Join 3,557 readers in helping fund MetaFilter (Hide)


That's amazing. I've got the same combination on my luggage.
December 2, 2013 6:11 AM   Subscribe

During the height of the Cold War, the US military put such an emphasis on a rapid response to an attack on American soil, that to minimize any foreseeable delay in launching a nuclear missile, for nearly two decades they intentionally set the launch codes at every silo in the US to 8 zeroes.
posted by Chrysostom (68 comments total) 35 users marked this as a favorite

 
Efficient and effective for sure.
posted by OhSusannah at 6:16 AM on December 2, 2013


That's the kind of code an idiot would have on his luggage
posted by grobstein at 6:17 AM on December 2, 2013 [14 favorites]


And here I thought that Kubrick thing was pretty scary.
posted by dogheart at 6:19 AM on December 2, 2013 [4 favorites]


Hey! Be nice.
posted by Kirth Gerson at 6:20 AM on December 2, 2013


Came for the luggage joke, left satisfied.
posted by elizardbits at 6:20 AM on December 2, 2013 [22 favorites]


Now that you know the passscode, all you have to do is find your way to the control center. It's down the twisty corridor, just past the multiple guard posts each with shoot-to-kill orders.
posted by ardgedee at 6:20 AM on December 2, 2013 [6 favorites]


Jesus fucking Christ.

But hey, I'm sure they're all working in our best interests now.
posted by empath at 6:21 AM on December 2, 2013 [3 favorites]


Scary, but as far as I am concerned if these locks are made to be unlocked at all they are too insecure.
posted by dirtdirt at 6:22 AM on December 2, 2013 [8 favorites]


Now that you know the passscode, all you have to do is find your way to the control center. It's down the twisty corridor, just past the multiple guard posts each with shoot-to-kill orders.

But they've been leaving the doors open, so there is that.
posted by Pogo_Fuzzybutt at 6:24 AM on December 2, 2013 [1 favorite]


The code is more complex now but they keep it written on a Post-it note stuck to the monitor.
posted by bondcliff at 6:27 AM on December 2, 2013 [31 favorites]


These civilian commanders are just getting in the way of killing people. Surely there's a better way of setting up a government???
posted by bleep at 6:28 AM on December 2, 2013 [1 favorite]


What is the source for this information (other than todayifoundout.com)?
posted by goethean at 6:31 AM on December 2, 2013 [6 favorites]


OK, this has always bugged me: were there really two keys, like in the movie "Wargames"?

I am a child of the 70s/80s, and that movie made a big impression on me. The scene of two airmen in the missle silo and the "Turn your key, sir!" line -- showing the permissive action link required before entering the codes -- freaked me out a bit. I have heard that a Russian apparently saved the world from nuclear holocaust at one point by not entering his launch codes, but were there really two keys in two consoles next to the silos all over North Dakota?

Thank you for allowing me to ask this long-pent-up question.
posted by wenestvedt at 6:31 AM on December 2, 2013 [2 favorites]


Curtis LeMay is one of those people who belongs on an "Enemies of Humanity" list.

Now that you know the passscode, all you have to do is find your way to the control center. It's down the twisty corridor, just past the multiple guard posts each with shoot-to-kill orders.

They're not intended to prevent random pinheads from launching nukes. They're intended to prevent the launch crews and their superiors, up to the head of SAC, from launching their nukes unless they've been ordered by the president to launch the nukes.

Permissive action links are neat, and one of the few bits of nuclear weapons technology that the US actively shared with the USSR (and others).

If we believe wikipedia, the UK's SLBMs are relatively unsecured and a sub crew that's gone bonkers can launch their weapons on their own.
posted by ROU_Xenophobe at 6:31 AM on December 2, 2013 [2 favorites]


When I delivered pizzas in the '80s, you could get into almost any "secure" apartment complex in State College, PA using either "0000" or "1234" on the keypad at the door.
posted by octothorpe at 6:32 AM on December 2, 2013 [2 favorites]


this has always bugged me: were there really two keys, like in the movie "Wargames"?

Basically, yes, I think there are really two switches that need to be turned together. You can learn all this, and much more, at the Minuteman Missile National Historic Site, where you can take a tour of the underground "capsule" and the aboveground living quarters.

