Cyber warfare & inadvertent escalation

Abstract

The advent of cyber warfare exacerbates the risk of inadvertent nuclear escalation in a conventional conflict. In theory, cyber espionage and cyberattacks could enhance one state’s ability to undermine another’s nuclear deterrent. Regardless of how effective such operations might prove in practice, fear of them could generate escalatory “use-’em-before-you-lose-’em” pressures. Additionally, cyber threats could create three qualitatively new mechanisms by which a nuclear-armed state might incorrectly conclude that its nuclear deterrent was under attack. First, cyber espionage could be mistaken for a cyberattack. Second, malware could accidentally spread from systems that supported non-nuclear operations to nuclear-related systems. Third, an operation carried out by a third party could be misattributed by one state in a bilateral confrontation to its opponent. Two approaches to risk reduction are potentially viable in the short term: Unilateral restraint in conducting potentially escalatory cyber operations, and bilateral or multilateral behavioral norms.