NTI at 20: Page Stoutland on Getting Ahead of Cyber Nuclear Threats

Page Stoutland joined NTI in 2010 after ten years at Lawrence Livermore National Laboratory, where he held a number of senior positions—including director of strategy and division leader for radiological & nuclear countermeasures—and was instrumental in developing and leading the lab’s programs in support of the post-9/11 homeland security effort. He now serves as NTI vice president for Scientific and Technical Affairs. His team focuses on a host of nuclear security challenges including understanding the risks and benefits of emerging technologies, developing strategies to strengthen cybersecurity for weapons systems and at facilities, and exploring use of publicly available information for detection of illicit nuclear activities.

Over the course of this year, as NTI marks its 20th anniversary, our experts will share some reflections on two decades of working to build a safer world—accomplishments and challenges, lessons learned along the way, visions for the future. Today, we hear from Stoutland, who holds a doctorate in chemistry from the University of California and also served at the Department of Energy as director of its Chemical and Biological National Security Program.

You joined NTI after years in academia and working at our country’s national labs, which are known as incubators of scientific innovation and research. Why did you take the leap to an NGO?

I had been at the labs for nearly 20 years and had also spent four years in government. I understood how those organizations contributed to a range of national security issues, but also understood their shortcomings. For example, neither the government nor the labs are particularly nimble. I thought at the time (and it turned out to be true) that NTI might be a place where I could try some new ideas. I was also attracted by NTI’s perspective on the value of international engagement. For example, we’ve had very productive engagements with both Russian and Chinese experts and officials on a number of topics, including nuclear materials security. In another project, we worked with a partner organization to assess and rank nuclear security around the world; that was only possible because we’re an independent organization.

Your work as vice president of Scientific and Technical Affairs seems to take on more importance every year, maybe every month at this point, as we are unquestionably in the middle of a scientific and technological revolution. What kinds of risks do today’s technological leaps pose to our nuclear weapons systems and facilities?

New technologies bring new risks, but also the possibility of reducing risks. A few years ago, we did an assessment of a number of new technologies and how they might affect nuclear security. One of the areas that rose to the top was so-called “cyber” technology. While nuclear weapons and related systems are well secured, it was clear to us that the threat would continue to grow and that as systems were modernized there would be even more exposure. This is known as a larger attack surface. Recent cyber events (not nuclear related) have demonstrated that essentially nothing is secure and that even nuclear weapons systems could be compromised. We released a report a couple of years ago putting forward an initial set of recommendations, and we’re currently in the midst of a US-Russia Track 2 engagement to develop additional recommendations for risk reduction.

Are the world’s governments, military leaders, and nuclear facility operators prepared to handle fast-moving technological developments, such as those in artificial intelligence, coming at them?

In short, no. It’s always difficult to adapt to new technologies, but the pace of development is so high that our organizations struggle to adapt. This is true of the private sector, but particularly the government, which tends to be a bit slower, at least initially.

How can an organization like NTI help?

I think NTI can play at least a couple of roles in understanding and then addressing new risks. First, because of our non-government status and that we’re a relatively small organization, we can easily engage a range of partners and can shift our focus relatively quickly. Secondly, we have a great international network, and this is not a problem that the U.S. will be able to solve by itself. International engagement, particulary with Russia and China will be essential as we work to develop new “rules of the road” and other risk-reduction measures.

A specific example might be the Cyber-Nuclear Forum that we created. In one of our projects, we learned that a key challenge for the global civilian nuclear industry is finding the expertise needed to secure digital control systems (such as in a nuclear power plant) from cyber attack. Recognizing that this is most acute in countries without a long history of operating nuclear facilities, we created a Forum that brings together cyber-nuclear experts from around the world to share operating experience and to develop a network that can be called upon if needed.

Is it possible to get ahead and stay ahead of the potential risks to nuclear weapons and facilities?

If we’re strategic about this, I think so. For example, we really need to work on securing the supply chain—this will not be easy or inexpensive, but will be needed for critical systems. In some areas, we may need to consider implementing non-digital, analog systems in lieu of digital systems that are not hackable. This won’t be easy, either, but we may have to go there.