If you're in South Dakota it's worth the trip!
posted by me & my monkey at 6:35 AM on December 2, 2013 [14 favorites]


Command and Control, discussed here, is FULL of stuff like this. It is indeed pure dumb luck that we aren't all dead.
posted by Artw at 6:35 AM on December 2, 2013 [10 favorites]


I read this earlier today.
Had I known this I would have invented new sleep disorderes in the 80s.

Now that you know the passscode, all you have to do is find your way to the control center. It's down the twisty corridor, just past the multiple guard posts each with shoot-to-kill orders.

And the Grue.
posted by Mezentian at 6:38 AM on December 2, 2013 [7 favorites]


I have heard that a Russian apparently saved the world from nuclear holocaust at one point by not entering his launch codes

A little more complicated than that, but mostly true: Stanislav Petrov.
posted by Dr Dracator at 6:41 AM on December 2, 2013 [5 favorites]


What is the source for this information (other than todayifoundout.com)?

In addition to the articles and such directly mentioned in the body of the piece, if you look at the bottom there's an expandable list of sources with links.
posted by Narrative Priorities at 6:44 AM on December 2, 2013 [5 favorites]


Holy shit.
posted by zarq at 6:44 AM on December 2, 2013 [1 favorite]


Well, it is a zero sum game.
posted by weapons-grade pandemonium at 6:49 AM on December 2, 2013 [13 favorites]


Command and Control, discussed here, is FULL of stuff like this. It is indeed pure dumb luck that we aren't all dead.

And is a really, really good read for children of the Cold War like me.
posted by MartinWisse at 6:49 AM on December 2, 2013 [5 favorites]


Now that you know the passscode, all you have to do is find your way to the control center. It's down the twisty corridor, just past the multiple guard posts each with shoot-to-kill orders.

False.
Dr. Blair, whose resume to date is far to long to write out here, is the one who broke this "8 zeros" news to the world in his 2004 article "Keeping Presidents in the Nuclear Dark." He also outlined the significant disconnect between the nation's elected leaders and the military when it came to nuclear weapons during the Cold War.

Dr. Blair had previously made waves in 1977 when he wrote another article entitled "The Terrorist Threat to World Nuclear Programs". He had first attempted to communicate the serious security problems at the nuclear silos to congressmen starting around 1973. When that information fell on mostly deaf ears, he decided to outline it for the public in this 1977 article where he described how just four people acting in tandem could easily activate a nuclear launch in the silos he had worked in. Further, amongst other things, the PAL system McNamara had touted was barely in operation and thus launches could be authorised by anyone without Presidential authority. He also noted how virtually anyone who asked for permission to tour the launch facility was granted it with little to no background checks performed. It is, perhaps, not coincidence that the PAL systems were all activated and the codes changed the same year this article was published.
Perhaps a second of looking things up before the letting that macho pro-militarist reflex take over.
posted by mhoye at 6:52 AM on December 2, 2013 [15 favorites]


You can learn all this, and much more, at the Minuteman Missile National Historic Site, where you can take a tour of the underground "capsule" and the aboveground living quarters.

Great to see that they've expanded it so much. We stopped by in 2008 when there was a cyclone fence enclosing a silo roofed in glass so you could peer into it, an armored off-road vehicle used for commuting around the desert from silo to silo checking on intruder alerts that were usually triggered by wildlife, and not much else. At the time you could dial a number and get an explanatory spiel from your cell phone, but we were lucky enough to run into the park ranger assigned to the site (Ranger Cody), who talked us through some of the history and was very enthusiastic about future plans.
posted by jon1270 at 6:56 AM on December 2, 2013 [1 favorite]


Now that you know the passscode, all you have to do is find your way to the control center. It's down the twisty corridor, just past the multiple guard posts each with shoot-to-kill orders

Just carry a clipboard, look nerdy and say in a dispirited voice "IT sent me, the major forgot his twitter password again".
posted by sammyo at 6:57 AM on December 2, 2013 [14 favorites]


The password is "USA"
posted by thelonius at 7:00 AM on December 2, 2013 [1 favorite]


Metafilter Evolution: It is indeed pure dumb luck that we aren't all dead.
posted by Blue_Villain at 7:01 AM on December 2, 2013


No, no, no. You go down the corridor with a clipboard and if stopped say:

"Hi! Sorry to bother you, I'm Klaus Hergensheimer, G section... checking radiation shields."
posted by GallonOfAlan at 7:01 AM on December 2, 2013 [4 favorites]


What is the source for this information (other than todayifoundout.com)?

