The Impact of Emerging Security Challenges on Strategic Stability

Frank A. Rose
Assistant Secretary, Bureau of Arms Control, Verification and Compliance
The University of Virginia
Charlottesville, VA
December 2, 2016

As Prepared for Delivery

It’s my pleasure to be here today at the University of Virginia to discuss a number of emerging security challenges that we’re working on in the State Department’s Bureau of Arms Control, Verification and Compliance (AVC).

Strategic stability in the current security environment no longer follows the two state-one weapon model from the Cold War. Today’s security environment involves multiple states and other types of capabilities such as missile defense, conventional weapons, outer space, and electronic warfare, including in cyberspace. It is a system where we now face a security trilemmas—where security change as a result of two countries’ actions might impact the security of a third country. It involves the technologies that were developed for military usage decades ago as part of the second offset strategy that at the time provided a huge advantage for the United States.

However, we're now starting to see the advantages that accrued from these capabilities start to erode, and this erosion is happening at an accelerating pace. Weapons, such as anti-satellite systems, are rising in popularity but with modern technologies. New technologies are being developed like hypersonic glide systems and cyber tools for malicious activity. Cyber attacks in particular can have low barriers to entry, be relatively cheap, be deniable, and be difficult to attribute. And all of these capabilities are likely to be combined in attacks on the United States and our allies. As a result, it is essential to look at linkages between these various capabilities.

One of the newest and most difficult set of linkages I see is among the areas of space, cyber, and undersea communications cables. These new threats are one of the key reasons why I established the Office of Emerging Security Challenges within the AVC Bureau at the State Department when I became the Assistant Secretary in December 2014.

Our day-to-day lives depend upon the flow of information. We increasingly rely on space, cyberspace, and fiber-optic communications cables in all aspects of our lives whether you know it or not. These systems are critical for social and economic activity, but most importantly to defend our security. At the same time, these conduits for communication are vulnerable to state and non-state actors who seek to deny access to the free flow of information. The continued and assured access to all of these capabilities is vital to global strategic stability. In the past, these issues were dealt with in isolation to one another. The more we examine these emerging security challenges, the clearer it is that these links must be looked at holistically, not individually.

Today, I’ll discuss various emerging challenges that we are facing and the linkages between these challenges. I will then discuss how these challenges relate to nuclear arms control and what we can do to better coordinate our approaches in these areas.

Emerging Threats: Outer Space, Cyberspace, and Undersea Cables

Let me begin by providing some background on the emerging threats.

In 2015, approximately 97% of the world’s trans-oceanic communication transited over privately held, commercial, undersea fiber-optic communications cables. A large-scale outage of these undersea cables would affect critical government and business operations, communications, financial transactions, logistics, and transportation. Despite protection measures, undersea cables are susceptible to disruption from fishing activity, anchoring, natural disasters, component failure, and deliberate attack. We are concerned that potential adversaries may be looking for vulnerabilities in undersea cables around the world.

Cyber threats to U.S. national and economic security are increasing in frequency, scale, sophistication, and severity of impact. The ranges of cyber threat actors, methods of attack, targeted systems, and victims are also expanding. Adding to the problem, it is not always easy to identify the origin of such attacks. As you all know, the internet is critical to U.S. prosperity, as well as national security. From purchasing products to running businesses to finding directions to communicating, an online world has fundamentally reshaped our daily lives. But just as the continually evolving digital age presents boundless opportunities for our economy, our businesses, and our people, it also presents a new generation of threats that we must adapt to meet. Simply put, our reliance on electronic media makes us vulnerable.

Finally, our reliance upon international space systems has risen to an unprecedented global scale due to the importance of space to the global economy, our national security, and societies. The Space Foundation’s latest annual report stated that the global “space economy” in 2015 was $323 billion, of which over 75% was commercial space products and services, infrastructure, and support industries. We already face a global threat from electronic warfare systems capable of jamming satellite communications systems and global navigation space systems. In addition, threats to space systems from debris or irresponsible activities are increasing. In particular, we are concerned by Chinese and Russian pursuit of weapons systems to destroy satellites in orbit. The debris created from such activities lingers uncontrollably, thus creating the potential for impacts far beyond the destruction of an individual targeted satellite, complicating and endangering the operations of all entities operating in space.

Threat Linkages between Outer Space, Cyberspace, and Undersea Cables

We should not look at space, cyber, and undersea cables independently of one another, as these areas are becoming increasingly intertwined. The reliance by the United States and our allies on these systems creates a strong incentive to conduct asymmetric attacks against us, given the relative ease with which they can be conducted, the difficulty with attribution, and the advantages that can be accrued from offensive operations. The result is an environment where multiple actors continue to develop, test, deploy, and even employ systems in these domains that threaten to undermine strategic stability.

If a determined adversary wants to cut off U.S. and allied access to communications infrastructure, they are likely to deploy capabilities to attack space, cyberspace and undersea cables at the same time, in a coordinated manner and across a broad spectrum of means.

