Software Bugs Go Nuclear

Abstract

In nuclear weapons, software testing cannot meet the high standards for weapon security, safety, and reliability - specifically, the Walske criteria that require the weapons have no more than a one-in-a-billion chance of producing an accidental yield under routine conditions, and no more than a one-in-a-million chance in abnormal environments (for example, in a fire). The new risks that result from digital design will thus require changes in the basic approach to both weapon design and testing. This requires two fundamental changes to the current approach. First, test weapons and real weapons should be nearly identical - this means designing weapons systems to include test equipment like embedded sensors. Second, weapons should be designed with mathematically analyzable software that makes it possible to perform more rigorous and exhaustive digital testing than is currently possible. These two recommendations add up to a single, fundamental change in approach to nuclear weapon design: programs need to "design for test." Weapons with embedded software and firmware cannot meet the Walske criteria without a design-for-test approach.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 01, 2021
Accession Number
AD1204602

Entities

People

  • Laura W. Epifanovskaya

Organizations

  • Institute for Defense Analyses

Tags

Communities of Interest

  • Counter WMD
  • Cyber
  • Human Systems
  • Weapons Technologies

DTIC Thesaurus Topics

  • Abstracts
  • Computer Programming
  • Computer Programs
  • Control Systems
  • Cybersecurity
  • Debugging
  • Department Of Defense
  • Engineers
  • Environment
  • Nuclear Weapons
  • Reliability
  • Security
  • Software Development
  • Software Testing
  • Standards
  • Test And Evaluation
  • Test Equipment
  • United States
  • Weapons

Readers

  • Critical Infrastructure Protection in CBRN and WMD Threats.
  • Software Engineering
  • Theoretical Analysis.