In addition to the articles and such directly mentioned in the body of the piece, if you look at the bottom there's an expandable list of sources with links.


The 2004 article claimed to be the source is not linked to, nor is where the article published explained to us.
posted by Ironmouth at 7:02 AM on December 2, 2013 [1 favorite]


On a different scale, you could register Windows NT with all 1's. That lead to an interesting call with tech support, when my brother read off the serial number without thinking about it.
posted by filthy light thief at 7:04 AM on December 2, 2013 [2 favorites]


Yeah, one of the great ideas. IIRC, Bobby McNamara was the one who insisted on PALs across the force, but Lemay was worried about the time to transmit them, so they set them to 00000000 and there was actually items on the checklists to make sure they stayed set that way and were set that way before launch.

PALs were less critical on the land based ICBM force, which were in fixed locations in securely guarded areas, than they were on the bomber and sub based ICBM force, where you were literally down to just two guys with the ability to fire the weapons. note I said "less critical" not "unimportant" okay? For the record, you needed more than two to fire a minuteman -- you had two guys in a control center, and both had to turn keys within one second of each other, but you had two command centers, and both had to turn keys within a short time to actually fire missiles. There were many people who managed to waltz into a missile control center, because they'd give tours to the one closes to the front gates. But you had to get to the other one as well before you could launch, and you had to be there at the same time -- and it was several miles away.

SAC was dumb at times, but SAC was not full of complete and utter idiots. They had some, but what organization of that size doesn't?

Nowadays, all weapons have PALs, and they do more than just allow activation. There are multiple codes on selectable yield weapons (yes, "dial-a-yeild" is the term of art, yay), and there's the kill code -- you dial in the kill code and pull the T-handle, and the weapon will fire several components inside out of order to basically make itself impossible to fire. After that, you need to completely rebuild the weapon to make it work again. It's the nuclear equivalent of spiking the cannon. You still don't want to lose it -- there's the matter of the pit, which is the holy grail of arms control, the actual fissionable materials -- but in terms of immediate use, even if you had the PAL, after the kill code is in, the weapon will not work, period.

Attempting to fire a weapon without a valid PAL also disables it, but it won't disable until it gets a fire order.

One thing I don't fully understand is the keyring issues. You don't want all the PALs the same, but that means you need to very carefully track which weapon is on which vehicle. This is easier on ICBMs, which don't move from their silos much, but is hard on bombers. You don't want to write the PALs on the bombs, and you don't want identical PALs, with the possible exception of the kill code, which you probably want everyone in the force to have memorized.

So, if you're sending up PALs on order, you need one hell of an inventory system to make sure you send the right ones to the right place, or nothing works. That's what worries me, and I'm sure that sort of worry is exactly one of the reasons why SAC went with 00000000 at first.
posted by eriko at 7:06 AM on December 2, 2013 [25 favorites]


Great to see that they've expanded it so much.

Yeah, they did a pretty good job. I went a few months ago. Unfortunately, the elevator to the capsule broke down, but that's generally included on the tour. The aboveground section, mostly living quarters, is pretty interesting too because of the retro decor. And the video tour of the capsule covers a lot of detail.
posted by me & my monkey at 7:11 AM on December 2, 2013


The 2004 article claimed to be the source is not linked to, nor is where the article published explained to us.

Keeping Presidents in the Nuclear Dark

I used my highly specialized training as a librarian to find it--I Googled it.
posted by Horace Rumpole at 7:11 AM on December 2, 2013 [7 favorites]


Ironmouth: "The 2004 article claimed to be the source is not linked to, nor is where the article published explained to us."

