|
|
posted: April 13, 2025
tl;dr: No it isn’t, and that has implications for a U.S. Strategic Bitcoin Reserve...
As a child of the Cold War, I was fascinated by a recent visit to the Titan Missile Museum south of Tucson, Arizona. The museum is on the site of a decommissioned land-based nuclear missile, which was once part of a group of similar sites in southern Arizona which were part of the U.S.’s second strike nuclear capability. These sites were designed with heavy armor to hopefully survive a nuclear first strike launched by an adversary and be able to launch a retaliatory strike. The threat of a retaliatory strike would deter an adversary from launching a first strike. Given that no adversary launched a first strike while these sites were operational it achieved that goal, although it was very expensive.
A decommissioned rocket is in the silo, protected by a heavy door at the top. The site also has an underground control room mounted on huge shock absorbers, which was staffed continually for years by small teams of soldiers. If you take the tour, you get to go into the control room and see the old electronics and mechanical systems which controlled the missile. The tour guide discusses the procedure the soldiers followed for gaining access to the control room and launching the missile when given the appropriate command.
One of the challenges of nuclear missiles is getting the launch command from the President of the United States (the Commander in Chief) to the technicians who activate the launch system for each missile. The launch command itself contains very little information: it is effectively one bit, either “launch” or “don’t launch” (the default state), as the destination for each land-based missile is preset via a different process. Clearly security is of the utmost importance: you don’t want a malicious actor to be able to issue the launch command.
The control room at the Titan Missile Musuem
An ingenious solution was devised during the pre-Internet Cold War era of the 1950s and deployed at many nuclear missile sites including the one at the Titan Missile Museum. It involved dedicated radio communication channels; predetermined code words locked in multiple file cabinets with rotating locks; physical site security; small teams of soldiers isolated from the outside world and not allowed to consume any news; guns; and shoot-to-kill orders if anything went awry. No one person, other than the President who typically was thousands of miles away from southern Arizona, could take an action that would launch a missile. There were ways to detect possible attempts to penetrate the system. And it worked: no nuclear missiles have been mistakenly launched.
Now that the Internet and the Bitcoin network exist, this whole system could be replaced. The supposedly perfectly secure Bitcoin network could be used to issue the launch command to nuclear missiles. One way to do so would be to create a Bitcoin wallet for each nuclear missile and put a small amount of Bitcoin in it. Each nuclear missile monitors the Bitcoin blockchain, and when it sees Bitcoin move out of its wallet, the missile launches. This puts the launch control much closer physically to the President, and there would be just one team of personnel managing the Bitcoin wallet keys and taking actions that, upon the President’s request, would launch the missile(s). Think of the savings, D.O.G.E. would be so pleased!
The missle at the Titan Missile Musuem
Does this make you a little bit uneasy? Are you a little bit concerned that the private keys could be mishandled or even lost? That one of the people with access to them could leak them in whole or in part? That the seed phrase could be guessed? That the keys could be guessed via brute force? Or that the Bitcoin network could be commandeered via a 51% attack? Or that an adversary could develop a quantum computer before the U.S. that would break the Bitcoin network’s security? Or that there could be a fork in the Bitcoin network due to a technical issue? Or that transactions on the Bitcoin network could be rolled back and wallet contents adjusted in response to a major theft elsewhere on the network?
If you are a little bit uneasy about this, now ask yourself whether the United States should have a Strategic Bitcoin Reserve with the country’s Bitcoin managed in a digital Fort Knox. It is the same problem only worse: an adversary is more likely to want to destroy the value stored in the U.S.’s Strategic Bitcoin Reserve than launch the U.S.’s nuclear missiles. If you don’t believe that the Bitcoin network is secure enough to be used to launch nuclear missiles, then you shouldn’t believe it is secure enough to store some of the country’s reserve assets.
Related post: Attention China: How to destroy the U.S.A.’s Strategic Bitcoin Reserve