Return to Home
Goto Next Section Target Practice

Nuclear Nike Launch Authentication Procedures

This is a work in early process/progress - sadly not coherent :-((

Table of Contents

Dan DeCosta < sandidande @ cox . net > e-mailed - Jan 2014
... can you possibly tell me what the Chain of Command was for these batteries from USAF/Air Defense Command through to the Launching Officer ...

A friend of mine and I recently attended an open house at SF-88 North of San Francisco which was very impressive. However there was no emphasis, or even mention, of the safety procedures utilized in the deployment of nuclear weapons – which is something I think the general public would be interested (and re-assured) in knowing.

The initial impression I received (and again I could be wrong) was that the missile simply got run out on the rails and after receiving a “fire order” the missile was fired. Maybe because I know certain details I was looking for more than the Volunteers felt was necessary to present to the general public. Please understand I’m not complaining. The open house was incredible – but I am curious!

As a retired US Navy Officer/designated: Nuclear Weapons Currier, Nuclear Weapons Loading Officer, Nuclear Weapons Loading Officer Instructor, and P-3 “Orion” Mission Commander certified to employ nuclear weapons, I had a few questions about the “authentication procedures” used in the deployment of the Nike Nuclear Missiles. My friend and I have some debate over the answer we were given and what he has researched (and he knows A LOT).

I did ask the question later about “two man rule” launches and the situation about different site personnel having different launch keys and being properly separated – which was answered. But the proper authentication procedures – as I was taught them and also instructed them, seemed to conflict with the opinion of both my friend and the volunteer who provided a very brief (and in my opinion incorrect) answer.

I looked at your site (as it is very well know by “Nike Folks” and highly respected by the SF-88 Volunteer Team) and I could not find any reference (and that doesn’t mean it wasn’t there somewhere) about were the nuclear safeguard procedures used to properly authenticate that nuclear weapons were authorized to be used – “two man rule” procedures, site nuclear security area (which was very different from general security ie “exclusion areas,” etc.) that was absolutely required in every case for the transportation, storage, and deployment of ALL nuclear weapons. These were standardized by the DoD for all services- or at least that is what was pounded into me during my experiences.

I did find on your site and read the “Guarding Nuclear Hercs Overseas, from Charles Everett December 2007 C Team, 35th USAAD, 1983 - 1985, 3/26th German FlaRak (Nike)” on the “Launcher Area” subsection, Paragraph 3 (“Surrounded by Two Stout Fences…..”) where Mr. Everett eludes very briefly to:

“A daily site check was also made of the security perimeter of the launching area to include operational lighting, height of grass, condition of perimeter fencing, alertness of tower personnel. All nuclear release codes were in a two man safe and required a "B" and "A" side (NCO, E-5 and above and Officer). The safe had two tumblers - one man knew one combination, the other man had the other combination.”
This indicates to me that nuclear weapons launch authorization codes, after being transmitted to the site by the chain of command, were in fact verified as “authentic” by at least TWO members of the LAUNCH SITE CREW – as would have been proper under “the rules.” I was told, and am trying to be persuaded, that those codes were verified higher in the chain of command at a “command center” that was not on site; orders to fire were issued to the launch crews from there; and the authorization codes (two) for the deployment of nuclear weapons were not verified at the site by the Missile Officer who fires, and at least one other person E-5 and above. I am having great difficulty believing that based on my knowledge. It may be true, but it would certainly be a deviation/departure from the absolute standards for deploying nuclear weapons.

So, long story short, can you possibly tell me what the Chain of Command was for these batteries from USAF/Air Defense Command through to the Launching Officer, including where in that chain of command the launch authorization codes for nuclear weapons were verified, by whom, and confirm that they were actually at the launch site on at a remote location such as a “Command Center”?

That procedure and information might make a very interesting subsection on your site!

Dan DeCosta e-mailed the group, hoping to - Prime The Pump
Perhaps I can help jar some memories out there by “priming the pump” with how that verification was handled on Navy P3 aircraft – in both its tactical and strategic missions. One of the most accurate accounts of the basic procedure was demonstrated in the movie “Crimson Tide” with Gene Hackman.

The P3 ASW (Anti Submarine Warfare) aircraft was configured to carry the Mk-61 (B61) nuclear “depth bomb” that was basically the same as the other b61 configurations but set for a subsurface blast. When carried, there was a locked metal box with two pad locks. The Navigator/Communicator carried one key and the co-pilot the second. These weapons would only be loaded and carried in DEFCON 2 or higher readiness. When flying strategic ASW missions (against SLBM submarines on patrol off CONUS) special USAF radio frequencies were monitored by the Navigator/Communicator AND the Co-pilot, which somewhat regularly (at least every 15 minutes) relayed various scrambled three letter and five letter “word groups.” When the critical word group was encountered, it was a signal that the verification for the use of Nuclear weapons would follow.

