Abstract:
Pakistan's nuclear program is believed to be advanced, with the country possessing an
estimated arsenal of around 165 nuclear weapons. Pakistan's nuclear infrastructure
includes hierarchical command & control structure along with an NC3 (Nuclear
Command Control & Communication) system. Its nuclear command and control structure
is believed to be centralized and tightly controlled by the National Command Authority.
The country's Strategic Plans Division (SPD), the secretariat of NCA, is responsible for
managing Pakistan's nuclear arsenal and has developed a comprehensive set of
procedures and protocols for maintaining nuclear security. Pakistan has not declared its
nuclear doctrine officially; however, it has professed to maintain a full spectrum
deterrence. The asymmetry between the tactical military strength of Pakistan and other
nuclear states has increased Pakistan’s reliance on the nuclear variable. The cold start
doctrine of India states that India will conduct surgical strikes within Pakistan while
remaining under the nuclear threshold. Cyber-attacks on Pakistani NC3 infrastructure can
be a part of the cold start doctrine. A typical NC3 infrastructure is highly networked as it
binds all the components of NC3 through communication networks. The country’s
reliance on computer networks for Command Control and Communication could make it
vulnerable to cyber-attacks that disrupt or degrade its C3 capabilities. Additionally,
integrating cyber capabilities into conventional military operations can increase the risk
of cyber escalation in a crisis. This research proposes a framework for the NC3 system
of Pakistan by integrating SAFER (Security Assessment Framework for Embedded
Device Risks) in NIST CSF (Cyber Security Framework) and integrating Cost Benefit
Analysis of cyber security investments in the tier implementation part of NIST CSF.
