Risky Nuclear Designs

Yesterday, an article in The Atlantic reported that a system failure at Warren AFB in Wyoming affected 50 ICBM’s and that “various security protocols built into the missile delivery system, like intrusion alarms and warhead separation alarms, were offline.” Assuaging fears that America’s nuclear deterrent might have been compromised during this failure, the article notes that the missiles still could be launched from airborne command centers. Other reports cite an administration official offering assurances that “at no time did the president’s ability [to launch] decrease.” Given the difficulty of debugging software and hardware that is probably not a good thing.

There is an unavoidable tradeoff between the danger of not being able to launch our missiles when wanted and accidentally launching them. The system design can reduce the chance of either of those errors, but only at the expense of increasing the other. If the cost of accidentally launching a missile is much higher than not being able to launch it when wanted, then decision theory tells us it is dangerous to be able to launch missiles during a system failure.

While I don’t know enough details of this current incident to be able to say with certainty that the design is too risky, there is a well-established history of such design errrors. Former Minuteman launch control officer Bruce Blair has noted that, after Robert McNamara ordered combination locks known as PALs (Permissive Action Links) to be installed on the Minuteman fleet to prevent an unintentional launch, the Air Force set the combination to all zeros. The Air Force brass was more worried about not being able to launch when wanted than an accidental launch. Blair reports that, when he told this to McNamara, the former Secretary of Defense exploded, “I am shocked, absolutely shocked and outraged. Who the hell authorized that?” That same web page has an excerpt from another highly relevant story by Blair, part of which reads:

all U.S. presidents receive a misleading briefing on their nuclear weapons rights and responsibilities, and options. … What is misleading about the briefing is that the president’s supporting command system is … so greased for the rapid release of U.S. missiles forces by the thousands upon the receipt of attack indications from early warning satellites and ground radar that the president’s options are not all created equal. The bias in favor of launch on electronic warning is so powerful that it would take enormously more presidential will to withhold an attack than to authorize it.

As further evidence of poor nuclear decision-making, ratification of the New START Treaty that would reduce both the US and Russian nuclear arsenals from 2,200 warheads each to 1,520 is in doubt. The fact that such a modest reduction in our bloated nuclear arsenals is in question, coupled with the errors noted above, shows that we cannot leave nuclear matters solely in the hands of our leaders and supposed experts. The risk is far too great.

Jolting society out of its complacency about nuclear weapons will not be easy, but there is hope. As detailed on my web site’s Building Awareness tab, we first need to build small “pockets of nuclear awareness” that then can spread more widely. That page uses Stanford students as an illustrative example, but anyone can participate. All you need to do is think about the various social circles to which you belong and find one where you come in contact with the other members on a regular basis. Then use an approach similar to the one I am using on campus.

As our motto says – and as the above stories illustrate:

The risk of a nuclear catastrophe is far greater than we think.

Our ability to reduce that risk is far greater than we imagine.

About Nuclear Risk

I am a professor at Stanford University, best known for my invention of public key cryptography -- the technology that protects your credit card. But, for almost 30 years, my primary interest has been how fallible human beings can survive possessing nuclear weapons, where even one mistake could be catastrophic.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s