It was published in the newsletter of the Center for Defense Information. The author served as a Minuteman launch officer and has written extensively on defense issues. The original (brief) article is now offline, but here is a copy at Reddit.
posted by Chrysostom at 7:12 AM on December 2, 2013 [1 favorite]


They changed it to O-P-E, right?
posted by Mister_A at 7:37 AM on December 2, 2013 [8 favorites]


Yet more viral marketing for Fallout 4.
posted by The Whelk at 7:40 AM on December 2, 2013 [1 favorite]


On the one hand, I want to test all of the door pad / lock codes at the Pentagon. On the other hand, it wouldn't be worth the 150 years in prison.
posted by dances_with_sneetches at 7:43 AM on December 2, 2013 [1 favorite]


The terrifying part of this is the way the military commanders ignored their orders and deliberately circumvented a required safety measure.

Meanwhile, in current times, our nuclear missile force is suffering severe morale problems. Turns out being responsible for world-ending weapons is depressing, particularly if you also believe your job doesn't really matter because no one will ever use your weapons. So hey, prop the door open and watch some porn.
posted by Nelson at 7:48 AM on December 2, 2013 [4 favorites]


Pffft, that's high tech! UK nukes were "protected by bike lock keys", er, and two screws.
posted by AFII at 7:59 AM on December 2, 2013 [1 favorite]


I don't mind them propping open the door and watching porn. But I'd be concerned if they were listening to a broadcaster who deemed the Affordable Care Act a defacto military surrender to the Warsaw Pact.
posted by surplus at 8:01 AM on December 2, 2013 [2 favorites]


What? There is no Warsaw pact! Did someone actually say that?
posted by Mister_A at 8:03 AM on December 2, 2013


So, if you're sending up PALs on order, you need one hell of an inventory system to make sure you send the right ones to the right place, or nothing works.

Yes, this is true.

There is a really strict chain-of-custody thing that happens with nuclear weapons. In part this is for reasons you'd expect: access control, determining who is responsible for it at a particular time, etc. But it's also to ensure that information about which weapon is installed/deployed/stored where is tracked appropriately.

This is one of the reasons why the "oopsie" involving the nuclear weapons that went on a cross-country jaunt in a B-52 back in 2007 was such a big deal. In part it's for expected reasons: having nuclear weapons in a plane, flying over the United States, is a hazard. Planes can and do crash, blow up, etc. and that's bad when there's a bunch of fissionable materials inside them. But it's also bad because it demonstrates a failure of the inventory-management program that is supposed to know exactly which weapons are where, all the time. Because if you don't know that -- if you don't know, down to the individual 'physics package' and its associated PAL, which one is where -- then you can't make them go boom if they need to.

If we believe wikipedia, the UK's SLBMs are relatively unsecured and a sub crew that's gone bonkers can launch their weapons on their own.

I don't know if this is currently true but it was true during the Cold War and into the 1990s at least. The British, Soviets, and Americans all took different stances on the devolution of control over nuclear weapons. The British stance was not unreasonable given the pressures they were under.

At least on the naval side, the UK felt comfortable placing full control of the weapons in the submarine crews' hands. (Not in a single person, but split up among the crew, probably the captain and XO or weapons officer, I assume.) This allows them to be a viable second-strike platform, since they can't be disabled via a decapitation attack on the UK itself. Given the UK's proximity to the USSR, this was a real threat: the UK wouldn't have the luxury of a ~20 minute warning of impending doom like the continental US would, in which to send out the final order to submarines; they could easily only have a few minutes notice.

In some ways, giving the submarine crews the ability to launch could actually be viewed as a stabilizing influence on nuclear strategy. Without that ability, the British submarines could only be reliably used as a first-strike weapon against the Soviets. They wouldn't be defensive in that case, but purely offensive.

The Soviets pursued a similar goal with their Perimeter system (aka the "Dead Hand"), which could and apparently still can launch their land-based ICBM force in the case of a decapitation strike against the Russian (née Soviet) leadership. And similarly, while on the surface it seems like a terrible idea, the perverse logic of nuclear brinksmanship actually means that it might have been stabilizing. The existence of the Perimeter system may have given the Soviet leadership the confidence necessary to not consider a first strike, since they were secure in the knowledge that their second strike would happen. Absent that, there is a huge incentive to shoot first.

What's interesting, from a systems perspective, is that the British and USSR were faced with essentially the same problem, but solved it in two very different ways. The Soviets trusted technology, and built a complex doomsday device using special rockets and coded radio transmissions; the British trusted people, and trained a relatively small number of people (their submarine crews) to take on the responsibility of a second strike should the need arise.
posted by Kadin2048 at 8:05 AM on December 2, 2013 [19 favorites]


So, if you're sending up PALs on order, you need one hell of an inventory system...

