ZERO-DAYS AFF
Thanks to Alex M., Camelia, Christina, Dylan, Eugenia, Kalen, Jackie, Jasmine, and Tristen for all of their hard
work!
#GHJPXX
NOTES
Feel free to email me (khirn10@gmail.com) if you have any questions about the aff/neg.
AFF BACKGROUND
Please read this. It will answer 90% of your questions. This aff would be fairly confusing to
anyone who hasn’t read about zero-day vulnerabilities or exploits, but it only takes a few
minutes to learn the basic background behind the aff.
Who or what is a “zero-day”? Is this some kind of weird K aff?
Zetter 14 [Kim, award-winning journalist who covers cybercrime and security for Wired, “Hacker Lexicon:
What Is A Zero Day,” Wired, April 15, 2014, http://www.wired.com/2014/04/obama-zero-day/]
ZERO DAY ACTUALLY refers to two things—a zero-day vulnerability or a zero-day exploit .
Zero-day vulnerability refers to a security hole in software—such as browser software or operating system
software—that is yet unknown to the software maker or to antivirus vendors . This means the
vulnerability is also not yet publicly known , though it may already be known by attackers who are quietly
exploiting it. Because zero day vulnerabilities are unknown to software vendors and to antivirus firms, there is
no patch available yet to fix the hole and generally no antivirus signatures to detect the exploit, though
sometimes antivirus scanners can still detect a zero day using heuristics (behavior-tracking algorithms that
spot suspicious or malicious behavior).
Zero-day exploit refers to code that attackers use to take advantage of a zero-day vulnerability. They use the
exploit code to slip through the hole in the software and plant a virus, Trojan horse or other malware onto a
computer or device. It’s similar to a thief slipping through a broken or unlocked window to get into a house.
Okay. Why is it called a zero-day?
Zetter 14 [Kim, award-winning journalist who covers cybercrime and security for Wired, “Hacker Lexicon:
What Is A Zero Day,” Wired, April 15, 2014, http://www.wired.com/2014/04/obama-zero-day/]
The term “zero-day” refers to the number of days that the software vendor has known about the hole. The term
apparently originated in the days of digital bulletin boards, or BBSs, when it referred to the number of days
since a new software program had been released to the public. Zero day software was unreleased software and
was highly coveted by hackers who wanted to be the first to obtain it.
How many of these zero-days are out there?
Zetter 14 [Kim, award-winning journalist who covers cybercrime and security for Wired, “Hacker Lexicon:
What Is A Zero Day,” Wired, April 15, 2014, http://www.wired.com/2014/04/obama-zero-day/]
Zero day vulnerabilities used to be extremely rare. Out of more than a million pieces of malware security firms
discovered and processed each month, only about one or two were zero-day exploit code. These days, however,
more zero days are being used and discovered. That’s in part due to the emergence of a large market for
buying and selling zero-day vulnerabilities and exploits, driven largely by the demand from
government intelligence agencies .
What does any of this have to do with surveillance?
Mick 13 [Jason, news editor and columnist for the leading science and technology online publication, “Tax and
Spy: How the NSA Can Hack Any American, Stores Data 15 Years,” DailyTech, December 31, 2013,
http://www.dailytech.com/Tax+and+Spy+How+the+NSA+Can+Hack+Any+American+Stores+Data+15+Year
s/article34010.htm]
According to him, the
NSA has zero day vulnerabilities on hand that allow it to penetrate virtually any Wi-Fi router,
Windows PC, external storage device, server, tablet, or smartphone.
Rather than give this data to private sector firms to offer increased security to users, the NSA turns
around and exploits these flaws to spy on everyone
-- sort of a digital equivalent of "sometimes you have to burn a village to
save it."
The NSA calls its attack toolkit "FOXACID". FOXACID is packed with "QUANTUM" tools, which are NSA's digital
lockpicks. Like many clumsy picks, they can damage the lock they attack, but it appears the NSA isn't terribly concerned about that.
There’s a market for zero-days? Where can I get them?
Zetter 14 [Kim, award-winning journalist who covers cybercrime and security for Wired, “Hacker Lexicon:
What Is A Zero Day,” Wired, April 15, 2014, http://www.wired.com/2014/04/obama-zero-day/]
The zero-day market has three parts. These include the black underground market where criminal hackers
trade in exploit code and vulnerability information to break into systems and steal passwords and credit card
numbers; the white market , which encompasses the bug bounty programs where researchers and hackers
disclose vulnerability information to vendors, in exchange for money, so the holes can be fixed—this market
includes security companies that purchase zero-day exploits to use in their penetration-testing products to
determine if a customer’s system is vulnerable to attack; and the “gray” market , where researchers and
companies, some of them military defense contractors, sell zero-day exploits and vulnerability information to
militaries, intelligence agencies and law enforcement to use for surveillance and offensive computer
operations .
What have they been used for?
Zetter 14 [Kim, award-winning journalist who covers cybercrime and security for Wired, “Hacker Lexicon:
What Is A Zero Day,” Wired, April 15, 2014, http://www.wired.com/2014/04/obama-zero-day/]
Some of the most famous attacks that used zero-day exploits are:
Stuxnet —a virus/worm that targeted computers in Iran’s uranium enrichment plant at Natanz and used
five zero-day exploits to spread and gain privileged access on systems. Though one of the vulnerabilities
was patched by Microsoft before the attackers could unleash their code, so technically, at the time Stuxnet was
discovered, it was using only four zero-days.
Aurora —in 2010 hackers believed to be from China broke into Google, Adobe, and more than a dozen other
companies using a zero-day vulnerability found in several versions of Microsoft’s Internet Explorer browser
software. The attackers were targeting, at least in part, Google’s source code—possibly to study it and discover
additional zero-day vulnerabilities for future use. The group behind those attacks is still active and has been
caught using at least eight other zero-day exploits since then.
What is our current policy regarding these vulnerabilities?
Zetter 14 [Kim, award-winning journalist who covers cybercrime, civil liberties, privacy, and security for
Wired, “Obama: NSA must reveal bugs like Heartbleed, unless they help the NSA,” Wired, April, 2014,
http://www.wired.com/2014/04/obama-zero-day/]
AFTER YEARS OF studied silence on the government’s secret and controversial use of security vulnerabilities,
the White House has finally acknowledged that the NSA and other agencies exploit some of the software holes
they uncover, rather than disclose them to vendors to be fixed .
The acknowledgement comes in a news report indicating that President Obama decided in January that from
now on any time the NSA discovers a major flaw in software, it must disclose the vulnerability to vendors and
others so that it can be patched, according to the New York Times.
But Obama included a major loophole in his decision, which falls far short of recommendations made by
a presidential review board last December: According to Obama, any flaws that have “a clear national security
or law enforcement” use can be kept secret and exploited .
This, of course, gives the government wide latitude to remain silent on critical flaws like the recent
Heartbleed vulnerability if the NSA, FBI, or other government agencies can justify their exploitation .
PLAN TEXT/MECHANISM BACKGROUND
The most common reform regarding zero-day vulnerabilities that anti-surveillance advocates push for is to
have the NSA disclose zero-day’s to relevant vendors (basically, the firm/organization that released the
software and antivirus vendors that have the proper clearances to deal with software vulnerabilities from that
company, common ones being McAfee, Norton, etc.) The solvency cards all assume this disclosure mechanism.
There are two versions of the plan that attempt to contrive topical methods to do the plan, each of which has
advantages and disadvantages.
Version 1: The United States federal government should substantially curtail its domestic
surveillance using computer software vulnerabilities or exploits unknown to relevant vendors.
This version of the plan, which simply reduces surveillance activities that use zero-day vulnerabilities, is
definitively topical, but it may not solve the aff. There are two solvency flaws in this text that negative teams
can exploit:
1. “Surveillance” --- although surveillance is a major use for zero-day vulnerabilities, it is not the only one.
Cyber capabilities, which the aff would ideally like to reduce, may be able to continue as usual…. There is a card
in solvency under “2ac surveillance solves” that attempts to answer this claim most specifically by saying that
surveillance is a prerequisite to cyberweapons (i.e. disruptive cyber operations), which means that disallowing
surveillance is tantamount to disallowing cyberweapons.
2. “Domestic surveillance” --- the aff basically has the same problem that PRISM affs have by using the word
“domestic.” If “domestic electronic surveillance” limits the targets of surveillance in any meaningful way, the
NSA can presumably keep zero-day’s as long as they’re targeting non-domestic persons.
That being said, even if the neg wins either of those arguments (and I don’t think they’re necessarily easy
victories), the aff can probably still disclose enough vulnerabilities to solve the corporate trust internal links.
Version 2: The United States federal government should substantially curtail its domestic
surveillance of computer software vulnerabilities or exploits unknown to relevant vendors.
This version, with a very precise definition of terms, is a way of topically phrasing the proposal discussed above
(disclosure of vulnerabilities). My reading of this sentence’s functional meaning is basically “the NSA/other
agencies should stop acquiring and maintaining their current cache of zero-day vulnerabilities/exploits.”
How is this topical? Well, define “domestic surveillance” as “acquiring nonpublic information about U.S.
persons.” Given that:
1) “U.S. persons” includes corporations; and
2) “Nonpublic information” includes “intellectual property.”
3) Zero-day vulnerabilities/exploits are “intellectual property.”
As a result, it could be argued that disclosing zero-day vulnerabilities to corporations would definitionally
curtail the USFG (e.g. NSA)’s acquisition of nonpublic information (zero-day’s, which are intellectual property)
of U.S. persons (corporations).
One last note about the aff: the DA and CP sections of the file may not appear particularly robust, but the case
sections have more than enough material to answer the cyberdeterrence DA and oversight/regulation CP. Some
assembly may be required, but most of the aff advocate’s responses to those proposals are represented in the
file.
1AC
1AC INHERENCY
Obama announced that the US would disclose zero-day vulnerabilities, or unknown software
flaws, to their vendors --- but loopholes allow the NSA to stockpile zero-days and jeopardize
widespread cybersecurity
Soghoian and Roubini 2015 (Chris Soghoian, Principal Technologist and Senior Policy Analyst, American
Civil Liberties Union Speech, Privacy, and Technology Project & Sonia Roubini, ACLU Speech, Privacy, and
Technology Project, “Feds Refuse to Release Documents on “Zero-Day” Security Exploits”, March 3, 2015,
https://www.aclu.org/blog/feds-refuse-release-documents-zero-day-security-exploits)//CLi
Federal agencies served with a Freedom of Information Act request are refusing to release documents related to their purchase, use and disclosure of
zero-day exploits, keeping the American public in the dark about a practice that leaves the Internet and its users less secure. Zero-day exploits are special
software programs that take advantage of security vulnerabilities in software that are unknown to the software’s manufacturer. These exploits are
frequently used by intelligence agencies and the military as well as, we suspect, by federal law enforcement agencies. But they can be used by any
hackers, whether they work for the U.S. government, a foreign government, a criminal group, or anyone else. Zero-day vulnerabilities and
the tools that exploit them are extremely powerful, because there is very little that potential targets can do to
protect themselves. But the effectiveness of such exploits depends on their secrecy— if the companies that make the
affected software are told about the flaws, they will issue software updates to fix them . Governments
thus have a strong incentive to keep information about the exploits they have developed or purchased secret from both the public and the companies who
create the software we all use. On February 5, we received a response from the Office of the Director of National Intelligence (ODNI) to a Freedom of
Information Act request we filed for the disclosure of guidance or directives related to the government’s policies for the purchase, discovery, disclosure
and exploitation of zero-days. The ODNI claimed that these records are classified under Executive Order 13526, Section 1.4(c), which states that
information can be considered for classification if its disclosure could reasonably be expected to cause damage to national security issues pertaining to
“intelligence activities (including covert action), intelligence sources or methods, or cryptology.” This response is consistent with the Obama
administration’s refusal to make public most information related to its surveillance and cybersecurity policies. The formal United States
policy regarding zero-day exploits, published in April 2014, states that federal agencies should reveal any major flaws in
Internet security to companies in order to ensure that they are promptly resolved. However, this policy
also carves out a broad exception
for flaws that are being exploited for national security or law enforcement purposes— a
loophole that effectively ensures that the government can and will continue to quietly exploit
zero-days without warning companies or individuals of their existence. It is also unclear whether this policy only applies to zero
days that government employees discover, or whether it also applies to vulnerabilities and exploits purchased from defense contractors, boutique
security firms and exploit brokers. While zero-day exploits are no doubt useful to U.S. law enforcement and intelligence agencies, their use raises
serious public policy concerns. Zero-days are also regularly used by foreign, hostile governments, criminals and hackers engaging in
cyberattacks. That means our government’s choice to purchase, stockpile and use zero-day exploits
instead of promptly notifying manufacturers is effectively a choice to leave both the Internet
and its users less secure . This policy of prioritizing cyber offense over defense is highly problematic, particularly given Congress and the
White House’s recent focus on cybersecurity. On February 2, Obama pledged $14 billion towards improving cybersecurity defenses, and proposed new
legislation intended to help prevent cyberattacks, some form of which is expected to pass through Congress this legislative session. If, as we are told,
cybersecurity is such a top priority for the government , federal agencies should be doing everything in
their power to ensure that vulnerabilities are fixed as soon as they are discovered , not months or
years later after they have been fully exploited by law enforcement and intelligence agencies. At a time when
cybersecurity legislation that would weaken existing privacy laws is being pushed through Congress , the American public deserves to know
more about the government’s policies regarding the purchase, use and disclosure of zero days . There is an important
public debate that must be had about the government’s role in cybersecurity, but without documents like the ones we have requested, this debate cannot
take place.
Additionally, loopholes let the NSA stockpile zero-days purchased from the grey market
Zetter 14 [Kim, award-winning journalist who covers cybercrime, civil liberties, privacy, and security for
Wired, “Obama: NSA must reveal bugs like Heartbleed, unless they help the NSA,” Wired,
http://www.wired.com/2014/04/obama-zero-day/] //khirn
Healey notes that the public
statements on the new policy leave a lot of questions unanswered and raise the
possibility that the government has additional loopholes that go beyond the national security
exception . The statement by the Office of the Director of National Intelligence about the new bias toward disclosure, for example,
specifically refers
to vulnerabilities discovered by federal agencies , but doesn’t mention vulnerabilities
discovered and sold to the government by contractors , zero-day brokers or individual researchers ,
some of whom may insist in their sale agreements that the vulnerability not be disclosed . If purchased zero days
vulnerabilities don’t have to be disclosed, this potentially leaves a loophole for the secret use of these
vulnerabilities and also raises the possibility that the government may decide to get out of the business of
finding zero days, preferring to purchase them instead . “It would be a natural bureaucratic response for
the NSA to say ‘why should we spend our money discovering vulnerabilities anymore if we’re going to have to
disclose them?'” Healey says. “You can imagine a natural reaction would be for them to stop spending money on
finding vulnerabilities and use that money to buy them off the grey-market where they don’t have to
worry about that bias.” The government’s new statement about zero days also doesn’t address whether it applies
only to vulnerabilities discovered in the future or to the arsenal of zero-day vulnerabilities the
government already possesses .
1AC IP THEFT ADVANTAGE
Advantage: IP theft
Intellectual property theft is expanding on a massive scale --- disclosing zero-days builds trust
with companies --- info-sharing legislation is key
Jaffer 15 [Jamil N., Adjunct Professor of Law and Director, Security Law Program, George Mason University
Law School, Occasional Papers Series, published by the Dean Rusk Center for International Law and Policy, 41-2015, “Cybersecurity and National Defense: Building a Public-Private Partnership,”
http://digitalcommons.law.uga.edu/cgi/viewcontent.cgi?article=1008&context=rusk_oc] //khirn
JAMIL N. JAFFER: Thank you Dr. Johnson. Well, I’ll actually pick up right where Quentin left off, and I think this
is the important thing to
talk about when you’re talking about the national security threat that faces our nation in cyberspace .
And that is a sort of notion of a Pearl Harbor-style attack and these day-to-day cybersecurity risks that our nation, both the government and the private
sector, faces. And a lot of people spend a lot of time talking about the Pearl Harbor scenario — what happens when the power grid goes down, what
happens when the banking system goes down. As Quentin points out, that’s a possibility, but it’s one that we focus on to our detriment. And it’s one that
we have to account for, one we have to prepare for and be ready to deal with. But there’s a larger problem going on day-to-day, a
nation-state-driven problem that is much more present and much more threatening to our economic viability.
And that is the constant day-in and day-out , walking out the back door of every major U.S. company
of core intellectual property . And so, we know today . . . it has now been sort of publicly discussed: the very fact that there are major
nation-states, including China, that are targeting not only the U.S. government. That’s sort of standard that we expect that we, like a nation-state, go to
collect intelligence from our opponents around the world, and they collect intelligence on us. That’s an understood sort of concept, whether it’s
surveillance . . . putting aside all the controversy that Edward Snowden has created with his disclosures, other nation-states know that we
collect intelligence on them, and they collect intelligence on us — that’s just part of the game. What’s different today
though in cyberspace is the fact that at least one nation that’s been publicly discussed and others that haven’t been — China in the case of the one that
has been publicly discussed — is not only targeting the government for collection, but it is, at a corporate national level, targeting
American private sector corporations, stealing our core intellectual property — the very thing that drives
the American economy and makes us the most innovative, most diverse, most successful economy in the world
today — and taking it and transferring it to Chinese corporations in the private sector, both the public and
private space. In China that distinction is blended, where the government provides a tremendous amount of
support to their industry, both in the form of stolen IP and in the form of low-interest or no-interest loans to
help them fund these efforts. And so, what we see is a very odd situation where a nation-state is engaged in an effort to take
private sector intellectual property, convert it to both public and private use there, thereby undermining our
ability to compete in the global marketplace. And what makes it a particularly hard challenge is: What is the U.S. government
going to do about it? How does the U.S. government respond to that threat? For years we knew this was a fact and had
a hard time to even talk about it publicly because the way we knew was through intelligence accesses and the
like. Dare I say, by the way, that all of my remarks are my own thoughts and not those of my current or former bosses, so I don’t get any of them in any
trouble, and I don’t get myself fired. But we’ve known this for a long time. We’ve known about this threat that both China and other nationstates pose to the U.S. private sector as well as the U.S. 12 government, but it’s been hard for us to talk about it. And we’ve finally now
realized 1) the threat is such that we need to talk about it and 2) the government can’t do the protection of the private sector itself. The vast
majority of the Internet and the connected networks out there are owned and operated by the private sector. The
U.S. government simply has no insight into those networks. No matter what you hear about the U.S.
government’s capabilities in signals intelligence and in cyberspace, the reality is that we can’t, nor do we want to be,
nor do our laws permit us to, be on every network at all times to know what’s going on. It’s not something that the
American people want. It’s not something the government wants to do, nor is it something we have the
capability to do. Hence, the question becomes: How can the government work with the private sector to enable
the private sector to better defend itself ? And how do private sector companies work with each other
internally to defend themselves from this very threat? A lot of people think that one of the best ways to achieve that goal is to have
the government intervene in the market and say, “Look — the private sector is not doing what it needs to do to protect itself. We need to tell them how to
do it, right? Here are some regulations. Here are some laws. Here’s how you need to accommodate yourself to this new reality of nation-states
threatening you and your core intellectual property and your systems, either to avoid a Pearl Harbor-style attack or to avoid this walking out the back
door of your intellectual property.” That, I think, is the discussion that was had over the last couple of years, and it has faded into the background in large
part because industry has shown a huge resistance to having government-imposed regulations and laws and for good reason. Industry and the U.S.
private sector are very innovative and oftentimes the government regulation in places where there is not a market failure can stifle innovation rather than
embolden it. The question becomes: How do you determine whether there’s a market failure here, or not, in this industry? There can be no doubt that
industry could, and perhaps should, be better protected against cyber threats, particularly in the nation-state space. But the question is: Why is it not?
And I would posit that the
reason that industry is not as well positioned today to defend itself is because industry
fundamentally doesn’t understand the threat it faces. It’s only recently, in the last year or two, that we’ve begun,
as a government, talking about the very real threat that industry faces from nation-states which have very highend capabilities and both the capability and the desire to go into these companies. So, it’s only recently that
companies have begun coming around to the realization that the IP is walking out the back door, and there is
potential for a Pearl Harbor or lesser attack on their networks. And even today I think everyone would admit — whether you’re in
industry or the government — that the government doesn’t tell industry enough about what it knows .
So, the
government knows a lot about the zero-days that might come up against them . They know a
lot about what the threat looks like. And they have a very hard time talking about it to companies , either
at an unclassified or even at a highly-classified level. It’s only when things get to a really hot boil that the
government will be willing 13 to part with its deepest, darkest sort of most sensitive intelligence collection and
even then it will only tell industries absolutely what they need to know in order to deal with that
immediate threat. And that’s something that fundamentally has to change . And I think the government’s on its way
there. I think that General [Keith B.] Alexander has made changes while he was at NSA, and I’m hoping that Admiral [Michael] Rogers will continue
those changes, too, to think through how best to work with industry. But it’s not simply government working with industry, because
it will be a
great thing if we can get to a place where we can pass some sort of information-sharing
legislation that allows the government to share with industry what it knows is a threat.
But the
reality is that today — without the government having a sense for what industry is seeing on the 98 percent, or 95 or 96 percent, of networks that it
owns and operates — it’s
hard for the government to know where to focus its collection activities. For instance, today we
know about the Chinese cyber actors coming up against our networks. So, it’s easy for us to target that person
and try to go after his system and figure out what he or she is doing. We know for a fact that sitting right next to that
person, very likely, is another hacker — government-funded — going after the U.S. private sector, but we don’t see that
person, because we’re not on the private sector networks looking for that. Until industry has the ability and the
desire and the willingness to share with the government what they’re seeing, it’s hard for the government to turn
around and say, “We’re going to go try to target that person to see if we can figure out what they’re doing, too, in
order to provide back to industry the best capabilities the U.S. government has at its disposal.” And so, that’s one thing
. . . it’s sort of freeing up that information sharing gap between public and private and creating that
trust between the government and private sector to share that kind of information .
IP theft destroys military operations --- the impact is primacy
Warikoo 13 professor of Himalayan and Central Asian Studies at the University of Colorado (Arun, “CYBER
WARFARE: CHINA'S ROLE AND CHALLENGE TO THE UNITED STATES” p. 67-8, Jul-Dec 2013, ProQuest)
| js
4.1 Intellectual Property (IP) Protection and Enforcement Intellectual
Property or IP is a significant driver of the American
economy. The President's 2006 Economic Report to the Congress states that 70% of the value of publicly traded corporations is
Intellectual Property.22 Industries based on IP accounted for 34.8 percent of U.S. gross domestic product (GDP) in 2010.23
Theft of IP has a huge impact on the economy. IP theft not only means loss of revenue but also has a demoralizing
effect on the inventor. Innovation is the heart of the US economy and IP theft has a crippling effect on those start-ups that
are involved in innovation. The IP Commission Report estimates that hundreds of billions of dollars are lost per year to IP
Theft.24 Gen. Keith Alexander, director of the National Security Agency and commander of US Cyber Command stated in a lecture at the American
Enterprise Institute: "The loss of industrial information and intellectual property through cyber espionage constitutes the
greatest transfer of wealth in history. U.S. companies lose about $250 billion per year through intellectual property
theft, with another $114 billion lost due to cyber crime, a number that rises to $338 billion when the costs of down time
due to crime are taken into account."25 According to the IP Commission Report, China accounts for roughly 70% of international
IP theft.26 The report further states that the Chinese encourage IP theft and that both business and government entities engage in this practice.27
According to the U.S. National Counterintelligence Executive, "Chinese actors are the world's most active and persistent
perpetrators of economic espionage" obtaining trade secrets and continuing infringement of trademarks, copyrights,
and patents.28 IP are stolen from American universities, national laboratories, private think tanks, and start-up companies,
as well as from the major R&D centers of multinational companies.29 4.2 Threat to U.S. National Security China's cyber
espionage against the U.S. government and defense industrial base poses a major threat to U.S. military
operations . Larry M Woetzel in his report before the House of Representatives has said that China's aim is to fill gaps in its own research
programs, shorten R&D timeline for military technologies, gather intelligence on U.S. strategies and plans, and identify vulnerabilities in U.S. systems.30
The Department of Defense's DODs 2013 annual report to the Congress indicates the grave threat posed by the Chinese in collecting intelligence
against US industries that support US defense programs.31 In one instance, a news report in 2011 revealed that malware
had penetrated
networks used to control U.S. military drones .32 In another report, it is alleged that the Chinese are hacking into
US electricity networks and inserting malware that could be activated later to shut down the electric grid.33 Richard
Clarke, White House Cyber Security Advisor (October 2001 - March 2003), in an interview on PBS Frontline stated as follows: "We, as a country, have
put all of our eggs in one basket. The reason that we're successfully dominating the world economically and militarily is
because of systems that we have designed, and rely upon, which are cyberbased. It's our Achilles heel . It's an overused
phrase, but it's absolutely true. It could be that, in the future, people will look back on the American empire, the
economic empire and the military empire, and say, "They didn't realize that they were building their whole
empire on a fragile base . They had changed that base from brick and mortar to bits and bytes, and they
never fortified it. Therefore, some enemy some day was able to come around and knock the whole empire over. That's the fear."34 4.3 Threat to US
Industry China's cyber espionage against U.S. commercial firms poses a significant threat to U.S. business interests and
competiveness in key industries. A classic example is that of the American Superconductor Corporation that had its wind-energy software code
stolen by a major customer in China resulting is not only loosing that customer but also 90% of its stock value.35 In another instance, a U.S.
metallurgical company lost technology to China's hackers that cost $1 billion and 20 years to develop.36
That solves great power conflict
Kagan, 2/19/2015 (Robert, Senior fellow with the Project on International Order and Strategy in the Foreign
Policy program at Brookings, Ph.D. in American history from American University, “The United States must
resist a return to spheres of interest in the international system”, Brookings,
http://www.brookings.edu/blogs/order-from-chaos/posts/2015/02/19-united-states-must-resist-return-tospheres-of-interest-international-system-kagan)//JBS
Great power competition has returned . Or rather, it has reminded us that it was always lurking in the background. This is not a
real impact of the return of
great power competition will depend on how the United States responds to these changes . America needs to
recognize its central role in maintaining the present liberal international order and muster the
will to use its still formidable power and influence to support that order against its inevitable challengers.
Competition in international affairs is natural. Great powers by their very nature seek regional dominance and spheres of
influence. They do so in the first instance because influence over others is what defines a great power. They are, as a rule, countries imbued with
national pride and imperial ambition. But, living in a Hobbesian world of other great powers, they are also nervous about their security and
seek defense-in-depth through the establishment of buffer states on their periphery. Historically, great power wars
often begin as arguments over buffer states where spheres of influence intersect—the Balkans before World War I, for
minor development in international affairs, but it need not mean the end of the world order as we know it. The
instance, where the ambitions of Russia and Austria-Hungary clashed. But today’s great powers are rising in a very different international environment,
largely because of the unique role the United States has played since the end of the Second World War. The United States has been not simply
a regional power, but rather a regional power in every strategic region. It has served as the maintainer of
regional balances in Europe, Asia, and the Middle East . The result has been that, in marked contrast to past
eras, today’s great powers do not face fundamental threats to their physical security. So, for example, Russia
objectively has never enjoyed greater security in its history than it has since 1989. In the 20th century, Russia was
invaded twice by Germany, and in the aftermath of the second war could plausibly claim to fear another invasion unless adequately protected.
(France, after all, had the same fear.) In the 19th century, Russia was invaded by Napoleon, and before that Catherine the Great is supposed
to have uttered that quintessentially Russian observation, “I have no way to defend my borders but to extend them.” Today that is not true.
Russia faces no threat of invasion from the West. Who would launch such an invasion? Germany, Estonia, Ukraine? If Russia faces threats,
they are from the south, in the form of militant Islamists, or from the east, in the form of a billion Chinese standing across the border from an empty
Siberia. But for the first time in Russia’s long history, it does not face a strategic threat on its western flank. Much the same can be said of
China, which enjoys far greater security than it has at any time in the last three centuries. The American role in East
Asia protects it from invasion by its historic adversary, Japan, while none of the other great powers around China’s periphery have the strength or desire
now or in the foreseeable future to launch an attack on Chinese territory. Therefore, neither Chinese nor Russians can claim that a
sphere of influence is necessary for their defense. They may feel it necessary for their sense of pride. They may feel it is necessary as a
way of restoring their wounded honor. They may seek an expanded sphere of influence to fulfill their ambition to become more formidable powers on the
international stage. And they may have concerns that free, nations on their periphery may pass the liberal infection onto their own populaces and thus
undermine their autocratic power. The question for the United States, and its allies in Asia and Europe, is whether we should
tolerate a return to sphere of influence behavior among regional powers that are not seeking security but are in search of
status, powers that are acting less out of fear than out of ambition. This question, in the end, is not about idealism, our commitment to a “rules-based”
international order, or our principled opposition to territorial aggression. Yes, there are important principles at stake: neighbors shouldn’t invade their
neighbors to seize their territory. But before we get to issues of principle,
we need to understand how such behavior
affects the world in terms of basic stability On that score, the historical record is very clear. To return to
a world of spheres of influence—the
world that existed prior to the era of American predominance— is to return to
the great power conflicts of past centuries . Revisionist great powers are never satisfied . Their
sphere of influence is never quite large enough to satisfy their pride or their expanding need for security. The
“satiated” power that Bismarck spoke of is rare—even his Germany, in the end, could not be satiated. Of course, rising great powers always express some
historical grievance. Every people, except perhaps for the fortunate Americans, have reason for resentment at ancient injustices, nurse grudges against
old adversaries, seek to return to a glorious past that was stolen from them by military or political defeat. The world’s supply of grievances is
inexhaustible. These grievances, however, are rarely solved by minor border changes. Japan, the aggrieved “have-not” nation of the
1930s, did not satisfy itself by swallowing Manchuria in 1931. Germany, the aggrieved victim of Versailles, did
not satisfy itself by bringing
the Germans of the Sudetenland back into the fold. And, of course, Russia’s historical sphere of influence does not
end in Ukraine. It begins in Ukraine. It extends to the Balts, to the Balkans, and to heart of Central Europe. The tragic irony is that, in the
process of carving out these spheres of influence, the ambitious rising powers invariably create the very threats
they use to justify their actions. Japan did exactly that in the 30s. In the 1920s, following the Washington Naval Treaty, Japan was a relatively
secure country that through a combination of ambition and paranoia launched itself on a quest for an expanded sphere of influence, thus inspiring the
great power enmity that the Japanese had originally feared. One sees a similar dynamic in Russia’s behavior today. No one in the West was thinking
about containing Russia until Russia made itself into a power that needed to be contained. If history is any lesson, such behavior only ends
when other great powers decide they have had enough. We know those moments as major power wars .
