NC3 Next Will Improve Nuke Cyber Defenses, Says STRATCOM

WASHINGTON: Strategic Command (STRATCOM) “will have some very good news” to report to a Congress worried that the critical Nuclear Command, Control and Communications (NC3) network suffered cyber vulnerabilities, Adm. Charles Richard told me this evening.

The 2021 National Defense Authorization Act (NDAA), which President Trump unsuccessfully tried to veto, raised the alarm about the cyber resiliency of the complex NC3 network of radios, satellites, computers and terminals that link the president and national leaders to the nuclear forces. It called for a sweeping report that includes a schedule, resourcing plan, and a concept of operations for improving cybersecurity — as well as a roles and missions review of who should be doing what with regard to protections.

“I welcome that language inside the NDAA,” Richard said during a Defense Writers Group event this evening, noting that Congress is particularly focused on how the NC3 network operates and is defended. “There is a very visible endorsement of the importance of NC3 and the steps that we have to go do. I look forward to providing that report to Congress, because we’re already doing all of that: we already have that concept; we already have those responsibilities defined. And so it’s simply a matter of writing it all down and reporting it to Congress.”

Asked whether the recent SolarWinds hack by Russia that has compromised numerous federal computer networks affected NC3, Richard said he hasn’t seen any malware or compromised operations: “My NC3 systems are fully mission capable.”

He explained that the computer systems behind the NC3 network simply work differently than most other US government systems.

“The bottom line is, NC3 is different. And it operates in relative isolation — we operate the systems differently,” Richard said. “So, no, I don’t have the same threat vectors that the larger federal government does when it comes to this particular threat.”

Further, STRATCOM’s program to upgrade the NC3 network, called NC3 Next, “will provide new and additional capabilities related to cyber defense,” he added.

That said, Richard explained that NC3 Next “is not a thing,” but a rolling initiative over time of improvements to all aspects of the complex network. NC3-related radios and terminals are embedded in some 62 different systems and platforms — from satellites such as the Advanced Extremely High Frequency (AEHF) for hardened and encrypted strategic communications to nuclear submarines to the E-4B National Airborne Operations Center (NAOC) aircraft known as the “Doomsday” planes. Most of those systems are ancient in information technology years, with many dating back to the 1980s pre-Internet era.

While he was unable to provide many details due to its classified nature, Richard said the current program of record funded in DoD’s five-year budget plan covers what is called “NC3 Increment One” in the evolutionary cycle. That first set of improvements “improves our posture in space and improves hardness to emerging cyber and cryptographic threats.” It also moves STRATCOM away from dependency on incompatible legacy systems “which in effect also improves this capability.” Finally, the Increment One also “starts to give me the ability to dynamically reconfigure” software — including cybersecurity software — to provide more resiliency, he said.

The next iteration, NC3 Increment 2, will involve improvements based on STRATCOM experiments and a new CONOPS developed during the NC3 Increment One, he said.

One of the attributes of the evolutionary approach to NC3 Next, Richard noted, is that STRATCOM can “iteratively move our way forward in a much faster update rate than you do with delivery platforms.”