You're damn right they need one hell of an inventory system to manage nuclear devices.
posted by furtive at 8:19 AM on December 2, 2013 [1 favorite]


In April a crew member was found "derelict in his duties in that he left the blast door open in order to receive a food delivery from the onsite chef" while the other crew member was on an authorized sleep break, Air Force spokesman Lt. Col. John Sheets said in a statement.

Candygram for Mongo...
posted by Pudhoho at 8:36 AM on December 2, 2013 [4 favorites]


One thing I don't fully understand is the keyring issues. You don't want all the PALs the same, but that means you need to very carefully track which weapon is on which vehicle.

This is an interesting thought, but I'm not so sure I'd assume that you would need to key each PAL individually. It's a bandwidth issue; the entire nuclear command and control system is designed to fire a large number of weapons in a short period of time over low bandwidth links, and I can't see how you would design that system in a way without either adding unacceptable overhead or adding a relatively meaningless measure of security. E.g., having some sort of code-expansion step at the Pentagon is a massive centralization issue and a massive bandwidth issue, but the alternative of having each launcher know the warhead-specific code doesn't seem to add any security.

Thinking about this for all of ten seconds, my guess is that you want a cryptographic system where each launcher has some uniqueness in decoding and verifying messages, but not necessarily each weapon. The launcher crew would still have to obtain the PAL code from the order to launch, but the broadcasting of that order wouldn't necessarily give all launchers everywhere the capability to fire.

This is all wild speculation, so don't take my guesses too seriously. But keep in mind that most discussion about nuclear command and control is largely speculation, even more so than the details of the weapons themselves. Here's the best source I know of for less-speculative information on PALs.
posted by kiltedtaco at 8:40 AM on December 2, 2013 [2 favorites]


1, 1, 1, uhhhhh 1
posted by randomkeystrike at 8:45 AM on December 2, 2013


One, er, interesting aspect of the dual key system on early US ICBMs was the latching relay. That's an electromechanical switch that, once it's been powered on, keeps itself on even if the initialising power goes away. Basically, it has a set of contacts that, once closed, supply power to the coil that pulls them closed. Once you've had both keys turned properly, you want to fire your rocket come what may, after all.

However, the latching relay was mounted behind the front panel, equidistant from the two keys. A sharp tap to the panel at just the right place could bounce the coil energising contacts just enough that they engaged, the relay latched, and off ya go. No keys required...

(I haven't seen the circuit for this and am travelling, so can't get at the book where I read this and can't provide a reference. Would appreciate an online source if anyone reading knows one. A quick Google failed, although apparently I can "Buy ICBM at Amazon - Low Prices on ICBM‎".)
posted by Devonian at 8:47 AM on December 2, 2013 [2 favorites]


FTFA:
And so the “secret unlock code” during the height of the nuclear crises of the Cold War remained constant at OOOOOOOO.
Coincidentally, "OOOOOOOO" is what I said after I read this, with hands clapped to my head à la Munch's Scream.
posted by wenestvedt at 8:49 AM on December 2, 2013 [3 favorites]


A quick Google failed, although apparently I can "Buy ICBM at Amazon - Low Prices on ICBM‎".

Do not pay the five bucks for express delivery.
posted by Etrigan at 9:06 AM on December 2, 2013 [45 favorites]


Nowadays, all weapons have PALs, and they do more than just allow activation.

They're also reported to have environmental sensors such that the weapon will refuse to detonate unless it experiences more or less what it expects to -- so for an ICBM, it should experience multi-gee acceleration, and then some range of time in free-fall during which it should see stars, and then more gees in the other direction while it gets really hot. I've seen others argue that they're less environmental sensors and more physical stages of arming that can only happen then -- this part has to get crushed by multigee acceleration as one part of arming, this other stage has to happen in free fall.

And if you try to take them apart, they're reportedly designed to irretrievably break themselves. Though you could always take the core out, or gather it up from where the nuke spewed it in an intentional misdetonation, and use it for a wholly new weapon.
posted by ROU_Xenophobe at 10:19 AM on December 2, 2013


Though you could always take the core out, or gather it up from where the nuke spewed it in an intentional misdetonation, and use it for a wholly new weapon.