The best and easiest time to stop such a dynamic is at the beginning. If the United States wants to maintain a
benevolent world order, it must not permit spheres of influence to serve as a pretext for aggression . The
United States needs to make clear now—before things get out of hand—that this is not a world order that it will accept. And we need to be clear what that
response entails. Great powers of course compete across multiple spheres—economic, ideological, and political, as
well as military. Competition in most spheres is necessary and even healthy. Within the liberal order, China can compete economically
and successfully with the United States; Russia can thrive in the international economic order uphold by the
liberal powers, even if it is not itself liberal. But security competition is different . It is specifically because Russia
could not compete with the West ideologically or economically that Putin resorted to military means . In so doing,
he attacked the underlying security and stability at the core of the liberal order. The security situation undergirds
everything—without it nothing else functions. Democracy and prosperity cannot flourish without security. It remains true today as
it has since the Second World War that only the United States has the capacity and the unique geographical
advantages to provide this security . There is no stable balance of power in Europe or Asia
without the United States . And while we can talk about soft power and smart power, they have been and
always will be of limited value when confronting raw military power. Despite all of the loose talk of American
decline, it is in the military realm where U.S. advantages remain clearest. Even in other great power’s
backyards, the United States retains the capacity, along with its powerful allies, to deter challenges to the
security order. But without a U.S. willingness to use military power to establish balance in far-flung regions of
the world, the system will buckle under the unrestrained military competition of regional powers.
Russian IP theft now --- they can’t be deterred --- bolstering cyberdefense is key
Bennett 4/12/15 cybersecurity reporter for The Hill (Cory, “Russia’s cyberattacks grow more brazen” 4/12/15,
http://thehill.com/policy/cybersecurity/238518-russias-cyberattacks-grow-more-brazen) | js
Russia has ramped up cyber attacks against the United States to an unprecedented level since President Obama
imposed sanctions last year on President Putin's government over its intervention in Ukraine. The emboldened attacks are
hitting the highest levels of the U.S. government, according to reports, in what former officials call a “dramatic” shift in strategy. The
efforts are also targeting a wide array of U.S. businesses, pilfering intellectual property in an attempt to level the playing
field for Russian industries hurt by sanctions. “They're coming under a lot of pressure from the sanctions — their financial industry,
their energy industry” said Dmitri Alperovitch, co-founder of cybersecurity firm CrowdStrike, which monitors critical infrastructure attacks. “And
they're obviously trying to leverage cyber intrusion and cyber espionage to compensate for that .” Crowdstrike
recorded over 10,000 Russian intrusions at companies worldwide in 2015 alone. That’s a meteoric rise from the
“dozens per month” that Alperovitch said the firm noted this time last year, just as the U.S. was imposing its sanctions. Many see the
has
recent reports that Moscow infiltrated the State Department and White House networks — giving them access to President Obama’s full schedule — as a
turning point in Russian government hacking. Moscow doesn’t care as much about being caught, perhaps in an attempt to prove its cyber
prowess, some speculate. “I think that the calculus for them has changed,” said Will Ackerly, an eight-year National Security Agency vet who co-founded
encryption firm Virtru in 2012. “It seems that they’re definitely behaving dramatically different in that regard.”The attitude, Ackerly said, is
“much more brazen” than previous Russian efforts to lift intelligence information. For years, Russian hacking has operated on two
tracks. On one track, Moscow has orchestrated quiet, targeted digital hits on the U.S. government to collect scraps of intelligence data. On the other, a
large community of Russian cyber criminals, not necessarily affiliated with the government, has peppered the American banking industry for commercial
gain. “Experienced Russian hackers often tend to target financial data,” said Tom Brown, who served until 2014 as chief of the Cyber Crime Unit at the
U.S. Attorney’s Office for the Southern District of New York. Last year, Russians were charged with hacking into Nasdaq, America’s second largest stock
exchange. Going further back, a notorious Russian Internet gang made off with tens of millions of dollars from Citibank in 2009. These were just two of
the Russian incidents Brown helped investigate. Russian cyber crooks, he said, uniformly launch “relatively sophisticated attacks.” On the governmentsponsored side, researchers at security firm FireEye discovered evidence of Russian intelligence-gathering cyber campaigns stretching back to at least
2007. Moscow was searching for communications, emails, memos, phone calls and schedules that could smear adversaries’ reputations or simply shed
light on their plans. Laura Galante, threat intelligence manager at FireEye, said she has seen a “resurgence” in these types of Russian government-backed
cyberattacks since late February. “They really see this as much more broadly than just a tool, a piece of malware or a distinct
type of activity,” said Galante. “They see this as
a broader quest to get the information they need to portray themselves and their
in the best light in the world.”And as Russia’s economy sags under the weight of U.S. sanctions imposed in March 2014, the mercenary,
criminal track has started to blur with the government-directed track, analysts said. “What they’re basically doing is in effect saying internally,
‘That’s fine, you’re going to sanction us, so we’re going to use cyber to steal your intellectual property and give it to
our industry,’” Alperovitch said. The digital barrage has caught the attention of top U.S. officials. President Obama repeatedly asked his advisors
efforts
whether a massive data breach at JPMorgan last fall was Russian retaliation for the sanctions, according to reports. The aides couldn’t give the president
a definitive answer. Indeed, the security community is not united in its belief Russia was behind the attack. Former intelligence officials have also
speculated that information discreetly passed to the media laying blame on the Russians for the State Department and White House hacks is a White
House attempt to send a message to Russian authorities: “We’re on to you.” Director of National Intelligence James Clapper acknowledges the U.S. was
caught off guard by this Russian hacking surge. “The Russian cyber threat is more severe than we have previously assessed, ”
he told a Senate committee in February. During an October speech, Clapper even said Russia has replaced cyber powerhouse China
as his
top concern. Ackerly said the State Department and White House intrusions are a striking example of the new Russian mentality.The attack was
“much larger in breadth” than historic Russian cyber espionage efforts. “They’re much more willing to do things which there’s a high probably of
detection,” Ackerly said. “They are willing to know that going in and say, ‘We’re going to do that anyway.’” Moscow’s intelligence agencies can still collect
their information, while making a public point, said Christopher Cummiskey, a former acting under secretary for management at the Department of
Homeland Security in 2014 who oversaw a number of the agency’s cyber efforts. “I think from their perspective it’s like, ‘Well guess what, we’ve shown
the world that we’re able to actually penetrate the very sensitive systems in the U.S. government,’” he said. Until the government improves
its detection capabilities, the Russians will not be deterred , Cummiskey said. “It’s not as easy to pick up on these things
today with the way we’re configured as hopefully it will be in the future,” he said. “So we’ve got some work to do.”
That’s crucial to Russian modernization efforts
Booz Allen Hamilton 13 [Leading provider of management and technology consulting services to the U.S.
government, Economist Intelligence Unit, The Economist, “Cyber Theft of Corporate Intellectual Property: The
Nature of the Threat,” July 2013, http://www.boozallen.com/insights/2013/07/Cyber-Theft-of-CorporateIntellectual-Property] //khirn
Russia’s own espionage effort is also driven by a desire to diversify its economy and reduce its dependence on
natural resources, according to the NCIX report. Russia too has a sense of grievance; it believes the global economic system is tilted in the favor of
Western countries at its expense. Though Russia has denied hacking, it has enlisted its intelligence services to help carry out its
economic policy goals. The director of Russia’s Foreign Intelligence Service, Mikhail Fradkov, said in December 2010 that it “aims
at supporting the process of modernization of our country and creating the optimal conditions for the
development of its science and technology.” IP theft threatens some companies more than others. Companies that are less dependent on
IP for competitive advantage may be able to recover fairly quickly. Indeed, the EIU’s survey shows that many executives are optimistic about their
companies’ abilities to respond to IP attacks, with 48% of respondents saying that while the theft of IP would cause damage in the short-term, they would
be able to recover. Companies that innovate quickly–and develop new IP–may find that they continue to outpace also-ran competitors who have tried to
steal their older ideas. In the most alarmist scenarios, however, IP theft by low-cost competitors manifests itself only years later in reduced industry
competitiveness, slower economic growth, lost jobs, and even lower living standards. By the same token,
defense technologies and
secrets stolen from US industry and government networks could give China and Russia military
advantages worth billions .
That causes Russian aggression
Isachenov 15 [Vladimir Isachenkov, Associated Press, Business Insider, Feb. 4, 2015, “Russia continues
massive military modernization despite economic woes,” http://www.businessinsider.com/russia-continuesmassive-military-modernization-despite-economic-woes-2015-2#ixzz3eVw3maaO] //khirn
MOSCOW (AP) — Hundreds
of new Russian aircraft, tanks and missiles are rolling off assembly lines. Russian jets
roar through European skies under NATO's wary eye. Tens of thousands of troops take part in war games
showing off the military's readiness for all-out war. The muscle flexing suggests that Russia's economic woes so far are
having no impact on the Kremlin's ambitious military modernization program. Most Russian economic sectors face a 10
percent cut this year as Russia heads into recession. The military budget, meanwhile, rose by 33 percent to about 3.3 trillion rubles (some $50 billion).
The buildup reflects President Vladimir Putin's apparent readiness to raise the ante in a showdown with the West over Ukraine — but it is unclear
whether Russia can afford the modernization drive amid slumping oil prices and Western sanctions. The new Russian military doctrine,
endorsed by Putin in December, names
NATO as a top threat to Russia and lays out a response to what the Kremlin sees
as the alliance's expansion into Russia's sphere of interests. In the Ukraine crisis, Moscow for the first time demonstrated its new
capacity for what experts call "hybrid" warfare, a combination of military force with a degree of deniability, sleek propaganda and political and economic
pressure. It is not only in Crimea — the strategic peninsula that Russia annexed from Ukraine — that the nation's 1-million strong
military is beefing up its presence. Russia is also reviving Soviet-era airfields and opening new military bases in
the Arctic . Last fall the military rattled sabers by briefly deploying state-of-the art missiles to Russia's
westernmost Baltic exclave
— Kaliningrad — and
it is planning to send strategic bombers on regular patrols as
far as the Caribbean and the Gulf of Mexico . The West first got a sense of Russia's revived military might during last February's
Crimea invasion. The U.S. and its NATO allies were caught off guard when waves of Russian heavy-lift military transport planes landed on the Black Sea
peninsula days after the ouster of Ukraine's former Moscow-friendly president, unloading special forces which swiftly took over key facilities in the
region and blocked Ukrainian troops at their bases. Dressed in unmarked uniforms and equipped with state-of-the art weapons, the Russian troops were
a far cry from a ragtag demoralized force the military was just a few years ago. The Kremlin first claimed they were local volunteers, but Putin recognized
after the annexation that they were Russian soldiers. Another surprise for the West came a few weeks later, when well-organized groups of gunmen took
over local government offices and police stations in several cities across Ukraine's mostly Russian-speaking eastern industrial heartland, triggering a
rebellion that evolved into a full-scale war that killed more than 5,300 since April. As fighting escalated in the east, the Russian military showed its agility
by quickly deploying tens of thousands troops near the border with Ukraine. Ukraine and the West said that thousands of them crossed into Ukraine,
helping turn the tide in rebels' favor. The Kremlin denies that, although it has acknowledged that Russian volunteers have joined the insurgency. Unlike
the past, when the Russian military was filled through unpopular conscription, the force has grown more professional and
motivated. Relatively high salaries have attracted an increasing number of contract soldiers, whose number is set to exceed 350,000 this year from
295,000 in 2014. Russian Defense Minister Sergei Shoigu said that by the end of this year all battalion tactical groups — the core units in the Army, the
Airborne Forces and the Marines — will be manned entirely by professional soldiers. And in sharp contrast to the early post-Soviet years, when combat
jets were grounded and navy vessels rusted dockside for lack of fuel, the military has dramatically increased both the scope and frequency of its drills.
Ground forces conducted massive maneuvers near the Ukrainian border involving tens of thousands of troops, while navy ships sailed on regular
missions and combat jets flew regular patrols near European borders to probe NATO's defenses. The alliance said it intercepted Russian aircraft more
than 400 times last year and complained they posed a danger to civilian flights. In Crimea, Russia had leased a major naval base even before the
annexation. Now it has deployed dozens of combat jets, including nuclear-capable long-range bombers, along with air defense missiles, modern drones
and other weapons. It is also preparing to dispatch more troops there. Another key priority for the military is the Arctic, where global rivalry for major
untapped oil and gas reserves is intensifying as polar ice melts. The military has restored long-abandoned Soviet-era airfields and other bases in the
region after two decades of neglect. It formed a separate Arctic command to oversee its troops in the region. Russia's weapons modernization
plan envisages spending 20 trillion rubles on new weapons in 2011-2020. It produced some highly visible results last year, with the
military receiving the highest numbers of new planes, missiles and armor since the 1991 Soviet collapse: —Last year, the Russian armed forces obtained a
record number of 38 nuclear-tipped intercontinental ballistic missiles. This year they are to get another 50, allowing the military to fulfill its ambitious
goal of replacing Soviet-built nuclear missiles, which are approaching the end of their lifespan. Officials say the new ICBMs have the capacity to
penetrate any prospective missile defenses. —In a major breakthrough, the Russian navy finally conducted a series of successful test launches of the
Bulava, a new submarine-based intercontinental ballistic missile, proving its reliability after a long and troublesome development. The navy
already has two submarines equipped with the Bulava, and is to commission a third one next year. Five more are to
follow. —The ground forces are receiving large batches of Iskander missiles, which are capable of hitting enemy targets up to
500 kilometers (310 miles away) with high precision. Russian officials said the missiles, which can be equipped with a nuclear or conventional warhead,
could be used to target NATO's U.S.-led missile defense sites. In a show of force, Iskanders were briefly deployed in December to the Kaliningrad exclave
bordering NATO members Poland and Lithuania. —The Russian air force received more than 250 new planes and helicopters last year and is set to
receive more than 200 this year — numbers unseen since Soviet times. They include new models such as Su-34 bombers, Su-35 fighter jets and Mi-28
helicopter gunships equipped with sophisticated electronics and high-precision missiles. —The Russian army this year is set to receive a new tank, which
also will be used as the basis for a lineup of other armored vehicles. The model called Armata will be shown to the public during a Red Square parade in
May. It surpasses all Western versions in having a remotely controlled cannon and a superior level of crew protection. Its security enhanced by
a new-look military , the Kremlin can be expected to pursue a defiant course in Ukraine and may
raise the stakes further if the peace process fails . The threat for Putin — who has insisted that Russia will not be
whether the massive military buildup will stretch the nation's economic
potential beyond the limit.
drawn into a costly arms race with the West — is
That escalates—we’re already on the brink of nuclear war
Reid 15 Professor of Law at University of St. Thomas School of Law (Charles J., University of St. Thomas
Journal of Law and Public Policy, “VLADIMIR PUTIN’S CULTURE OF TERROR: WHAT IS TO BE DONE?” p.
53–5) | js
In waging such a limited war, furthermore, Putin would rely not on ICBMs but on “the first use of tactical nuclear weapons in
war.” 447 And that is where we stand, in mid-March, 2015, as I write this Article. We are witnessing, on the part of NATO, an awakening to
exactly the gravity of this threat. Sir Adrian Bradshaw, NATO’s deputy commander of forces in Europe, has quite rightly stated
that this crisis is an existential moment for the western alliance.448 And, it is a relief to note, the alliance is finally responding to
the urgency of the moment. NATO has decided to expand its rapid reaction from 13,000 troops to 30,000.449 It has also chosen to create an elite
“spearhead” unit of 5,000 troops for immediate deployment in a crisis.450 Jean-Claude Juncker, the head of the European Commission has raised the
subject of a European Army.451 It is imperative for many reasons that Europe achieve a greater level of political integration452 and a European Army
may serve that long-term goal as well as the more immediate matter of addressing Russian aggression. The United States is also rising to the
military challenge posed by Russian expansionism in Eastern Europe. A military convoy has been sent on a “show-the-flag
tour” of six East European countries.453 Large numbers of soldiers and large quantities of supplies have now landed in Latvia to
“participate in multinational training exercises with Latvia, Estonia, and Lithuania.”454 American military hardware and personnel are now stationed
just yards from Russian territory in the Baltics.455 A Patriot anti-missile battery, together with the crew to man it, has been moved to Poland.456 Ashton
Carter, President Obama’s nominee to serve as Secretary of Defense, has declared his support for providing arms to
the Ukrainian military.457 Victoria Nuland has called for the creation of NATO command-and-control centers in Bulgaria, Romania, and other
nations of Eastern Europe.458 And how has Putin responded? He destroyed the city of Debaltseve in Ukraine with a savagery and
barbarity unknown in Europe since the days of World War II. Virtually every building in the city has been damaged or destroyed.459 Some 40,000
people (out of a population of 45,000) have been forced to flee.460 Dogs, it is said, have begun to eat the bodies of the unburied dead.461 Whole classes
of persons -- Tatar Muslims who might threaten the regime, and others who fall under suspicion of State Security -- are being abducted, tortured, and
being made to disappear at alarming rates.462 And Putin has renewed, once again, his threats against world order. He has dispatched
nuclear-capable strategic bombers to Crimea.463 He has sent
nuclear-capable cruise missiles to the Polish border.464 Dozens of
aerial provocations have been occurring along the European, British, and North American coasts.465 Putin is conducting military exercises
on a scale and with a sophistication “not seen since the end of the Cold War.”466 He has proclaimed his readiness
to use nuclear weapons openly, on Russian television.467 When Denmark indicated a desire to be protected behind a
future missile shield, Mikhail Vanin, Russian Ambassador to Denmark, threatened Danish shipping with tactical
nuclear weapons.468 In a deliberate provocation that may open to the door to further aggression, Putin’s forces abducted an Estonian military
officer from Estonian territory.469 Will there be a war between the superpowers, a large war, one with devastating
consequences?470 Some sober-minded and experienced minds are beginning to contemplate that horrific thought.
Michael Fallon, British Defence Minister has said that Vladimir Putin, with his reckless words and deeds, has “’lowered the
threshold’ for using nuclear weapons.”471 Retired British commander of NATO forces Sir Richard Shirreff has
warned that Putin’s conduct risks the “threat of total war.”472 And that great and wise man Mikhail Gorbachev, when asked whether “there
could be another major war in Europe” responded: “Such a scenario shouldn’t even be considered. Such a war today would inevitably lead to a nuclear
war. But the statements from both sides and the propaganda lead me to fear the worst.
If one side loses its nerves in this inflamed
atmosphere, then we won’t survive the coming years .”473 Thus has Putin’s culture of terror brought us to
the brink of the unthinkable, a nuclear standoff where the risk of miscalc ulation is large. International law, over
the last two decades, has moved decisively in the direction of delegitimizing even the threat of the offensive use of nuclear weapons. Vladimir Putin’s
loose talk and his aggressive military posturing are returning us to the dark days of an older generation, when
nuclear threats
hung heavy over the planet. We must make sure such threats do not emanate again from a world leader.
IP theft causes Chinese modernization
Hager 2013 (Nicholas, Nicholas Hager is an intern at the Streit Council.
U.S. and European Intellectual Property: Strategies to Circumscribe Theft by China; October 3, 2013;
http://blog.streitcouncil.org/2013/10/03/u-s-and-european-intellectual-property-strategies-to-circumscribetheft-by-china/) //JRW
China’s relatively new foray into drone creation serves as a reminder of how extensively, and rapidly, it has
modernized. But it also underscores a problem which has been both pervasive and intractable. China’s
government and businesses are committing intellectual property (IP) theft on a vast scale, and this threatens
the national and economic security of the U.S. and European States. The IP – defined by the World Intellectual Property
Organization as “inventions, literary and artistic works, and symbols, names, images and designs used in commerce” – of firms within both the U.S.
and Europe has been repeatedly expropriated by, or at the behest of, China, and has affected industries as
diverse as the production of cleaning equipment, chemical engineering, and internet service provision. The true
economic impact of this theft is staggering. One estimate suggests that it costs the U.S. alone $300 billion per year, which is “roughly the equivalent of
the current American trade balance with Asia.” This is not only a clear violation of the principle of jus inter gentes in public
international law – here exemplified by the Paris Convention of 1883, of which both China and the U.S. are signatories – but also of
international rules, such as the WTO’s TRIPS agreement. Given that this problem is prevalent, pernicious, and clearly prohibited,
the question becomes: How do we address it? There are at least two principle categories of action, neither of which are exhaustive or exclusive of each
other. One possible avenue is a legal offensive. At first glance, this seems to be a problematic because, while China has acceded to the Paris Convention, it
has done so with the stipulation that it not be bound to the Convention’s provisions for dispute resolution. This abrogates the legal grounds by which to
seek arbitration by the International Court of Justice. That said, China’s actions appear to clearly violate the TRIPS agreement, which counts the
aforementioned Paris Convention among its primary legal referents. And unlike the Convention, the TRIPS agreement, accedence to which is implicit in
WTO membership, has a robust enforcement mechanism. As a rapidly developing and expanding economy, China has a vested interest in maintaining its
ability to work within the WTO – not only because that provides it a place at the table in international trade negotiations, but because it wants to
preserve its ability to settle economic disputes through WTO arbitration, which it has done frequently. Because of these factors, China will probably feel
compelled to address these complaints – as it already did in a previous dispute involving DVD piracy – and may be more likely to fully and genuinely
implement the arbitration’s ruling. Additionally, there is, in the nascent Transatlantic Trade and Investment Partnership (TTIP) and Transpacific
Partnership (TPP), hope that China can be checked by the combined economic leverage that the U.S., EU, and others would gain from their conclusion.
The TTIP, whose focus is the “creation of a massive trade bloc” between the U.S. and EU, has the potential to change the current dynamics of the global
economy by boosting the “competitiveness and expanding [the] market share” of U.S. and EU companies. Because Europe and the U.S. are China’s
largest export markets, they could make things very difficult for China if it were to oppose them on an important issue like IP theft. And the economic
boost and harmonization that may emerge from the TTIP would increase this leverage. “Chinese products [would already be] less competitive in [those]
markets,” as a result of the TTIP, and if the U.S. and EU wanted to, they could effectively “[bottle] up [China’s exports] within its shores.” This is not to
suggest that the TTIP could, or should, be used to impose unfair trade conditions, or to begin a trade war, but the extraordinary amount of influence it
would provide would undoubtedly alter the Chinese calculus. And, in combination with the TPP, it would probably be enough to extract at least a
modicum of compliance from them. The TPP, which could eventually include most of Southeast Asia, East Asia, and Australia, but might not include
China, has obvious consequences for the Chinese economy, regardless of outcome. If China does “join the TPP, [it will be] on US terms [because it is] a
creature fashioned largely by Washington.” While China’s presence in the TPP would be valuable, the Partnership would nonetheless remain a viable and
powerful economic coalition and could easily carry on in its absence. China, on the other hand, “[already] suffering from diminishing competitiveness,
[should be] keen to avoid any further hits to its trade position,” and it also wouldn’t want to risk exclusion from the benefits of “a successful and
extensive TPP, [such as] tariff-free or…reduced [exports].” To avoid having its regional economic dominance undermined, China will need to accept
“Washington’s…strong standards [for protection of] intellectual property, labor and [the] environment along with [regulating] state-owned enterprises.”
Moreover, if China declines to join the Partnership, either through unwillingness or an inability to meet these demanding standards, it will be so much
the worse for it. The TPP, absent China, has the potential to undo much of its regional power by making “the region’s markets…better integrated and
more competitive,” which could see Chinese products and labor being bypassed for cheaper options. China has undertaken its quest to
modernize through stolen intellectual property with relative impunity because there has been no real
mechanism or response to deter it. With the threat of losing ground in its biggest export markets, locally and
farther afield, it would be forced to heed much more serious warnings to halt its illicit activities. While these
agreements are far from finalized and have a multiplicity of moving parts, both of which confound efforts to
predict their utility as a viable method of coercion, it nonetheless seems like they, in conjunction with WTO
arbitration, should give the U.S., EU, and others the ability to successfully press for China’s compliance.
That leads to global nuclear war
Twomey 2009 (Christopher, co-directs the Center for Contemporary Conflict and is an assistant professor in
the Department of National Security Affairs, both at the Naval Postgraduate School, Monterey, California,
Arms Control Association, Chinese-U.S. Strategic Affairs: Dangerous Dynamism,
http://www.armscontrol.org/act/2009_01-02/china_us_dangerous_dynamism#Twomey) // JRW
China and the United States are not in a strategic weapons arms race. Nonetheless,
their modernization and sizing
decisions increasingly are framed with the other in mind. Nuclear weapons are at the core of this interlocking
pattern of development. In particular, China is the only permanent member of the UN Security Council
expanding its arsenal; it is also enhancing its arsenal. The basic facts of Chinese strategic modernization are
well known, if the details remain frustratingly opaque. China is deploying road-mobile, solid-fueled missiles,
giving it a heighted degree of security in its second-strike capability. It is beginning to deploy ballistic missile
submarines (SSBNs). It is researching a wide range of warhead and delivery systems technologies that will lead
to increased accuracy and, more pointedly, increased penetration against ballistic missile defenses. The size of
China's deliverable arsenal against the United States will undoubtedly increase beyond the few dozen that it possessed recently.[1] The pace of
growth thus far has been moderate, although China has only recently developed reliable, survivable delivery
systems. The final endpoint remains mired in opacity and uncertainty, although several score of deliverable
warheads seems likely for the near term. These developments on the strategic side are coupled with elements of conventional
modernization that impinge on the strategic balance.[2] The relevant issue, however, is not simply an evaluation of the Chinese modernization program,
but rather an evaluation of the interaction of that modernization with U.S. capabilities and interests. U.S. capabilities are also changing. Under the
provisions of START and SORT, the United States has continued to engage in quantitative reductions of its operational nuclear arsenal. At the same,
there is ongoing updating of warhead guidance and fusing systems. Ballistic missile defense systems of a variety of footprints are being deployed. The
U.S. SSBN force now leans more toward the Pacific than the Atlantic, reversing the Cold War deployment. Guam's capacity to support heavy bombers
and attack submarines has been enhanced. Furthermore, advances in U.S. conventional weaponry have been so substantial that they too promise
strategic effects: prompt global strike holds out the promise of a U.S. weapon on target anywhere in the world in less than an hour and B-2s with highly
accurate weapons can sustain strategic effects over a campaign. What are the concerns posed by these two programs of dynamic strategic arsenals? Most
centrally, the development of the strategic forces detailed above has increasingly assumed an interlocked form. The U.S. revolution in precision guided
munitions was followed by an emphasis on mobility in the Chinese missile force. U.S. missile defense systems have clearly spurred an emphasis on
countermeasures in China's ICBM force and quantitative buildups in its regional missile arsenals.[3] Beijing's new submarine-based forces further
enhance the security of China's second-strike capability in the face of a potential U.S. strike but are likely to lead to increased attention to anti-submarine
warfare in the United States. China's recent anti-satellite test provoked a U.S. demonstration of similar capabilities. Such reciprocal responses
have the potential to move toward a tightly coupled arms race and certainly have already worsened threat
perceptions on each side. The potential for conflict is not simply that of inadvertent escalation; there are
conflicts of interests between the two. Heightening threat perceptions in that context greatly complicates
diplomacy. Further, the dangers of inadvertent escalation have been exacerbated by some of these moves .
Chinese SSBN deployment will stress an untested command-and-control system. Similar dangers in the Cold War were mitigated,
although not entirely overcome, over a period of decades of development of personnel and technical solutions.
China appears to have few such controls in place today. U.S. deployment of highly accurate nuclear warheads is
consistent with a first-strike doctrine and seems sized for threats larger than "rogue" nations. These too would
undermine stability in an intense crisis.