At that point, the Navigator would take the box to the cockpit, would unlock his pad lock in conjunction with the co pilot and his. They would remove two “snap cards” from separate compartments in the box, break the cards in half, and pull out a paper with a series of alpha/numeric characters on it (like opening a fortune cookie). They would then monitor the critical authenticator message and BOTH would write down and verify that the message had sent the correct authorization code.

At that point, if the crew was holding contact on the hostile submarine, the Nuclear Weapons Checklist would be conducted between the Pilot in Command, and the Tactical Coordinator (usually the Mission Commander) who was located at his station further aft in the aircraft. The Nuclear Weapons Armament panel was located at the Tactical Coordinators station. However, in order to arm and drop the weapon, the Pilot in Command had to turn on the Master Arm Switch in the cockpit at the same time the Tactical Coordinator turned on the Arm Weapon Switch.

Then the Pilot in Command would open the bomb bay doors (B61s were NEVER carried on external racks specifically for this reason as they could be selected and dropped by the Tactical Coordinator alone – unarmed of course, but that was still considered “deployment” of a nuclear weapon). In conjunction with the Nuclear Weapons Checklist, the Tactical Coordinator would select the bomb bay weapons station the bomb was on, and when appropriate, drop the weapon. The flight station had no provisions to drop the weapon EXCEPT with an emergency jettison in which case it would also go out unarmed. Two man rule throughout the entire authentication and drop procedures.

Of interesting note, the Nuclear Weapons Checklists (2) accompanied the weapon from the storage facility, and was used to “accept” the weapon from the curriers (at least 2 men); load the weapon on the aircraft (which was conducted by the Co-pilot, Navigator/Communicator, aircrew ordnance man, the in-flight technician, and two ground ordnance man – all in pairs and never out of sight of the other); and then was taken aboard the aircraft and continued to arm/drop procedure as well – it was one single continuous checklist.

Even though this was an aircraft drop, much the same as in the USAF bombers, the codes were verified on board the aircraft by at least two people and the weapon was readied and launched by at least two people who by the nature of the equipment location, had to be some distance (in the P3C is was about 8 ft) apart.

When flying TACTICAL ASW (ie in conjunction with an Aircraft Carrier Battle Group or other friendly surface units in geographical areas where the threat was not to CONUS) the procedures were the same except the frequencies monitored and the codes would be passed from CINCPAC through the appropriate USAF subordinate command (ie US Air Forces Pacific) simply because they had the communications equipment to do it. Oddly, just as a matter of interest, the word groups were almost always sent on the High Frequency bands in the “clear” (unencrypted) as the code themselves were the encryption.

Ed, if we can gather enough credible information and find a few references, I would be happy to author a paper regarding the “Nuclear Safety” which you could ad to the site if desired.

I’ll keep digging!

Thanks again


"John Federico" < pjfed @ mindspring . com >
Here's some additional clarification on the 2014 post concerning Nuclear Nike Launch Authentication Procedures:

We know the the authority to order the use of nuclear weapons rests with the President of the United States. POTUS delegates that authority down the operation chain of command to the unit having custody of nuclear weapons . calling on past experience and using US Army Europe (USAEUR) as an example and given that normal tactical communications are up and running:

  1. The National Command Authority (NCA) when directed by the POTUS, would pass nuclear release, employment and in some cases stockpile verification of warheads directives to the US European Command (USEUCOM) via the Emergency Action Message System (EMAS). This system is comprised of secure voice communications, sealed authenticator cards, and other means of passing and authenticating nuclear orders.

  2. The EUCOM Command Center would in turn relay valid, authenticated orders to the USAEUR Emergency Operations Center (EOC) who would forward groups of alpha numerics characters to the Army unit having custody of nuclear weapons. The EMAS authenticator cards (or cookies as affectionately named by the troops) are stored in a two-man controlled safe. The "A" side lock is opened by a duty officer and the "B" side is opened by an NCO graded E-5 or above. Alpha-numerics passed down by the USAEUR EOC identify the proper sealed "Cookie" to be opened. When opened the authentication values are verified by both individuals and the release and employment orders are executed. In the case of Nike Hercules, this action would also include removing the Safe Plug from the W31 warhead cartridge assembly and installing the Arm Plug necessary to complete nuclear employment of that system.

  3. EUCOM could relay war orders directly to the unit having custody should normal communications be disrupted.

  4. It's important to note that this process was continually under two-man control from the time POTUS accesses the nuclear football until the missile leaves the launcher heading towards the target.
Hope this won't further muddy the water.
Blazing Skies,
John Federico
MW4, US Army (Ret)

Updated through March 2016