So is it reasonable to assume every ICBM has a black box in it too, and a transponder?
posted by furtive at 10:31 AM on December 2, 2013


so for an ICBM, it should experience multi-gee acceleration, and then some range of time in free-fall during which it should see stars, and then more gees in the other direction while it gets really hot.

There's a "that's what she said" joke in there somewhere.
posted by yoink at 10:34 AM on December 2, 2013 [2 favorites]


the perverse logic of nuclear brinksmanship actually means that it might have been stabilizing
Mutually Assured Destruction leads to a lot of perverse bits of logic like this.

The nuclear arms race? Nobody built warheads by the thousands because they actually wanted to be able to destroy the world 10 times over; we built warheads by the thousands to make it impossible to destroy them all in a first strike, ensuring that there would be enough warheads left to deter such a strike.

Some of the opposition to anti-missile system development and civil defense preparations had a similar motivation. Sure, once a nuke was actually in-flight you'd have to be a monster to not want to shoot it down or at least reduce the number of people it killed. But if you start to prepare those defenses, it looks like you're trying to take the "mutually assured" out of "destruction", which is (weak) evidence that you're considering a first strike, which forces everybody to be on even more of a hair trigger, which makes it more likely that a war would start by accident or by miscalculation.

And of course while many pacifists were arguing against protecting civilians from nuclear weapons, many warmongers were arguing against dropping our own nuclear weapons on even purely military targets. Nobody used a nuke in Korea for the same reason that we stopped fighting at the 38th parallel in Korea - not because there's something comparatively moral about hundreds of thousands of deaths via conventional weapons or because there's some inherent significance to 38 pi/180 radians, but because a good way to prevent a natural continuous escalation of hostility is to create artificial discontinuous rules around easily recognized Schelling points.
posted by roystgnr at 10:51 AM on December 2, 2013 [1 favorite]


The nuclear arms race? Nobody built warheads by the thousands because they actually wanted to be able to destroy the world 10 times over; we built warheads by the thousands to make it impossible to destroy them all in a first strike, ensuring that there would be enough warheads left to deter such a strike.

That was the theory, but in reality the US e.g. got its 1,000 Minuteman ICBMS because it was a 'round number" according to McNamara, while inter services rivalry led to army, air force and navy all pursuing their own nuclear projects.

Meanwhile the Single Integrated Operations Plan was far less rational than it supposed to be too, over saturating worthless targets, targeting sometimes just to use up bombs and far less flexible than has been US policy since the early sixties. If war has broken out, the US would still have launched its entire arsenal as soon as it was clear the war was going nuclear.

However, it wasn't all doom and gloom. As the 2006 roundtable organised by the Parallel History Project on Cooperative Security, the Military Planning for European Theatre Conflict during the Cold War seminar makes clear, from at least 1984-1985 neither the NATO nor Warsawpact took the threat of war serious anymore (PDF), while before that, both coalitions only prepared for a defensive war and both realised that an offensive war would mean nuclear annihilation and wasn't worth it. This when NATO's biggest fear was always that the Soviets would gamble and try and win the race to the Rhine or the Channel, then hope the US would blink and not risk its own country to save Bonn or Brussels....
posted by MartinWisse at 11:21 AM on December 2, 2013


E.g., having some sort of code-expansion step at the Pentagon is a massive centralization issue and a massive bandwidth issue, but the alternative of having each launcher know the warhead-specific code doesn't seem to add any security.

There is a definite security advantage to not using the same PAL code for every weapon, because you don't want leakage of a single PAL code (e.g. from the people at Pantex who assemble them) to suddenly compromise the entire arsenal, or cause the entire arsenal to have to be sent back to Pantex for rekeying. Modifying a weapon's PAL is intentionally difficult, after all, so you want to limit the scenarios in which a PAL code might need to be changed during the lifecycle of the weapon.

And the expansion step basically already exists, in the sense that the "go" order has to be expanded out from the President and on down the chain of command.