1AC CRITICAL INFRASTRUCTURE ADVANTAGE
Advantage: Critical Infrastructure
Effective information sharing makes cyberdefense effective and prevents devastating attacks on
critical infrastructure --- status quo legal framework works, but government action is key
Bush 15 [Wes, Chairman, Chief Executive Officer and President, Northrop Grumman Corporation, “Cyber
Security: The New Threat; The New Normal,” April 22, 2015, address to the Metropolitan Club,
http://www.northropgrumman.com/MediaResources/Presentations/2015/Pages/04222015WesBushAtMetro
politanClub.aspx] //khirn
Right now, many organizations are facing cyber threats alone. Currently, as soon as a potential cyber attacker learns of a software or
hardware vulnerability, every single company that uses that product is immediately at grave risk. However, when the private sector can share threat
information with each other -- and between itself and the government – that risk of cyber attack is greatly reduced. This is because we leverage our
collective cyber defenses by sharing threat information – like attack methods, known bad sites, malware, or social media probes. Yes, there are legitimate
privacy and liability concerns. However, an effective cyber threat information sharing framework can balance these issues while also providing enhanced
cyber protection for all of us. This need is even more obvious at the public-private tier. Critical infrastructure providers
currently find information sharing with their government partners in the national intelligence and law
enforcement communities very, very difficult because it raises sensitive and complex issues. Individuals value their
privacy, particularly when the Government is involved. But the fact remains that the cyber defense of our critical
infrastructure simply is not possible without cyber threat information sharing between those
three communities. One example from awhile back, related in congressional testimony, told of an incident in which the National Security Agency
detected a foreign entity trying to steal three gigabytes of information from an American defense contractor. The information-sharing rules
would not let the NSA warn the contractor of what was about to happen to them. The head of the NSA at that
time likened it to seeing a cyber-intrusion happen at network speed but then being required to warn the
company under attack with a letter sent through the conventional mail. Legislative efforts to deal with the information-sharing
issue occur every few years. Currently, another effort seems to be building . Those of us who watch this issue have our fingers
crossed. I’m guardedly optimistic. First, because this issue has been elevated by recent cyber attacks on large companies: Sony,
J.P. Morgan, Target, Anthem, Home Depot and others. And they have focused attention on the issue among the most powerful people in America – the
taxpayers – voters who feel less and less secure about their personal information and bank accounts. The other reason I’m optimistic is because,
legislation or not, government and the private sector have not been idle. What hampered the last legislative effort
were concerns over the regulatory burden. In the wake of that last legislative effort, the National Institute of Science and Technology –
NIST for short – worked together with industry to develop and issue a framework for improving critical cyber
security infrastructure. It was intended as a voluntary set of guidelines. But now at its one-year mark, it has become the de facto
standard for private sector cyber security as viewed by regulators and lawyers. The framework helps a company
to critically assess its cyber security health, capabilities and efforts; then the company can perform a risk/return analysis to
determine where it wants its cyber security capabilities to be, and when. It then develops a plan to get itself from its current state, to its intended end
point. Companies utilizing this framework are motivated toward improvement because, in the event of a
successful attack against them, any company would have to explain to customers and creditors why it chose not
to participate in a security improvement program that its competitors are likely using. It also doesn’t hurt that the
framework is being used as an industry baseline for cyber insurance underwriting.
Zero-days are key --- inadequate cooperation risks multiple critical sectors --- like electricity
and water
Stockton and Golabek-Goldman 13 [Paul and Michele, " Curbing the market for cyber weapons," Yale
Law & Policy Review, Forthcoming, pg. 108-109 <http://ssrn.com/abstract=2364658>] /eugchen
Øday exploits are dual-use.24 They can be deployed by good-willed researchers to test computer systems for
vulnerabilities and therefore safeguard systems against attacks.25 However, they can also be deployed to gather
sensitive commercial or intelligence information, incapacitate computer systems, or inflict widespread physical
damage. For example, a weaponized Øday exploit targeting the air traffic control system could send false
signals to planes in the air, causing them to crash or collide.26 Department of Transportation audits have confirmed that the U.S.
air traffic control system remains highly vulnerable to cyberattacks.27 An attack on the electric grid could leave entire
regions of the country in the dark for weeks, incapacitating the economy and resulting in numerous
casualties.28 As the threats to the air traffic control system and electric grid make clear, the most potent and dangerous Øday-
exploit attacks are those that target the nation’s “ critical infrastructure ” sectors. The 2013 Presidential Policy
Directive on Critical Infrastructure Security and Resilience defines critical infrastructure as “systems and assets, whether physical or virtual, so vital to
the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security,
national public health or safety, or any combination of those matters.”29 The air-traffic control system and other transportation
systems are considered critical infrastructure , along with the chemical, communications, emergency
services, financial, water , power , and nuclear reactor sectors.30 A high percentage of America’s critical infrastructure is
private civilian companies .31 These companies generally operate and monitor critical
infrastructure by relying on industrial-control systems , including Supervisory Control and Data Analysis (“SCADA”) systems,
owned and operated by
distributed-control systems, and programmable-logic controllers.32 These systems enable companies to open and shut water pump valves, react to
pressure, and change volume levels automatically and remotely.33 As technology has evolved, companies have sought to improve operational efficiency
by designing ICS systems that are Internet compatible.34 Internet connectivity has rendered these systems and their
applications layer much more susceptible to Øday-exploit attacks since perpetrators can access and penetrate
them more easily.35 Today’s Øday-exploit attacks are especially targeted at the vulnerable applications layer.36
In spite of this increased threat, private companies have failed to adequately invest in cyber measures
to secure critical infrastructure from attack. The government has also failed to provide sufficient
support to private companies to safeguard the nation’s critical infrastructure. According to the Department of
Homeland Security’s recent Inspector General Report, the United States Computer Emergency Readiness Team (US-CERT) is “understaffed” and lacks
the legal authority to require private companies to implement stronger protections against cyber intrusions.37
Grid attacks take out command and control ---causes retaliation and nuclear war
Tilford 12 [Robert, Graduate US Army Airborne School, Ft. Benning, Georgia, “Cyber attackers could shut
down the electric grid for the entire east coast” 2012, http://www.examiner.com/article/cyber-attackers-couldeasily-shut-down-the-electric-grid-for-the-entire-east-coa] //khirn
To make matters worse a
cyber attack that can take out a civilian power grid, for example could also cripple the U.S.
military. The senator notes that is that the same power grids that supply cities and towns, stores and gas stations, cell towers and heart monitors also
power “every military base in our country.” “Although bases would be prepared to weather a short power outage with backup diesel generators,
within hours, not days, fuel supplies would run out”, he said. Which means military command and control centers
could go dark . Radar systems that detect air threats to our country would shut Down completely .
between commanders and their troops would also go silent. And many weapons systems
would be left without either fuel or electric power”, said Senator Grassley. “So in a few short hours or days, the
mightiest military in the world would be left scrambling to maintain base functions”, he said. We contacted the Pentagon
“Communication
and officials confirmed the threat of a cyber attack is something very real. Top national security officials—including the Chairman of the Joint Chiefs, the
Director of the National Security Agency, the Secretary of Defense, and the CIA Director— have said, “preventing a cyber
attack and improving the nation’s electric grids is among the most urgent priorities of our country” (source:
Congressional Record). So how serious is the Pentagon taking all this? Enough to start, or end a war over it, for sure (see video: Pentagon declares war on
cyber attacks http://www.youtube.com/watch?v=_kVQrp_D0kY&feature=relmfu ). A cyber attack today against the US could very
well be seen as an “Act of War” and could be met with a “full scale” US military response. That could include the use
of “nuclear weapons ”, if authorized by the President.
US water security on the brink now
Dimick 14 (Dennis Dimick is National Geographic's Executive Editor for the Environment. National
Geographic: “If You Think the Water Crisis Can't Get Worse, Wait Until the Aquifers Are Drained” published
August 21st, 2014. Accessed June 25th, 2015. http://news.nationalgeographic.com/news/2014/08/140819groundwater-california-drought-aquifers-hidden-crisis/#) KalM
This coincides with a
nationwide trend of groundwater declines. A 2013 study of 40 aquifers across the United States by the
rate of groundwater depletion has increased dramatically since 2000, with almost
25 cubic kilometers (six cubic miles) of water per year being pumped from the ground. This compares to about 9.2 cubic
kilometers (1.48 cubic miles) average withdrawal per year from 1900 to 2008. Scarce groundwater supplies also are being used for
energy. A recent study from CERES, an organization that advocates sustainable business practices, indicated that competition for water by
hydraulic fracturing—a water-intensive drilling process for oil and gas known as "fracking"—already occurs in dry regions of the
United States. The February report said that more than half of all fracking wells in the U.S. are being drilled in regions
experiencing drought, and that more than one-third of the wells are in regions suffering groundwater depletion. Satellites have allowed us to
U.S. Geological Survey reports that the
more accurately understand groundwater supplies and depletion rates. Until these satellites, called GRACE (Gravity Recovery and Climate Experiment),
were launched by NASA, we couldn't see or measure this developing invisible crisis. GRACE has given us an improved picture of groundwater worldwide,
revealing how supplies are shrinking in several regions vulnerable to drought: northern India, the North China Plain, and the Middle East among them.
As drought worsens groundwater depletion, water supplies for people and farming shrink, and
this scarcity can set the table for social unrest . Saudi Arabia, which a few decades ago began pumping deep underground
aquifers to grow wheat in the desert, has since abandoned the plan, in order to conserve what groundwater supplies remain, relying instead on imported
wheat to feed the people of this arid land.
Water supplies are uniquely vulnerable to cyber-attacks
Ginter 15 (Andrew Ginter is the vice president of industrial security at Waterfall Security Solutions, a provider
of Unidirectional Security Gateways for industrial control networks and critical infrastructures.
WaterWorld.com: “High-Tech Threats: Top Cybersecurity Issues Facing Water Utility Control Systems.”
Copyright date is 2015. Accessed June 25th, 2015. http://www.waterworld.com/articles/print/volume29/issue-10/editorial-features/high-tech-threats-top-cybersecurity-issues-facing-water-utility-controlsystems.html) KalM
Recent Department of Homeland Security reports have highlighted poor security among the nation's water
utilities, where operations networks and control systems are inadequately protected. The security situation in critical
infrastructure is raising ratepayer concerns and prompting utilities to ask hard questions about which actions can truly improve their cybersecurity
situations. Are firewalls - the most common form of security in the market - capable of combatting modern threats? Would water system utilities be
better protected if they completely isolated their control-system networks from public networks? Or is there a third option that would retain the
efficiencies and cost savings that come from access to real-time operations information, while also protecting plants from cyber attacks? Technology that
routinely protects industrial control networks in power plants and other critical infrastructures can help water utilities answer these questions. Firewalls
and Modern Security Threats Firewalls are a staple of industrial cybersecurity programs, but they have many inherent
flaws that water facilities must identify, consider and address. Firewalls are complex software systems because they are difficult to
configure, and their configurations are difficult to understand and verify. The smallest error in these configurations can introduce
vulnerabilities. Defects are frequently discovered in firewall software and in the complex operating systems
underlying that software, some of which can be exploited as security vulnerabilities . In order to prevent
exploitation of known defects and vulnerabilities, firewall vendors issue a steady stream of security updates, which must be applied promptly. Even
worse, because the firewalls provide not only real-time data but also online access to mission-critical systems and networks, the firewalls fundamentally
expose these environments to numerous types of attacks. For example, phishing attacks send email through a firewall to persuade recipients to either
reveal passwords or to download and run malware. Meanwhile, vulnerabilities as simple as hard-coded passwords and hard-coded encryption keys have
been reported in industrial firewalls. In addition, cross-site scripting vulnerabilities in HTTP-based "VPN" proxy servers are difficult or impossible to fix
because they are essential to the design of the firewall's features. Waterfall Security Solutions. Defects are frequently discovered in firewall software and
in the complex operating systems underlying that software, some of which can be exploited as security vulnerabilities. Photo courtesy of Waterfall
Security Solutions. Even if connections through firewalls are initiated from the control network side, once the connections are established,
they permit bi-directional data to flow through the firewalls. Any of those flows can be used to launch attacks
back to systems on the protected network. This means that utilities cannot deliver any confidence that their
operational assets are adequately protected by firewalls. The level of risk is unacceptably high , and water utilities must
compensate for it.
Water insecurity risks global war
Aleem 3/6/15 ---Zeeshan Aleem is a reporter and editor at the The Huffington Post, Politico, The Atlantic
Wire, and BBC News. He was educated at the Sidwell Friends School, Oxford University, George Washington,
and the University of Chicago. (“Zeeshan Aleem”; Why Water Shortages Are the Greatest Threat to Global
Security; http://mic.com/articles/111644/why-water-shortages-are-the-greatest-threat-to-globalsecurity)\\pranav/KalM
According to a United Nations report presented at U.N. headquarters in New York last week, about 2.9 billion people in 48 countries will be facing
water shortages within 10 years that could destabilize
and jeopardize the "very existence" of some
countries. By 2030, there will be a
global supply shortfall of 40%. And it
could pose a major threat to global security. "People do not have the luxury of living
without water and when faced with a life or death decision, people tend to do whatever they must to survive," the report said. "In this
manner, changes in fundamental hydrology are likely to cause new kinds of conflict , and it can be expected that both water
scarcity and flooding will become major transboundary water issues ." Global warming is causing extreme weather events
that are nudging water supply issues from bad to desperate. On their own, vanishing rivers or droughts could devastate a year's worth of crops but
combined and over time, they pose a civilizational threat. At
this point, U.S. intelligence agencies consider the prospect of
water shortage a threat to be considered alongside terrorism and weapons of mass destruction. Understanding the
water shortage: To be clear, the world isn't exactly running out of usable water. Freshwater is a very small portion of the planet's entire water supply: It
accounts for only about 2.5% of all water, and just 1% of freshwater is readily accessible. But it is all over the world, and it's renewable. The main problem
with water isn't about total volume — it's about distribution. Water isn't always where people need it when they need it, and all societies need it for
everything: health, sanitation, agricultural production, energy and industry. The ability to handle distribution to meet these demands is largely a function
of wealth. While affluent countries are generally able to manage the resources to meet demand, poorer countries frequently lack the infrastructure to
deliver clean, safe water. Their economies also tend to rely disproportionately on deregulated and dirty extractive industries like coal mining that
contaminate already-scarce water supplies. Impoverished nations are already suffering from serious water woes. Three-quarters of a billion people lack
access to clean water, and water-related disease takes the lives of about 840,000 a year, according to Water.org. Women and children spend 140 million
hours a day collecting usable water, often from unclean sources. A growing problem: As the world's population grows and endures increasingly volatile
weather patterns, water management problems are on the brink of becoming far worse for much larger swathes of the global population. "The ways we
need water and the way the environment provides water are increasingly not matching up, because things like climate change make it less and less
predictable," Janet Redman, the climate policy director at the Institute for Policy Studies in Washington D.C., told Mic. "We built our society around
when we can get water, when we can grow food, how we have to house ourselves, because we understand the environment around us after living in it for
hundreds and hundreds and hundreds of generations. "The problem now, partly due to climate change, we can't predict the patterns, of rainfall, where
water is going to be when, when things melt, how floods and droughts work — we're out of sync with the environment because we've changed the
environment in a pretty significant way." How shortages breed conflict: The decline in our ability to predict the flow of the world's water based on
historical patterns, called "relative hydrological stationarity" in the scientific community, is a game changer. "The loss of stationarity is playing poker
with a deck in which new cards you have never seen before keep appearing more and more often, ultimately disrupting your hand to such an extent that
the game no longer has coherence or meaning," the report said. That trickling in of new cards is dangerous. Lack of water has played a role in countless
conflicts on a sub-national level. The Pacific Institute has documented hundreds of instances of water-related conflict in the past half-century which
range from Kenyan tribes clashing over water amidst droughts to riots in South Africa over lack of access to clean water. As water supply experts Shira
Yoffe and Aaron Wolf have noted, scarcity of clean freshwater has contributed to many episodes of acute violence on a small geographic scale across the
world, such as bloody conflict between states within India over access to the Kaveri River. Adel Darwish, co-author of Water Wars: Coming Conflicts in
the Middle East, has argued that access to water has played a significant role in the Arab-Israeli conflict, including the 1967
war.
More recent conflicts include a hidden element of water scarcity to them. Inter-ethnic conflict in Sudan in the
2000s was also driven by warring over access to clean water. Today, the militant Islamist State group is reportedly using control of water in
Iraq and Syria as a tool of war. It affects everyone: It's increasingly clear that even rich countries cannot keep their water supplies safe from the
consequences of climate change and extreme weather events — or from the instability that follows. In recent years California has experienced its worst
drought in recorded history, which has rippled through both the local and national economy. Floods in the Canadian province of Manitoba in 2011 and
2014 caused the government's budget deficit to swell and ultimately led to political leaders resigning, according to the U.N. report. Insecurity can bubble
up in even the places that are taken for granted as stable. The world's water supply crisis is a serious one: By 2050, sustaining the planet will require at
least 50% more water than it does today, according to the New Yorker.
1AC OCO’S ADVANTAGE
Advantage: Offensive Cyber Operations
Cyber arms race now --- the US is rapidly expanding offensive capabilities under the guise of
surveillance
Correa 15 [Gordon, security correspondent, BBC News, “Rapid escalation of the cyber arms race,” 29 April
2015, http://www.bbc.com/news/uk-32493516] //khirn
Rapid proliferation What
surprised cyber-experts is the speed with which cyber-attack capabilities are now
proliferating. No-one was surprised that the first tier of cyber-states - the US, UK, China, Israel and Russia - were capable
of carrying out destructive attacks on infrastructure, but the speed with which others - such as Iran - were able
to do the same has caused consternation and is a sign of how far cyber-attack can be a force-equaliser between different
nations who might otherwise have wildly different capabilities. Capabilities
are also spreading to non-state actors . Criminals
groups may also now be toying
with more than just low-level disruptive attacks that deface or take off-line websites. France's TV5 Monde saw the real-world
effects of a cyber-attack when it was taken off air by people who claimed to belong to the "cyber-caliphate " affiliated to the group
have long used ransomware to extort money from people or else see their computers locked. But terrorist
Islamic State . There are fears the use of destructive attacks against industrial control systems - like Stuxnet could also spread. Closing down a city At a recent Cyber Security Challenge, Dr Kevin Jones, from Airbus, showed me how a model city connected
calling itself
up to the internet could have its power switched off remotely. "Unless we put a security architecture in place, this is very possible," he says. A German
government report said a steel mill had been damaged by a cyber-attack last year - the perpetrators were unknown. Dr Jones believes the attackers got in
through the regular corporate infrastructure, although it is not clear how far they deliberately targeted the control systems for the blast furnace that was
damaged. When it comes to the cyber-arms race, are Western countries still in the lead? Some argue the top end of cyber-espionage tools
may well still be in the hands of the US. The security firm Kaspersky Labs, for instance, recently revealed the work of hackers they called
the Equation Group, who were highly sophisticated. "The Equation Group are masters of cloaking and hiding," says Costin Raiu, director of the Global
Research and Analysis Team at Kaspersky Labs, pointing to the ability of the group to get inside the firmware of machines and then launch highly
advanced attacks. "This is insanely complicated to be honest," he says. Kaspersky Labs will not directly point the finger, but the widespread assumption
is that the Equation Group is linked to America's National Security Agency (there are links with the codes used in
Stuxnet as well). Documents released by the American whistle-blower Edward Snowden have also raised the profile of Britain's cyber-activities. "GCHQ
has formidable resources," says Eric King, of the group Privacy International, whose concern lies in the lack of a transparent framework of accountability
over offensive hacking. "In the last year and a half, we've seen their malware. The depth of the work and where they are going is very formidable." He
says: "We have non-existent policies, practices, legal safeguards to oversee this." (GCHQ always maintains its activities are lawful and subject to
oversight). Commercially available Another concern is the way in which such some of these cyber-espionage capabilities are now
commercially available and being used by more authoritarian states. "Companies are providing surveillance
as a consultancy service," says Mr King, who adds foreign law enforcement and intelligence agencies can then use the
bought services to hack dissidents and activists based in the UK. The capabilities may be spreading to more and more actors but a small
handful of states still operate at the highest level. One senior Western intelligence official believes the Russians are already ahead of
the US and UK - partly because of the level of resources, mainly people - they throw at finding and exploiting
vulnerabilities. That official, of course, may be bluffing, but they also said they did not think it would be long before the Chinese
had also not just caught up but moved ahead .
That goes nuclear due to command and control hacking, crisis instability, and fracturing
nuclear agreements
Austin 13 [Director of Policy Innovation at the EastWest Institute, “Costs of American Cyber Superiority,”
8/6, http://www.chinausfocus.com/peace-security/costs-of-american-cyber-superiority/] //khirn
The United States is racing for the technological frontier in military and intelligence uses of cyber space. It is
ahead of all others, and has mobilized massive non-military assets and private contractors in that effort. This
constellation of private sector opportunity and deliberate government policy has been aptly labeled in recent
months and years by so many credible observers (in The Economist, The Financial Times and the MIT Technology
Review) as the cyber industrial complex. The United States is now in the unusual situation where the head of a spy
agency (NSA) also runs a major military unified command (Cyber Command). This is probably an unprecedented alignment of
Praetorian political power in any major democracy in modern political history. This allocation of such political
weight to one military commander is of course for the United States to decide and is a legitimate course of
action. But it has consequences. The Snowden case hints at some of the blow-back effects now visible in public. But there are others, less visible. The
NSA Prism program exists because it is technologically possible and there have been no effective restraints on its international targeting. This lack of
restraint is especially important because the command and control of strategic nuclear weapons is a
potential target both of cyber espionage and offensive cyber operations . The argument here is not to suggest a
similarity between the weapons themselves, but to identify correctly the very close relationship between cyber operations
and nuclear weapons planning. Thus the lack of restraint in cyber weapons might arguably affect
(destabilize) pre-existing agreements that constrain nuclear weapons deployment and possible use. The cyber
superiority of the United States, while legal and understandable, is now a cause of strategic instability between nuclear
armed powers. This is similar to the situation that persisted with nuclear weapons themselves until 1969 when
the USSR first proposed an end of the race for the technological frontier of potential planetary devastation.
After achieving initial capability, the U.S. nuclear missile build up was not a rational military response to each
step increase in Soviet military capability. It was a race for the technological frontier – by both sides – with insufficient recognition of the
consequences. This conclusion was borne out by a remarkable Top Secret study commissioned in 1974 by the U.S. Secretary of Defense, Dr James
Schlesinger. By the time it was completed and submitted in 1981, it assessed that the nuclear arms build-up by both sides was driven – not by a supposed
tit for tat escalation in capability of deployed military systems – but rather by an unconstrained race for the technological limits of each side’s military
potential and by its own military doctrinal preferences. The decisions of each side were not for the most part, according to this now declassified study, a
direct response to particular systems that the other side was building. In 1969, the USSR acted first to propose an end to the race for the technological
frontier of nuclear weapons because it knew it was losing the contest and because it knew there was political sentiment in the United States and in its
Allied countries that supported limitations on the unbridled nuclear fetish. As we ponder the American cyber industrial complex of
today, we
see a similar constellation of opposition to its power emerging. This constellation includes not just the
political rivals who see they are losing in cyber space (China and Russia), but nervous allies who see themselves
as the likely biggest victims of the American race for cyber superiority, and loyal American military commanders who can see
the risks and dangers of that quest. It is time for the United States to take stock of the collateral damage that its quest for cyber military power, including
its understandable quest for intelligence superiority over the terrorist enemy, has caused amongst its allies. The loss has not yet been seen at the high
political level among allies, in spite of several pro forma requests for information from countries such as Germany. The loss of U.S. credibility has
happened more at the popular level. Around the world, once loyal supporters of the United States in its war on terrorism had a reasonable expectation to
be treated as faithful allies. They had the expectation, perhaps naïve, that privacy was a value the Americans shared with them. They did not expect to be
subject to such a crude distinction (“you are all non-Americans now”). They did not want to know that their entire personal lives in cyber space are now
recoverable – should someone so decide – by the running of a bit of software in the NSA. After the Prism revelations, so many of these foreign citizens
with an internationalist persuasion and solidarity for the United States now feel a little betrayed. Yet, in the long run, the most influential
voice to end the American quest for cyber military superiority may come from its own armed forces. There are
military figures in the United States who have had responsibility for nuclear weapons command and control systems
and who, in private, counsel caution. They advocate the need to abandon the quest for cyber dominance
and pursue a strategy of “ mutual security ” in cyber space – though that has yet to be defined. They cite military
exercises where the Blue team gets little or no warning of Red team disruptive cyber attack on systems that
might affect critical nuclear command and control or wider war mobilization functions. Strategic nuclear
stability may be at risk because of uncertainty about innovations in cyber attack capability . This
question is worth much more attention. U.S. national security strategy in cyber space needs to be brought under
stronger civilian oversight and subject to more rigorous public scrutiny . The focus on Chinese cyber
espionage has totally preempted proper debate about American cyber military power. Most in the United States Congress
have lined up to condemn Snowden. That is understandable. But where are the critical voices looking at the bigger picture of strategic instability in
cyberspace that existed before Snowden and has now been aggravated because of him? The Russian and Chinese rejections of reasonable U.S. demands
for Snowden’s extradition may be every bit as reasonable given their anxiety about unconstrained American cyber superiority.
Independently risks miscalc --- hair-trigger status causes nuclear war
Japan Times 15 [May 1, 2015, “U.S., Russian ‘hair-trigger’ nuclear alert urged ended, especially in age of
cyberattack,” http://www.japantimes.co.jp/news/2015/05/01/world/u-s-russian-hair-trigger-nuclear-alerturged-ended-especially-age-cyberattack/#.VZIjlflVikp] //khirn
WASHINGTON – Former
U.S. and Russian commanders Thursday called for scrapping “ hair-trigger ” alerts on
nuclear weapons that carry grave risks of a potential atomic disaster
— especially
in an age of
cyberattacks .Retired military officers from the United States, Russia and other nuclear powers issued a report warning of the mounting dangers
of the short fuses that allow hundreds of atomic weapons to be launched within minutes.The high alert status is a legacy of outdated
Cold War doctrine, when U.S. and Soviet leaders feared a devastating first strike that could “decapitate” an
entire nuclear force, according to the report sponsored by the disarmament group Global Zero.“Hundreds of missiles carrying
nearly 1,800 warheads are ready to fly at a moment’s notice,” said the report. “These legacy postures of the Cold War
are anachronisms but they remain fully operational.”The hair-trigger alert, which applies to half of the U.S. and
Russian arsenals, is particularly dangerous in an era when “warning and decision timelines are getting shorter ,
and consequently the potential for fateful human error in nuclear control systems is growing larger.”The
growing threat of cyberassault
also exacerbates the risks of the alert status, opening the way for false alarms or even a hijacking of the
control systems for the weapons, it said.“Vulnerability to cyber attack . . . is a new wild card in the deck,” it said.The report calls for the
United States and Russia to renounce the prompt-alert arrangements and to require 24 to 72 hours before a nuclear weapon could be launched. And it
also urges forging a binding agreement among all countries to refrain from putting their nuclear forces on high alert.“There are a set of vulnerabilities
particularly for the U.S. and Russia in these systems that were built in the fifties, sixties, seventies and eighties,” said James Cartwright, the retired fourstar general who once was in charge of the U.S. nuclear arsenal.“Many
Cartwright said at a news conference.
of these old systems are subject to false alarms ,”
And, low response times means there’s a greater timeframe and probability than traditional
nuclear escalation
Dycus 10 [Stephen is a Professor of national security law at Vermont Law School, former member of the
National Academies committee on cyber warfare, LLM, Harvard University, LLB, BA, Southern Methodist
University, “Congress’ Role in Cyber Warfare,” Journal of National Security Law & Policy, 4(1), 2010, p.161164, http://www.jnslp.com/read/vol4no1/11_Dycus.pdf] //khirn
In other ways, cyber
weapons are critically different from their nuclear counterparts . For one thing, the time
frame for response to a cyber attack might be much narrower. A nuclear weapon delivered by a land-based ICBM
could take 30 minutes to reach its target. An electronic attack would arrive instantaneously, and leave no time
to consult with or even inform anyone outside the executive branch before launching a counterstrike, if that were U.S.
policy.
Uniquely true because of misperception fostered by offensive dominance
Rosenzweig 9 [Paul, founder of Reid Branch Consulting, specializing in homeland security, senior advisor to
the Chertoff Group, Carnegie Fellow at Northwestern, professor at National Defense University, Editorial
board at the Journal of National Security Law & Policy, deputy assistant secretary for policy at the US
Department of Homeland Security, "National Security Threatsin Cyberspace" merican Bar Association
Standing Committee on Law and National Security And National Strategy Forum, September 2009,
www.utexas.edu/law/journals/tlr/sources/Issue%2088.7/Jensen/fn137.Rosenwieg.pdf] //khirn
Offensive dominance creates a great risk of cyber arms races. State and non-state actors are likely to view the
prevalence of offensive cyber threats as a legitimate rationale for bolstering their own capabilities , both
defensive and offensive, thus fueling an action-reaction dynamic of iterative arming. Experts believe that at least 20
nations are engaged in a cyber arms competition and possess the type of advanced capabilities needed to wage cyber
war aainst the United States.121 As Michael Nacht, Former Assistant Secretary of Defense for Global Strategic Affairs, told us, “An arms race is
already going on in cyberspace and it is very intense.”122 Conflict in cyberspace is uniquely predisposed to escalation
given uncertainties about what constitutes an act of war and the growing number of state and non-state actors seeking offensive
capabilities. Actors are more likely to misperceive or miscalculate actions in cyberspace, where there is no widely understood
strategic language for signaling intent, capability and resolve.123 Uncertainty will encourage states to prepare for worst-case
contingencies, a condition that could fuel escalation. Furthermore, “false flag” attacks, in which an actor purposefully makes an attack
look like it came from a third party, could also ignite a conflict.124
Disclosing vulnerabilities instead of using them for surveillance prevents arms races --- builds
legitimacy to negotiate international cyberdefense agreements
Schneier 14 (Bruce Schneier is an internationally renowned security technologist, called a "security guru"
by The Economist. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School
and a program fellow at the New America Foundation's Open Technology Institute. “Should U.S. Hackers Fix
Cybersecurity Holes or Exploit Them?”, May 19, 2014,
http://www.theatlantic.com/technology/archive/2014/05/should-hackers-fix-cybersecurity-holes-or-exploitthem/371197/)//CLi
The implications of U.S. policy can be felt on a variety of levels. The NSA's actions have resulted in a widespread
mistrust of the security of U.S. Internet products and services, greatly affecting American business. If we
show that we're putting security ahead of surveillance, we can begin to restore that trust . And by
making the decision process much more public than it is today, we can demonstrate both our trustworthiness and the
value of open government. An unpatched vulnerability puts everyone at risk, but not to the same degree. The U.S. and
other Western countries are highly vulnerable, because of our critical electronic infrastructure , intellectual property,
and personal wealth. Countries like China and Russia are less vulnerable—North Korea much less—so they have considerably less incentive to see
vulnerabilities fixed. Fixing
vulnerabilities isn't disarmament; it's making our own countries much safer. We
also
regain
the moral authority to negotiate any broad international reductions in cyber-weapons ; and we
can decide not to use them even if others do. Regardless of our policy towards hoarding vulnerabilities, the most important
thing we can do is patch vulnerabilities quickly once they are disclosed. And that’s what companies are doing, even without any
government involvement, because so many vulnerabilities are discovered by criminals. We also need more research in automatically finding and fixing
vulnerabilities, and in building secure and resilient software in the first place. Research over the last decade or so has resulted in software vendors being
able to find and close entire classes of vulnerabilities. Although there are many cases of these security analysis tools not being used, all of our security is
improved when they are. That alone is a good reason to continue disclosing vulnerability details, and something the NSA can do to vastly improve the
security of the Internet worldwide. Here again, though, they would have to make the tools they have to automatically find vulnerabilities available for
defense and not attack. In
today's cyberwar arms race , unpatched vulnerabilities and stockpiled cyber-weapons are
inherently destabilizing , especially because they are only effective for a limited time. The world's militaries are investing more money in
finding vulnerabilities than the commercial world is investing in fixing them. The vulnerabilities they discover affect the security of
us all. No matter what cybercriminals do, no matter what other countries do, we in the U.S. need to err on the side of security and fix almost all the
vulnerabilities we find. But not all, yet.
