As Congress returns from August recess and prepares to finalize the Fiscal Year 2021 National Defense Authorization Act (NDAA), legislators should address a major cybersecurity and national security priority: ensuring the resilience of essential deterrent and warfighting capabilities to adversary cyber action. U.S. strategy documents have emphasized that the United States is in a new strategic environment, one defined by great power, long-term strategic competition in which China and Russia are the most consequential challengers. In this context, the United States should not take for granted its ability to maintain strategic deterrence or conventional overmatch. These capabilities are becoming increasingly vulnerable to malicious adversary cyber campaigns. Therefore, Congress should adopt the recommendation of the Cyberspace Solarium Commission to pass legislation requiring the Department of Defense (DOD) to institutionalize a comprehensive cybersecurity vulnerability assessment of nuclear and conventional weapon systems.
In this strategic environment—characterized by complex, interdependent military technologies—cybersecurity and national security are intrinsically linked. The United States’ advanced military capabilities form the bedrock of its strategic advantage. However, they also contain cyber vulnerabilities that adversaries can—and will—exploit for their strategic ends. China has engaged in widespread cyber-enabled intellectual property theft to gain intelligence about U.S. weapon systems, enabling Beijing to replicate U.S. military capabilities or develop offset ones. Adversaries could also develop cyber tools to hold weapon systems at risk or manipulate their intended uses, undermining confidence in their efficacy and reliability. For deterrence to be credible, and to ensure the United States can prevail in crises and conflicts, the United States needs to know that its weapons will work—as intended, when intended.
To continue reading this piece in the Council on Foreign Relations, go to:
https://www.cfr.org/blog/congress-should-act-ensure-weapon-systems-cybersecurity