There isn't very much declassified information on this, at least that I've ever seen, but it's not like the President issues the order directly to the commander of each nuclear weapon system individually. There are intermediate levels in the command chain that the order has to go through. I believe that the progression would be something like:

POTUS + SECDEF (who togeher constitute the National Command Authority) ->
Chairman of the JCS ->
some poor bastard at the NMCC who gets to transmit the EAM ->
nuclear-capable Major Commands (MACOMs) ->
individual units.

There's significant expansion at the NMCC level from a single order to execute all or part of the SIOP (now OPPLAN 810), into the Emergency Action Messages, and possibly further expansion at the MACOM level out to individual units.

The only EAMs I've ever seen are drill ones, which contain an authentication code (matched to a physical token, the red thing in the photo) but no launch code(s).

But if we take the recipient of that test message -- the USS Alaska -- as an example, a full launch could theoretically be 192 nuclear weapons (24 Trident IIs * 8 weapons per missile if not prohibited by treaty). That would admittedly be a lot of codes to punch in. So a compromise, which I think might be closer to reality, is that PAL codes for the individual weapons are stored in encrypted form in the launch system somewhere, and the "launch code" decrypts them and allows them to be used to arm the weapons.

Alternately, various groups of weapons could share the same PAL code; e.g. all Trident II warheads, distinct from ACM warheads, etc. That would mitigate some of the risk of a PAL leakage but also not cause a failure to arm if someone mounted the wrong individual weapon in the wrong place during an alert.

Interesting stuff to think about, at any rate.
posted by Kadin2048 at 11:57 AM on December 2, 2013 [2 favorites]


However, it wasn't all doom and gloom. As the 2006 roundtable organised by the Parallel History Project on Cooperative Security, the Military Planning for European Theatre Conflict during the Cold War seminar makes clear, from at least 1984-1985 neither the NATO nor Warsawpact took the threat of war serious anymore (PDF), while before that, both coalitions only prepared for a defensive war and both realised that an offensive war would mean nuclear annihilation and wasn't worth it. This when NATO's biggest fear was always that the Soviets would gamble and try and win the race to the Rhine or the Channel, then hope the US would blink and not risk its own country to save Bonn or Brussels....

Soviet strategy of the time was strategically defensive but operationally offensive. Which is to say, the Soviets planned to only fight when there was a threat to their area of domination, but when the war came, the Soviet strategy was to fight it on the other side's territory. See The Making of Soviet Strategy, C. Rice, p. 648-676, Makers of Modern Strategy, P. Paret Ed. (1986).

As for not taking the threat of war seriously in 1984-85, I find that those positions laid out in your source forget Able Archer was only 7 weeks before 1984 started and perhaps the oral histories presented may not be really presenting things as they were but as they were remembered or as might be important to their respective governments.
posted by Ironmouth at 12:37 PM on December 2, 2013 [1 favorite]


Why not something simple like "1-7-3-4-6-7-3-2-1-4-7-6-Charlie-3-2-7-8-9-7-7-7-6-4-3-Tango-7-3-2-Victor-7-3-1-1-7-8-8-8-7-3-2-4-7-6-7-8-9-7-6-4-3-7-6"? If it's good enough for the transporter controls, it's good enough for me!
posted by blue_beetle at 12:40 PM on December 2, 2013 [1 favorite]


0118 999 881 99 9119 7253 or GTFO.
posted by Etrigan at 12:45 PM on December 2, 2013 [4 favorites]


to minimize any foreseeable delay in launching a nuclear missile, for nearly two decades they intentionally set the launch codes at every silo in the US to 8 zeroes.

You dial 0-0-0-0-0-0-0, and when I say so, dial 0 again.
posted by kirkaracha at 12:52 PM on December 2, 2013


It's JPE 1704 TKS.
posted by Chrysostom at 12:59 PM on December 2, 2013


They're also reported to have environmental sensors such that the weapon will refuse to detonate unless it experiences more or less what it expects to

They've had that for a long time. Daniel Ellisberg reported that in the 1961 Goldsboro B-52 crash, where a B-52 broke up in mid-air, one of the two Mk-39 bombs sensed the crash as a legitimate drop, and it matched all the parameters of a falling bomb, so all the environmental safeties cleared.

The reason that Goldsboro, NC is still around? The Safe/Arm switch was in safe at the time of the crash, and the bomb didn't get an "arm" sense before it was ejected from the aircraft, so it didn't arm the actual firing trigger and it didn't fire.* But if that switch had been hit, or somehow, an arm signal been sent? Then that weapon would have fired when it reached the detonation altitude, and the Mk 39 was a 3.8 megaton two-tage thermonuclear weapon.

