Pavel Podvig | 13 January 2014
It is no exaggeration to say that Command and Control by Eric Schlosser was one of the most interesting books on nuclear issues published in 2013. The author's well-presented account of US nuclear accidents makes a compelling read. It also helped draw public attention to a very important issue: How safe are nuclear arsenals? Can we rely on the combination of technological and administrative controls that seems to have worked in the past to avert future catastrophic nuclear accidents?
These questions, of course, should be asked of all nuclear arsenals, not just America's. Unfortunately, information about other nuclear weapon states is rather scarce and fragmented. But what we do know about Soviet nuclear weapons largely confirms the general pattern seen in the United States--the Soviet Union and now Russia have also had their share of close calls and nerve-racking experiences. Fortunately, the Soviet Union appears to have taken the safety of its nuclear weapons quite seriously, probably more so than did the United States. Most important, the USSR never flew strategic bombers with nuclear weapons on board as part of regular patrols; nor does Russia today. If the US experience with airborne nuclear weapons is any guide, this is a wise policy. The Soviet Union was also careful with its land-based intercontinental ballistic missiles (ICBMs). When the missiles it deployed in the 1960s reached the end of their service life, the Soviet Union chose to remove their warheads to minimize the risk of a nuclear accident. (This is exactly what the United States failed to do with its obsolescent Titan II ICBM--the missile at the center of Schlosser's book--which was kept in service far beyond what was reasonably safe.)
As a result of various precautions, Soviet and thus far Russian ICBM operations appear to have been relatively safe. Save for a few reported rollovers that involved road-mobile launchers, Moscow has had no serious accidents with deployed land-based ICBMs.
The safety record of Soviet and Russian naval nuclear weapons has been considerably less stellar. This is hardly surprising, given the inherent risks posed by submarine-launched ballistic missiles (SLBMs) and other sea-based nuclear weapons even in the course of routine operations. It did not help that Soviet SLBMs were traditionally liquid-fuel missiles, and that naval operations involve periodic loading and unloading of missiles and torpedoes (with nuclear warheads on). There have been fuel leaks, fires, and explosions, although through a combination of sturdy design and some luck, none has resulted in a warhead detonation, let alone an unintended nuclear explosion. Unfortunately, though, such accidents are not exactly a thing of the past--just two years ago, in December 2011, a submarine caught fire while undergoing repairs in drydock, apparently with a full complement of nuclear-armed ballistic missiles on board.
As unsettling as these accidents were, they proved that it is quite difficult to set off a nuclear warhead accidentally. Many conditions have to be met to make it happen, and now that the number of deployed weapons has been dramatically reduced, and most of the remaining ones no longer participate in regular patrols, the probability of an accidental nuclear detonation has been reduced, as well.
The possibility of such an accident, however, is not the only risk associated with the day-to-day operations of nuclear forces. Nuclear warheads and the delivery systems that carry them are part of a larger system that is supposed to support deterrence. This system has been built up by the United States and Russia to maintain a very high degree of readiness, provide early warning of any attack, and ensure prompt and reliable delivery of launch orders. Unlike nuclear warheads, which can be kept safe by reasonably straightforward technical solutions, the larger nuclear enterprise includes many components that could interact in completely unpredictable ways. Crucially, the system often has to rely on humans making decisions under circumstances they can neither predict nor control.
For all the differences between the US and Soviet early-warning and command and control systems, the two countries encountered very similar problems. Both experienced incidents in which a training tape that simulated a nuclear attack resulted in a very realistic warning. Both faced incidents caused by faulty or unreliable equipment--a bad computer chip in the US case, and a new sensor on one of the Soviet satellites. There were cases in which the unexpected launch of a missile that flew along an unusual trajectory caused an early-warning system to generate an alarm. The most recent such event was the 1995 launch of a Norwegian research rocket that triggered an alarm in Russia.
Even though we know that in all of these cases the decision-making system worked as intended, and that in the end no false alarm was mistaken for an indication of an actual attack, this is hardly reason for complacency. These incidents strongly suggest that nuclear command and control structures might be the kind of "complex and tightly coupled systems" first identified by sociologist Charles Perrow. He argued that in such systems accidents are "normal," meaning that they will inevitably happen and cannot be prevented by introducing additional technical or administrative safety precautions.