That spurs international coop and mitigates offensive use
Clark et. al. 9 (David Clark, Senior Research Scientist at the MIT Computer Science and Artificial Intelligence
Laboratory, Whitfield Diffie, Internet Corporation for Assigned Names and Numbers, Abraham Sofaer, former
federal judge for the United States District Court for the Southern District of New York, and then a Legal
Adviser to the United States State Department, “Cyber Security and International Agreements”,
http://cs.brown.edu/courses/csci1800/sources/lec17/Sofaer.pdf)//CLi
The potential utility of international cybersecurity agreements deserves to be carefully examined.
International agreements covering other transnational activities, including armed conflict, communications, air and sea transportation,
health, agriculture, and commerce, among other areas,
have been widely adopted by states to enhance safety and
efficiency through processes that could well be useful in regulating cyber activities. Transnational agreements that contribute to
cybersecurity will only be possible, however, if they take into account the substantial differences that exist between activities regulated by established
international regimes and cyber systems. Many states will be unprepared at this time to agree to limit their control of cyber activities they regard as
essential to their national security interests. International agreements will also be impossible where irreconcilable differences in policies exist among
states, particularly regarding political uses of the Internet, privacy, and human rights. But, while these factors limit the potential scope and utility of
international cyber-security agreements, they do allow for international cooperation on many issues that could prove
beneficial. The potential for improving cyber security through international agreements can best be realized through a program that identifies: the
activities likely to be subjects of such agreements and those that are not; the measures likely to be used by parties to improve cyber security in each area
of activity appropriate for international cooperation; and the form which any international body that may be utilized or established for this purpose
should assume, the authority such a body would be assigned, and the basis upon which its activities would be governed.
agreements
negotiated on the basis of these practical premises
International
could help to create a more secure cyber
environment through measures that go beyond conventional forms of deterrence.
Eliminating offensive cyberattacks allows the US to set global norms in cyberspace --- that’s key
to prevent cyber arms races
Goldsmith 10 [Jack, teaches at Harvard Law School and is a visiting fellow at the Hoover Institution at
Stanford University, “Can we stop the Cyber Arms Race,” Washington Post, February 1, 2010,
http://articles.washingtonpost.com/2010-02-01/opinions/36895669_1_botnets-cyber-attacks-computerattacks] //khirn
In a speech this month on "Internet freedom," Secretary of State Hillary Clinton
decried the cyberattacks that threaten U.S.
economic and national security interests. "Countries or individuals that engage in cyber attacks should face consequences and
international condemnation," she warned, alluding to the China-Google kerfuffle. We should "create norms of behavior among states
and encourage respect for the global networked commons." Perhaps so. But the problem with Clinton's call for
accountability and norms on the global network -- a call frequently heard in policy discussions about cybersecurity -- is the
enormous array of cyberattacks originating from the United States. Until we acknowledge these attacks
and signal how we might control them, we cannot make progress on preventing cyberattacks
emanating from other countries. An important weapon in the cyberattack arsenal is a botnet, a cluster of thousands and sometimes millions
of compromised computers under the ultimate remote control of a "master." Botnets were behind last summer's attack on South Korean and American
government Web sites, as well as prominent attacks a few years ago on Estonian and Georgian sites. They are also engines of spam that can deliver
destructive malware that enables economic espionage or theft. The United States has the most, or nearly the most, infected botnet computers and is thus
the country from which a good chunk of botnet attacks stem. The government could crack down on botnets, but doing so would raise the cost of software
or Internet access and would be controversial. So it has not acted, and the number of dangerous botnet attacks from America grows. The United States is
also a leading source of "hacktivists" who use digital tools to fight oppressive regimes. Scores of individuals and groups in the United States design or
employ computer payloads to attack government Web sites, computer systems and censoring tools in Iran and China. These efforts are often supported
by U.S. foundations and universities, and by the federal government. Clinton boasted about this support seven paragraphs after complaining about
cyberattacks. Finally, the
U.S. government has perhaps the world's most powerful and sophisticated
offensive cyberattack capability . This capability remains highly classified. But the New York Times has reported that the Bush
administration used cyberattacks on insurgent cellphones and computers in Iraq, and that it approved a plan for attacks on computers related to Iran's
nuclear weapons program. And the government is surely doing much more. "We have U.S. warriors in cyberspace that are deployed
overseas" and "live in adversary networks," says Bob Gourley, the former chief technology officer for the Defense Intelligence Agency.
These warriors are now under the command of Lt. Gen. Keith Alexander, director of the National Security Agency. The NSA, the
world's most powerful signals intelligence organization, is also in the business of breaking into and extracting data from offshore
enemy computer systems and of engaging in computer attacks that, in the NSA's words, "disrupt, deny, degrade, or destroy the information" found in
these systems. When the Obama administration created "cyber command" last year to coordinate U.S. offensive cyber capabilities, it nominated
Alexander to be in charge. Simply put, the United States is in a big way doing the very things that Clinton criticized. We are not,
like the Chinese, stealing intellectual property from U.S. firms or breaking into the accounts of democracy
advocates. But we are aggressively using the same or similar computer techniques for ends we deem
worthy. Our potent offensive cyber operations matter for reasons beyond the hypocrisy inherent in undifferentiated condemnation of cyberattacks.
Even if we could stop all cyberattacks from our soil, we wouldn't want to. On the private side, hacktivism can be a tool of liberation. On the public side,
the best defense of critical computer systems is sometimes a good offense. "My own view is that the only way to counteract both criminal and espionage
activity online is to be proactive," Alexander said last year, adding that if the Chinese were inside critical U.S. computer systems, he would "want to go
and take down the source of those attacks." Our adversaries are aware of our prodigious and growing offensive cyber
capacities and exploits. In a survey published Thursday by the security firm McAfee, more information technology experts from critical
infrastructure firms around the world expressed concern about the United States as a source of computer network
attacks than about any other country. This awareness, along with our vulnerability to cyberattacks, fuels a dangerous
public and private cyber arms race in an arena where the offense already has a natural advantage.
1AC PLAN – VERSION 1
The United States federal government should substantially curtail its domestic surveillance
using computer software vulnerabilities or exploits unknown to relevant vendors.
1AC PLAN – VERSION 2
The United States federal government should substantially curtail its domestic surveillance of
computer software vulnerabilities or exploits unknown to relevant vendors.
1AC SOLVENCY
The plan solves effective information sharing between the government and private sector --- a
signal of clear commitment and a steady flow of actionable disclosure is key to cooperative
cyberdefense --- overcomes legal barriers
Rosenzweig 12 [Paul, leading cybersecurity expert, founder of Red Branch Consulting PLLC, a homeland
security consulting company, and a Senior Advisor to The Chertoff Group, “Cybersecurity and Public Goods:
The Public/Private “Partnership,” An Emerging Threats Essay, Hoover Institution, Stanford] //khirn
Information Sharing, Public Goods, and the Law This economic understanding of cybersecurity suggests why a
significant fraction of the
policy debate about cybersecurity and public/private partnerships revolves around the challenge of
effectively sharing security information . Some people insist that existing legal restrictions prevent the private sector from
creating cybersecurity. They say some restrictions weaken the government’s ability to adequately share threat information with the private sector, while
others limit how the private sector shares information with the government or amongst itself. In other words, the “received wisdom” is that our collective
response to new threats is limited by law— the government can’t share some threat information about new malicious software with the private sector
because of classification rules, and privacy rules prevent private sector actors from sharing the same information with the government or their peers. The
focus on information sharing makes sense when seen through the prism of our theoretical model: because threat and vulnerability information may have
characteristics of a public good, it is in society’s interest to foster their creation and distribution. If existing laws did, in fact, restrain and restrict those
aims—if classification and privacy laws limited information sharing—that would be a policy dissonance. However, on closer examination, many of
these legal limitations may be less constricting than they are perceived to be. In the end, what really restricts
cooperation are the inherent caution of lawyers who do not wish to push the envelope of legal authority and/or
policy and economic factors such as proprietary self-interest that limit the desire to cooperate. The information in question will relate, broadly speaking,
either to specific threats from external actors (for example, knowledge from an insider that an intrusion is planned) or to specific vulnerabilities (for
example, the identification of a security gap in a particular piece of software). In both situations, the evidence of the threat or vulnerability can come in
one of two forms: either non-personalized information related to changes in types of activity on the network, or personalized information about the
actions of a specific individual or group of individuals.48 Needless to say, the sharing of the latter category of Personally Identifiable Information (PII) is
of greater concern to civil libertarians than the sharing of network traffic information.49 Information Sharing from the Government to the Private Sector
Some suggest that the principal barriers to an effective public/private partnership in combating cyber threats are limitations on the government’s ability
to share threat and vulnerability information with the private sector. Sometimes the government has collected this information
using sources and methods that are classified, and disclosure of the information risks compromising those
sources and methods. Less frequently, the existence of the threat or vulnerability is itself classified information, since disclosure of its existence
or scope might adversely affect security. In general, classification rules serve a salutary purpose—they protect information whose
disclosure “reasonably could be expected to cause exceptionally grave damage to the national security.”50 That instinct against disclosure,
however, conflicts with a newer post-9/11 standard of enhanced information sharing . In the realm of cybersecurity,
these conflicting impulses are a constant source of tension. For example, the Government Accountability Office reported last year that a survey of
private sector actors
showed that what they
want most is for their federal partners to provide “timely
and actionable cyber threat and alert information —[that is,] providing the right information to the right
persons or groups as early as possible to give them time to take appropriate action.” However, “only 27 percent of
private sector survey respondents reported that they were receiving timely and actionable cyber threat
information and alerts to a great or moderate extent.”51 Likewise, private sector actors report that they do not routinely
receive the security clearances required to adequately receive and act upon classified threat information.52 For the
most part, these problems are ones of policy, rather than law. No legal barrier prevents provision of the requisite security clearances—
it is simply a matter of inadequate resources. Likewise, the untimeliness of US-CERT’s alert process is more the product of the need for internal review
and the government’s insistence on accuracy over timeliness than it is of any legal barrier to sharing. And, indeed, this policy choice may be the right one,
since inaccuracy will erode the government’s credibility—but the cautious impulse still makes government information sharing less effective. Still, there
may be some legal restrictions beyond classification that do interfere with information sharing. According to the GAO, DHS officials report that “USCERT’s ability to provide information is impacted by restrictions that do not allow individualized treatment of one private sector entity over another
private sector entity—making it difficult to formally share specific information with entities that are being directly impacted by a cyber threat.”53 The
apparent need to avoid the appearance of favoritism amongst private sector actors may be a barrier that needs re-consideration (though this reference is
the only time the author has seen this problem identified, raising a question about its general applicability).54 Even this limited legal prohibition seems
to have had little practical effect. As Google’s request for assistance to the NSA demonstrates, there are plainly situations in which
company-specific assistance can be rendered by the government. Indeed, the Google experience is in the midst of
being generalized. Recently the Department of Defense announced the continuation of a pilot project wherein it
would share threat signature information with Internet Service Providers (ISPs) which, in turn, would use that
information to protect the systems of private corporations that are part of the Defense Industrial Base (DIB).55
This pilot program is voluntary and involves only the one-way transfer of information from the government to
the private sector—a structure that alleviates most, if not all, of the legal concerns about government
surveillance activities.56 More broadly, the Obama administration’s draft cybersecurity proposal would codify
authority for DHS to provide assistance to the private sector upon request.57 Thus, these problems are not likely
to be ones of law, but of commitment .
Disclosing zero-days disarms cyberattackers globally
Masnick 14 [Mike, founder and CEO of Floor64 and editor of the Techdirt blog, “Obama Tells NSA To Reveal,
Not Exploit, Flaws... Except All The Times It Wants To Do The Opposite,” Techdirt, April 14, 2014,
https://www.techdirt.com/articles/20140413/07094726892/obama-tells-nsa-to-reveal-not-exploit-flawsexcept-all-times-it-wants-to-do-opposite.shtml] //khirn
However, the NY Times had a story this weekend about how this move has forced the administration to clarify its position on zero day exploits. It's
already known that the NSA buys lots of zero day exploits and makes the internet weaker as a result of it .
Though, in the past, the NSA has indicated that it only makes use of the kinds of exploits that only it can use (i.e., exploits that need such immense
computing power that anyone outside of the NSA is unlikely to be able to do anything). However, the NY Times article notes that, following the White
House's intelligence review task force recommendation that the NSA stop weakening encryption and other technologies, President Obama put in
place an official rule that the NSA should have a "bias" towards revealing the flaws and helping to fix them, but
leaves open a massive loophole: But Mr. Obama carved a broad exception for “a clear national security or law enforcement need,” the officials
said, a loophole that is likely to allow the N.S.A. to continue to exploit security flaws both to crack encryption on the Internet and to design
cyberweapons. Amusingly, the NY Times initially had a title on its story saying that President Obama had decided that the NSA should "reveal, not
exploit, internet security flaws," but the title then changed to the much more accurate: "Obama Lets N.S.A. Exploit Some Internet Flaws, Officials Say."
Of course, the cold war analogy used by people in the article seems... wrong: “We don’t eliminate nuclear weapons until the Russians do,” one senior
intelligence official said recently. “You are not going to see the Chinese give up on ‘zero days’ just because we do.” Except,
it's meaningless that no one expects the Chinese (or the Russians or anyone else) to give up zero days. The simple
fact is that if the NSA were helping to stop zero days that would better protect everyone against anyone else using
those zero days. In fact, closing zero days is just like disarming both sides , because it takes the
vulnerability out of service . It's not about us giving up our "weapons," it's about building a better
defense for the world. And yet the NSA isn't willing to do that. Because they're not about protecting anyone
-- other than themselves.
US is the lynchpin of the zero-days market---that sustains the arms race and global
cyberattacks—the plan reverses that and reduces the market drastically
Perlroth and Sanger 13 (Nicole Perlroth covers cyberattacks, hackers and the cybersecurity industry for
The Times’s business news section. She is a graduate of Princeton University, Stanford University’s Graduate
School of Journalism and is a guest lecturer at Stanford’s graduate schools of business and communications.
David Sanger is the chief Washington correspondent of The New York Times. “Nations Buying as Hackers Sell
Flaws in Computer Code”, July 13, 2013, http://www.nytimes.com/2013/07/14/world/europe/nations-buyingas-hackers-sell-computer-flaws.html)//CLi
Now,
the market for information about computer vulnerabilities has turned into a gold rush.
United States is
among the buyers of programming flaws. But it is hardly alone. Israel, Britain, Russia, India and Brazil are some of the biggest spenders. North
Disclosures by Edward J. Snowden, the former N.S.A. consultant who leaked classified documents, made it clear that the
Korea is in the market, as are some Middle Eastern intelligence services. Countries in the Asian Pacific, including Malaysia and Singapore, are buying,
too, according to the Center for Strategic and International Studies in Washington. To connect sellers and buyers, dozens of well-connected brokers now
market information on the flaws in exchange for a 15 percent cut. Some hackers get a deal collecting royalty fees for every month their flaw is not
discovered, according to several people involved in the market. Some individual brokers, like one in Bangkok who goes by “the Grugq” on Twitter, are
well known. But after the Grugq spoke to Forbes last year, his business took a hit from the publicity, according to a person familiar with the impact,
primarily because buyers demand confidentiality. A broker’s approach need not be subtle. “Need code execution exploit urgent,” read the subject line of
an e-mail sent from one contractor’s intermediary last year to Billy Rios, a former security engineer at Microsoft and Google who is now a director at
Cylance, a security start-up. “Dear Friend,” the e-mail began. “Do you have any code execution exploit for Windows 7, Mac, for applications like Browser,
Office, Adobe, SWF any.” “If yes,” the e-mail continued, “payment is not an issue.” For start-ups eager to displace more established military contractors,
selling vulnerabilities — and expertise about how to use them — has become a lucrative opportunity. Firms like Vupen in Montpellier, France; Netragard
in Acton, Mass.; Exodus Intelligence in Austin, Tex.; and ReVuln, Mr. Auriemma’s and Mr. Ferrante’s Maltese firm, freely advertise that they sell
knowledge of the flaws for cyberespionage and in some cases for cyberweapons. Outside Washington, a Virginia start-up named Endgame — in which a
former director of the N.S.A. is playing a major role — is more elusive about its abilities. But it has developed a number of tools that it sells primarily to
the United States government to discover vulnerabilities, which can be used for fighting cyberespionage and for offensive purposes. Like ReVuln, none of
the companies will disclose the names of their customers. But Adriel Desautels, the founder of Netragard, said that his clients were “strictly U.S. based”
and that Netragard’s “exploit acquisition program” had doubled in size in the past three years. The average flaw now sells from around $35,000 to
$160,000. Chaouki Bekrar, the founder of Vupen, said his company did not sell to countries that are “subject to European Union, United States or United
Nations restrictions or embargoes.” He also said revenue was doubling every year as demand surged. Vupen charges customers an annual $100,000
subscription fee to shop through its catalog, and then charges per sale. Costs depend on the sophistication of the vulnerability and the pervasiveness of
the operating system. ReVuln specializes in finding remote vulnerabilities in industrial control systems that can be used to access — or disrupt — water
treatment facilities, oil and gas pipelines and power plants. “They are engaging in willful blindness,” said Christopher Soghoian, a senior policy analyst at
the American Civil Liberties Union. Many technology companies have started “bug bounty” programs in which they pay hackers to tell them about bugs
in their systems rather than have the hackers keep the flaws to themselves — or worse, sell them on the black market. Nearly a decade ago the Mozilla
Foundation started one of the first bounty programs to pay for bugs in its Firefox browser. Since then, Google, Facebook and PayPal have all followed
suit. In recent months, bounties have soared. In 2010, Google started paying hackers up to $3,133.70 — the number is hacker code for “elite” — for bugs
in its Web browser Chrome. Last month, Google increased its cash prize to $20,000 for flaws found in some of its widely used products. Facebook began
a similar program in 2011 and has since paid out $1 million. (One payout included $2,500 to a 13-year-old. The most it has paid for a single bug is
$20,000.) “The program undermines the incentive to hold on to a bug that might be worth nothing in a day,” said Joe Sullivan, Facebook’s chief security
officer. It had also had the unintended effect of encouraging ethical hackers to turn in others who planned to use its bugs for malicious use. “We’ve seen
people back-stab other hackers by ratting out a bug that another person planned to use maliciously,” he said. Microsoft, which had long resisted such a
program, did an about-face last month when it announced that it would pay hackers as much as $150,000 for information about a single flaw, if they also
provided a way to defend against it. Apple still has no such program, but its vulnerabilities are some of the most coveted. In one case, a zero-day exploit
in Apple’s iOS operating system sold for $500,000, according to two people briefed on the sale. Still, said Mr. Soghoian of the A.C.L.U., “The bounties
pale in comparison to what
the government
pays.” The military establishment, he said, “ created
Frankenstein by feeding
the market .” In many ways, the United States government created the market . When the United
States and Israel used a series of flaws — including one in a Windows font program — to unleash what became known as the Stuxnet
worm, a sophisticated cyberweapon used to temporarily cripple Iran’s ability to enrich uranium, it showed the world what was possible. It also
became a catalyst for a cyberarms race . When the Stuxnet code leaked out of the Natanz nuclear enrichment plant in Iran in the
summer of 2010, the flaws suddenly took on new value. Subsequent discoveries of sophisticated state-sponsored computer viruses named Flame and
Duqu that used flaws to spy on computers in Iran have only fueled interest. “I think it is fair to say that no one anticipated where this was going,” said
one person who was involved in the early American and Israeli strategy. “And today, no one is sure where it is going to end up.” In a prescient paper in
2007, Charlie Miller, a former N.S.A. employee, described the profitable alternatives for hackers who may have otherwise turned their information about
flaws over to the vendor free, or sold it for a few thousand dollars to programs like Tipping Point’s Zero Day Initiative, now run by Hewlett-Packard,
which used them to enhance their security research. He described how one American government agency offered him $10,000 for a Linux bug. He asked
another for $80,000, which agreed “too quickly,” Mr. Miller wrote. “I had probably not asked for enough.” Because the bug did not work with a
particular flavor of Linux, Mr. Miller eventually sold it for $50,000. But the take-away for him and his fellow hackers was clear: There was serious money
to be made selling the flaws. At their conventions, hackers started flashing signs that read, “No more free bugs.” Hackers like Mr. Auriemma, who once
gave away their bugs to software vendors and antivirus makers, now sound like union organizers declaring their rights. “Providing professional work for
free to a vendor is unethical,” Mr. Auriemma said. “Providing professional work almost for free to security companies that make their business with your
research is even more unethical.” Experts say there is limited incentive to regulate a market in which government agencies
are some of the biggest participants.
Disclosing vulnerabilities amounts to disarming the NSA --- zero-days are key
Kehl et al. 14 [Danielle Kehl is a Policy Analyst at New America’s Open Technology Institute (OTI). Kevin
Bankston is the Policy Director at OTI, Robyn Greene is a Policy Counsel at OTI, and Robert Morgus is a
Research Associate at OTI, New America is a nonprofit, nonpartisan public policy institute that invests in new
thinkers and new ideas to address the next generation of challenges facing the United States, Policy Paper,
“Surveillance Costs: The NSA’s Impact on the Economy, Internet Freedom & Cybersecurity,” July 2014,
https://www.newamerica.org/oti/surveillance-costs-the-nsas-impact-on-the-economy-internet-freedom-andcybersecurity/] //khirn
In April 2014, Bloomberg reported that the NSA had known for at least two years about the Heartbleed bug, a security vulnerability in the OpenSSL
protocol that reportedly affected millions of websites worldwide, “and regularly used it to gather critical intelligence.”282 Although the allegations—
which the Office of the Director of National Intelligence quickly denied—appear to be false,283 the story turned the spotlight on one of the least reported
NSA practices: that the agency
routinely stockpiles knowledge about security holes that it discovers so that it
can later exploit the vulnerabilities to collect information or infect target devices with malware,
rather than disclosing the vulnerabilities to companies so that they can be patched.284 The practice was referred to indirectly or in
passing in a number of the stories about the NSA programs, particularly in the December 2013 Der Spiegel series describing the
behavior of the NSA’s Tailored Access Operations Unit.285 But the emphasis at that time was on the malicious activity the NSA
was able to carry out as a result of those vulnerabilities, and not on the security risk created by the stockpiling
itself, which leaves companies and ordinary users open to attack not just from the NSA but from anyone
who discovers or learns about the flaws . In recent years, a substantial market for information about
security vulnerabilities has sprung up, with governments joining companies and security researchers in hunting
for and trading information about how to exploit holes in mass-market software and services .286
According to the leaks, the
NSA and related branches of the U.S. intelligence apparatus spend millions of dollars looking
for software flaws and other vulnerabilities , targeting everything from the commercial software sold by
American companies to widely used open-source protocols like OpenSSL.287 The NSA employs more than a
thousand researchers and experts using a variety of sophisticated techniques to look for bugs.288
‘ Zero-day’
exploits , a term that refers to vulnerabilities that have been discovered but have not yet been disclosed to the public or the
vendor,289 are
particularly coveted because it is much harder to protect systems from an attack against an
unknown weakness. “Not surprisingly, officials at the N.S.A. and at its military partner, the United States Cyber Command, warned
that giving up the capability to exploit undisclosed vulnerabilities would amount to ‘ unilateral
disarmament ,’” wrote cybersecurity expert David E. Sanger.290 According to Sanger, one senior White House official told him, “I can’t imagine
the president — any president — entirely giving up a technology that might enable him some day to take a covert action that could avoid a shooting
war.”291 In theory, the NSA’s dual mission of carrying out signals intelligence (SIGINT) and protecting communications security (COMSEC) for military
and diplomatic communications should be mutually beneficial when it comes to vulnerabilities and exploits, because SIGINT could inform COMSEC
about potential weaknesses and vice versa. However, as Steven Bellovin, Matt Blaze, Sandy Clark, and Susan Landau write, “reality is in fact very
different. COMSEC’s awareness of the need to secure certain communications channels has often been thwarted by SIGINT’s desire that patching be
delayed so that it can continue to exploit traffic using the vulnerability in question.”292 When the NSA discovers vulnerabilities in
communications technologies and other products, it
has a strong disincentive to promptly disclose those
vulnerabilities to the companies since the companies will patch them, forcing the NSA to look for new
ways to access the information it seeks. Thus—as in the case of encryption standards—the NSA’s signals intelligence mission
has interfered with the NSA’s information assurance mission, and the agency has built a massive catalogue of
software and hardware vulnerabilities that is has stockpiled for its own purposes rather than disclosing
them to vendors so that they can be fixed. 293 The Director of National Intelligence recently revealed the existence of an
interagency process—referred to as the “Vulnerabilities Equities Process”—designed to facilitate the responsible disclosure of vulnerabilities,294 but the
extent to which the NSA provides information through the process is unclear.295 NSA Director and Commander of U.S. Cyber Command Vice Admiral
Michael S. Rogers explained to the Senate Armed Services Committee during his confirmation that “within NSA, there is a…process for handling ‘0-day’
vulnerabilities discovered in any commercial product or system (not just software) utilized by the U.S. and its allies… [where] all vulnerabilities
discovered by NSA… are documented, subject to full analysis, and acted upon promptly.”296
The status quo provides incentives for writing software with vulnerabilities --- the signal of the
plan is crucial to long-term cybersecurity
Schneier 12 [Bruce, security expert with 13 books, fellow at the Berkman Center for Internet & Society at
Harvard Law School, a program fellow at the New America Foundation's Open Technology Institute and the
CTO of Resilient Systems, “The Vulnerabilities Market and the Future of Security,” Forbes, 5/30/2012,
http://www.forbes.com/sites/bruceschneier/2012/05/30/the-vulnerabilities-market-and-the-future-ofsecurity/] //khirn
Recently, there have been several articles about the new market in zero-day exploits: new and unpatched computer vulnerabilities. It’s not just software
companies, who sometimes pay bounties to researchers who alert them of security vulnerabilities so they can fix them. And it’s not only criminal
organizations, who pay for vulnerabilities they can exploit. Now there are governments, and companies who sell to governments, who buy
vulnerabilities with the intent of keeping them secret so they can exploit them . This market is larger
than most people realize, and it’s becoming even larger. Forbes recently published a price list for zero-day exploits, along with the story of a
hacker who received $250K from “a U.S. government contractor” (At first I didn’t believe the story or the price list, but I have been convinced that they
both are true.) Forbes published a profile of a company called Vupen, whose business is selling zero-day exploits. Other companies doing this range from
startups like Netragard and Endgame to large defense contractors like Northrop Grumman, General Dynamics, and Raytheon. This is very different than
in 2007, when researcher Charlie Miller wrote about his attempts to sell zero-day exploits; and a 2010 survey implied that there wasn’t much money in
selling zero days. The market has matured substantially in the past few years. This new market perturbs the economics of finding security vulnerabilities.