The very earliest weapons were basically very dangerous -- if Fat Man had filled with seawater, it would have gone critical, and might have gone prompt critical. Step one of the after war effort by the labs was to turn what were emergency weapons that were almost as likely to kill the deployers into actual weapons that only went off when they were told to.

Environmental triggers that sense the actual path a weapon would travel between deploy and triggering were one answer, but this accident made it clear they weren't enough. Better arm/safe signals were the next answer. Now, instead of a simple voltage signal, now the arm signal is a combination of codes, one of which is the PAL code, and it has to be sent just before weapons release -- so if you arm and do nothing, the weapon disarms and you have to resend the signal.

And, to be honest, in *all* the nuclear weapons states, they've done this very well. There's been no evidence whatsoever that a weapon has accidentally detonated -- and it's not like you're going to hide something on the order of a 160kt explosion, never mind the megaton monsters they used to stockpile. Part of this is things like the Goldsboro crash, where people realized they'd come too close to a real accident, and part of this was apparently some completely frank back-channel discussions between the nuclear weapons states about how they'd just about screwed up that badly and how you might want to look at your own weapons and figure out how not to do what we almost just did making everybody's arsenal's safer.

Yes, they were doing that. Bizarre, I know. But, be honest, what about the entire nuclear weapons race/Cold War wasn't bizarre?


* The fun part is what happened to the second bomb. It didn't pop a chute, hit the mud at 700mph, and buried itself in deep. They tried to dig it out, but water kept pouring in. They got the the plutonium core and tritium bottle out, and the electronics, but the DU core around the secondary is still down there, some 180' below the surface near Goldsboro. The USACE owns the land now.
posted by eriko at 1:07 PM on December 2, 2013 [4 favorites]


As for not taking the threat of war seriously in 1984-85, I find that those positions laid out in your source forget Able Archer was only 7 weeks before 1984 started

People were concerned about Able Archer, but on the Soviet side that was the political leadership, not the military commanders at the sharp end, if that round table can be trusted.
posted by MartinWisse at 1:16 PM on December 2, 2013


this part has to get crushed by multigee acceleration as one part of arming, this other stage has to happen in free fall.

This is actually a very simple and effective mechanism, in principle, and when I was in the army taking my mortarman's course, was told that it was the primary arming mechanism for mortar rounds after the safety pin had been pulled out. It involved a wax seal and a ball bearing.
posted by fatbird at 1:58 PM on December 2, 2013 [1 favorite]


The system is locked in a state of perpetual insanity. Game theory has tied a knot which moral reasoning cannot undo. Since the problem cannot be solved on a systemic level, the only hope is that one or more individuals within the system has enough sanity to prevent an actual launch from occurring.

I choose to believe that every President of the last thirty years has made a private vow to never authorize a nuclear strike, even in retaliation. Not because I think this is true, but because it allows me to sleep at night.

Alternatively, it's nice to imagine that someone within the system—someone with the opportunity and a modicum of moral sense—has secretly sabotaged a critical point in the launch chain. The appearance of threat is all that ever mattered. The actual threat serves no purpose in itself.
posted by dephlogisticated at 3:04 PM on December 2, 2013 [2 favorites]


For a really great read about all of the above, I recommend Command and Control, by Eric Schlosser.

edit: whoops, missed that it was pointed out upstream, so: nthing.
posted by scolbath at 4:11 PM on December 2, 2013 [1 favorite]


Kadin2048: "The Soviets trusted technology, and built a complex doomsday device using special rockets and coded radio transmissions; the British trusted people, and trained a relatively small number of people (their submarine crews) to take on the responsibility of a second strike should the need arise."

Considering the relative rates of defection that makes sense.
posted by Mitheral at 8:13 PM on December 2, 2013


The best way to ensure that a bomb does not go off when you don't want it to is to make it susceptible to phenomenology.
posted by A Thousand Baited Hooks at 2:02 AM on December 3, 2013


« Older How to be a feminist according to stock photograph...  |  The teenagers’ experience demo... Newer »


This thread has been archived and is closed to new comments