Perrow's two concepts--the "complex and tightly coupled system" and the "normal accident"--are often misused and applied quite arbitrarily to any sufficiently complicated system. When it comes to the system governing nuclear weapons use, though, they are appropriate. In his book The Limits of Safety, political scientist Scott Sagan concluded after a thorough analysis that the nuclear arsenals Washington and Moscow have built are indeed complex and tightly coupled. Unfortunately, while the reduction in warheads may have reduced operational burdens and made accidents less frequent, there is no reason to believe that it did much to change the underlying nature of the nuclear complex that makes it vulnerable to "normal accidents." Indeed, in some important respects the system may be becoming more fragile. For example, the line between nuclear and conventional capabilities is becoming increasingly blurred. Also, the investment in new early-warning radars and satellites, which may appear to be an incontrovertibly positive development at first, adds to the complexity of the system and creates new opportunities for errors and miscalculations.
It is often said that nuclear arsenals owe their fragility to the conflicting requirements of deterrence, which need armed forces to both maintain an extremely high degree of readiness and guard against accidental or unauthorized use. This is true, but only to a certain extent--deterrence itself is not the problem. Indeed, Sagan concluded his analysis by saying that nuclear weapon systems are not inherently complex and tightly coupled. Theoretically, a country could construct a nuclear force that would provide reliable deterrence and be immune from accidents, "normal" or otherwise. The problem, however, is that in the real world, deterrence is not the only or even the main factor shaping nuclear arsenals. Nuclear arsenals and policies never existed in a technocratic vacuum--they are the complex products of political circumstances, rivalries, prejudices, and misconceptions.
The question, though, is not whether a reliable, safe nuclear arsenal is imaginable, but whether the political and military institutions currently setting nuclear policy are capable of building one. The evidence so far suggests they may not be. The Cold War record is not very encouraging, and neither are developments of the past several years. The United States has stubbornly refused to scrap its land-based intercontinental missiles, despite persistent problems in the US ICBM force. The US Prompt Global Strike program plows ahead despite the inevitable risks it poses. In Russia, there is virtually no discussion of the rationale for the government's massive strategic force modernization program, which will see deployment of at least three new types of ICBMs.
In the end, there is a danger that political leaders and the public will draw the wrong lesson from the history of nuclear accidents, concluding that catastrophe can be avoided with the right arsenal structure, rigorous procedures, and clever technical solutions. After all, the nuclear powers managed to muddle through the very dangerous Cold War times. But these conclusions would be mistaken. It appears that the only way to make nuclear weapons safe and secure is not to have them at all.
Comments
This is an interesting discussion. On the one hand, I believe it is time to reassess the concept of the nuclear triad and retaliatory strike instability. In the current and foreseeable strategic environment, is the redundancy provided by the current triad system really necessary?
On the other hand, there is the issue of SLBM's vs ICBM's. Hardened silo based ICBM's are by far the safest, least complex, and least expensive strategic delivery systems. By comparison, SLBM's are particularly soft targets, carried on SSBN's which are extremely complex, extremely expensive, and operate in an extremely dangerous environment where the loss of a submarine and its 16-24 SLBM's can be caused by accidents or breakdowns completely unrelated to enemy action.
Which is easier? Sink one SSBN or take out 16-24 separate ICBM silos? To say that SSBN's are more survivable than silo based systems is simply not true, particularly in 2014. For centrally located silos in both the US and Russia, a first strike is simply not possible given the available early warning systems.
SSBN's should be cut, not land based systems.
ICBMs and SLBMs seem to illustrate my point fairly well - safety of a certain system is not its inherent quality. Russia apparently manages to operate ICBMs better than the United States. But the United States seems to have a better record with its submarines.
@JonGrams
Since the US has never lost an SSBN due to any cause, how should we compute an expectation of their general reliability or susceptibility to an enemy strike?
Please explain the rationale for your assertion that a weapons system that cannot be targeted until launch is less reliable during a nuclear war than a system whose position is known exactly.
If two legs of the triad have to be cut, why would you cut the system that permits you to continue to fight after the first wave of sorties are executed?
I don't think you understand the capabilities that the US and Russia want to preserve during and after a nuclear conflict.
Do you really think that only retaining weapons which must be launched on warning is a good thing? I think it is a crazy thing. A weapon immune to enemy first-strike does not compel NCA to use it when a strike is indicated, but not verified by actual detonation.