GA.CJJ@Forsythe.Stanford.EDU (Clifford Johnson) (04/12/90)
From: "Clifford Johnson" <GA.CJJ@Forsythe.Stanford.EDU> Here's some responses to various replies I received that were critical of my suggestion that subs. have (time-lapse) PALs. I remain convinced the idea is essentially sound, and implementable in the latest (LF/ULF) communication techniques. (Is sonar a possibility, given the ability of whales to communicate by sonar over a thousand miles?) Note the additional idea that the time-lapse could be elongated differentially to as long as subs today expect to go without a communication from HQ. That is, the system could be implemented so that the lack of a refreshment signal initiates the 24-hour (say) time-lock lapse on the PAL only *after* a succession of actual attempts by the sub to hear the 6-hourly (say) signal. Thus, submarines under the Artic ice, or lying still for days, could be kept with their PALs in effect indefinitely. ********************** > Also, any scheme that relies on continuous reception of a signal, without > a feedback path so that headquarters can monitor the reception, can quite > probably be defeated by just cutting a wire. > First, it would be fairly easy > to fool the communications system that it didn't > get a signal (by damaging the antenna, receiver or cable) > and arm the system anyway. I think the system could be designed to make this most difficult, so as to assure that it could only happen with the knowledge of many crew members some of whom would be involved in inspection/repair/listen procedures. The system could broadcast to the entire crew a FAILURE TO RECEIVE after missing even the first 6-hourly (say) signal, and the system would have a redundant backup or three, besides being simple and robust. 24 hours is a long time to reflect and adjust. Supposing that all communications were lost for that period, that very circumstance today is de facto authorization to consider actual launch -- we wouldn't be in more risk than we are now, I propose cutting the risk of accident greatly in the normal day-to-day situation. > Second, if they do find out an attack has taken place, they > might have to wait a day to unlock the missiles, while they are > being stalked by enemy subs or contending with damage of their own. The chances of failing to destroy a hidden submarine in 24 hrs. are so great, and the damage inflicted by one (let alone several) of them is so vast (every major city wasted) that deterrence is as good as unaffected. > The main problem with broadcast PAL codes is the > danger that the 'other side' [USA, UK, USSR, PRC or > France, depending who might be using BPALs] could > acquire the codes and braoadcast them even after the > proper broadcaster has become as one with the ionosphere, > preventing the sub from retaliating Each submarine could have its own [coded] signal, separately managed, making the task of code-breaking multiple. In sum, I think the system could be designed so that deterrence was not significantly reduced. In my opinion, the theoretical chance of perfect imitation signals after a strike poses a second-order type of risk, compared to the present nonzero peacetime risk of unauthorized launch. > Unfortunately for you, anyone with knows enough on this topic to > have an informed opinion can't say a word about it. I disagree. It seems to me the technological facts are not too difficult to perceive, without knowledge of exactly what the operations are. And, we are informed that PALs don't exist on subs. > How do you propose to communicate this PAL signal to the sub? > If you think it will surface once a day to get it, think again. Can't the sub. float a just-submerged antenna, for ULF and regular radio? Communications do exist now, don't they? > Besides, how do you know there is/[isn't] a 24 hour delay The information I have is that it would take a sub. 15-30 minutes to launch, and that as a matter of *physical capability* a launch in such a time frame takes no external enabling code. (Congressional testimony.) I assume that *purely procedural* requirements impose some sort of delay -- unless an affirmative launch order is received. Imposing a day-to-day day-or-two-long time-lapse PAL need not inhibit such a launch order, by the way, although because I think that deterrence is the subs. only sane function, the 24 hour wait should be imposed in all circumstances. > I'm sure the subs would do ANYTHING as revealing as floating an > antenna. Their defense is their low (invisible) profile. So what do they do for communications? Isn't ULF good enough? Is ELF on the way? And how detectable in the vast expanse is an antenna? I'm not convinced yet that this raises a big risk of detection. A little risk, I would think, maybe very little. > Besides, if Commander Jack T. Ripper (remember him??) decided to > go off his rocker, all he has to do is NOT raise the antenna, or Jack T. Ripper needs his crew to execute launch, and his direct subordinate is even now permitted to refuse a launch order without it being counted as insubordination. Two more crew members are needed to complete the launch order issuance procedure, which the launch crews are bound to obey. But, in the event of a missed signal, which would be broadcast to all the crew, Captain Jack T. Ripper could not prevent the crew knowing that the reason for the missed signal was mechanical failure. And even if the machanical persisted, we'd merely end up in the situation we are now in all the time. The crew would be aware of the damage -- after missing the first refresh signal, there would still be many hours before the PAL would lapse, in which, of course, the mechanics would be investigated. > I admit your solution fixes the problems I saw. There are encryption > methods I am told are very hard to break, and you could create a new > code every time a sub went out [A bit of a pain if one end misrecords > its copy of the random number used to generate the encryption]. I > wonder if the PAL codes on tactical warheads varies from warhead to > warhead? I don't know. > Even with LF communications, the sub must still come near > the surface to trail a long antenna. > There is one insurmountable problem. The refreshment signal, if > it were complex at all, could not be transmitted by ELF, due to its low > data rate. What this means is that the sub would have to approach peri- > scope depth, perhaps making it considerably more vulnerable to detection I'm not convinced that a periodic 6-hour refreshment signal would be impossible to manage or require a give-away surfacing. And the rule could be, that the