Rafal Rohozinski  | The Globe and Mail

Nuclear weapons formed the basis of strategic stability between the nuclear superpowers for the past 70 years. The threat of instantaneous and mutual annihilation helped concentrate minds, including the establishment of clear and unambiguous “rules of the game” among the superpowers. States continued to compete, but competition was never allowed to compromise overall strategic stability.

Nuclear deterrence was based on a simple calculus. Once launched, nuclear weapons were nearly impossible to stop and even limited use would result in civilization-ending consequences. In former U.S. president Ronald Reagan’s words, nuclear war was “unthinkable.” The knowledge that entire countries could be obliterated was a sufficient guarantor of strategic stability based on Mutually Assured Destruction (MAD).

The shared confidence in MAD that underpinned the nuclear regime started changing during the 1990s. New research and development into anti-ballistic missile systems raised concerns over the durability of nuclear deterrence. Specifically, the Russian government interpreted the placement of radars and ballistic missiles in Eastern Europe as an existential threat to Russia’s nuclear-deterrence capability, and not a bulwark against supposed rogue states as alleged by the United States and its allies.

Even so, MAD survived into the early 21st century, keeping the nuclear threat on the back burner. Co-operation between the major nuclear powers to disarm also reached a historic high. Both the United States and Russia focused on reducing their nuclear stockpiles with admirable results. Working with the United Nations, the focus was on the threat of loose nukes, rather than a confrontation between nuclear-armed foes. Tensions, which persisted, were treated by all sides as manageable and negotiable.

All of this changed with the internet. The internet coincidentally shares a heritage with the nuclear age. Indeed, it was conceived as a decentralized and distributed communications network that could survive a nuclear war and preserve command and control. In the post-Cold War era, its principal significance is not so much military as the news backbone of the global digital economy. These two worlds – the nuclear and the digital – are now converging. They are also giving rise to new risks, three of which stand out.

The first risk relates to bringing nuclear command-and-control systems into the digital age. The existing nuclear-weapons infrastructure is for the most part analog and predates the internet era. As Russian and U.S. nuclear command-and-control systems are modernized over the next few years, their dependence on digital technologies will increase. Modernization necessarily increases complexity – and complexity creates new possibilities for error.

The planet came perilously close to a nuclear exchange on several occasions over the past half-century. One nuclear calamity was only averted by the courageous decisions of men such as Lieutenant-Colonel Stanislav Petrov, who in September, 1983, deliberately ignored sensor data falsely reporting that the Soviet Union was under a massive nuclear attack from America. With nuclear command-and-control systems increasingly dependent on artificial intelligence, there are fewer opportunities for human intervention to prevent a mistaken cataclysmic exchange.

The Stuxnet case is a reminder that the risks of hacking and digital manipulation are more science than fiction. The implanting of malware designed to destroy Iran’s capacity to separate uranium demonstrated the utility and feasibility of strategic cyberattacks. Interventions designed to disrupt and destroy the command-and-control systems of nuclear weapons are the internet equivalent of Mr. Reagan’s Strategic Defence Initiative. They dangerously entangle cyberwarfare and nuclear stability. There are just nine nuclear-armed states, but more than 140 countries are actively developing cyberwarfare capabilities.

The second risk is that the world’s dependence on cyber actually increases the deterrence value of acquiring even a few nuclear weapons. Due to their blast, radioactive and electromagnetic pulse (EMP) effects, nuclear weaponry is especially effective against states that are hyper-connected and reliant on digital technologies. They can disable and destroy electrical grids, data farms and computer and communication systems – wreaking havoc on everything from financial systems to water and food supplies.

A new suite of hydrogen bombs are being developed with the EMP impacts in mind. The weapons tested by North Korea are reportedly based on Russian design and intended to have enhanced electromagnetic effects, a fact publicized by North Korea’s leadership. New research from Accenture Strategy and Oxford Economics suggests that roughly 25 per cent of all global GDP will be tied to the digital economy by 2020. The detonation of just one EMP in the upper atmosphere above North America or Western Europe could cripple their digital infrastructures for years. Even outgunned, North Korea is potentially holding the world’s digital economy hostage.

The third and perhaps most unsettling risk is that nuclear first strikes are becoming thinkable as a viable option to stop the use of similar weapons by states such as North Korea. Recall that nuclear-deployment systems are based on electronics. These electronic systems may be resistant to offensive cyberattacks. It is not inconceivable that, in a moment of crisis, EMP-enhanced nuclear weapons could be deployed to prevent a rogue nuclear state from launching its ballistic missiles. Such an action may even appear rational, or the lesser of two evils.

All of the risks outlined above are still hypothetical. But as the digital and nuclear worlds become increasingly entangled, reality is catching up. The strategy of deterrence is being redefined and the implications are deeply worrying.

The launch of cyberattacks and precision nuclear strikes using EMP against the weapons systems of adversaries no longer seems as far-fetched as it once was. We are clearly entering uncharted waters.

Rafal Rohozinski is the CEO of the SecDev Group, and a senior fellow for cybersecurity and emerging conflict at the London-based International Institute for Strategic Studies.