Documents menu

The Bug in the Bomb: The Impact of the Year 2000 Problem on Nuclear Weapons

From the British American Security Information Council
21 November 1998

Executive Summary

This report is a first step towards assessing the impact of the Year 2000 computer date change - otherwise known as the &"Y2K problem&" or the &"Millennium Bug&" - on both nuclear weapons arsenals and national security structures. Although primary emphasis is placed on the recent experiences of the United States Department of Defense, a comprehensive analysis of the issue will require examination of the entire nuclear weapons cycle for all nuclear powers, from production of weapons to deployment to dismantlement.

Initial research findings by a number of different agencies and teams of experts, both inside and outside the Department of Defense (DoD), have resulted in &"no confidence&" that the Pentagon's present program will meet the Year 2000 challenge. The DoD weapons and communication systems utilize millions of &"embedded systems&" in the form of microchips and microprocessors. These semi-independent systems- within-systems are hard to locate and difficult to fix, and the ultimate effects of multiple breakdowns in embedded systems are poorly understood. There is no general theory or methodology for assessing the &"Y2K compliance&" of software, chips, or microprocessors on a mass basis; suspected systems must be inspected line-by-line and chip-by-chip. Moreover, December 31, 1999 and January 1, 2000 are not the only dates that present problems; many such &"bugs&" exist for dates that occur prior to, or months and years later than, the year 2000. Finally, even if a particular system is made completely free of Y2K computing errors, interfaces or connections to other &"infected&" systems could introduce bad data, causing the &"fixed&" system to produce erroneous information or even shut down completely. Because of these subtle, yet insidious inter-system effects, Deputy Secretary of Defense John Hamre has admitted that &"Everything is so interconnected, it's very hard to know with any precision that we've got it fixed.&"

Nuclear systems are not exempt from Y2K-related problems. A recent Memorandum from Secretary of Defense William Cohen mandated that US Strategic Command (STRATCOM) give a detailed report on the status of Y2K repairs for all nuclear command and control systems. Although it was produced in mid-September 1998 as an unclassified document, it has not been released to the general public. Congressional access has also been extremely limited. This reluctance to provide information raises deep concerns about the ability of STRATCOM and the armed services to fix both the weapons themselves and the all-important support systems such as launch platforms, communications networks, logistics channels, and safety systems. According to one congressional source, &"These decisions constitute a concerted effort to censor information on Y2K progress. If there's anything bad, the immediate response is to cover it up, rather than taking care of the problem.&"

In fact, there are severe and recurring problems across the entire DoD Y2K remediation program, including ill-defined concepts and operating procedures, ad-hoc funding and spotty estimates for final costs, lax management, insufficient standards for declaring systems &"Y2K compliant&", insufficient contingency planning in case of Y2K-related failures, and poor inter-departmental communications. There is no credible and concise evidence that all mission-critical systems will be repaired and tested on time. Moreover, February 1998 saw a mass exodus of qualified civilian managers from the Office of the Assistant Secretary of Defense for Command, Control, Communications, and Intelligence (OASD/C3I), the branch of the OSD responsible for monitoring and guiding Y2K remediation efforts. This exodus included many experts on Information Technology (IT), leaving the entire program rudderless for several months. It is still not clear that recent organizational restructuring and new civilian appointments have adequately addressed the need for rational and consistent central management. According to one congressional staff person who has been monitoring the DoD's progress, &"The ongoing response to the Y2K bug is symptomatic of catastrophic mismanagement throughout the DoD.&"

This state of affairs has been exacerbated by a lack of Congressional attention to defense matters and Y2K. The majority of Y2K committee hearings and bills have been initiated largely through the concerns of domestic lobbies. The dearth of external oversight of Y2K and defense systems extends to Congressional support agencies as well: the Congressional Research Service (CRS) is monitoring the problem at only the broadest levels; the Congressional Budget Office (CBO) believes that the issue is outside its mandate; and the General Accounting Office (GAO) has thus far reported only on general DoD procedures and management, rather than on specific nuclear systems. The GAO will not consider the results for individual systems until the DoD completes all &"verification&" activities by mid- to late-1999. This leaves little time for the formulation of alternative international policies to avert a crisis caused by major malfunctions in components of the nuclear arsenal.

The Pentagon has already announced the existence of &"high risk&" systems that may not be repaired or tested in time, and for which repairs may ultimately be impossible. Problems may not be eliminated by 2000 no matter what resources and money are devoted to them.

Finally, Russia's decaying nuclear systems are also in danger of Y2K failures, and US decision-makers are currently planning to share early-warning information (and even exchange key military and civilian personnel) to guard against a purposeful launch based on faulty surveillance data. However, this assumes that US systems will be fixed and verified on time.

The dangers of a Y2K meltdown, even if restricted to a few key systems, are intensified by the Russian and American policy of &"launch on warning.&" This policy calls for nuclear retaliation after detection of another country's launch of missiles, but before the adversary's warheads impact. If Y2K breakdowns were to produce inaccurate early-warning data, or if communications and command channels were to be compromised, the combination of hair-trigger force postures and Y2K failures could be disastrous.

For all of these reasons, there should be a &"safety first&" approach to Y2K and nuclear arsenals. All the nuclear weapons states should stand-down nuclear operations. This approach should include taking nuclear weapons off alert status or de-coupling nuclear warheads from delivery vehicles. Whatever option is chosen, policymakers must be given as much time and latitude as possible for making important decisions in an environment beset with Y2K difficulties and uncertainties. By verifiably taking forces off alert on a multinational basis, leaders could be highly confident that there is no danger of a preemptive attack, thereby lessening the importance of reliance on C3I systems that might succumb to Y2K failures. This necessitates that Clinton Administration and Congress abandon the current &"wait and see&" approach, which relies on the timely completion of the Pentagon's Y2K program. Because there is no guarantee of success, US decision-makers must take steps now to preclude disaster should the Pentagon fail.

Serious attention is also warranted for all nuclear activities under the Department of Energy (DoE), including warhead testing and modernization facilities at Sandia National Laboratories and other sites. The Y2K problem can affect every aspect of the DoE's &"cradle to grave&" nuclear program. More information is also needed about the Y2K-related activities of other nuclear-weapons states. The Clinton Administration should work with other countries to improve Y2K compatibility and to provide information on overall progress.

British American Security Information Council
1900 L St., NW, Washington, DC 20036 Tel. +1 (202) 785 1266 Fax +1 (202) 387 6298

Carrara House, 20 Embankment Place, London WC2N 6NN
Tel. +44 (171) 925 0862 Fax +44 (171) 925 0861