Cyber-Nuclear C3 Stability of Pakistan: A Proposed Cyber Security Framework for Mitigating Cyber -Nuclear Threats

Abstract

Pakistan's nuclear program is believed to be advanced, with the country possessing an estimated arsenal of around 165 nuclear weapons. Pakistan's nuclear infrastructure includes hierarchical command & control structure along with an NC3 (Nuclear Command Control & Communication) system. Its nuclear command and control structure is believed to be centralized and tightly controlled by the National Command Authority. The country's Strategic Plans Division (SPD), the secretariat of NCA, is responsible for managing Pakistan's nuclear arsenal and has developed a comprehensive set of procedures and protocols for maintaining nuclear security. Pakistan has not declared its nuclear doctrine officially; however, it has professed to maintain a full spectrum deterrence. The asymmetry between the tactical military strength of Pakistan and other nuclear states has increased Pakistan’s reliance on the nuclear variable. The cold start doctrine of India states that India will conduct surgical strikes within Pakistan while remaining under the nuclear threshold. Cyber-attacks on Pakistani NC3 infrastructure can be a part of the cold start doctrine. A typical NC3 infrastructure is highly networked as it binds all the components of NC3 through communication networks. The country’s reliance on computer networks for Command Control and Communication could make it vulnerable to cyber-attacks that disrupt or degrade its C3 capabilities. Additionally, integrating cyber capabilities into conventional military operations can increase the risk of cyber escalation in a crisis. This research proposes a framework for the NC3 system of Pakistan by integrating SAFER (Security Assessment Framework for Embedded Device Risks) in NIST CSF (Cyber Security Framework) and integrating Cost Benefit Analysis of cyber security investments in the tier implementation part of NIST CSF.