On Saturday, The New York Times published an impressive survey of leaked material about U.S. efforts to use cyber-espionage to sabotage North Korea’s ballistic missile program. In a revelation that echoes U.S. disruption of Iran’s nuclear program through the Stuxnet cyber-attack, David Sanger and William Broad reported on “left of launch” efforts designed to prevent North Korea from successfully building and testing ballistic missiles.
The Obama administration determined, much as was the case with Iran’s nuclear program, that the risks of open military action to curtail North Korea’s ballistic missile projects outweighed the rewards. Instead, U.S. intelligence agencies undertook steps to disrupt the DPRK’s ballistic missile development through cyber-espionage. In particular, the article suggests, U.S. espionage sabotaged ballistic missiles in the construction and testing phase, leading to the failure of multiple North Korean missile tests, and presumably to major program setbacks.
To be sure, The New York Times could not confirm the impact of U.S. sabotage efforts; building and testing ballistic missiles is tricky business, and accidents happen whether the U.S. has its thumb on the scales or no. Nevertheless, the use of cyber-espionage to disrupt the development of foreign ballistic missile systems, in particular, raises some difficult questions about nuclear deterrence.
The deterrent relationship relies on a degree of faith that both countries must have in one another. The U.S. and Russia both expect that U.S. missiles will work; consequently, neither side has an incentive to take risks out of either fear or opportunism. Although both the U.S. and the Soviets experimented with counter-force doctrines (designed to destroy the enemy nuclear deterrent on the ground) during the Cold War, both were more or less comfortable with the way Mutually Assured Destruction settled by the mid-1960s.
The idea that the United States could disrupt missiles at the production stage throws a wrench in that relationship. For example, several years ago the Russian military experienced a series of failed tests of its Bulava submarine launched ballistic missile. Every indication suggests that these failures happened for domestic reasons; the Russian aerospace industry struggled to find its footing in the wake of the Cold War, and the serial Bulava failures were an understandable, if embarrassing, part of the process of reconstitution. In retrospect, however, some Russian spies and engineers probably have cause to wonder whether the missile failures had an external cause. The idea that U.S. cyber-espionage disrupted Russian missile development is simultaneously far-fetched and evidence-free, but is certainly more credible today than it was last week.
Similarly, Chinese spies and technicians need to think seriously about the prospect of U.S. interference in the ballistic missile projects of the People’s Liberation Army Rocket Force, especially given the significant role that precision ballistic missiles have taken in China’s A2/AD system of systems. And both Russia and China, of course, are far more connected than North Korea; the potential vectors for industrial sabotage through cyber-espionage are much greater in number.
The upside of Chinese or Russia concern over the integrity of their ballistic missiles is obvious; they could become less likely to engage in risk behaviors if they don’t know their own missiles will work. The downside is that a sudden sense of vulnerability has the potential to make anyone — Moscow, Beijing, or Pyongyang — paranoid and unpredictable. And that can undermine the nuclear deterrent formula that has held for decades.