PALs lapse only after 4 or 5 consecutive failures-to-receive, the attempts being initiated at the sub's discretion, not necessarily in an immediate series of attempts. > Has there been some development in communication with submerged subs > that I am unaware of? Who is up-to-date on this? > Assume an Evil Power launches a nuclear strike without > warning, or even that the US wishes to launch a first strike. The > entire submarine-launched missile force would be either useless for 24 > hours, or anyone who was listening to those broadcasts would know that > we were planning something. The PALs need not reduce first strike capability if there were also an affirmative code for releasing them (which I would oppose on the ground that first strike is nuts). As for second strike, I would sure hope we already have at least 24-hour procedurally required (albeit not physically enforced) wait period for confirmation of attack. > Um, what communication system do you propose to use to send this signal? > It should preferably have high bandwidth -- so it can transmit a fairly > complex authentication code in a few minutes -- and be able to reach a > deeply-submerged submarine quite reliably. I don't think the second requirement is essential, if my idea of having the PAL laspe after 4 or 5 failures-to-receive is the method employed, each reception attempt being initiated by the sub, not necessarily in immediate succession. To: MILITARY@ATT.ATT.COM
terryr@ogicse.ogi.edu (Terry Rooker) (04/14/90)
From: terryr@ogicse.ogi.edu (Terry Rooker) In article <15509@cbnews.ATT.COM> GA.CJJ@Forsythe.Stanford.EDU (Clifford Johnson) writes: > >I think the system could be designed to make this most difficult, >so as to assure that it could only happen with the knowledge of many >crew members some of whom would be involved in inspection/repair/listen >procedures. The system could broadcast to the entire crew a FAILURE >TO RECEIVE after missing even the first 6-hourly (say) signal, and >the system would have a redundant backup or three, besides being >simple and robust. 24 hours is a long time to reflect and adjust. >Supposing that all communications were lost for that period, that >very circumstance today is de facto authorization to consider >actual launch -- we wouldn't be in more risk than we are now, I >propose cutting the risk of accident greatly in the normal >day-to-day situation. > Your system ultimately rests on the same safeguards that are in place today, the reliability of the entire crew. That is why the Personnel Relibility Program is so important. Since it has the same safeguards, it may not be worth the extra expense. Actually those in the know probably can't talk about it. Yes much of the technology is in the public domain, but there are a lot of operations research type studies that are used to varify the porposed theories. Much of that information is not going to be available. Despite all the probabilities that would go into such studies, the one area that is not quantifiable is the human link. The system relies on the coordinated action of several individuals to launch even a single warhead. A carefully thought out paln, by someone in the know can circumvent just about any elaborate safeguard you can develop. It is easier to keep as many people as possible in the loop, and have them (and others) watch for strange behavior. I have heard some really strange stories about how far the PRP goes to monitor the people that are in the loop. It seems to be the best compromise. -- Terry Rooker terryr@cse.ogi.edu
jeff@aplcomm.jhuapl.edu (JEFF NANIS ) (04/14/90)
From: jeff@aplcomm.jhuapl.edu (JEFF NANIS ) I would like to try and resolve this thread. There _is_ a bottom line (or lines): 1) SSBNs aren't going to go near the surface to receive messages on anything like a regular basis 2) The laws of physics (remember, this is *sci*.military) limit the data rate of those LF and lower frequencies that can penetrate water to a significant depth. This in turn means that a code of the complexity required to enable a PAL (assuming modern encryption algorithms - I have no official knowledge of PALs, only academic understanding of encryption) could not be transmitted over such links in an *operationally* meaningful time frame. 3) Just because something is technically feasible does not mean that it has any operational utility. As was said before: > Unfortunately for you, anyone with knows enough on this topic to > have an informed opinion can't say a word about it. Please, he's right. This problem has been thought through quite extensively by many people. There are potential alternatives being assessed. 'Nuff said. [mod.note: You're correct, of course; but a rigorous application of this standard would eliminate most of the topics in this group. I have no objection to speculative postings (guesswork, if you insist 8-) of this sort. It's part of why we're here. - Bill ] -- Jeff Nanis "You can't send me out there, jeff@aplcomm.jhuapl.edu I'm an analyst, not a field agent!" Not an official opinion which might get me put in jail.
msf@sunbow.East.Sun.COM (Mike Fischbein) (04/14/90)
From: msf@sunbow.East.Sun.COM (Mike Fischbein) Maybe I'm the who's overlooking the obvious, but I think the debates on PALs for subs are missing the point. 1) Any of the technicians who work on the systems involved, whether at ICBM silos or on FBMs, should be able to bypass a PAL. (Yes, there's the two man rule, etc. But we are discussing a hypothetical case where all those necessary for launch -- whether in a silo or a sub -- have simultaneously decided to launch regardless of outside orders). 2) Bypassing the PAL will take some amount of time. 3) Doing this in the silo will cause alarms and various notifications to other areas, presumably leading to members of other units (Air Force, Army, National Guard, State Police....) arriving and taking actions to prevent the illegal launch, or to destroy the missile on launch. 4) Doing this on a sub will cause alarms and various notifications, but they will all be on the sub. Since we are already stipulating that the crewmembers are intent on an illegal launch, they will simply ignore or disable the alarms. 5) If these alarms will have no deterrent effect (and I assume that you'd need a lot more people convinced to do a sub launch than a silo launch), what is the purpose of having them? mike Michael Fischbein, Technical Consultant, Sun Professional Services Sun Albany, NY 518-783-9613 sunbow!msf or mfischbein@east.sun.com These are my opinions and not necessarily those of any other person or organization. Save the skeet!