Matt Blaze has posted a blog entry following a visit to the Titan Missile Museum
that's just south of Tucson, Arizona. It's a well written summary of the place.
Blaze talks a bit about Titan, PALs, and the "butterfly switch;" mechanisms intended to prevent an unauthorized launch. The Titan system didn't have PALs. The butterfly switch, also known as the "Coded Switch System" (CSS), authorizes the launch. PALs were first required on overseas nukes starting in 1962. Titans were never overseas, and the system was already under construction in the continental US by the time the PAL idea arose.
The PAL ("permissive action link") is a code-controlled mechanism that prevents a nuclear warhead from arming. In theory, the President sends a "launch the nukes" order that contains a coded value. This value is used to derive codes that unlock PALs on the actual weapons.
The original Titans (Titan I) were deployed starting in 1962. They used a system called the Launch Enable System (LES) to prevent unauthorized launches. According to the book Titan II
by David Stumpf and the "Missile Forum
," it seems that the LES gave the missile wing's command post a way to remotely disable a missile site. However, the mechanism could be easily bypassed by flipping circuit breakers. This led to the CSS system with the butterfly valve in the early '70s.
On CSS, there was a switch panel in the Launch Control Center and a butterfly valve on the missile itself. The valve interfered with the missile's fuel flow. To launch the missile, the crew had to receive an Emergency War Order (EWO) that contained a launch code. They looked up the launch code in their instructions and converted it in to the corresponding CSS setting. If the setting was correct, the fuel could flow and the missile could launch. Without an EWO, the launch controllers had no code and couldn't unlock the butterfly valve.
If someone tried to bypass the CSS, various mechanisms would prevent the launch. Here are the obvious ones:
- The valve kept a count of incorrect codes. If the launch personnel made too many wrong guesses, the valve locked itself. The CSS panel was monitored remotely by the wing's command post, and produced an alarm when misused.
- The valve on the missile was protected with pyrotechnics. If someone tried to fiddle with the valve (EXCEPT when in maintenance mode) the pyrotechnics would fire, and they would weld the valve shut.
Blaze has a nice photo of the CSS switch panel. There are 6 switches; each chooses one of 16 letters, yielding over 16 million combinations. There were legal "enable" settings and there was a single "maintenance" setting.
According to folks on the Missile Forum, the CSS was also used in Minuteman sites. I'm not sure how a Minuteman CSS prevented launch - there was no liquid propellant to interrupt.
Bruce Blair famously reported that for many years the Pentagon deployed PALs with a well-known unlock code
of OOOOOOOO (eight zeroes). It's certainly possible that a six-letter version of that value (six letter 'O's perhaps) could unlock butterfly switches. A former artillery officer deployed with NATO told me that during his tour many years ago, PALs on nuclear artillery shells could be mechanically bypassed. The trick was well known by senior noncoms.