In the 1983 movie WarGames, the fictional W.O.P.R. succeeds in hacking NORAD’s launch code, revealed to be “CPE1704TKS.” National security experts at the time reassured the public that the movie was a work of fiction and that the nation’s nuclear arsenal was much more secure than portrayed in the Hollywood drama.
If one nuclear security expert is to be believed, “CPE1704TKS” is infinitely preferable to the actual code that was in place for over 15 years.
In the early days of the Nuclear Age, no effective safeguards prevented the unauthorized use of nuclear weapons. Each of the nation’s nukes was under the direct control of the commanding officer of the unit that held the weapon.
As the number and the explosive yield of weapons grew, military and government officials worried about the consequences of someone using a weapon without authorization from the president. This problem was compounded by the deployment of missiles around the world, in places such as West Germany and Turkey, where a change in government or invasion by the Soviets could place the weapons in the hands of the USA’s enemies.
In June 1962, President John F. Kennedy signed the National Security Action Memorandum number 160. The directive ordered the installation of Permissive Action Links (PALs) on all U.S. nuclear weapons in Europe. While not technically a “launch code,” a PAL is defined by the U.S. Department of Defense as:
A device included in or attached to a nuclear weapon system to preclude arming and/or launching until the insertion of a prescribed discrete code or combination. It may include equipment and cabling external to the weapon or weapon system to activate components within the weapon or weapon system.
The earliest PALs took the form of combination locks that prevented the firing triggers from being activated. To remove the lock and make use of the weapon, the secret combination number would have to be used.
Kennedy’s order was carried out and completed by September 1962 for $23 million. Those who had been concerned about America’s nukes falling into the wrong hands could breathe a collective sigh of relief.
Of course, this all assumes that the secure code to unlock the weapons was actually secure. In other words, it had to be a number that was not easy to figure out, and the knowledge of which was limited to just a select handful of people.
In 2004, Bruce Blair, a nuclear security expert at Princeton University and former launch officer, revealed that the “ultra-secret and secure” code for the nuclear arsenal was no better than today’s discredited practice of using “password” as an online password. In his column, Blair revealed that the code was simply eight zeroes: “00000000”.
He reported that officials at Strategic Air Command resisted the installation of PALs, fearing that they would unnecessarily slow down or prevent a nuclear response in an emergency situation. When JFK ordered the installation of PALs, Strategic Air Command complied but set the code on all of the locks to all zeroes.
He said this practice remained in effect at least through the mid-1970s. He wrote that during his stint as a Minuteman launch officer, “Our launch checklist in fact instructed us, the firing crew, to double-check the locking panel in our underground launch bunker to ensure that no digits other than zero had been inadvertently dialed into the panel.”
Although Blair referenced the lack of security on nuclear weapons in a 1977 article and again in greater detail in 2004, it wasn’t until 2013 that the disturbing revelation went viral. This prompted Congress to demand an explanation from the Pentagon. The official response insists, “A code consisting of eight zeroes has never been used to enable a MM ICBM, as claimed by Dr. Bruce Blair.”
The military’s response to Congress also states that upon the direction of the president, two “separate and distinct processes are required to launch an ICBM.” First, the missile must be enabled, or “unlocked,” it says. The enabled missile must then be commanded to launch from two separate launch control centers, using a series of codes that are not stored in the control centers.
Blair, who has testified before Congress on nuclear policy, stands by his story. He says the military’s response is misleading at best and disingenuous at worst.
Jeffrey Lewis, director of the East Asia Nonproliferation Program at the Monterey Institute for International Studies, reviewed information from Blair and said, “[He] is correct about the major historical narrative at stake – the United States Air Force, particularly Strategic Air Command, generally resisted the introduction of technical safeguards out of concerns that such measures might make it more difficult to use the weapons in the event of a conflict. Like many other practices of the period… the Air Force’s emphasis on readiness at the expense of safety at that time seems, admittedly with the benefit of hindsight, unwise in the extreme.”
Whether the security of the weapons was a string of zeroes or not, we can be assured that is not the practice today. A sophisticated command-and-control network insures that nuclear weapons are released only upon the command of the president.
This assumes, of course, that the president hasn’t accidentally sent his launch code to the dry cleaner.