About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

GAO-23-106309 1 (2023-06-12)

handle is hein.gao/gaoott0001 and id is 1 raw text is: U.S. GOVERNMENT ACCOUNTABILITY OFFICE 441 G St. N.W. Washington, DC 20548 June 12, 2023 Congressional Addressees Nuclear Weapons Cybersecurity: Status of NNSA's Inventory and Risk Assessment Efforts for Certain Systems Within the U.S. government, the Department of Energy's (DOE) National Nuclear Security Administration (NNSA) is charged with maintaining, modernizing, and securing the nation's nuclear weapons stockpile. Digital systems are increasingly being integrated into nuclear weapons and into activities and operations across the NNSA's nuclear security enterprise.1 There is potential for these digital systems to be hacked, corrupted, or subverted by malicious actors, and NNSA has stated that securing its digital assets is an agency priority. In the context of the nuclear security enterprise, NNSA generally characterizes IT contained within a warhead or bomb, including model versions of a warhead or bomb, as nuclear weapons IT.2 An example of a nuclear weapons IT system is the weapon control unit inside the B61-12 gravity bomb.3 NNSA uses operational technologies (OT) in the processes, equipment, materials, and products employed in the production of nuclear weapons.4 Examples of OT systems include building safety systems (e.g., fire suppression systems) or an additive manufacturing system used to print polymer components. 1NNSA's nuclear security enterprise comprises a network of eight government-owned, contractor-operated national security laboratories and nuclear weapons production facilities that provide the research, development, testing, and production capabilities needed to maintain and modernize our nation's nuclear weapons stockpile and related infrastructure. 2According to NNSA officials, nuclear weapons IT is defined as the information system or components of an information system integral to a nuclear weapon; surrogates for nuclear weapons used in development, test, or training; and equipment connecting to nuclear weapons or their surrogates, including war reserve units, developmental units, weapon components, test units, trainer units, and weapon operational support equipment (e.g., systems that are directly involved in operational testing, configuration, security, and safety throughout the life cycle). 3AI1 nuclear weapons in the U.S. stockpile are designated as either a warhead or a bomb. Warheads are weapons that have certain engineering requirements because they must interface with a launch or delivery system. Bombs are weapons that do not have these interface requirements, such as gravity bombs and atomic demolition munitions (now retired and dismantled). The weapon control unit is the primary controller that provides information and detonation management functionality for gravity bombs. 4According to the Department of Energy, OT is any hardware or software that detects or causes a change through the direct monitoring or control of physical devices, processes, or events. See Department of Energy, Department of Energy Cybersecurity Program, Order 205.1 C (Washington, D.C.: Feb. 3, 2022). GAO-23-106309 Nuclear Weapons Cybersecurity Page 1

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most