And it does so to the detriment of us all. I’ve long argued that the process of finding vulnerabilities in software system increases
overall security. This is because the economics of vulnerability hunting favored disclosure. As long as the
principal gain from finding a vulnerability was notoriety, publicly disclosing vulnerabilities was the only
obvious path. In fact, it took years for our industry to move from a norm of full-disclosure — announcing the vulnerability
publicly and damn the consequences — to something called “responsible disclosure”: giving the software vendor a head start in
fixing the vulnerability. Changing economics is what made the change stick: instead of just hacker notoriety, a successful vulnerability finder could land
some lucrative consulting gigs, and being a responsible security researcher helped. But regardless of the motivations, a disclosed vulnerability
is one that — at least in most cases — is patched. And a patched vulnerability makes us all more secure. This is why the
new market for vulnerabilities is so dangerous; it results in vulnerabilities remaining secret and unpatched. That it’s even
more lucrative than the public vulnerabilities market means that more hackers will choose this path. And unlike the
previous reward of notoriety and consulting gigs, it gives software programmers within a company the incentive
to deliberately create vulnerabilities in the products they’re working on — and then secretly sell them
to some government agency . No commercial vendors perform the level of code review that would be
necessary to detect, and prove mal-intent for, this kind of sabotage. Even more importantly, the new market for security
vulnerabilities results in a variety of government agencies around the world that have a strong interest in those
vulnerabilities remaining unpatched . These range from law-enforcement agencies (like the FBI and the German
police who are trying to build targeted Internet surveillance tools,
to intelligence agencies like the NSA who are trying to
build mass Internet surveillance tools , to military organizations who are trying to build cyber-weapons. All of these agencies
have long had to wrestle with the choice of whether to use newly discovered vulnerabilities to protect or to attack. Inside the NSA, this was traditionally
known as the “equities issue,” and the debate was between the COMSEC (communications security) side of the NSA and the SIGINT (signals intelligence)
side. If they found a flaw in a popular cryptographic algorithm, they could either use that knowledge to fix the algorithm and make everyone’s
communications more secure, or they could exploit the flaw to eavesdrop on others — while at the same time allowing even the people they wanted to
protect to remain vulnerable. This debate raged through the decades inside the NSA. From what I’ve heard, by 2000, the COMSEC side had largely won,
but things flipped completely around after 9/11. The whole point of disclosing security vulnerabilities is to put pressure on
vendors to release more secure software. It’s not just that they patch the vulnerabilities that are made public —
the fear of bad press makes them implement more secure software development processes. It’s another economic process; the cost of designing software
securely in the first place is less than the cost of the bad press after a vulnerability is announced plus the cost of writing and deploying the patch. I’d be
the first to admit that this isn’t perfect — there’s a lot of very poorly written software still out there — but it’s the best incentive we have.
We’ve always expected the NSA, and those like them, to keep the vulnerabilities they discover secret. We have been
counting on the public community to find and publicize vulnerabilities, forcing vendors to fix them. With the rise of these new pressures to
keep zero-day exploits secret, and to sell them for exploitation, there will be even less incentive on software
vendors to ensure the security of their products. As the incentive for hackers to keep their vulnerabilities secret grows, the
incentive for vendors to build secure software shrinks. As a recent EFF essay put it, this is “security for the 1%.”
And it makes the rest of us less safe.
TOPICALITY
2AC DOMESTIC SURVEILLANCE (VERSION 2)
Counter-interpretation: domestic surveillance is the acquisition of nonpublic information
concerning United States persons --- the plan meets because it curtails the acquisition of
American companies’ intellectual property
Small 8 [Matthew L., United States Air Force Academy, 2008, “His Eyes are Watching You: Domestic
Surveillance, Civil Liberties and Executive Power during Times of National Crisis,”
http://www.thepresidency.org/storage/documents/Fellows2008/Small.pdf] //khirn
Before one can make any sort of assessment of domestic surveillance policies, it
is first necessary to narrow the scope of the term
“domestic surveillance.” Domestic surveillance is a subset of intelligence gathering. Intelligence, as it is to be
understood in this context, is “information that meets the stated or understood needs of policy makers and has been
collected, processed and narrowed to meet those needs” (Lowenthal 2006, 2). In essence, domestic surveillance is a
means to an end; the end being intelligence. The intelligence community best understands domestic surveillance
as the acquisition of nonpublic information concerning United States persons (Executive Order 12333
(3.4) (i)). With this definition domestic surveillance remains an overly broad concept.
US persons include corporations
IRS 15 [Internal Revenue Service, “Classification of Taxpayers for U.S. Tax Purposes,” May 5, 2015,
<irs.gov/Individuals/International-Taxpayers/Classification-of-Taxpayers-for-U.S.-Tax-Purposes>] //khirn
United States Persons
The term ''United States person'' means:
A citizen or resident of the United States
A domestic partnership
A domestic corporation
Any estate other than a foreign estate
Any trust if:
A court within the United States is able to exercise primary supervision over the administration of the trust,
and
One or more United States persons have the authority to control all substantial decisions of the trust
Any other person that is not a foreign person.
“Nonpublic information” includes intellectual property
TriQuint Semiconductor, Inc. 11 [“Investor Relations,” 8/4/11,
http://www.triquint.com/products/d/investor-relations] //khirn
Definition of Material Nonpublic Information
It is not possible to define all categories of material information. However, information should be
regarded as material if there is a reasonable likelihood that it would be considered important to
an investor in making an investment decision regarding the purchase or sale of the Company’s
securities.
While it may be difficult under this standard to determine whether particular information is
material, there are various categories of information that are particularly sensitive and, as a
general rule, should always be considered material. Examples of such information may include,
without limitation:
equipment manufacturers, collaborators and other business partners
Patent or other intellectual property milestones
ifications
positive and negative information may be material.
Nonpublic information is information that has not been previously disclosed to the general public
and is otherwise not readily available to the general public .
Software vulnerabilities impinge on intellectual property
Oriola 11 [Taiwo A. Oriola, The School of Law, University of Ulster, Northland Road, Londonderry, United
Kingdom, “BUGS FOR SALE: LEGAL AND ETHICAL PROPRIETIES OF THE MARKET IN SOFTWARE
VULNERABILITIES,” Summer, 2011, The John Marshall Journal of Computer & Information Law, 28 J.
Marshall J. Computer & Info. L. 451] //khirn
Could Vulnerabilities Research Impinge on Intellectual Property ? Whilst software is protected by
law n375 and copyright statute, n376 the most likely challenging intellectual property related statute
[*508] for software vulnerabilities research and disclosure in the United States is the Digital Millennium Copyright Act
("DMCA"), n377 designed to strengthen digital copyright protection. n378 To this end, the DMCA prohibits circumventing access
control to technology safeguarding digital copyright such as encryption. n379 Additionally, the DMCA forbids
dissemination of devices or technologies that have few secondary commercial uses other than to primarily
facilitate circumvention. n380 The DMCA also prohibits the removal or alteration of copyright management
information appended to copyright files. n381 Significantly, the DMCA makes a limited exception for encryption research, which is
C.
both patent
defined as: activities necessary to identify and analyze flaws and vulnerabilities of encryption technologies applied to copyrighted works, if these
activities are conducted to advance the of knowledge in the field of encryption technology or to assist in the development of encryption products... n382
We meet --- disclosing zero-day’s curtails the NSA’s ability to surveil
Mick 13 [Jason, news editor and columnist for the leading science and technology online publication, “Tax and
Spy: How the NSA Can Hack Any American, Stores Data 15 Years,” DailyTech, December 31, 2013,
http://www.dailytech.com/Tax+and+Spy+How+the+NSA+Can+Hack+Any+American+Stores+Data+15+Year
s/article34010.htm] //khirn
According to him, the
NSA has zero day vulnerabilities on hand that allow it to penetrate virtually any Wi-Fi router,
Windows PC, external storage device, server, tablet, or smartphone. Rather than give this data to private
sector firms to offer increased security to users, the NSA turns around and exploits these flaws to spy on
everyone -- sort of a digital equivalent of "sometimes you have to burn a village to save it." The NSA calls its attack toolkit
"FOXACID". FOXACID is packed with "QUANTUM" tools, which are NSA's digital lockpicks. Like many clumsy picks, they
can damage the lock they attack, but it appears the NSA isn't terribly concerned about that.
2AC DOMESTIC SURVEILLANCE (VERSION 1)
Software vulnerabilities, like all surveillance techniques, are dual-use --- even if they can be
used for other purposes, the plan’s restriction is topical
Bellovin et al. 14 [Steven M., professor of computer science at Columbia University, Matt Blaze, associate
professor of computer science at the University of Pennsylvania, Sandy Clark, Ph.D. student in computer
science at the University of Pennsylvania, Susan Landau, 2012 Guggenheim Fellow; she is now at Google, Inc.,
April, 2014, “Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet,” Northwestern
Journal of Technology and Intellectual Property, 12 Nw. J. Tech. & Intell. Prop. 1] //khirn
P189 As we have mentioned, even without considering its use by law enforcement, information
about software vulnerabilities is
inherently "dual use" --useful for both offense and defense. Related to the issue of reporting and proliferation is the
question of how the law should treat information about vulnerabilities and the development of software tools that exploit them
by non-law enforcement persons. Should information about vulnerabilities, and tools that exploit them, be restricted by law? How do existing statutes
treat such information and tools? P190 The issue of how to handle such dual-use technologies is not new. The computer security
community has grappled for years with the problem of discouraging illicit exploitation of newly discovered vulnerabilities by criminals while at the same
time allowing legitimate users and researchers to learn about the latest threats, in part to develop effective defenses. n271 It is all but impossible to
prevent information about vulnerabilities or software exploits that use them from getting in to the hands of criminals without hampering efforts at
defense. On the one hand, information about zero-day vulnerabilities is coveted by criminals who seek unauthorized and illicit access to the computers of
others. But the same zero-day information is also used, and sought out by, legitimate security researchers and computer scientists who are engaged in
building defenses against attack and in analyzing the security of new and existing systems and software. P191 Even software tools that exploit
vulnerabilities are inherently dual use. They can be used by criminals on the one hand, but are also useful to defenders and researchers.
For example, computer and network system administrators routinely use tools that attempt to exploit vulnerabilities to test the security of their own
systems and to verify that their defenses are effective. Researchers who discover new security vulnerabilities or attack methods often develop "proof of
concept" attack software to test and demonstrate the methods they are studying. It is not unusual for software that demonstrates a new attack method to
be published and otherwise made freely available by academics and other researchers. Such software is quite mainstream in the computer science
research community. n272 [*63] P192 The software used by malicious, criminal attackers to exploit vulnerabilities can
thus be very difficult to meaningfully distinguish from mainstream, legitimate security research and testing
tools. It is a matter of context and intent rather than attack capabilities per se, and current law appears to reflect this. P193 Current wiretap law
does not generally regulate inherently dual-use technology. The provision of Title III concerned with wiretapping equipment, 18
USC § 2512, generally prohibits possession and trafficking in devices that are "primarily useful" for
"surreptitious interception" of communications, n273 which does not appear to apply to a wide range of current
software exploit tools developed and used by researchers. We believe this is as it should be . The security
research community depends on the open availability of software tools that can test and analyze software
vulnerabilities. Prohibiting such software generally would have a deleterious effect on progress in
understanding how to build more secure systems, and on the ability for users to determine whether their
systems are vulnerable to known attacks. In addition, we note that given that the majority of vulnerability markets are outside the U.S.,
and that national security agencies are heavy purchasers of these vulnerabilities, n274 regulating them is not a plausible option. P194 The specialized
tools developed by law enforcement to collect and exfiltrate evidence from targets' computers, however, might fall
more comfortably under the scope of 18 U.S.C. § 2512 (2006) as it is currently written. These tools would not be developed
to aid research or test systems, but rather to accomplish a law enforcement interception goal . They
would have narrowly focused features designed to make their installation surreptitious and their ongoing
operation difficult to detect. They would also have features designed to identify and collect specific data, and
would have no alternative use outside the surreptitious interception application for which they were developed.
Such tools, unlike those used by researchers, could more easily meet section 2512's test of [*64] being "primarily
useful" for "surreptitious interception," and thus would be unlawful if someone "manufactures, assembles,
possesses, or sells" them except under the circumstances spelled out in that section .
Zero-days are forms of targeted cyber surveillance
Bae 14 [Eirik, “Nation-State Cyber Surveillance Options: The role of suppliers,” Master’s Thesis, Master of
Science in Information Security, Department of Computer Science and Media Technology, Gjøvik University
College, 2014, http://brage.bibsys.no/xmlui/bitstream/id/211999/EBae.pdf] //khirn
Nation-State Cyber Surveillance Options: The role of suppliers 4.2.2 Data at Rest In this thesis, the definition of data at rest is when data is residing in
the device where the information is stored, and all the way, until it leaves the location or device. In order to access data at rest, it will require some sort of
targeted access to the suspect’s device. This can be achieved by legal or less legal means, by either physical seizing the equipment or perform a technical
infiltration. It would be fair to assume that governmental agencies choose to adhere to laws and stay as much as possible within the policies and
regulations that they have. Alternatives for targeted cyber surveillance are described in Section 4.2.2. Targeted Cyber Surveillance In order
to perform targeted cyber surveillance it would in most cases be necessary to somehow examine information on
their target’s device. There are different ways that the governmental agencies could access this information. Possible ways to do this is to seize the
device, or exploit it either locally or remotely. This section explains options we observed that could be used for performing targeted cyber surveillance by
nation-states. Seizing of devices Seizing of devices is an approach that enables the nation-state to get a hold of the
device. This can be done in a legal way where a warrant is required to seize the device [68]. The less legal way is also
optional, in which the device is simply being stolen from their target. Seizing devices is not a part of a cyber-operation, but it is an
effective way to get a hold of devices that store important information. Device exploitation The alternative to
physically seizing the device is to use a semi-legal approach to infiltrate the device locally or remotely, e.g. phishing,
and then rely on some sort of surveillance software or hardware installations for data collection. For most
exploitation, there is a need to get a hold of exploits that can be used on vulnerable targets. In order to make sure that
the exploit has a high rate of success it could be necessary to use zero-day exploits , i.e. exploits that are not yet disclosed to the
world, and therefore not yet been patched [69, p. 1]. Such zero-day exploits can exploit vulnerabilities in software and hardware. Options for acquisition
of exploits are shown in Table 4.
Zero-days are surveillance --- hot debate in the literature
Greenberg 14 [Andy, “Kevin Mitnick, once the world’s most wanted hacker, is now selling zero-day exploits,”
Wired, 9/24/2014, http://www.wired.com/2014/09/kevin-mitnick-selling-zero-day-exploits/] //khirn
As the zero day market has come to light over the last several years, freelance hackers’ sale of potential
surveillance tools to government agencies has become a hotly debated ethical quandary in the security
community. The notion of Kevin Mitnick selling those tools could be particularly eyebrow-raising; After all, Mitnick became a symbol of government
oppression in the late 1990s, when he spent four and a half years in prison and eight months in solitary confinement before his trial on hacking charges.
The outcry generated a miniature industry in “Free Kevin” T-shirts and bumper stickers. Enabling
targeted surveillance also
clashes with Mitnick’s new image as a privacy advocate; His forthcoming book titled “The Art of Invisibility” promises to teach readers
“cloaking and countermeasures” against “Big Brother and big data.”
Vulnerability exploitation is a type of electronic surveillance
Bellovin et al. 14 [Steven M. Bellovin, Matt Blaze, Sandy Clark, and Susan Landau, “Lawful Hacking: Using
Existing Vulnerabilities for Wiretapping on the Internet”, 12 Nw. J. Tech. & Intell. Prop. 1 (2014),
http://scholarlycommons.law.northwestern.edu/njtip/vol12/iss1/1] //khirn
Vulnerability exploitation has more than a whiff of dirty play about it; who wants law enforcement to be developing and using
malware to break into users’ machines? We agree that this proposal is disturbing. But as long as wiretaps remain an authorized
investigatory tool, law enforcement will press for ways to accomplish electronic surveillance even in
the face of communications technologies that make it very difficult. We are at a crossroads where the choices are to
reduce everyone’s security or to enable law enforcement to do its job through a method that appears questionable but that does not actually make us less
secure. In this debate, our proposal provides a clear win for both innovation and security.
Zero-days are surveillance tools
ISN 14 [“Exporting Surveillance: A New International Security Issue,” The International Relations and
Security Network, 31 July 2014, http://www.isn.ethz.ch/Digital-Library/Articles/Detail/?id=182246] //khirn
From the Stasi in Cold War East Germany to security forces in contemporary Syria, surveillance
has long been an effective tool for
authoritarian governments to root out dissent and identify potential points of unrest. Before the widespread use of the
Internet and social media, domestic surveillance depended on a heavy police presence, human intelligence methods, and the occasional use of technology
to bug a room or tap a wire. Today, governments are increasingly using these new technologies to collect and monitor the
data and conversations of their citizens on an unprecedented scale. Until recently, the global trade in
equipment enabling electronic surveillance was largely unchecked. It first entered the spotlight after the Arab uprisings. When
the archives of fallen Arab regimes opened to the public, they provided a unique insight into those regimes’ inner workings and trade relationships. As a
result, the French government opened a judicial inquiry into Amesys, a French company that sold surveillance technology to Gadhafi’s security forces.
Remnants of Blue Coat operating systems , sold by an American company, were also uncovered in Syria. This made it clear that companies in the U.S.
and Europe were providing these technologies to regimes with dubious human rights records that used them against their citizens. The global
market for surveillance tools has ballooned in recent years. According to the Wall Street Journal , the retail market for these
technologies “sprung up from ‘nearly zero’ in 2001 to around $5 billion a year” in 2011. This explosion in demand reflects the shifting
dynamics of surveillance associated with the move online. While these technologies, such as Hacking Team’s Remote
Control System and Gamma International’s FinFisher, can be useful for law enforcement purposes, they become problematic
when exported to countries without the rule of law and with little respect for human rights . Recent reports even suggest
that the Ethiopian government used kits supplied by European firms to spy on people living in the United States and the United Kingdom.
The aff is a key part of topic literature
Fidler 14 [Mailyn, Stanford University, “Anarchy or regulation: Controlling the global trade in zero-day
vulnerabilities,” thesis submitted to the Interschool Honors Program in International Security Studies, May
2014, https://stacks.stanford.edu/file/druid:zs241cm7504/ZeroDay%20Vulnerability%20Thesis%20by%20Fidler.pdf] //khirn
U.S. policy towards zero-days has received significant attention for multiple reasons.
The U.S. government, specifically the NSA, is a
known purchaser of vulnerabilities.55 The United States is believed to have used zero-days in a major cyber operation (Stuxnet), and the
Snowden documents revealed additional information about U.S. government vulnerability use. In the aftermath of Snowden, U.S.
vulnerability policy was included in discussions about the need for reform of cyber surveillance
policy . Then, the recent Heartbleed bug situation forced the White House to be more transparent about the zero-day issue
than it had before. These policy explanations indicated the administration has a “bias” towards responsibly disclosing
vulnerabilities, but that the U.S. government reserves the right to keep vulnerabilities secret by making “a broad
exception for ‘a clear national security or law enforcement need.’”56 Chapter 3 analyzes U.S. vulnerability policy in more detail.
The level of attention paid to U.S. policy on the zero-day issue, both pre-Snowden and post-Snowden, is an indicator that the zero-day issue is a serious
national and international security problem.
Zero-days are surveillance tools
Fidler 14 [Mailyn, Stanford University, “Anarchy or regulation: Controlling the global trade in zero-day
vulnerabilities,” thesis submitted to the Interschool Honors Program in International Security Studies, May
2014, https://stacks.stanford.edu/file/druid:zs241cm7504/ZeroDay%20Vulnerability%20Thesis%20by%20Fidler.pdf] //khirn
The judicial review mechanisms addressed here, primarily FISA/FISC,
deal with the authorization of foreign intelligence
activities. As such, they are tool-neutral: foreign intelligence surveillance enabled by a zero-day vulnerability or via
wiretapping would likely be treated the same by this statute and court. Given this aspect, there is not an obvious role
for judicial oversight of use or purchase of zero-day vulnerabilities. Establishing FISC oversight over purchase,
use, or disclosure of zero-days is not in keeping with the judiciary’s role in this context and would likely be
opposed by the intelligence community as heavy-handed and unnecessary. The intelligence community would likely, and perhaps rightly,
question whether an operation carried out using a purchased zero-day vulnerability deserves greater judicial scrutiny than other operations.
Any attempt to limit out zero-days is super arbitrary
Fidler 14 [Mailyn, Stanford University, “Anarchy or regulation: Controlling the global trade in zero-day
vulnerabilities,” thesis submitted to the Interschool Honors Program in International Security Studies, May
2014, https://stacks.stanford.edu/file/druid:zs241cm7504/ZeroDay%20Vulnerability%20Thesis%20by%20Fidler.pdf] //khirn
Despite King’s confidence that “if we keep the text as is, we’re fine,” the existing language does raise questions. The
language attempts to
establish a difference between, for instance, a root kit and the tool that deploys or communicates the root kit. This
difference matters, because it determines the tools actually controlled by the change. In theory, this distinction
regulates surveillance tools but not the components of surveillance tools; it would control the system using a
zero-day vulnerability, but not the zero-day. This difference would theoretically mean security researchers
could continue to use tools vital to their work, because they do not typically deploy the same large-scale systems
orchestrating or communicating such tools that the targeted companies deploy. The distinction, despite not targeting
zero-days, may have secondary effects on the zeroday market. For instance, VUPEN is suspected of supplying Hacking
Team with zero-days.599 If Hacking Team’s market for surveillance systems decreases, they may not buy as
many component zero-days, decreasing VUPEN’s customer base. However, VUPEN has many other clients besides
surveillance system sellers, particularly government clients, and so these secondary effects on companies like VUPEN may not be very
dramatic.
Cyberwar instruments are topical --- the NSA uses them for surveillance
Ranger 15 [Steve Ranger, May 6, 2015, “The impossible task of counting up the world's cyber armies,” ZDNet,
UK editor-in-chief, TechRepublic and ZDNet] //khirn
Calculating the scale of the world's cyber-warfare forces is a tricky business. Even for Western governments
which are relatively open about the scale of their armed forces, cyber warfare is one area where most
clam up.
That's partly because they are reluctant to tip off potential adversaries about their capabilities, but the bigger
issue is that it's intelligence agencies like the NSA and GCHQ that have been pioneering the use of the
internet for surveillance and have the highest-level skills. As spies like to operate in the shadows, that means
that a veil of secrecy is thrown over most details of military cyber operations, even though the scale of the
investment and operations continues to grow.
1AR TOPICALITY
Technical precision w/r/t surveillance definitions is impossible --- prefer guiding the topic by
centering debate around core literature controversies
Fidler 14 [Mailyn, Stanford University, “Anarchy or regulation: Controlling the global trade in zero-day
vulnerabilities,” thesis submitted to the Interschool Honors Program in International Security Studies, May
2014, https://stacks.stanford.edu/file/druid:zs241cm7504/ZeroDay%20Vulnerability%20Thesis%20by%20Fidler.pdf] //khirn
The distinction also raises technical questions. When
are lines of code “specially designed” for installation of intrusion
software? Is it just the line that says “install rootkit.exe” that is controlled?600 If so, the regulation would be
meaningless, because such a line is easily added or removed. Is any program that includes an install line
included? If so, the regulation is overbroad . These examples are simple, because one line of code is often not the
extent of the installation architecture, but it demonstrates the point. Without greater regulatory and technical
clarity about the distinction between peripheral software and the components of intrusion software, the
attempt to control digital surveillance tools may be thwarted or damage legitimate security
research .
AT: ORIOLA CONCLUDES NEG
The DMCA restricts vulnerabilities research --- acquiring vulnerabilities is acquiring
intellectual property
Oriola 11 [Taiwo A. Oriola, The School of Law, University of Ulster, Northland Road, Londonderry, United
Kingdom, “BUGS FOR SALE: LEGAL AND ETHICAL PROPRIETIES OF THE MARKET IN SOFTWARE
VULNERABILITIES,” Summer, 2011, The John Marshall Journal of Computer & Information Law, 28 J.
Marshall J. Computer & Info. L. 451] //khirn
It is noteworthy, however, that, but for a special representation made by the encryption research community to the Congress, which urged the research
exception prior to the release of the final version and enactment of the DMCA, there would be no encryption research exception in the DMCA at all. n394
Nevertheless, the
limited encryption research exception has been criticized for imposing too restrictive
operative conditions . These range from the narrow conception of what encryption research entails , n395 to
the requirement that researchers must first seek authorization of copyright owners prior to engaging in
research, n396 to the ostensible exclusion of non-academic researchers (such as non-affiliated individual researchers or
"hobbyists") from the list of qualified encryption researchers, n397 to the restrictive conditions for the publication or
dissemination of research information or outcomes. n398 There is indeed ample evidence that security and
encryption researchers are wary of the possible civil and criminal penalties that a violation of any of the
restrictive provisions of the DMCA on encryption research, security testing, and reverse engineering of
software could engender. n399 Notable amongst such incidents was the much publicized [*511] event in which
Professor J. Alex, Halderman, then a graduate student at Princeton University delayed the publication of the existence of several security vulnerabilities
that he found in the CD copy-protection software on dozens of Sony-BMG titles. He delayed disclosing the vulnerabilities for several weeks whilst he
sought legal advice from lawyers on how to avoid running afoul of DMCA pitfalls, a measure that left millions of music fans unnecessarily at risk. n400
The fear of prosecution or litigation by vulnerabilities researchers is not entirely unfounded as exemplified by
several incidents of actual threats of DMCA lawsuits. For example, in April 2003, the educational software company, Blackboard Inc.,
obtained a temporary restraining order to stop the presentation of research on security vulnerabilities in its software products at the InterzOne II
conference in Atlanta. n401 The said software security vulnerabilities pertained to the Blackboard ID card system used by university campus security
systems. However, the students who were scheduled to speak on the vulnerabilities and the conference organizers had no opportunity to challenge the
temporary restraining order, which was obtained ex parte on the eve of the event. n402
INHERENCY
2AC INHERENCY
Recent leaks show that the NSA is sitting on mounds of zero-days
Crocker 15 [Andrew, staff attorney on the Electronic Frontier Foundation’s civil liberties team, J.D. Harvard
University, “The Government Says It Has a Policy on Disclosing Zero-Days, But Where Are the Documents to
Prove It?,” March 30, 2015, https://www.eff.org/deeplinks/2015/03/government-says-it-has-policydisclosing-zero-days-where-are-documents-prove-it] //khirn
We have known for some time that the
U.S. intelligence and law enforcement community looks to find and exploit
vulnerabilities in commercial software for surveillance purposes. As part of its reluctant, fitful transparency efforts after the
Snowden leaks, the government has even officially acknowledged that it sometimes uses so-called zero-days. These statements
are intended to reassure the public that the government nearly always discloses vulnerabilities to software
vendors, and that any decision to instead exploit the vulnerability for intelligence purposes is a thoroughly
considered one. But now, through documents EFF has obtained from a Freedom of Information Act (FOIA) lawsuit, we
have learned more about the extent of the government’s policies, and one thing is clear: there’s very little to
back up the Administration’s reassuring statements . In fact, despite the White House’s claim that it had
“reinvigorated” its policies in spring 2014 and “established a disciplined, rigorous and high-level decision-making process for vulnerability
disclosure,” none of the documents released in response to our lawsuit appear to be newer than 2010. Last
spring, the Office of the Director of National Intelligence (ODNI) issued a strong denial of press reports that the NSA knew about and exploited the
Heartbleed vulnerability in the OpenSSL library. As part of that denial, the ODNI described the “Vulnerabilities Equities Process”
(VEP), an “interagency process for deciding when to share vulnerabilities” with developers. EFF submitted a FOIA request to
ODNI and NSA to learn more about the VEP and then sued to force the agencies to release documents. ODNI has now finished releasing documents in
response to our suit, and the results are surprisingly meager. Among the handful of heavily redacted documents is a one-page list of VEP “Highlights”
from 2010. It briefly describes the history of the interagency working group that led to the development of the VEP and notes that the VEP established an
office called the “Executive Secretariat” within the NSA. The only other highlight left unredacted explains that the VEP “creates a process for notification,
decision-making, and appeals.” And that’s it. This document, which is almost five years old, is the most recent one released. So where are the
documents supporting the “reinvigorated” VEP 2.0 described by the White House in 2014 ? Nor do the
documents we have seen do much to back up the claim that VEP 1.0 ever functioned as a guide for helping the
government decide whether to disclose zero-days. Meanwhile, reports describing the CIA’s annual hacker “jamboree” instead suggest
that there’s little stopping the government from exploiting vulnerabilities it comes across. Indeed, none of the documents describing the CIA’s jamboree
contain the slightest suggestion that the VEP was actively considered. Writing about the newly released documents in Wired, Kim Zetter places them in
the context of the government's development of the Stuxnet worm: We know that Stuxnet, a digital weapon designed by the U.S. and Israel to
sabotage centrifuges enriching uranium for Iran’s nuclear program, used
five zero-day exploits to spread between 2009 and 2010—before the
of these zero-days exploited a fundamental vulnerability in the Windows operating
system that, during the time it remained unpatched, left millions of machines around the world vulnerable to attack.
equities process was in place. One
Since the equities process was established in 2010, the government has continued to purchase and use zero days supplied by contractors. The older
documents [.pdf] released to EFF by ODNI are so thoroughly redacted that it’s difficult to glean much from them, though they seem mainly to report
progress made by the working group developing the VEP over the course of several months in 2008. One suggests that the working group recognized
different considerations between the government’s “Offense” and “Defense” functions in dealing with zero-days. Another tantalizingly mentions that the
working group asked stakeholders to begin “drafting of scenarios (vignettes)” to illustrate the policy issues involved in the VEP, but of course any such
vignettes in the documents are redacted. The core of the concern over the government’s use of zero-days is that these vulnerabilities often exist in
products that are used widely by the general public. If the government keeps a vulnerability secret for intelligence purposes, it
does not notify the developer, which would likely otherwise issue a patch and protect users from online
adversaries such as identity thieves or foreign governments who may also be aware of the zero-day.
Nevertheless, the Snowden leaks have shown that
the government apparently routinely sits on zero-days , something that
VEP is supposedly an answer to these concerns, but right now it
President Obama’s own Review Group strongly recommended against [.pdf]. The
looks like just so much vaporware .
