to introduce malicious codes and derail systems. While physical islanding of nuclear infrastructure is advocated by some, linkages with the national grid are inescapable for various reasons, rendering islanding irrelevant. Another form of cyber threat is espionage of nuclear secrets. This renders air-gapping of nuclear installations irrelevant because the operators in these nuclear plants use civilian or commercial forms of communication and can therefore be subjected to espionage. There has been an effort by international agencies to advocate restraint on all forms of malicious threats. The latest report by the UN Group of Government Experts calls on all countries to refrain from harming nuclear infrastructure as well as restrain non-state actors from attacking nuclear infrastructure. While the report has been endorsed by the UN General Assembly, it is not binding on members states and is a mere code of conduct. Unfortunately, many of the threats emanating from the cyber domain are ungoverned and suffer from the difficulty of attribution. Since 2011, the Indian government has established various institutional mechanisms and technology solutions such as continuous monitoring of the cyber environment in nuclear facilities to mitigate and prevent cyberattacks on these installations.

Nuclear Terrorism

U.S. Barack President Obama identified nuclear terrorism as “the most immediate and extreme threat to global security” in his speech in Prague in 2009 and the summit as such has highlighted Nuclear terrorism as a critical component of nuclear security. For India, the nuclear threat from Pakistan is imminent and real. According to some experts at the discussion, the threat from Pakistan in the form of nuclear terrorism is overrated because the nuclear warheads in Pakistan are well guarded by its military establishment. A caveat to this scenario would be the ascension of radicals in the military command in Pakistan which would be jihadist in orientation and in possession of nuclear weapons. A nuclear programme that is entirely in the hands of the military and a military that is ideologically hostile to India is therefore a serious concern. An important concern for India is whether Pakistan or any other state can use nuclear terrorism as a coercive tool through involvement of non-state actors such as ISIS, al Qaeda and others as part of state sponsored nuclear terrorism. Apart from this, the threat of nuclear terrorism form Pakistan is likely to be limited to theft of missile material and smuggling of Radioactive Diffusion Devices (RDDs) and dirty nukes across the border. Civil or radiological material can be much more easily accessed by non-state actors as compared to nuclear weapons. In the past, there have been extended periods of time when the IAEA could not certify that all the nuclear material under safeguards in Pakistan was accounted for. Therefore, the threat from Pakistan’s civil nuclear facilities is real and more imminent than the threat of nuclear weapons.

In conclusion, nuclear security in the digital age poses a significant challenge to all countries regardless of their size, location or the extent of their nuclear capabilities. It is this challenge that the NSS attempts to identify and mitigate through its process.

Like other products of the Brookings Institution India Center, this report is intended to contribute to discussion and stimulate debate on important issues. The views are those of the author.