For years, the phrase “weapons of mass destruction,” or WMDs, referred to physical threats: Nuclear bombs, chemical attacks, and biological warfare.
US Department of Defense officials, however, are expanding the definition to include offensive cyber operations. They think the threat is so big, that they’re seeking ideas from academics, research institutions, and non-profit organizations on how to counter a possible cyber-armageddon. Earlier this week, the Pentagon’s Project on Advanced Systems and Concepts for Countering Weapons of Mass Destruction, or PASCC, issued a solicitation requesting white papers to help the US prepare for such attacks.
“A new perspective is needed to address this problem,” it wrote in the document. ”It should include independent organizations not anchored to traditional WMD definitional and doctrinal concepts.”
In other words, the Pentagon is looking for out-of-the-box thinkers.
In recent years, Russia, China, North Korea, and a number of violent extremist organizations have launched offensive cyberspace operations against the US. PASCC says the cyber attacks are becoming more sophisticated—and a more integral part of US adversaries’ military strategy.
PASCC points out that a powerful enough cyberstrike could destroy critical infrastructure, take the financial system offline, or compromise the accuracy of essential military systems. It also noted the potential threat of social media, which it says could be used to spread “false rumors and innuendo designed to strain alliances, divide polities, and undercut public confidence in institutional integrity and social cohesion.”
The main research question the Pentagon is trying to answer through its solicitation is related to the links between cyber warfare and WMDs. It wants to know how the US adversaries might use cyber operations to make their weapons more lethal, or to erode the US’s WMD defenses.
Cyber attacks can’t destroy a city, but they could potentially manipulate a nuclear weapon by hacking into its controls, says Jeffrey Lewis, a WMD expert at the James Martin Center for Nonproliferation Studies in Monterey, California.
“With nuclear weapons, every single piece hinges on the command-and-control system,” he says. “Would you try to blow up every single nuclear weapon in Russia, or would you try to shut down the command-and-control system so the orders never got there?”
The Pentagon’s second question is whether the US’s plans take into account those connections between cyber and nuclear warfare.
The US already incorporated cyber operations into its Nuclear Posture Review, which reflects the Pentagon’s official nuclear policy. Earlier this year, the Trump administration created a new category of attack to which US forces could respond with a nuclear strike: “significant non-nuclear strategic attacks.” The term is “a euphemism for a cyber attack on our nuclear command-and-control systems,” says Lewis.
He believes retaliating against a cyberattack with a nuclear weapon is excessive and dangerous, a point he plans to make in his own submission to the Pentagon’s call for papers.
Here’s the agency’s solicitation. Submissions are due at the end of January.