Loopholes allow continued secrecy
Zetter 14 [Kim, award-winning journalist who covers cybercrime, civil liberties, privacy, and security for
Wired, “Obama: NSA must reveal bugs like Heartbleed, unless they help the NSA,” Wired,
http://www.wired.com/2014/04/obama-zero-day/] //khirn
AFTER YEARS OF studied silence on the government’s secret and controversial use of security vulnerabilities, the
White House has finally acknowledged that the NSA and other agencies exploit some of the software holes
they uncover, rather than disclose them to vendors to be fixed. The acknowledgement comes in a news report indicating that
President Obama
decided in January that from now on any time the NSA discovers a major flaw in software, it must
disclose the vulnerability to vendors and others so that it can be patched, according to the New York Times. But Obama
included a major loophole in his decision, which falls far short of recommendations made by a presidential
review board last December: According to Obama, any flaws that have “a clear national security or law enforcement” use
can be kept secret and exploited . This, of course, gives the government wide latitude to remain silent on
critical flaws like the recent Heartbleed vulnerability if the NSA, FBI, or other government agencies can justify
their exploitation. A so-called zero-day vulnerability is one that’s unknown to the software vendor and for which no
patch therefore exists. The U.S. has long wielded zero-day exploits for espionage and sabotage purposes, but has never
publicly stated its policy on their use. Stuxnet, a digital weapon used by the U.S. and Israel to attack Iran’s uranium enrichment program, used five zeroday exploits to spread.
No disclosure now --- multiple government agencies purchasing zero-days
Mimiso 15 [Michael, responsible for the editorial direction of the Security Media Group at TechTarget,
including Information Security magazine, “US Navy Soliciting Zero Days,” ThreatPost, June 15, 2015,
https://threatpost.com/us-navy-soliciting-zero-days/113308] //khirn
The National Security Agency may find and purchase zero days, but that doesn’t mean it’s sharing its hoard
with other government agencies such as the U.S. Navy, which apparently is in the market for some unpatched,
undisclosed vulnerabilities of its own. A request for proposal posted last Wednesday—which has since been taken down—to FedBizOpps.gov
was a solicitation by the Naval Supply Systems Command seeking a CMMI-3 (Capability Maturity Model Integration) contractor capable of
producing operational exploits that integrate with commonly used exploitation frameworks, the RFP said. The Navy
said it was looking for vulnerability intelligence, exploit reports and operational exploit binaries for commercial
software, including but not limited to Microsoft, Adobe, [Oracle] Java, EMC, Novell, IBM, Android, Apple, Cisco
IOS, Linksys WRT and Linux, among others. Microsoft, IBM and EMC (parent company of RSA Security) declined to comment for this article. Requests for comment were also made to Adobe
and Apple, neither of which was returned prior to publication. “The vendor shall provide the government with a proposed list of available vulnerabilities, 0-day or N-day (no older than 6 months old). This list should be updated quarterly and
include intelligence and exploits affecting widely used software,” the RFP said. “The government will select from the supplied list and direct development of exploit binaries. “Completed products will be delivered to the government via secured
electronic means,” the RFP continues. “Over a one year period, a minimum of 10 unique reports with corresponding exploit binaries will be provided periodically (no less than 2 per quarter) and designed to be operationally deployable upon
Per the solicitation, it would seem the Navy is looking not only for offensive weapons, but also those that
meet the need internally to emulate hacker tactics and capabilities. “Reading the call, it seems as much about N-day (N<6 months) as 0-day for the red team when
delivery.”
evaluating their own systems,” said Nicholas Weaver, a senior network security and malware researcher with the University of California at Berkeley. “And it’s as much about the capability of turning vulnerability reports into exploits. “I wouldn’t
think of it as too out of the ordinary for such a solicitation about ‘offensive tools for defensive use,'” Weaver added. The request, however, does require the contractor to develop exploits for future released CVEs. “Binaries must support
The government’s
involvement in the use and purchasing of zero days has always been a contentious point, not only over how the
exploits will be used, but also because details won’t be disclosed to the vendor leaving potentially
millions of users exposed to attacks. Shortly after the disclosure last year of the Heartbleed vulnerability in OpenSSL, White House cybersecurity coordinator and special assistant to the president
Michael Daniel explained the executive branch’s position on disclosure, which somewhat lines up with the NSA’s stance, in that there are occasions when the government won’t share bug details with vendors. “Building up a
huge stockpile of undisclosed vulnerabilities while leaving the Internet vulnerable and the American people
unprotected would not be in our national security interest. But that is not the same as arguing that we should completely forgo this tool as a way to conduct intelligence
configurable, custom, and/or government owned/provided payloads and suppress known network signatures from proof of concept code that may be found in the wild,” the RFP said.
collection, and better protect our country in the long-run,” Daniel wrote in April 2014. “Weighing these tradeoffs is not easy, and so we have established principles to guide agency decision-making in this area.” Daniel’s memo shares the high-
The Electronic Frontier Foundation (EFF) today wrote that
it’s skeptical the so-called Vulnerabilities Equities Process results in many disclosures considering the financial
investment that, in this case, the U.S. Navy would make in contracting zero-day development; individual zero-days
level questions the government considers when an agency proposes withholding vulnerability details from a vendor.
reportedly can sell for as much as six figures
in legitimate and underground markets. “What’s more noteworthy is how little regard the government seems to have for the
the decision to use a vulnerability for
‘offensive’ purposes rather than disclosing it to the developer is one that prioritizes surveillance over the
process of deciding to exploit vulnerabilities,” wrote Nate Cardozo and Andrew Crocker of the Electronic Frontier Foundation. “As we’ve explained before,
security of millions of users.” The NSA, for example, has a twofold mission to not only protect American networks, but also to gather data from foreign networks, which could include penetrating those
The need to keep those vulnerabilities under wraps is of great value to the
NSA, something director Adm. Michael S. Rogers said during a November speech that he discussed with the president. “He also said, look, there are some instances when
we’re not going to [share vulnerability information]. The thought process as we go through this policy decision, the things we tend to look at are, how foundational
networks using vulnerabilities the agency has discovered or purchased.
and widespread is this potential vulnerability? Who tends to use it? Is it something you tend to find in one nation state? How likely are others to find it? Is this the only way for us to generate those insights we need or is there another alternative
we could use?” Rogers said. “Those answers shape the decision.”
SOLVENCY
2AC CORPORATE TRUST KEY
Only building trust fosters trust cooperation between the private sector and the government --surveillance is key
Ntim 15 (Andrew Ntim, Research Assistant at the Stanford University Social Psychology lab, “Cybersecurity in
an Age of Distrust”, 2/20/2015, http://stanfordpolitics.com/2015/02/cybersecurity-in-an-age-ofdistrust/)//CLi
The central problem is that Obama’s
plan fails to tackle the most important part of cybersecurity: how exactly
cooperation between the public and private sector will work. As Obama said in his address, “This has to be a shared mission …
Government cannot do this alone. But the private sector cannot do it alone, either.” And Obama’s plan, for all its positive contributions, does remarkably
little to facilitate this sort of necessary cooperation from either a policy or a procedural standpoint. What does it take to get government and business to
work together productively in the cyber security realm? Ken Chenault, American Express CEO, made it clear in his panel discussion at Friday’s
cybersecurity summit: “What we’re really talking about when we talk about cybersecurity is trust.” The extent to which consumers trust companies like
American Express to behave safely, ethically, and respectfully in their online dealings is integral to the companies’ bottom line.
Trust between
the private sector and the government is integral to internet security . But the fact of the matter is that
recent governmental power-grabs, from those revealed in Snowden’s leaks to the more recent
situation of government-sponsored spying programs hidden in US products, give private corporations
few reasons to trust the government in today’s digital realm. Obama is aware of the existence of this mistrust. The
day after his Stanford appearance, in aninterview with Re/code’s Kara Swisher, he noted that “the Snowden disclosures were really harmful in terms of
the trust between the government and many of these companies.” So, in this post-Snowden world, how do we promote a greater level of trust between the
federal government and private companies? Here are two suggestions that can at least lead us in the right direction. First, we should work to
make government more transparent. If companies aren’t able to see how their shared data is being used by the government, what
incentive do they have to give it up? More transparency would be a catalyst for cooperation , and would also
help ensure customers that companies aren’t betraying them when giving up their data for cybersecurity
purposes. Yet in past years, more FOIA (Freedom of Information Act) requests have been denied than ever before, and confidential requests for
personal data through the Foreign Intelligence Surveillance Act are on the rise. These things need to change before the government
and private sector can cooperate adequately. Second, government must genuinely respect consumers’ right to privacy. Consumers’ trust
that a company will respect their privacy online is critical to its economic success. However, by attempting to crack down on private companies’
protection of their customers’ data, and even at times forcing them to install backdoors to their encryption methods, the Obama administration has hurt
consumers and companies alike. And by ignoring the privacy concerns raised by their actions, the administration has
further eroded the already shaky trust between business and government. If Obama expects companies to voluntarily share
their cybersecurity information and algorithms in the future, it’s important for policies such as these to be discontinued. To conclude his speech, Obama
quoted one of the key philosophies from Google — that, with the help of technology, “the future is awesome.” But I think there might have been a more
apt Google catchphrase for him to use: “There’s always more information out there.” When it comes to cybersecurity, it’s no secret that we’ve got a long
way to go in learning about and deterring the threats present to our internet today. Merely creating information sharing networks, such as the ISAOs in
Obama’s executive order, cannot be enough.
Only when we have an attitude of trust and respect between the
government and private sectors can the meaningful cooperation necessary for a more secure
internet exist . And if we can’t address the concerns of transparency and privacy that have held back this trust for so long, the future may be a
very un-awesome place indeed.
2AC MODELING
US policies spillover—leads to international cooperation
Fidler 14 (Mailyn Fidler, graduate student at the Center for International Security and Cooperation Freeman
Spogli Institute for International Studies, Stanford University. “ANARCHY OR REGULATION:
CONTROLLING THE GLOBAL TRADE IN ZERO-DAY VULNERABILITIES”, May 2014,
https://stacks.stanford.edu/file/druid:zs241cm7504/ZeroDay%20Vulnerability%20Thesis%20by%20Fidler.pdf)//CLi
International cooperation is needed on the zero-day issue, but U.S. leadership is required to catalyze such
cooperation. Snowden’s disclosures have caused significant problems for the United States, reducing receptivity to cooperation with the United
States on cyber issues. This 178 problem is exacerbated by the need to have the United States, as a major cyber player, involved in international
negotiations. Existing confusion and controversy over national U.S. policies towards zero-day vulnerabilities
further obstacles to addressing these issues at an international level. The U nited
create
S tates needs to establish
policy clarity at a national level to set the stage for collective action, signaling to other nations its
seriousness about the problem and the nature of American interests towards it. Richard Clarke and Peter Swire agree: “we create a
more secure and useful global Internet if other nations, including China and Russia, adopt and implement
similar policies” to what the Obama administration recently announced about U.S. zero-day policy, but “because they [other nations] are unlikely
to do so any time soon, the Obama administration should also step up its efforts” and create “the basis for an international norm of behavior.”669 This
thesis argues that the U.S. government must do more to strengthen its own zero-day policies as a necessary element of addressing the need for collective
action.
US security policies modeled globally—plan spills over
Demchak 14 (Chris Demchak , Professor of Cyber Security and Co-Director, Center for Cyber Conflict
Studies and Peter Dombrowski, professor of strategy at the Naval War College where he serves as the chair of
the Strategic Research Department. He has also been affiliated with research institutions including the EastWest Center, The Brookings Institution, the Friedrich Ebert Foundation, and the Watson Institute for
International Studies at Brown University among others. “Rise of a Cybered Westphalian Age: The Coming
Decades”, The Global Politics of Science and Technology - Vol. 1, July 24, 3014,
http://link.springer.com/chapter/10.1007/978-3-642-55007-2_5)//CLi
In the fall of 2010, the US Cyber Command became operational after an exceptionally rapid year of institutional and legal preparation (Whitney 2010).
This institutional response to the rise of the cybered conflict age emerged to anchor a future cybered border for the whole nation. Its initial mission was
to protect only military organizations from cyber attack, but as soon as a military unit existed to create a cyber safety wrapper around US critical military
assets, political statements emerged about creating the same protection for the whole nation (Lynn 2010). From the RMA to net-centric
warfare, the United States has long provided innovative models for national security that diffuse internationally
(Golfman and Eliason 2003). For the United States to announce a new national cyber command automatically
provokes a new debate in the international military and legal communities (Shackelford 2009). Whether or not other nations
need, want, or can afford to have a singular military unit focused on cybered conflict, their leaders, doctrine writers, and strategic
thinkers will contemplate the potential benefits of the model. If patterns of military emulation hold true, many nations will develop
organizations that look like a national cyber command. Already we have seen nations closely associated with the United States
either creating their own cyber commands or declaring an interest in approximating the functions of US Cyber
Command.
2AC PLAN SOLVES ZERO DAY DEMAND
Absent agency demand, the zero-day market declines and reduces vulnerability
Stockton and Goldman 13 (Paul Stockton, former Assistant Secretary of Defense for Homeland Defense
and America’s Security Affairs, and Michele Golabek-Goldman, who has a JD from Yale Law School. “Curbing
the Market for Cyber Weapons”, December 18th, 2013,
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2364658)//CLi
Threading through much of our analysis is an underlying policy issue: the tradeoff for U.S. agencies between the benefits of access to an unfettered
market for weaponized Øday exploits, versus the benefits of clamping down on that mar-ket. Some
have suggested that the United
States created the cyberweapons market by being the first to pay extraordinarily high prices
for zero-days.
They have ac-cused
the United States
of
“creat[ ing] Frankenstein by feeding the
market .”147 Others have gone so far as to propose that, rather than regulating the supply side of the market, U.S.
government agencies should curb the demand side by relinquishing their own purchases of
exploits .148 If agencies did so, the market would lose some of its most well-paying buyers,
potentially deterring suppliers from scouring software for vulnerabilities . Before relinquishing such
purchases, U.S. policymakers would first need to examine the potential costs of doing so in terms of foregoing potentially valuable information from the
exploit market. Some analysts have indicated that if U.S. agencies halted their exploit-purchasing program, they
would be deprived of crit-ical tools for defending U.S. networks against attack.150 Law enforcement agencies would
likewise forgo valuable technologies for tracking underground crimi-nals.151 But do these agencies weigh these benefits against the
potentially cata-strophic risks that the Øday market poses to U.S. security? We have seen no evi-dence that
they do. The time has come for Congress, Executive Branch leaders, the software industry, and scholars to bring this tradeoff analysis into the open
and determine whether staying at the extreme end of the policy spectrum—that of de facto support for a dangerous bazaar for Øday-exploits—best serves
U.S. national security.
2AC PLAN SOLVES CYBERSECURITY
Laundry list of reasons supporting zero day market is bad
Herley et al. 13 (Serge Egelman, University of California, Berkeley, CA, USA; Cormac Herley, Microsoft
Research, Redmond, WA, USA; Paul C. van Oorschot, Carleton University, Ottawa, Ontario, Canada. Published
in NSPW '13 Proceedings of the 2013 workshop on New security paradigms workshop; Pages 41-46. “Markets
for zero-day exploits: ethics and implications.” Published 2013. Accessed June 24th, 2015.
http://dl.acm.org/citation.cfm?id=2535818 (must follow link to full text PDF to access full text.)) KalM
Injecting money into dubious circles is morally suspect. Cybercriminal circles intersect with organized crime,
drug cartels and terrorism. We should not be involved in financing these operations. • The cobra effect: 5 paying for
exploits creates an adverse incentive to plant bugs for later harvest. Humans are extraordinarily good at gaming any system put
in place, and the chance of software that is less (vs. more) secure is very real. • Is this just a way for companies like
Microsoft, Google and Apple to outsource product testing on the cheap? If they can get away with getting work
done without paying salary and benefits, they will. Is it good for society, or the industry, if that happens? • 0-day markets
encourage the private sale (and nondisclosure) of details of exploits, to better allow the buyer to execute the exploit
for private benefit. • Markets create attractive incentives for more smart people to spend time finding vulnerabilities—and
if it is true that the more you look, the more bugs you will find, then such attractive markets will increase the number of
(privately-known) vulnerabilities.
Hoarding knowledge bad – causes widespread insecurity
Comninos and Seneque 14 [Alex, Justus-Liebig University Giessen, and Gareth, Geist Consulting, “Cyber
security, civil society and vulnerability in an age of communications surveillance,” GIS Watch, 2014,
http://giswatch.org/en/communications-surveillance/cyber-security-civil-society-and-vulnerability-agecommunications-sur] //khirn
The NSA is also believed to hoard knowledge about vulnerabilities rather than sharing them with
developers, vendors and the general public,40 as well as even maintaining a catalogue of these vulnerabilities for
use in surveillance and cyber attacks.41 None of these activities serve to make the internet more secure. In fact,
they do the very opposite. As US Congresswoman Zoe Lofgren commented: “When any industry or organisation builds a backdoor to assist with
electronic surveillance into their product, they put all of our data security at risk. If a backdoor is created for law enforcement purposes, it’s only a matter
of time before a hacker exploits it, in fact we have already seen it happen."42 The fact that the NSA is actively working to make the
internet insecure points to the contradictions in its dual mandate: simultaneously securing and breaking cyber
security. On the one hand it is tasked with securing information and communications networks (falling under its “Information Assurance” mandate),
and on the other hand it is tasked with surveilling information and communications networks (its “Signals Intelligence” mandate).43 Similar tensions
exist within the US military, which is tasked with both defending national networks from hacking attacks as well as with conducting offensive hacking
attacks. The US "cyber command", the military command for the “cyber domain”, is under the stewardship of the NSA commander. This conflict of
interest in the NSA's dual role has not been addressed in current NSA reform. Tasked with “national security”, intelligence
agencies like the NSA have a conflicting mandate that cannot enable them to actually provide US citizens with cyber security, in the same way that states
are for example able to provide us with physical security. It will always be against the interests of intelligence agencies to
assure the provision of secure technologies that cannot be eavesdropped on. This is exacerbated by a cyber
security-surveillance industrial complex of government agencies and private contractors selling hacking and
surveillance products, with revolving doors between the two. We need to be very wary of intelligence agencies
being given roles as stewards of cyber security.
2AC SURVEILLANCE SOLVES
The plan solves cyber operations --- surveillance is a prerequisite to NSA digital warfare
Appelbaum et al. 15 [Jacob Appelbaum, Aaron Gibson, Claudio Guarnieri, Andy Müller-Maguhn, Laura
Poitras, Marcel Rosenbach, Leif Ryge, Hilmar Schmundt and Michael Sontheimer, “The Digital Arms Race:
NSA Preps America for Future Battle,” January 17, 2015, http://www.spiegel.de/international/world/newsnowden-docs-indicate-scope-of-nsa-preparations-for-cyber-battle-a-1013409.html] //khirn
Surveillance only 'Phase 0' From a military perspective, surveillance
of the Internet is merely "Phase 0" in the US digital war
strategy. Internal NSA documents indicate that it is the prerequisite for everything that follows . They show
that the
aim of the surveillance is to detect vulnerabilities in enemy systems . Once "stealthy
implants" have been placed to infiltrate enemy systems, thus allowing "permanent accesses," then Phase Three
has been achieved -- a phase headed by the word "dominate" in the documents. This enables them to
"control/destroy critical systems & networks at will through pre-positioned accesses (laid in Phase 0)." Critical
infrastructure is considered by the agency to be anything that is important in keeping a society running: energy, communications and transportation.
The internal documents state that the ultimate goal is "real time controlled escalation".
2AC “RELEVANT VENDORS”
[This answers arguments about vulnerabilities in “orphaned” software]
Relevant vendors are software vendors, standards bodies, or the public at large if nobody’s
responsible
Bellovin et al. 14 [Steven M., professor of computer science at Columbia University, Matt Blaze, associate
professor of computer science at the University of Pennsylvania, Sandy Clark, Ph.D. student in computer
science at the University of Pennsylvania, Susan Landau, 2012 Guggenheim Fellow; she is now at Google, Inc.,
April, 2014, “Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet,” Northwestern
Journal of Technology and Intellectual Property, 12 Nw. J. Tech. & Intell. Prop. 1] //khirn
P171 To
whom should a vulnerability report be made? In many cases, there is an obvious point of contact: a
software vendor that sells and maintains the product in question, or, in the case of open-source software, the
community team maintaining it. In other cases, however, the answer is less clear. Not all software is actively
maintained; there may be "orphan" software without an active vendor or owner to report to. n253 Also, not all
vulnerabilities result from bugs in specific software products. For example, standard communications protocols are occasionally
found to have vulnerabilities, n254 and a given protocol may be used in many different products and systems. In
this situation, the vulnerability would need to be reported not to a particular vendor, but to the standards body responsible
for the protocol. Many standards bodies operate entirely in the open, n255 however, which can make quietly
reporting a vulnerability--or hiding the fact that it has been reported by a law enforcement agency--problematic.
In this situation, the choice is simple: report it openly.
2AC US KEY TO ZERO DAY MARKETS
US key to the global market for zero-days
Paganini 13 (Pierluigi Paganini, Chief Information Security Officer at Bit4Id, firm leader in identity
management, member of the ENISA (European Union Agency for Network and Information Security)Treat
Landscape Stakeholder Group. He is also a Security Evangelist, Security Analyst and Freelance Writer. Editorin-Chief at "Cyber Defense Magazine", “Zero-day Market, the Government are the Main Buyers”,
http://securityaffairs.co/wordpress/14561/malware/zero-day-market-governments-main-buyers.html)
Governments, and in particular US one, are principal buyers of zero-day vulnerabilities according a report published by Reuters.
Zero-days exploits are considered a primary ingredient for success of a cyber attack, the knowledge of zero-day flaw gives
to the attacker guarantee of success, state-sponsored hackers and cyber criminals consider zero-day exploits a precious resources around which is grown
a booming market. Zero-day exploits could be used to as an essential component for the design of a cyber weapon or could be exploited for cyber
espionage purposes, in both cases governments appear the most interested entities for the use of these malicious code. Recent cyber attacks conducted by
Chinese hackers might lead us to think Chinese Government is primary buyer/developer for zero-day vulnerabilities, but a report recently published by
Reuters claimed
the US government is the “biggest buyer in a burgeoning gray market where hackers
and security firms sell tools for breaking into computers.” Reuters revealed that the US
intelligence agency
and the DoD
are “spending so heavily for
Government, in particular its
information on holes in commercial computer systems, and
on exploits taking advantage of them, that they are turning the world of security research on its head.”, it’s
a news way to compete with adversary in cyberspace. Recent tension between China and US gave security experts the opportunity to discuss about the
development of the two countries of efficient cyber strategy that improve both offensive and defensive cyber capabilities. Both countries are largely
invested in the creation of new cyber units, but according intelligence sources, offensive approach seems to be most stimulated by the need to preserve
the security in the cyberspace. NSA chief General Keith Alexander told Congress that the
US Government
is
spending billions of
dollars every year on “cyberdefense and constructing increasingly sophisticated
cyberweapons ” this led to the birth of “more than a dozen offensive cyber units, designed to mount attacks,
when necessary, at foreign computer networks.” Popular hacker Charlie Miller, security researcher at Twitter, with a past collaboration
with NSA confirmed the offensive approach to cyber security: “The only people paying are on the offensive side,” The emerging zero-day market is fueled
by intense activities of talented hackers who sell information on flaws in large use products. According Reuters
defense contractors and
intelligence agencies “spend at least tens of millions of dollars a year just on exploits ”. The zero-day
market is very complex due high “perishability” of the goods, following some key figures of a so complex business Difficulty finding buyers and sellers –
It’s a closed market not openly accessible. Find a buyer or identify a possible seller is a critical phase. Checking the buyer reliability – The reduced
number of reliable brokers able to locate a buyer pushes the researcher to try to tell many individuals about the discovery in an attempt to find a buyer
with obvious risks. Value cannot be demonstrated without loss – One of the most fascinating problems a researcher attempting to sell vulnerability
information or a 0-day exploit may face is proving the validity of the information without disclosing the information itself. The only way to prove the
validity of the information is to either reveal it or demonstrate it in some fashion. Obviously, revealing the information before the sale is undesirable as it
leaves the researcher exposed to losing the intellectual property of the information without compensation. Exclusivity of rights – The final hurdle
involves the idea of the exclusive rights of the information. In order to receive the largest payoffs, the researcher must be willing to sell all rights to the
information to the buyer. However, the buyer has no way to protect themselves from the researcher selling the information to numerous parties, or even
disclosing the information publicly, after the sale. Current approaches to zero-day vulnerabilities are to be bought up exploits
avoiding that they could be acquired by government’s opponents such as dictators or organized criminals,
many security firms sell subscriptions for exploits, guaranteeing a certain number per year. The trend to exploit zero-
day for offensive purposes has been followed by intelligence agencies and also private companies, both actors have started to code their own zero-day
exploits. “Private companies have also sprung up that hire programmers to do the grunt work of identifying vulnerabilities and then writing exploit code.
The starting rate for a zero-day is around $50,000, some buyers said, with the price depending on such factors as how widely installed the targeted
software is and how long the zero-day is expected to remain exclusive.” The Reuters report also revealed the participation of government representatives
to the Secret Snoop Conference for Government and law enforcement spying, clearly with the intent to acquire new technologies to conduct cyber
espionage through malware based attacks able to compromise target networks.
The choice of a government to acquire a
zero-day exploit to use it against a foreign governments hide serious risks for its country,
cyber terrorist, cyber criminals or state-sponsored hackers could reverse engineer the source
code to compose new malicious agent to use against the same authors .
2AC ZERO DAYS KEY
Zero-days are key --- crucial to the development of cyber arms bazaar
Gjelten 13 (Tim Gjelten covered U.S. diplomacy and military affairs, first from the State Department and then
from the Pentagon. He was NPR's lead Pentagon reporter during the early war in Afghanistan and the invasion
of Iraq, “First Strike: US Cyber Warriors Seize the Offensive, http://www.worldaffairsjournal.org/article/firststrike-us-cyber-warriors-seize-offensive , January 2013)//CLi
Offensive operations in cyberspace have expanded so rapidly in recent years that legal, regulatory, and ethical analyses have not
kept up. The development of the zero-day market , the inclination of some private companies to mimic the Pentagon by going on
the offense rather than continuing to depend on defensive measures to protect data, the design and development of
cyberweapons, and the governmental use of such weapons against unsuspecting targets all raise serious and interesting questions, and the answers are
far from obvious. Given
the destructive use to which they could be put, the lack of transparency in the buying
and selling of zero-days may be problematic. The consequence could be the development of a global
cyber arms bazaar , where criminals or terrorist groups could potentially find tools to use. The US government
regulates the export of sensitive technologies out of a fear that adversaries could use them in a way hostile to US interests, but whether such restrictions
apply to the sale of zero-day vulnerabilities is not entirely clear.
Current law restricts
the export of “ encryption
commodities and software that provide penetration capabilities that are capable of attacking ,
denying, disrupting, or otherwise impairing the use of cyber infrastructure or networks .” Does that language
cover the possibility that some researcher or broker may try to sell a back-door exploit, or even a cyberweapon, to a foreign agent who could put it to
destructive use? “I think it does cover the export of some kinds of cyberweapons,” says Washington lawyer Roszel Thomsen, who helped write the
regulations and specializes in export control law. But other specialists are not convinced. There is also the legal question of whether private firms who
have been subject to cyber attacks can legally strike back against attackers who penetrate their networks and steal their data. Steven Chabinsky, formerly
the top cyber lawyer at the FBI, argues that if a company can identify the server from which a cyber attack originated, it should be able to hack into that
server to delete or retrieve its stolen data. “It is universally accepted that in the physical world you have the right to protect your property without first
going to law enforcement,” Chabinsky argued at a recent cyber symposium. Other computer consultants have a different view. “I get asked this all the
time,” said Richard Bejtlich, chief security officer at Mandiant, a prominent cybersecurity firm, speaking at the Air Force’s CyberFutures conference.
“People in hacked companies want to hit back. ‘We want to go get these guys,’ they tell us. But almost always, our lawyers say, ‘Absolutely not.’” In
addition, there are policy questions raised by the escalating government investment in offensive cyber war capabilities. One fear is that
offensive cyberweapon
introduced into use will
each new
prompt the development of an even more lethal weapon by an
adversary and trigger a fierce cyber arms race . A hint of such an escalatory cycle may be seen in the confrontation with Iran over
its nuclear program. US officials suspect the Iranian government was responsible for the recent wave of cyber attacks directed against Aramco, the Saudi
oil company, and may also have been behind a series of denial-of-service attacks on US financial institutions. Such attacks could be in retaliation for the
Stuxnet worm. Some writers foresee a dangerous new world, created by the United States and Israel with the deployment of Stuxnet. Misha Glenny,
writing in the Financial Times, argued that the tacit US admission of responsibility for Stuxnet will act “as a starting gun;
countries around the world can now argue that it is legitimate to use malware pre-emptively against their
enemies.” One danger is that US adversaries, notably including Russia and China, may now cite the use of Stuxnet to
support their argument that an international treaty regulating the use of cyberweapons may be needed . The United
States has long opposed such a treaty on the grounds that it would undermine its own technological advantages in cyberspace and could also lead to
efforts to regulate the Internet in ways that would harm freedom of expression and information. Some of these issues will be resolved as cyber activities
mature and the cyber domain becomes more established. The US military as yet has not set up its own rules of engagement for cyber conflict, even
though the head of the US Cyber Command, Army General Keith Alexander, says they are necessary. Neither has the US government articulated a
“declaratory policy” regarding the use of cyberweapons analogous to government statements on when and where nuclear weapons may be used. All these
are serious issues. It is now obvious that adversarial actions in cyberspace have fundamentally changed warfighting, crime, espionage, and business
competition. Our institutions must adapt to this new reality, and quickly, or we will face the danger of cyber chaos and
anarchy.