There are also cross-domain vulnerabilities. What happens in outer space won’t stay in outer space. Satellites are vulnerable to cyber intrusions, as we saw take place in 2014 when a cyber attack compromised four U.S. weather satellites. Banking, mapping, and other essential parts of the global internet infrastructure are dependent on space assets for services such as timing and location data. Additionally, space and cyber assets are vital to our deterrent and defensive capabilities, including communications, positioning, and nuclear command and control. It is easy to see how attacks in these domains could lead to a wider kinetic conflict.

Policy Linkages

It is interesting to see where there are linkages in the policy and diplomatic approach to addressing these threats, especially in space and cyber domains. A common thread is the lack of widely accepted and enforceable norms of responsible behavior. There are also many differences—for example, there are existing treaties on space policy and undersea cables, whereas none currently exist relating to cyberspace.

As a means of managing the vulnerabilities in space and cyber domains, we have focused on the discussion of responsible State behavior, rather than on limiting capabilities. This is done through the creation of norms of responsible behavior, as well as through confidence-building measures, which can help reduce the risk of miscalculation during a conflict.

In space and cyber domains, we face similar challenges to pursuing traditional arms control, given the dual-use nature of these systems, the number of actors, and the challenges of attribution and verification. These attribution challenges further complicate efforts to promote predictability and transparency. To address these challenges, we have worked to pursue consensus among states that international law applies in both domains, and further clarify how foundational laws, such as the law of armed conflict and the UN Charter, apply.

How an attack in outer space or cyberspace, or against our undersea cables would affect decision-making or lead to escalation in a crisis remains unclear, especially if the attacks impact data integrity or the ability to communicate. There is limited historical precedent for conflict in these domains, unlike conflict on the land or the sea. As a result, it is helpful to look at these threats and vulnerabilities holistically to ensure our responses are coordinated.

Unlike traditional domains of conflict, there is also an important role for the commercial sector in these policy approaches, as many of the systems and critical infrastructures involved are privately owned. In both space and cyber domains, the commercial systems can be, or may appear to others, as weapons. That is why we need to involve the commercial sector in driving the development of norms, which they can potentially do more quickly than governments. However, that may have significant implications for government policy.

In addition, the challenge of proliferation exists in both space and cyber. How do we slow or prevent the proliferation of these systems and manage the risks, especially since many of them can be considered dual-use systems?

Collectively, we need to determine how to encourage mutual restraint and deter harmful activities in these domains. Can we hold something at risk, or can we deny an adversary the goals of their programs or increase the political or economic costs of such programs? It’s also unclear what types of harmful or irresponsible activities we want to deter.

Relevance to Nuclear Arms Control

So what does any of this have to do with nuclear arms control and disarmament? Continued progress in reducing nuclear arsenals cannot be divorced from the global security environment or our unconditional commitment to the security of our Allies in NATO and Asia. UN Security Council Resolution 1887 recognizes that decisions regarding nuclear weapons do not happen in a vacuum. That is why the Resolution calls upon all states to “create the conditions for a world without nuclear weapons… in a way that promotes international stability, and based on the principle of undiminished security for all.”

The very clear vulnerabilities of cyberspace, outer space, and undersea cables to potential adversaries enter into States’ assessment of their security environment. Ensuring “undiminished security for all” depends, in part, on our success in constructing mutually agreed upon norms that referee behavior in these largely unregulated domains. Of course, the norms of behavior governing the possession and transfer of technology on nuclear weapons are more mature compared to the emerging threats we have been discussing, but establishing clear rules of the road in these realms can help create the security conditions for future nuclear arms reductions.

Way Forward

The good news is that the U.S. government is already taking broad action to address these new challenges and has put in place specific response plans.

We have begun to communicate, to innovate, and to seek asymmetrical advantages to these threats. One such plan is the Third Offset Strategy that Deputy Secretary of Defense Robert Work frequently talks about. We are looking at deep learning systems that can crunch tremendous amounts of data and be used to provide indications and forewarning of cyber or electronic warfare attacks.

Deputy Secretary Work also talks about hardening the capabilities of these systems to defend against attacks. Just as we work to increase the resiliency of our nuclear capabilities against an adversary’s first strike, we need cyber-hardened and counterspace-hardened weapons. The development of these weapons will take time, but it will allow us to better defend these critical capabilities and also to shift the balance from offense dominant to defense dominant.

Going forward, we must enhance and communicate our cross-domain deterrence in a credible manner to achieve and maintain stability. This effort will require better monitoring and verification capabilities to make attribution easier.

We also need to be working more closely with our allies. Our worldwide system of Alliances is a true “asymmetric advantage” of the United States. They can help us to enhance resiliency across the board. As part of that, we must encourage other governments to think about emerging security challenges holistically, and then broaden cooperation with them. Together, we can continue to develop norms of responsible behavior and encourage mutual restraint.

Meanwhile, we must look within our own government to ensure we are taking a whole of government approach to these issues and to avoid the instinct of stove-piping that can paralyze the bureaucracy. Of course, solving these emerging security challenges is not “one size fits all.” Approaches and plans that may work in cyberspace may not be applicable to our efforts to protect our space assets. However, we can glean lessons learned from each of these areas. And learning these lessons will require additional dialogues across domains, between offices, between agencies, and internationally. I see this area as a priority for the U.S. government now and in the future.

Thank you.