Nuclear Weapons in Mission Impossible: Ghost Protocol

Jan 12, 2012

By Eli Jacobs

Mission Impossible: Ghost Protocol opened several weeks ago to great popular reception and critical acclaim. The movie features Ethan Hunt’s attempt to prevent a terrorist mastermind named Hendricks from starting a nuclear war by hacking Russian command and control. Upon seeing the movie, I was quite curious about the accuracy of its depiction of Russian nuclear systems. Unsurprisingly, this question has received relatively little attention in policy or other circles. What follows are my thoughts on two major components of this issue. And this post is full of SPOILERS so if you haven’t seen the movie yet, beware.
Russian Command and Control
In Ghost Protocol, Hendricks steals a nuclear briefcase from the Kremlin, buys Russian launch codes from an assassin, and then secures usage of a former Soviet military satellite to send a phony launch order to the commander of a Russian nuclear submarine. That commander radios back to confirm the order and, upon phony confirmation, launches a nuclear missile at San Francisco.
So, would such a sequence be possible in reality? Certain parts would be. For example, there exist three nuclear briefcases in Russia, carried by the president, defense minister, and the chief of the General Staff Command Post. The president can use this briefcase to send a permission code (likely the launch codes in Ghost Protocol), which enables a nuclear strike. While it is unlikely that a missing briefcase would go unnoticed, I’ll let this detail pass due to the chaos that would likely ensue after bombing the Kremlin.
Three other components of this sequence, however, are not so faithful to the reality of what’s known about Russian nuclear command and control. First, the person who enters a permission code into the briefcase (assumed to be the president of Russia, but actually Hendricks) does not communicate directly with nuclear missile commanders. Instead, the president conveys the order to attack to the General Staff, which disseminates launch codes, unblocking codes, and the war plan to missile operators. This system exists in part because Russia’s political leadership, despite choosing when to fight a nuclear war, does not dictate how it will be fought. Targeting, timing of launches, and other factors related to nuclear warfighting fall under the purview of the Russian military. Hendricks, with the possession of the briefcase and permission codes, had the authority to order a nuclear strike, but not by talking directly with a Russian nuclear submarine commander.
Second, nuclear missile operators do not ask for confirmation before launching. Typically commanders are ordered to go on alert in the early stages of the crisis. Given the bombing of the Kremlin and the tension between the U.S. and Russia, it’s easy to believe that this would have occurred in the movie. However, upon receiving the launch order, the missile commander compares the launch code against a copy kept in a safe aboard a submarine or in a silo. The commander then launches without any further contact with those who authorized the attack; only an explicit reversal of earlier orders can prevent the launch. This may seem extremely dangerous, but it’s a process designed to maximize the probability of successfully retaliating against enemy attack. Confirmation signals introduce complications – such as a broken radio or compromised General Staff Command Post – that may jeopardize Russia’s ability to retaliate.
Third, a military satellite is not needed to send a launch order using a nuclear briefcase. Each nuclear briefcase is part of a mobile communications system that connects the relevant actors in the event of a crisis. It is possible, however, that the satellite was necessary to cut the other two people with nuclear briefcases – the defense minister and chief of the General Staff – out of the decision-making loop. This could explain why Hendricks went out of his way to travel to India and purchase the use of a former Soviet missile satellite, but not why Ethan Hunt knew that such a satellite was necessary to implementing Hendricks’ plan.
One alternate possibility is that Hendricks, in addition to stealing the nuclear briefcase, hacked into the General Staff Command Post. That would explain both the satellite (to override the General Staff signal) and direct communication with the nuclear submarine commander. However, if this were the case, it would make the briefcase detail redundant, since (I think) the General Staff has the capability, though not the authority, to order a nuclear attack without receiving permission codes from the president. More importantly, it would require two distinct codes: launch authorization codes and unblocking codes. No one expert could confirm the validity of two different codes, as Leonid Lisenker was coerced into doing in Ghost Protocol.
Whatever the case, the take-away here is that command and control is crucially important. Too often people think of nuclear weapons only in terms of the warhead and delivery vehicle. This misses the extremely complex, constantly-alert command and control network, which oversees the operation of those weapons. The United States must ensure, for example, that George W. Bush, flying around in Air Force One after being interrupted in a classroom by news of the terrorist attacks of September 11, is able to be in contact with crucial advisors, decision-makers, and military commanders, despite the fear that the Decision Room may be vulnerable. Similarly, the Russians must design a plan that allows for nuclear retaliation even if the president is incapacitated, out of the country, or otherwise unable to give the launch order. These elements are a crucial component of wielding an effective nuclear weapons capability.
In Ghost Protocol, Tom Cruise deactivates the Russian warhead mere seconds before detonation, as it hits a building in San Francisco. The bomb falls harmlessly into the Bay, and is quickly fished out and covered up by the government.
This situation would be impossible in reality, for two reasons. First, nuclear weapons flying at major cities detonate at least one thousand feet above the ground in order to spread their destructive energy over a larger area. The nuclear weapons dropped on Hiroshima and Nagasaki, for instance, used this technique, called air burst. Detonating a warhead closer to the ground concentrates a bomb’s destructive energy more intensively – ideal for attacks against a hardened military target such as a missile silo, but less ideal for destroying a soft target like a city. The Russian warhead, targeting San Francisco, certainly would have detonated before it reached the altitude at which Tom Cruise deactivated it.
Second, and more importantly, no such destruct-after-launch technology exists. A RAND study proposes that the United States and Russia jointly pursue such technology in order to bolster crisis stability and give more decision time. This report endorses midcourse deactivation, similar to that employed by Ethan Hunt in Ghost Protocol. Another author suggests that such an approach would be too controversial. Rather than active deactivation capability, he advocates passive deactivation – where a nearby signal must confirm the intentional launch of a missile in order to prevent it from detonating as soon as it goes airborne. Importantly, this technology aims to solve a different problem: that of unauthorized launch rather than crisis instability.
Why are these technologies so controversial? It’s because they introduce one additional point at which an adversary could interfere with a nuclear attack. Nuclear states are loath to include a feature on their nuclear warheads that allows for their deactivation, especially as cyber warfare capabilities become more advanced. Such a feature could be hacked by an adversary, destroying the effectiveness of that country’s nuclear deterrent. The takeaway here is that the goal of preventing accidents takes a serious backseat to attempts to increase the probability of effective nuclear delivery.
Eli Jacobs is a research intern for the Project on Nuclear Issues. The views expressed above are his own and do not necessarily reflect those of the Center for Strategic and International Studies or the Project on Nuclear Issues.

Launch codes


Great post! I walked out of the movie saying many (but far from all) of the same things. Good to know I'm not the only Russian nuclear C2 junkie out there.

Another point which you could consider adding is the fact that 'launch codes' (authorization codes/unblocking codes) are changed on a regular basis. In the US, new codes are generated by the NSA, and I believe this is done roughly weekly. The situation is similar in Russia, but new codes are disseminated with somewhat less frequency.

There are also provisions for rapidly changing these codes in the event that current ones are lost or stolen, so if you're a crazy psychopath bent on instigating global thermonuclear holocaust, you'd probably better come up with a better plan. Talk about Mission Impossible!

Me? I'd just go with the classic Bruce Blair spoon and string method. But then that'd make a lame movie...



great post. the tallest building in san francisco is <1000 feet too, so assuming that he sent the abort command nearly at that instant where it hit the building, the ending is probably just his dream like the ending to the movie version of minority report