Collecting zero-days for cyberoffense leaves our infrastructure to cyberattacks
Zetter 14 (Kim Zetter, staff reporter at Wired, a writer and editor at PC World. She has been a guest
on NPR and CNN. Author of Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital
Weapon. “How Obama Endangered us all with Stuxnet”,
http://www.thedailybeast.com/articles/2014/11/13/how-obama-endangered-us-all-with-stuxnet.html,
11/13/14)//CLi
The cybersabotage campaign on Iran’s nuclear facilities
di dn ’t j u s t da m a g e c en t ri f u g es . I t
undermined digital security everywhere . A few months after President Obama took office in 2009, he announced that securing
the nation's critical infrastructure -- its power generators, its dams, its airports, and its trading floors -- was a top priority for his administration.
Intruders had already probed the electrical grid, and Obama made it clear the status quo around unsecured systems was unacceptable. A year later,
however, a sophisticated digital weapon was discovered on computers in Iran that was designed to attack a uranium enrichment plant near the town of
Natanz. The virus, dubbed Stuxnet, would eventually be identified by journalists and security experts as a U.S.-engineered attack. Stuxnet was
unprecedented in that it was the first malicious code found in the wild that was built not to steal data, but to physically destroy equipment controlled by
the computers it infected—in this case, the cylindrical centrifuges Iran uses to enrich uranium gas. Much has been said about Stuxnet in the years since
its discovery. But little of that talk has focused on how use of the digital weapon undermined Obama’s stated priority of protecting critical infrastructure,
placed that vulnerable infrastructure in the crosshairs of retaliatory attacks, and illuminated our country’s often-contradictory policies on cyberwarfare
and critical infrastructure security. Even less has been said about Stuxnet’s use of five so-called “zero-day” exploits to spread itself and the
troubling security implications of the government's stockpile of zero-days -- malicious code designed to attack previously-unknown vulnerabilities in
computer software. Because a zero-day vulnerability is unknown, there is no patch available yet to fix it and no signatures available to detect exploit code
built to attack it. Hackers and cyber criminals uncover these vulnerabilities and develop zero-day exploits to gain entry to susceptible systems and slip a
virus or Trojan horse onto them, like a burglar using a crowbar to pry open a window and slip into a house. But organizations like the NSA and the U.S.
military also use them to hack into systems for surveillance purposes, and even for sabotage, such as the case with the centrifuges in Iran. Generally
when security researchers uncover zero-day vulnerabilities in software, they disclose them to the vendor to be fixed; to do otherwise would leave critical
infrastructure systems and other computers open to attack from criminal hackers, corporate spies and foreign intelligence agencies. But when the
NSA uncovers a zero-day vulnerability, it has traditionally kept the information secret in order to exploit the security
hole in the systems of adversaries. In doing so, it
leaves critical systems in the U.S —government computers and other
systems that control the electric grid and the financial sector— vulnerable to attack. It's a government
model that relies on keeping everyone vulnerable so that a targeted few can be hacked—the equivalent of
withholding vaccination from an entire population so that a select few can be infected with a strategic
biological virus. It's also a policy that pits the NSA’s offensive practices against the Department of Homeland Security's defensive
ones, since it's the latter's job to help secure critical infrastructure. That’s more than just poor policy. It’s a combination that could someday lead to
disaster. Much has been said about Stuxnet in the years since its discovery. But little of that talk has focused on how use of the digital weapon
placed our own vulnerable infrastructure in the crosshairs of retaliatory attacks . None of this would be
so troubling if the use of zero-days in Stuxnet were an isolated event. But
the U.S. government has been collecting zero day
vulnerabilities and exploits for about a decade, result ing in a flourishing market to meet this demand and a
burgeoning arms race against other countries racing to stockpile their own zero day tools. The trade in zero days used to
be confined to the underground hacker forums, but in the last ten years, it's gone commercial and become populated with small boutique firms whose
sole business is zero-day bug hunting and large defense contractors and staffing agencies that employ teams of professional hackers to find security holes
and create exploits for governments to attack them. Today, a zero-day exploit can sell for anywhere from $1,000 to $1 million. Thanks to the injection of
government dollars, what was once a small and murky underground trade has ballooned into a vast, unregulated cyber weapons bazaar.
AT: BUSINESSES WON’T COOPERATE
Open disclosure creates more trust among companies
Maurushat 13 (Alana Maurushat, Senior Lecturer, Academic Co-Director of the Cyberspace Law and Policy
Centre. She spent the last decade working abroad in Hong Kong, France, the United States, Canada and
Australia in the fields of intellectual property, information technology law and cybercrime/cybersecurity.
“Disclosure of Security Vulnerabilities: Legal and Ethical Issues”. Springerbriefs in Cybersecurity, Winter
2013)//CLi
While there remains some tension between closed security/security through obscurity and open security/full
disclosure advocates, the pendulum is swinging towards open security. There is less argument about the benefits and
detriments of no disclosure versus full disclosure, with emphasis being placed on responsible disclosure. In particular, technology companies
see value in inviting hackers to identify vulnerabilities in their systems. Companies such as Google, Microsoft
and Sony now routinely organise and run hacking competitions of their products . There are also bounty programs whereby
organisations pay for both exploit information, as well as information leading to the source of the exploit. Other more conventional companies outside of
the technology realm, have been slower to see open security as a benefit. In spite of the gain in momentum and acceptance of the open security principle,
security researchers are not immune to criminal provisions and legal liability for disclosure of security vulnerabilities.
Open disclosure potentially allows for vulnerabilities to be found and fixed in a more efficient manner. It also
allows for the possibility of vulnerabilities being fixed before an exploit is used for some malicious purpose such as intellectual property theft or fraud.
is also thought that open disclosure incentivises companies to more quickly patch vulnerabilities
It
Private businesses want the government to cooperate --- key to protect critical infrastructure
Tucker 14 [Patrick, Defense One, “Major Cyber Attack Will Cause Significant Loss of Life By 2025, Experts
Predict,” October 29, 2014, http://www.defenseone.com/threats/2014/10/cyber-attack-will-cause-significantloss-life-2025-experts-predict/97688/] //khirn
But some political leaders say that the
response from industry to cyber threats has outpaced that of government. Just ask
Rep. Mike Rogers, R-Mich., chairman of the House Intelligence Committee, who said that private businesses were increasingly
asking government to defend them from cyber attacks from other nation state actors, and even launch first strikes
against those nations. “Most of the offensive talk is from the private sector, they say we’ve had enough,” Rogers said at a recent Washington Post cyber
security summit. It’s worth noting that the Pew survey was made public one day after the group FireEye released a major report stating that a Russiangovernment affiliated group was responsible for hacking into the servers of a firm keeping classified U.S. military data. In his remarks at the summit,
Rogers singled out Russia as a prime target for future, U.S.-lead cyber operations. But SCADA vulnerabilities look quaint compared to
the exploitable security gaps that will persist across the Internet of Things as more infrastructure components
are linked together. “Current threats include economic transactions, power grid, and air traffic control. This will
expand to include others such as self-driving cars, unmanned aerial vehicles, and building infrastructure,” said
Mark Nall, a program manager for NASA [emphasis added].
AT: IDS SOLVES
IDSs fail for zero-day vulnerabilities
Balon-Perin & Gamback 13 – Software Engineer and Professor in Language Technology at Norwegian
University of Science and Technology (Alexandre, Bjorn, 2013, Ensembles of Decision Trees for Network
Intrusion Detection System, International Journal on Advances in Security, vol 6 no 1 &
2,http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.362.1200&rep=rep1&type=pdf#page=69, pg. 62)
/AMarb
Network IDSs analyse traffic to detect on-going and incoming attacks on a network. Additionally, they must
provide concise but sound reports of attacks in order to facilitate the prevention of future intrusions and to
inform the network administrators that the system has been compromised. Current commercial IDSs mainly
use a database of rules (signatures), to try to detect attacks on a network or on a host computer. This detection
method is presently the most accurate, but also the easiest to evade for experienced malicious users, because
variants of known attacks (with slightly different signatures) are considered harmless by the IDS and can pass
through without warning. New attacks and attacks exploiting zero-day vulnerabilities can also slip
through the security net if their signatures are unknown to the IDS . A zero-day vulnerability is a
software weakness unknown by the system developers, which potentially could allow an attacker to
compromise the system. ‘Zero-day’ refers to the first day, day zero, that the vulnerability was observed.
AT: SQUO SOLVES CYBERSECURITY
Vulnerable systems now --- closing loopholes is key to solve
Goldsmith 10 [Jack, teaches at Harvard Law School and is a visiting fellow at the Hoover Institution at
Stanford University, “The New Vulnerability,” New Republic, June 7, 2010,
http://www.newrepublic.com/article/books-and-arts/75262/the-new-vulnerability] //khirn
Many factors make computer systems vulnerable, but the most fundamental factor is their extraordinary
complexity. Most computers connected to the Internet are general-purpose machines designed to perform
multiple tasks. The operating-system software that manages these tasks--as well as the computer’s relationship to the user-typically has tens of millions, and sometimes more than one hundred million, lines of operating instructions, or code. It
is practically impossible to identify and to analyze all the different ways these lines of code can interact or might fail to operate as expected. And when the
operating-system software interfaces with computer processors, various software applications, Web browsers, and the endless and endlessly complex
pieces of hardware and software that constitute the computer and telecommunications networks that make up the Internet, the potential for
unforeseen mistakes or failures becomes unfathomably large. The complexity of computer systems often leads to accidental
mistakes or failures. We have all suffered computer crashes, and sometimes these crashes cause serious problems. Last year the Internet in Germany and
Sweden went down for several hours due to errors in the domain name system that identifies computers on the Internet. In January of this year, a
software problem in the Pentagon’s global positioning system network prevented the Air Force from locking onto satellite signals on which they depend
for many tasks. The accident on the Washington Metro last summer, which killed nine people and injured dozens, was probably caused by a malfunction
in the computer system that controls train movements. Three years ago, six stealth F-22 Raptor jets on their maiden flights were barely able to return to
base when their onboard computers crashed. The same complexity that leads to such malfunctions also creates vulnerabilities that human agents can use
to make computer systems operate in unintended ways. Such cyber threats come in two forms. A cyber attack is an act that alters, degrades, or destroys
adversary computer systems or the information in or transiting through those systems. Cyber attacks are disruptive activities. Examples
include the manipulation of a computer system to
take over an electricity grid, or to block military communications, or to
scramble or erase banking data. Cyber exploitations, by contrast, involve no disruption, but merely monitoring and
related espionage on computer systems, as well as the copying of data that is on those systems. Examples include the
theft of credit card information, trade secrets, health records, or weapons software, and the interception of vital business, military, and intelligence
communications. Both cyber attacks and cyber exploitations are very hard to defend against. “The aggressor has to find only one crucial weakness; the
defender has to find all of them, and in advance,” wrote Herman Kahn in 1960 in his famous book On Thermonuclear War. This generally true
proposition about defense systems has special salience for computer networks. Even if (as is often not the case) those trying to find and patch computer
vulnerabilities outnumber those trying to find and exploit the vulnerabilities, the attacker often still has an advantage. Under the Kahn principle, some
fraction of the time the attacker will discover a vulnerability that the defender missed. And she need only find one, or a few, vulnerabilities to get in the
system and cause trouble. Once
a vulnerability is identified, an attack or exploitation is relatively easy to disguise ,
can be embedded in a computer system
without the user’s knowledge, either remotely (when the user downloads an infected program or when she visits an infected website) or at any
point in the multi-country global supply chain that develops and produces most commercial software. And once it is embedded, malware
can be used for any number of tasks, including data destruction, theft, taking over the computer for various
purposes, recording keystrokes to discover passwords, and much more. Many forms of malware are hard for
engineers to find through diagnostic testing and are missed by anti-virus software. Computer users often do not
discover malware before an attack makes clear that something has gone wrong. They often never discover malware that
facilitates computer exploitations or, as in the Google case, they discover it too late. The inherent insecurity of computer systems is
exacerbated by the number and incentives of actors around the globe who are empowered to take advantage of
computer vulnerabilities. In real space, geography serves as a natural barrier to attack, theft, and espionage: only if you get near the Pentagon
because the operation of a computer is almost entirely hidden from the user. Malware
can you attack it; only if you get near the Citibank branch in New York can you rob it. And if you are near these places in real space, American law
enforcement and military authorities can exercise their full powers, within U.S. sovereignty, to check or deter the attack. In cyberspace, geography
matters much less because the Internet links computers globally with speed-of-light communication. As the Google
case shows, someone sitting at a terminal in China can cause significant harm in the United States. And of course there are countless people around the
globe with access to a computer who would like to do bad things inside the United States. To the extent that they are located outside the United States,
American law enforcement authorities have much less effective power to stop or to deter them. The FBI must
rely on law enforcement authorities in foreign countries who are often slow and uncooperative, giving bad
cyber actors time to cover their tracks. And the American military cannot enter a foreign country unless the
threat or attack rises to the level of war.
IP THEFT ADVANTAGE
2AC ECON ADD-ON
International IP Theft causes economic decline in the U.S. and economic growth in China
The National Bureau of Asian Research, 2013 (The IP Commission Report,
http://www.ipcommission.org/report/ip_commission_report_052213.pdf) // JRW
The Impact of International IP Theft on the American Economy Hundreds of billions of dollars per year. The
annual losses are likely to be comparable to the current annual level of U.S. exports to Asia—over $300 billion.
The exact figure is unknowable, but private and governmental studies tend to understate the impacts due to inadequacies in data or scope. The members
of the Commission agree with the assessment by the Commander of the United States Cyber Command and Director of the National Security Agency,
General Keith Alexander, that the ongoing theft of IP is “the greatest transfer of wealth in history.” Millions of jobs. If IP
were to receive the same protection overseas that it does here, the American economy would add millions of
jobs. A drag on U.S. GDP growth. Better protection of IP would encourage significantly more R&D investment
and economic growth. Innovation. The incentive to innovate drives productivity growth and the advancements
that improve the quality of life. The threat of IP theft diminishes that incentive. Long Supply Chains Pose a Major Challenge
Stolen IP represents a subsidy to foreign suppliers that do not have to bear the costs of developing or licensing
it. In China, where many overseas supply chains extend, even ethical multinational companies frequently procure counterfeit items or items whose
manufacture benefits from stolen IP, including proprietary business processes, counterfeited machine tools, pirated software, etc.International IP Theft
Is Not Just a Problem in China. Russia, India, and other countries constitute important actors in a worldwide challenge.
Many issues are the same: poor legal environments for IPR, protectionist industrial policies, and a sense that IP
theft is justified by a playing field that benefits developed countries. The Role of China Between 50% and 80% of the
problem. The major studies range in their estimates of China’s share of international IP theft; many are roughly 70%, but in specific industries we see
a broader range. The evidence. Evidence comes from disparate sources: the portion of court cases in which China is the destination for stolen IP, reports
by the U.S. Trade Representative, studies from specialized firms and industry groups, and studies sponsored by the U.S. government. Why does
China stand out? A core component of China’s successful growth strategy is acquiring science and technology.
It does this in part by legal means—imports, foreign domestic investment, licensing, and joint ventures—but
also by means that are illegal. National industrial policy goals in China encourage IP theft, and an
extraordinary number of Chinese in business and government entities are engaged in this practice. There are
also weaknesses and biases in the legal and patent systems that lessen the protection of foreign IP. In addition,
other policies weaken IPR, from mandating technology standards that favor domestic suppliers to leveraging
access to the Chinese market for foreign companies’ technologies.
Economic decline leads to war – empirics: Jobs and econ decline can each trigger the impact
Mead 9 (2/4, Walter Russell, Henry A. Kissinger Senior Fellow in U.S. Foreign Policy at the Council on
Foreign Relations, Only Makes You Stronger: Why the recession bolstered America, The New Republic,
http://www.newrepublic.com/article/only-makes-you-stronger-0) //JRW
None of which means that we can just sit back and enjoy the recession. History may suggest that financial crises actually help capitalist great powers
maintain their leads--but it has other, less reassuring messages as well. If financial crises have been a normal part of life during the
so has war. The wars of the League of Augsburg and the
Spanish Succession; the Seven Years War; the American Revolution; the Napoleonic Wars; the two World
Wars; the cold war: The list of wars is almost as long as the list of financial crises. Bad economic times can breed
wars. Europe was a pretty peaceful place in 1928, but the Depression poisoned German public opinion and
helped bring Adolf Hitler to power. If the current crisis turns into a depression, what rough beasts might start
slouching toward Moscow, Karachi, Beijing, or New Delhi to be born? The United States may not, yet, decline,
but, if we can't get the world economy back on track, we may still have to fight.
300-year rise of the liberal capitalist system under the Anglophone powers,
1AR IP THEFT KEY TO ECON
Cyber attacks and consequences cost billions of dollars to US companies
(Report to Congress of the U.S.-China Economic and Security Review Commission, 113th Cong., 2nd sess., November
2014, 68-9;6 http://origin.www.uscc.gov/sites/default/files/annual_reports/Complete%20Report.PDF) //JRW
Chinese State-Sponsored Cyber Theft Cyber-enabled theft of intellectual property (IP) and commercial espionage are among the biggest risks facing U.S.
companies today. In the United States, the annual cost of cyber crime and cyber espionage is estimated to account for
between $24 billion and $120 billion (or 0.2 to 0.8 percent of GDP), and results in the loss of as many as 200,000 U.S.
jobs annually.220 The Chinese government’s engagement in cyber espionage for commercial advantage was
exposed on May 19, 2014, when the U.S. Department of Justice charged five PLA officers for cyber-enabled
theft and other related offenses committed against six U.S. victims, including Westinghouse Electric Co. (Westinghouse), U.S.
subsidiaries of SolarWorld AG (SolarWorld), United States Steel Corp. (U.S. Steel), Allegheny Technologies Inc. (ATI), Alcoa Inc., and the United Steel,
Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union (USW or Steelworkers Union).221
According to the indictment, PLA Unit 61398 * 222 officers Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui hacked, or
attempted to hack, into the victims’ computers to steal information that would be useful to competitors in
China, including SOEs.223 One victim, SolarWorld, subsequently petitioned the U.S. Department of Commerce to investigate the allegations made in
the indictment as they directly related to SolarWorld’s ongoing trade dispute over imports of solar products from China.224
The Chinese government strongly denied what it called the ‘‘fabricated’’ allegations,’’ 225 and within days of the indictment, China retaliated
both economically and politically against the United States. The Chinese government suspended participation
in a U.S.-China Cyber Working Group, which was established in 2013 as a bilateral dialogue on cyber
security.226 China also announced that its government offices were forbidden from using Microsoft’s Windows
8 operating system and ordered security checks on foreign IT products and services seemingly directed at U.S.
companies, including Cisco Systems.227 Likewise, the PBOC and the Chinese Ministry of Finance asked banks
to replace IBM servers with those produced by domestic brands to protect financial security.228 In the same
week, the Chinese government instructed SOEs to sever ties with U.S. consulting companies, including
McKinsey, Boston Consulting Group, Bain & Company, and Strategy & Co. (formerly known as Booz & Co.),
and urged SOEs to establish teams of domestic consultants out of fears that U.S. consultants are government
spies.229 Chinese entities have long been engaging in cyber-enabled theft against U.S. companies for
commercial gain; however, the May 19 indictment represents the ‘‘first ever charges against known state actors
for infiltrating U.S. commercial targets by cyber means’’.230 In addition, the indictment states that ‘‘Chinese firms hired the same
PLA Unit where the defendants worked to provide information technology services.’’ 231 This established a channel through which the Chinese firms
could issue tasking orders to the PLA defendants to engage in cyber theft and commercial espionage. For example, in one case, according to the
indictment, a Chinese SOE hired the PLA Unit ‘‘to build a ‘secret’ database to hold corporate ‘intelligence.’’’ 232 Of the 141 organizations
allegedly compromised by PLA Unit 61398 since 2006, 81 percent were located or headquartered in the United
States.233 In June 2013, the U.S. Department of Justice indicted Chinese energy firm Sinovel for cyber-enabled IP theft committed against
Massachusetts-based American Superconductor (AMSC).* Florida-based biofuel company Algenol, which is developing technology that converts algae
into fuels while decreasing greenhouse gas emissions, fell victim to more than 39 million hacking attempts since mid-2013.234 According to Algenol’s
technology chief, 63,000 hacking attempts came from China, of which 6,653 attempts came from IP addresses identified by cyber security firm Mandiant
as belonging to PLA Unit 61398.235 Algenol’s investigation also identified Alibaba’s cloud computing subsidiary Aliyun as an originator of hacking
attempts, though Alibaba claimed that Algenol mischaracterized ordinary Internet traffic as hacking attempts.236
IP theft destroys the economy
Frost & Sullivan 12 – the company addresses global challenges and growth opportunities that affect market participants (Frost
& Sullivan, 2012, The Growing Hacking Threat to Websites: An Ongoing Commitment to Web Application Security, http://expoitsecurity.ru/upload/iblock/e3b/the_growing_hacking_threat_to_websites.pdf, pg. 16, Google Scholar) /AMarb
All organisations are potential victims. Intuitively, one would assume that large organisations with valuable data were exposed to a much
higher risk than smaller organisations overall. Certainly, a number of high-profile attacks have involved prestigious names (e.g.,
Sony, RSA, Citicorp, Startfor, AT&T), with an excess of $200 million in losses. These breaches have generated a stronger awareness about
the need for network security systems. In addition, several states have laws that require companies to publicly report any event in
which their customers’ personal information has been compromised, meaning that these are the attacks the public
hears about. A 2010 Canadian government report asserted that 86 percent of large Canadian companies had been victims or targeted attacks from
Black Hats, and that efforts to steal intellectual property from the private sector had doubled since 2008 . No empirical
data exists quantifying the impact of hacking as a whole, but many modelling attempts have been made to estimate its impact. The German
intelligence agency BfV, for example, estimates that Germany loses $21 billion to $71 billion of revenue and 30,000 to
70,000 jobs each year due to intellectual property theft through hacking. In Frost & Sullivan’s opinion, the majority of serious
website intrusions are never detected or never made public. True Black Hats always try to keep a low profile and remain as silent as possible. Hacking
attacks in the media are usually caused by young hackers and hacktivists. There is clearly more “glory” involved in hacking a Charles Schwab than an
unknown SME. Hence, decision-makers erroneously believe that Web hacks only target large organisations.
1AR ECON IMPACT
Economic crisis causes war—strong statistical support proves
Royal 2010 (Jedediah Royal, Director of Cooperative Threat Reduction at the U.S. Department of Defense, 2010, “Economic Integration,
Economic Signaling and the Problem of Economic Crises,” Economics of War and Peace: Economic, Legal and Political Perspectives, ed. Goldsmith and
Brauer, p. 213-215
https://books.google.com/books?hl=en&lr=&id=HmcwrzBU6dsC&oi=fnd&pg=PA205&dq=Economic+Integration,+Economic+Signaling+and+the+Pro
blem+of+Economic+Crisis&ots=aZ0lgMVudZ&sig=6Asm0RCJGcjnSniv5sYOpNYLUE#v=onepage&q=Economic%20Integration%2C%20Economic%20Signaling%20and%20the%20Problem%20of%20Economic
%20Crisis&f=false ) //JRW
Less intuitive is how periods
of economic decline may increase the likelihood of external conflict. Political science
literature has contributed a moderate degree of attention to the impact of economic decline and the security
and defense behaviour of interdependent slates. Research in this vein has been considered at systemic, dyadic and national levels.
Several notable contributions follow. First, on the systemic level. Pollins (2008) advances Modelski and Thompson's (19%) work on leadership cycle
theory, finding that rhythms in the global economy are associated with the rise and fall of a pre-eminent power and
the often bloody transition from one pre-eminent leader to the next. As such, exogenous shocks such as economic crises could
usher in a redistribution of relative power (sec also Gilpin. 1981) that leads to uncertainty about power balances, increasing the risk of miscalculation
(Fearon, 1995). Alternatively, even a relatively certain redistribution of power could lead to a permissive environment for conflict as a rising power may
seek to challenge a declining power (Werner, 1999). Separately. Pollins (1996) also shows that global economic cycles combined with parallel leadership
cycles impact the likelihood of conflict among major, medium and small powers, although he suggests that the causes and connections between global
economic conditions and security conditions remain unknown. Second, on a dyadic level. Copeland's (1996. 2000) theory of trade expectations suggests
that 'future expectation of trade' is a significant variable in understanding economic conditions and security behaviour of states. He argues that
interdependent states are likely to gain pacific benefits from trade so long as they have an optimistic view of future trade relations. However, if the
expectations of future trade decline, particularly for difficult to replace items such as energy resources, the likelihood for conflict increases as states will
be inclined to use force to gain access to those resources. Crises could potentially be the trigger for decreased trade expectations either on its own or
because it triggers protectionist moves by interdependent states.4 Third, others have considered the link between economic
decline and external armed conflict at a national level. Blomberg and Hess (2002) find a strong correlation
between internal conflict and external conflict, particularly during periods of economic downturn. They write,
The linkages between internal and external conflict and prosperity are strong and mutually reinforcing.
Economic conflict tends to spawn internal conflict, which in turn returns the favour. Moreover, the presence of
a recession lends lo amplify the extent to which international and external conflicts self-reinforce each other.
(Blomberg & I less. 2002. p. 89) Economic decline has also been linked with an increase in the likelihood of terrorism (Blomberg. Hess. & Wccrapana.
2004). which has the capacity to spill across borders and lead to external tensions. Furthermore, crises generally reduce the popularity of a silting
government. "Diversionary theory' suggests that, when facing unpopularity arising from economic decline, sitting governments have increased incentives
to fabricate external military conflicts to create a 'rally around the flag' effect. Wang (1996), DcRoucn (1995), and Blomberg. Mess, and Thacker (2006)
find supporting evidence showing that economic decline and use of force are at least indirectly correlated. Gelpi (1997), Miller (1999), and Kisangani and
Pickering (2009) suggest that the tendency towards diversionary tactics are greater for democratic states than autocratic states, due to the fact that
democratic leaders are generally more susceptible to being removed from office due to lack of domestic support. DcRoucn (2000) has provided evidence
showing that periods of weak economic performance in the United States, and thus weak Presidential popularity,
are statistically linked to an increase in the use of force. In summary, recent economic scholarship positively
correlates economic integration with an increase in the frequency of economic crises, whereas political science
scholarship links economic decline with external conflict at systemic, dyadic and national levels.5 This implied connection
between integration, crises and armed conflict has not featured prominently in the economic-security debate and deserves more attention. This
observation is not contradictory to other perspectives that link economic interdependence with a decrease in the likelihood of external conflict, such as
those mentioned in the first paragraph of this chapter. Those studies tend to focus on dyadic interdependence instead of global interdependence and do
not specifically consider the occurrence of and conditions created by economic crises. As such, the view presented here should be considered ancillary to
those views.
2AC DISEASE ADD-ON
IP Theft causes counterfeit drug manufacture and sale
NCPC, no date (The National Crime Prevention Council’s mission is to be the nation's leader in helping people keep themselves, their families,
and their communities safe from crime. To achieve this, NCPC produces tools that communities can use to learn crime prevention strategies, engage
community members, and coordinate with local agencies, http://www.ncpc.org/topics/intellectual-property-theft/trends-globalization-anddigitalization-usher-in-a-new-era-of-intellectual-property-theft) // JRW
The World Health Organization recently warned that as much as half of the world’s drug supply may soon
consist of fake pharmaceutical drugs. Counterfeiting of drugs, in fact, could soon be one of the world’s fastestgrowing industries. Profits in the counterfeit drug “industry” are estimated to have doubled since 2005. These
counterfeit drugs often have useless, non-therapeutic ingredients or even contain dangerous and poisonous
ingredients. They are almost always sub-potent. Hundreds of thousands of deaths have been caused by fake
pharmaceuticals around the world. Fortunately, in the United States, thanks to better regulations and the
efforts of skilled and dedicated law enforcement officers, only a small handful have died. Counterfeit drugs are
overwhelmingly manufactured in India, where the government is now cracking down on the manufacturing of
counterfeit drugs and lawmakers are enacting stiff new criminal penalties. One recent report recently stated
that the profits from the sale of counterfeit drugs are now eclipsing the profits being made from the sale of
heroin and cocaine, attracting the involvement of organized crime and terrorists seeking income to fund other
criminal activities. Moreover, there are fears that the growing expertise of counterfeiters combined with the
involvement of criminals and terrorists could result in threats to national security from the use of poisons or
biological products. The Russian mafia, Colombian drug cartels, Chinese triads, and Mexican gangs have all
been implicated in producing and trafficking in counterfeit drugs, as has Al Qaeda, according to one report.
Counterfeit drugs lead to disease
Newton et. al., 2010 (Paul N., Michael D. Green, Facundo M. Fernández. Newton works at Centre for Clinical Vaccinology and Tropical
Medicine, Churchill Hospital, University of Oxford, Green at the Division of Parasitic Diseases, Centers for Disease Control and Prevention, Atlanta,
Georgia, and Fernández at the School of Chemistry and Biochemistry, Georgia Institute of Technology, Atlanta, Georgia. “Impact of poor-quality
medicines in the ‘developing’ world.” Science Direct, Volume 31 Issue 3. http://www.sciencedirect.com/science/article/pii/S016561470900203X ) //
JRW
Considering the vast scale of the global pharmaceutical industry and the incidence of potentially fatal diseases, any
amount of poor-quality
medicine is unacceptable because it increases morbidity and mortality (Box 2). The impact of poor-quality medicines is most
clearly evident if they contain lethal incorrect active ingredients. Until recently, it was often assumed that counterfeits were inert.
However, forensic chemistry has demonstrated that many contain harmful ingredients – as tragically illustrated by the death of 500 children after ingesting para- cetamol containing a renal toxin [2]. Patients may also suffer
adverse effects of unexpected ingredients, e.g. co- trimoxazole containing diazepam; reused ceftazidime vials containing streptomycin; and counterfeit
artesunate tablets containing artemisinin, chloramphenicol, parace- tamol, and metamizole. Patients may be allergic to these covert
pharmaceuticals, or may experience confusing adverse events. Some substandard drugs contain more active
ingredient than stated [10] and, for anti-infectives with narrow therapeutic ratios, this may increase the
prevalence of adverse effects. The use of counterfeit anti-malarials, and the conse- quent failure of patients to
improve, has led to false reports of drug resistance to malaria [13]. An example of the potential dangers of sub-therapeutic
dosage were illus- trated when heavier tourists, dosed without taking patient body weight into account, and not their thinner co-trave- lers, developed P.
vivax relapses [11]. Anti-infectives con-taining sub-therapeutic amounts of the active ingredient (whether counterfeit
or substandard) increase the risk of the selection and spread of drug-resistant pathogens [13]. Selection depends on a
wide variety of factors, i.e. pathogen biomass; host immunity; relationships between the drug pharmacokinetic profile; pharmacodynamic effects on the
pathogen; anti-microbial susceptibility of the the pathogen; and the fitness of resistant mutants. If resistant pathogens infect or arise de
novo within a host and encoun- ter sub-lethal concentrations of a slowly eliminating anti- microbial, they will
have a survival advantage and multi- ply faster than sensitive pathogens [12]. Although models of the emergence and spread
of resistance to anti-malarial drugs suggest that poor-quality drugs are important, it is very difficult to tease apart the effects of the misuse of antiinfectives by health workers, patient adherence, and poor- quality drugs. Counterfeits containing no active ingredient will not
provide this ‘drug pressure’, and it is likely that substandard medicines are more important in engendering
resistance. However, fakes containing sub-therapeutic amounts of the stated ingredient, or incorrect antimicrobial ingredients, may facilitate the emergence and spread of drug-resistant pathogens. For diseases treated with
combination therapy (e.g. tuberculosis, HIV, falci- parum malaria), poor-quality combination medicines risk the spread of resistance due to the poorquality active ingredient and the ‘unprotected’ co-ingredient. Artemisi- nin derivatives-based combination therapies (ACTs) hold great hope for
controlling malaria in Africa but, most alarmingly, poor-quality ACTs are already widespread [2,6,13]. Plasmodium falciparum artesunate resistance has
recently been described on the Thailand–Cambodia border and the wide use of monotherapy, substandard artesunate, and fake artesunate containing
sub-thera- peutic quantities of artemisinin and artesunate in South-East Asia have probably contributed to this poten- tially disastrous problem [8].
Poor-quality tuberculosis (TB) drugs [14] are a neglected link between TB treatment, therapeutic failure and the increasing burden of TB drug resistance.
Diseases cause extinction
Yu 09 (Victoria Yu (cites the CDC and R. Calsbeek, a lecturer at Dartmouth), Dartmouth Undergraduate Journal of Science, May 22, 2009, "Human
Extinction: The Uncertainty of Our Fate", accessed December 28, 2011, http://dujs.dartmouth.edu/spring-2009/human-extinction-the-uncertainty-ofour-fate) // JRW
A pandemic will kill off all humans. In the past, humans have indeed fallen victim to viruses. Perhaps the bestknown case was the bubonic plague that killed up to one third of the European population in the mid-14th
century (7). While vaccines have been developed for the plague and some other infectious diseases, new viral
strains are constantly emerging — a process that maintains the possibility of a pandemic-facilitated human
extinction. Some surveyed students mentioned AIDS as a potential pandemic-causing virus. It is true that scientists have been unable thus far to
find a sustainable cure for AIDS, mainly due to HIV’s rapid and constant evolution. Specifically, two factors account for the virus’s abnormally high
mutation rate: 1. HIV’s use of reverse transcriptase, which does not have a proof-reading mechanism, and 2. the lack of an error-correction mechanism in
HIV DNA polymerase (8). Luckily, though, there are certain characteristics of HIV that make it a poor candidate for a large-scale global infection: HIV
can lie dormant in the human body for years without manifesting itself, and AIDS itself does not kill directly, but rather through the weakening of the
immune system. However, for more easily transmitted viruses such as influenza, the evolution of new strains could prove far more
consequential. The simultaneous occurrence of antigenic drift (point mutations that lead to new strains) and
antigenic shift (the inter-species transfer of disease) in the influenza virus could produce a new version of
influenza for which scientists may not immediately find a cure. Since influenza can spread quickly, this lag time could potentially
lead to a “global influenza pandemic,” according to the Centers for Disease Control and Prevention (9). The most recent scare of this variety came in 1918
when bird flu managed to kill over 50 million people around the world in what is sometimes referred to as the Spanish flu pandemic. Perhaps even more
frightening is the fact that only 25 mutations were required to convert the original viral strain — which could only infect birds — into a human-viable
strain (10).
2AC INNOVATION ADD-ON
Chinese Cyber Espionage Decimating US Competitiveness – Its Economic Advantage is
Innovation
Gjelten 13 (Tom Gjelten, NPR News Reporter, NPR, 5/7/13, http://www.npr.org/2013/05/07/181668369/us-turns-up-heat-on-costly-commercial-cyber-theft-in-china) /dylsbury
American companies that do business with China make good money. They also lose a lot of money there to
cyberthieves, who routinely hack into the computers of the U.S. firms and steal their trade and technology
secrets.
China's theft of U.S. intellectual property has gotten serious enough in recent months to warrant President
Obama's attention and prompt a series of visits to Beijing by senior members of Obama's Cabinet. A new
Pentagon report on Chinese military developments adds to the U.S. complaints. The report says some
computer intrusions carried out by hackers in China "appear to be attributable directly to the Chinese
government and military." A recent survey by the American Chamber of Commerce in China, which represents
more than a thousand U.S. businesses there, turned up widespread concern about the loss of intellectual
property. Twenty-six percent of those responding to the survey reported somebody stealing business data from
their computers, and 42 percent said the problem is getting worse. "They know they're under attack," says Greg
Gilligan, the group's chairman. "They just don't know who's attacking."The problem of data theft is well-known
among U.S. companies operating in China. American businessmen have long complained that their laptops are
hacked, their emails intercepted, and their technology and negotiation plans compromised. But with more than
a billion Chinese as potential customers for American goods, the temptation to do business with China has
been irresistible."For the last 15 or 20 years, companies have been willing to make the bet," says Adam Segal, a
China expert at the Council on Foreign Relations. "[Their attitude is] 'We know we're going to lose our
technology in China, but being in the China market is so important that we're going to take that bet.' "The U.S.
cybersecurity firm Mandiant identified a cyber unit of China's People's Liberation Army as the likely culprit
behind much of the industrial espionage directed against U.S. companies. Mandiant researchers said the PLA
unit is systematically taking intellectual property — technology blueprints, manufacturing secrets, negotiation
plans — from the U.S. companies it targets.The Mandiant finding certainly caught the attention of Gilligan, a
leader among U.S. businesses operating in China. "The salient point of that report was [the statement] that
there is some organized effort by some group attacking business interests," Gilligan says. "This is not
government to government. It's not military to military. It's [someone] attacking the economic interests of
United States companies."A classified National Intelligence Estimate earlier this year concluded that cyberespionage from China is now threatening U.S. economic competitiveness. The concern is that if Chinese
businesses can steal U.S. technology, they can blunt the one big advantage U.S. companies have in the global
economy, which is their capacity to innovate. It is that spirit that explains the emergence of U.S. companies like
Microsoft, Apple or Google. Such companies, business experts say, have been far less likely to originate in
China, because the business culture in China does not favor creativity. But they can always steal the products of
U.S. creativity."There are certainly some companies that are seeing [intellectual property theft] as part of a
strategy for becoming more competitive internationally, taking innovation from somewhere else and
incorporating it in their products," says Robert Hormats, the U.S. undersecretary of state for economic growth,
energy and the environment.
Decline in Competitiveness Leads to Economic Collapse and Fiscal Crisis – Empirics in France
Prove
Tully 13 (Shawn Tully, editor at Fortune, Fortune, 6/20/15, http://fortune.com/author/shawn-tully/)
/dylsbury
A deeper look shows that France is mired in no less than an economic crisis. The eurozone’s second-largest
economy (2012 GDP: 2 trillion euros) is suffering more than any other member from a shocking deterioration
in competitiveness. Put simply, France’s products — its cars, steel, clothing, electronics — cost far too much to
produce compared with competing goods both from Asia and its European neighbors, including not just
Germany but even Spain and Italy. That’s causing a sharp and accelerating fall in its exports, and a significant
decline in manufacturing and the services that support it.
The virtual implosion of French industry is overlooked by analysts and pundits who claim that the eurozone
had dodged disaster and entered a new, durable period of stability. In fact, it’s France — not Greece or Spain —
that now poses the greatest threat to the euro’s survival. France epitomizes the real problem with the single
currency: The inability of nations with high and rising production costs to adjust their currencies so that their
products remain competitive in world markets.So far, the worries over the euro have centered on dangerously
rising debt and deficits. But those fiscal problems are primarily the result of a loss of competitiveness. When
products cost too much to make, the economy stalls or actually declines, so that even modest increases in
government spending swamp nations with big budget shortfalls and excessive borrowings. In this no-ornegative growth scenario, the picture is usually the same: The private economy shrinks while government
keeps expanding. That’s already happened in Italy, Spain and other troubled eurozone members. The
difference is that those nations are adopting structural reforms to restore their competitiveness. France is
doing nothing of the kind. Hence, its yawning competitiveness gap will soon create a fiscal crisis. It’s absolutely
astonishing that an economy so large, and so widely respected, can be unraveling so quickly.
Cyber Espionage Leads to Massive Decline in Innovation – No Incentive to Invest
Lukas 13 (Carrie Lukas, managing director of the Independent Women’s Forum, U.S. News, 6/4/13,
http://www.usnews.com/opinion/articles/2013/06/04/chinas-industrial-cyberespionage-harms-the-useconomy) /dylsbury
Cyberwarfare and corporate espionage sound like the basis of a good summer beach read: the perfect escape
from the too-gloomy realities of an economy that continues to sputter, leaving millions of Americans out of
work and millions more underemployed. Yet Americans should be aware that far from fiction, industrial
espionage has become a common occurrence and one that adds heavily to our economic woes. The numbers
involved are staggering. The director of the National Security Agency, Gen. Keith Alexander, called cybercrime
"the greatest transfer of wealth in history." The price tag for intellectual property theft from U.S. companies is
at least $250 billion a year. That's far more than what businesses pay in federal corporate income taxes.
Imagine what recouping those lost billions would mean to our economy and American workers: More jobs,
higher pay, and lower prices would be the immediate result. It would also mean more innovation and a higher
standard of living in the future. Today, business leaders have reason to be reluctant to invest scarce resources
on research and development since that information and innovation may be stolen before they can bring new
products to market. Without the specter of this crime, more money would be invested in identifying new
technologies and medical breakthroughs that would make our lives healthier and richer. Of course, there is no
way that America can identify, let alone stop, every cyberhacker. Yet cyber-espionage isn't primarily just the
work of entrepreneurial, tech-savvy criminals. Much of the dirty work is done by state-sponsored cyberspies,
who are purposefully draining information from vital U.S. infrastructure systems and businesses. The Virginiabased cyber security firm Mandiant recently released a report detailing one source of persistent cyber attacks,
the Chinese People's Liberation Army. Mandiant estimates that since 2006, a single Chinese army cyberattack
unit has compromised "141 companies spanning 20 major industries, from information technology and
telecommunications to aerospace and energy," using a "well-defined attack methodology, honed over years and
designed to steal large volumes of valuable intellectual property."
Only Innovation Can Solve Warming – Current Tech Won’t Work
Koningstein 14 (Ross Koningstein, Engineer at Google, IEEE Spectrum, 11/18/14,
http://spectrum.ieee.org/energy/renewables/what-it-would-really-take-to-reverse-climate-change) /dylsbury
As we reflected on the project, we came to the conclusion that even if Google and others had led the way toward
a wholesale adoption of renewable energy, that switch would not have resulted in significant reductions of
carbon dioxide emissions. Trying to combat climate change exclusively with today’s renewable energy
technologies simply won’t work; we need a fundamentally different approach. So we’re issuing a call to action.
There’s hope to avert disaster if our society takes a hard look at the true scale of the problem and uses that
reckoning to shape its priorities. Climate scientists have definitively shown that the buildup of carbon
dioxide in the atmosphere poses a looming danger. Whether measured in dollars or human suffering, climate
change threatens to take a terrible toll on civilization over the next century. To radically cut the emission of
greenhouse gases, the obvious first target is the energy sector, the largest single source of global emissions.
RE<C invested in large-scale renewable energy projects and investigated a wide range of innovative
technologies, such as self-assembling wind turbine towers, drilling systems for geothermal energy, and solar
thermal power systems, which capture the sun’s energy as heat. For us, designing and building novel energy
systems was hard but rewarding work. By 2011, however, it was clear that RE<C would not be able to deliver a
technology that could compete economically with coal, and Google officially ended the initiative and shut down
the related internal R&D projects. Ultimately, the two of us were given a new challenge. Alfred Spector,
Google’s vice president of research, asked us to reflect on the project, examine its underlying assumptions, and
learn from its failures.
We had some useful data at our disposal. That same year, Google had completed a study on the impact of clean
energy innovation, using the consulting firm McKinsey & Co.’s low-carbon economics tool. Our study’s bestcase scenario modeled our most optimistic assumptions about cost reductions in solar power, wind power,
energy storage, and electric vehicles. In this scenario, the United States would cut greenhouse gas emissions
dramatically: Emissions could be 55 percent below the business-as-usual projection for 2050.While a large
emissions cut sure sounded good, this scenario still showed substantial use of natural gas in the electricity
sector. That’s because today’s renewable energy sources are limited by suitable geography and their own
intermittent power production. Wind farms, for example, make economic sense only in parts of the country
with strong and steady winds. The study also showed continued fossil fuel use in transportation, agriculture,
and construction. Even if our best-case scenario were achievable, we wondered: Would it really be a climate
victory?A 2008 paper by James Hansen [PDF], former director of NASA’s Goddard Institute for Space Studies
and one of the world’s foremost experts on climate change, showed the true gravity of the situation. In it,
Hansen set out to determine what level of atmospheric CO2 society should aim for “if humanity wishes to
preserve a planet similar to that on which civilization developed and to which life on Earth is adapted.” His
climate models showed that exceeding 350 parts per million CO2 in the atmosphere would likely have
catastrophic effects. We’ve already blown past that limit. Right now, environmental monitoring shows
concentrations around 400 ppm. That’s particularly problematic because CO2 remains in the atmosphere for
more than a century; even if we shut down every fossil-fueled power plant today, existing CO2 will continue to
warm the planet.We decided to combine our energy innovation study’s best-case scenario results with Hansen’s
climate model to see whether a 55 percent emission cut by 2050 would bring the world back below that 350ppm threshold. Our calculations revealed otherwise. Even if every renewable energy technology advanced as
quickly as imagined and they were all applied globally, atmospheric CO2 levels wouldn’t just remain above 350
ppm; they would continue to rise exponentially due to continued fossil fuel use. So our best-case scenario,
which was based on our most optimistic forecasts for renewable energy, would still result in severe climate
change, with all its dire consequences: shifting climatic zones, freshwater shortages, eroding coasts, and ocean
acidification, among others. Our reckoning showed that reversing the trend would require both radical
technological advances in cheap zero-carbon energy, as well as a method of extracting CO2 from the
atmosphere and sequestering the carbon.
Warming Causes Extinction
Jamail 13 (Dahr Jamail, journalist and award-winning author, Mother Jones, 12/17/13,
http://www.motherjones.com/authors/dahr-jamail) /dylsbury
I haven't returned to Mount Rainier to see just how much further that glacier has receded in the last few years,
but recently I went on a search to find out just how bad it might turn out to be. I discovered a set of perfectly
serious scientists—not the majority of all climate scientists by any means, but thoughtful outliers—who suggest
that it isn't just really, really bad; it's catastrophic. Some of them even think that, if the record ongoing releases
of carbon dioxide into the atmosphere, thanks to the burning of fossil fuels, are aided and abetted by massive
releases of methane, an even more powerful greenhouse gas, life as we humans have known it might be at an
end on this planet. They fear that we may be at—and over—a climate change precipice hair-raisingly quickly.
Mind you, the more conservative climate science types, represented by the prestigious Intergovernmental
Panel on Climate Change (IPCC), paint scenarios that are only modestly less hair-raising, but let's spend a little
time, as I've done, with what might be called scientists at the edge and hear just what they have to say."We've
Never Been Here as a Species" "We as a species have never experienced 400 parts per million of carbon
dioxide in the atmosphere," Guy McPherson, professor emeritus of evolutionary biology, natural resources, and
ecology at the University of Arizona and a climate change expert of 25 years, told me. "We've never been on a
planet with no Arctic ice, and we will hit the average of 400 ppm…within the next couple of years. At that time,
we'll also see the loss of Arctic ice in the summers…This planet has not experienced an ice-free Arctic for at
least the last three million years."
For the uninitiated, in the simplest terms, here's what an ice-free Arctic would mean when it comes to heating
the planet: minus the reflective ice cover on Arctic waters, solar radiation would be absorbed, not reflected, by
the Arctic Ocean. That would heat those waters, and hence the planet, further. This effect has the potential to
change global weather patterns, vary the flow of winds, and even someday possibly alter the position of the jet
stream. Polar jet streams are fast flowing rivers of wind positioned high in the Earth's atmosphere that push
cold and warm air masses around, playing a critical role in determining the weather of our planet. McPherson,
who maintains the blog Nature Bats Last, added, "We've never been here as a species and the implications are
truly dire and profound for our species and the rest of the living planet." While his perspective is more extreme
than that of the mainstream scientific community, which sees true disaster many decades into our future, he's
far from the only scientist expressing such concerns. Professor Peter Wadhams, a leading Arctic expert at
Cambridge University, has been measuring Arctic ice for 40 years, and his findings underscore McPherson's
fears. "The fall-off in ice volume is so fast it is going to bring us to zero very quickly," Wadhams told a reporter.
According to current data, he estimates "with 95 percent confidence" that the Arctic will have completely icefree summers by 2018. (US Navy researchers have predicted an ice-free Arctic even earlier—by 2016.) British
scientist John Nissen, chairman of the Arctic Methane Emergency Group (of which Wadhams is a member),
suggests that if the summer sea ice loss passes "the point of no return," and "catastrophic Arctic methane
feedbacks" kick in, we'll be in an "instant planetary emergency." McPherson, Wadham, and Nissen represent
just the tip of a melting iceberg of scientists who are now warning us about looming disaster, especially
involving Arctic methane releases. In the atmosphere, methane is a greenhouse gas that, on a relatively shortterm time scale, is far more destructive than carbon dioxide (CO2). It is 23 times as powerful as CO2 per
molecule on a 100-year timescale, 105 times more potent when it comes to heating the planet on a 20-year
timescale—and the Arctic permafrost, onshore and off, is packed with the stuff. "The seabed," says Wadham, "is
offshore permafrost, but is now warming and melting. We are now seeing great plumes of methane bubbling up
in the Siberian Sea…millions of square miles where methane cover is being released." According to a study just
published in Nature Geoscience, twice as much methane as previously thought is being released from the East
Siberian Arctic Shelf, a two million square kilometer area off the coast of Northern Siberia. Its researchers
found that at least 17 teragrams (one million tons) of methane are being released into the atmosphere each
year, whereas a 2010 study had found only seven teragrams heading into the atmosphere.The day after Nature
Geoscience released its study, a group of scientists from Harvard and other leading academic institutions
published a report in the Proceedings of the National Academy of Sciences showing that the amount of
methane being emitted in the US both from oil and agricultural operations could be 50 percent greater than
previous estimates and 1.5 times higher than estimates of the Environmental Protection Agency. How serious is
the potential global methane build-up? Not all scientists think it's an immediate threat or even the major threat
we face, but Ira Leifer, an atmospheric and marine scientist at the University of California, Santa Barbara, and
one of the authors of the recent Arctic Methane study pointed out to me that "the Permian mass extinction that
occurred 250 million years ago is related to methane and thought to be the key to what caused the extinction of
most species on the planet." In that extinction episode, it is estimated that 95 percent of all species were wiped
out.
2AC ORGANIZED CRIME ADD-ON
IP Theft encourages gangs, terror and organized crime.
NCPC, no date (The National Crime Prevention Council’s mission is to be the nation's leader in helping people keep themselves, their families,
and their communities safe from crime. To achieve this, NCPC produces tools that communities can use to learn crime prevention strategies, engage
community members, and coordinate with local agencies, http://www.ncpc.org/topics/intellectual-property-theft/trends-globalization-anddigitalization-usher-in-a-new-era-of-intellectual-property-theft) // JRW
The human costs associated with intellectual property theft are on the rise. People are losing jobs and
companies are losing profits, but lives are put in danger not just from things like counterfeit drugs and
counterfeit consumer goods, but from the spread of gangs, organized crime groups, and terrorist organizations.
All of these groups are benefiting from the manufacturing of counterfeit drugs, piracy of music and movies, and
theft of trade and state secrets. Some observers even say there may be a cost in personal freedom, as freedom of
speech and the media are pitted against the rights of companies to keep their secrets and not have the secrets
aired when they are leaked as a result of an intellectual property crime.
Terrorism causes extinction
Sid-Ahmed 2004 (Mohamed Sid-Ahmed (Al-Ahram Weekly political analyst), Al-Ahram Weekly, August 26, 2004, "Extinction!", no. 705,
http://weekly.ahram.org.eg/2004/705/op5.htm]) //JRW
What would be the consequences of a nuclear
attack by terrorists? Even if it fails, it would further exacerbate
the negative features of the new and frightening world in which we are now living. Societies would close in on themselves,
police measures would be stepped up at the expense of human rights, tensions between civilisations and religions would rise and ethnic conflicts would
proliferate. It would also speed up the arms race and develop the awareness that a different type of world order is
imperative if humankind is to survive. But the still more critical scenario is if the attack succeeds. This could
lead to a third world war, from which no one will emerge victorious. Unlike a conventional war which ends when one side
triumphs over another, this war will be without winners and losers. When nuclear pollution infects the whole planet, we will all be losers.
Organized crime kills economy and threatens national security
Finklea 2010 (Kristin M. Analyst in Domestic Security; Organized Crime in the United States: Trends and Issues for Congress. December 22,
2010 http://fas.org/sgp/crs/misc/R40525.pdf) //JRW
Organized crime threatens multiple facets of the United States, including the economy and national security. In
fact, the Organized Crime Council was reconvened for the first time in 15 years to address this continued threat. Organized crime has taken on
an increasingly transnational nature, and with more open borders and the expansion of the Internet, criminals
endanger the United States not only from within the borders, but beyond. Threats come from a variety of criminal
organizations, including Russian, Asian, Italian, Balkan, Middle Eastern, and African syndicates. Policymakers may question whether the tools they have
provided the federal government to combat organized crime are still effective for countering today’s evolving risks. Organized crime could
weaken the economy with illegal activities (such as cigarette trafficking and tax evasion scams) that result in a loss of tax
revenue for state and federal governments. This is particularly of issue given the current state of the country’s
economic health. Fraudulent activities in domains such as strategic commodities, credit, insurance, stocks, securities and investments could
further weaken the already-troubled financial market. On the national security front, experts and policymakers have
expressed concern over a possible nexus between organized crime and terrorism. Despite the difference in motivation for
organized crime (profit) and terrorism (ideology), the linking element for the two is money. Terrorists may potentially obtain funding for their operations
from partnering directly with organized crime groups or modeling their profitable criminal acts. Even if organized crime groups and
terrorist organizations do not form long-term alliances, the possibility of short-term business alliances may be
of concern to policymakers.
2AC PLAN SOLVES IP THEFT
Public-private partnerships are crucial to solve IP theft
Hare 9 PhD in Public Policy, Air Attaché for the US Air Force, Military Officer for the NSA, adjunct professor
at Johns Hopkins University, Adjunct Professor at Georgetown University, Cyberspace Operations Policy at US
DoD, Division Chief for Information Operations at CJTF-Horn of Africa, Knowlton Award for Military
Intelligence, US Army (Forrest, “Borders in Cyberspace: Can Sovereignty Adapt to the Challenges of Cyber
Security?” p. 111-2, The Virtual Battlefield: Perspectives on Cyber Warfare,
http://ir.nmu.org.ua/bitstream/handle/123456789/126171/073c9f3d821984e039c4800f6b83b534.pdf) | js
National security is about existential threats to the state. Obtaining knowledge of a national security value can create an existential threat by allowing
potential adversaries to gain the knowledge to develop effective counter-measures to a nation’s advanced military and other defenses. In addition,
cyber attacks that degrade the ability to command and control national security assets and attacks that disrupt
critical infrastructure have direct implications to national security. This infrastructure may be civilian, military, or both. In the
United States, for example, the Department of Defense relies heavily on the nation’s public and private cyber infrastructure
backbone for communications purposes [13].4 Some security measures are currently in place to protect against the threats
articulated above. Such measures are employed by both government agencies and the private sector owners of much of a nation’s
critical infrastructure [see 14]. An obvious measure to defend against the theft of sensitive information would be to place all
critical information and correspondence on closed systems that are not connected to the publicly accessible Internet. In the
United States, for example, this would entail containing the information within the national security system architecture managed by the National
Security Agency and Defense Information Systems Agency. Certainly, governments secure much of their critical information in this manner.
However, it is also the case that, as we become more reliant on the Internet for collaboration on all activities, especially
between the public and private sector, it is becoming increasingly difficult to keep critical information controlled
in this manner. A recent incident regarding a potential loss of design information for the F-35 Joint Strike Fighter
was stolen from private , proprietary industry networks (meaning no government
access or frequent auditing), and it apparently contained several terabytes of design data on the future air defense capability for
several nations [15]. Remaining disconnected from the greater cyberspace could be a measure employed by critical infrastructure owners and
highlights this problem. The information
operators also. The control networks could be closed, proprietary systems with no remote access. In fact, older generation control systems employed
tailored protocols and were only managed through proprietary, closed systems because there was no Internet available at the time. 4 Note that the focus
for this article does not include industrial espionage unrelated to national security, hacking for pleasure, identity theft, and the use of the Internet for
training, messaging, and internal transactions of bad actors. Though these can all be considered criminal acts in their own right, they are outside the
scope of this discussion. 5 For an overview of the U.S. National Security System, refer to the CNSS website at www.cnss.gov91 However, the trend
has been to install remotely maintained systems employing common OS architectures to leverage the connectivity benefits of the
Internet [16]. Therefore, these critical infrastructure systems have assumed a risk common to all those dependent on
the effective functioning of the Internet. The United States, as a sovereign country, certainly has the inherent right to control all of its borders in any
domain [17]. With the above considerations, it is clear the public sector cannot manage all necessary security actions alone.
Private companies are an important part of the dynamic that is absent in other areas of national security where the actions of the military, or law
enforcement, dominate the response options. We have no early warning radar system or Coast Guard to patrol the borders in cyberspace. Unlike in other
domains, information of an attack will come first from those being attacked. Therefore it is highly unlikely that a government
organization, unless it is actually the target of a cyber attack, will have greater situational awareness.
An effort must be made to
incentivize the private sector to invest in cyber security as well. In many cases, national security depends
on it. But if none of the measures being employed have a border patrol component, does that necessarily mean that borders are not significant in
cyberspace? The next two sections will introduce two different frameworks to address this question. In the first of the two analytic frameworks, I will
compare the problems of securing a nation against cyber threats to the challenges of securing a nation against international drug trafficking.
Zero-day disclosure key to combatting IP theft
Villasenor 14 professor of electrical engineering and public policy at UCLA, nonresident senior fellow at the
Brookings Institution, member of the World Economic Forum’s Global Agenda Council on Cybersecurity,
member of the Council on Foreign Relations, and an affiliate at the Center for International Security and
Cooperation (CISAC) at Stanford (John, American Intellectual Property Law Association Quarterly Journal,
“Corporate Cybersecurity Realism: Managing Trade Secrets in a World Where Breaches Occur” 8/28/14,
http://www.hoover.org/sites/default/files/ip2-wp14012-paper.pdf) | js
It is impossible to know how many trade secret misappropriation incidents are tied to cybersecurity breaches. But there is
good reason to believe that many of them are. For starters, trade secrets are valuable and are therefore a prime target. According to a 2010 Forrester
Consulting paper, “[s]ecrets comprise two-thirds of the value of firms’ information portfolios.”37 In 2012, then-NSA Director Gen. Keith B. Alexander
wrote that the “ongoing cyber-thefts from the networks of public and private organizations, including Fortune 500 companies, represent the greatest
transfer of wealth in human history.”38 For obvious reasons, merging information about vulnerabilities and incidents to place a specific value on
economic losses due to cyber-enabled trade secret misappropriation is very difficult. Among other challenges, reported incidents are not typically
companies have reporting obligations when breaches
expose personal data of their customers, they are not generally obligated to publicize intrusions that expose trade secret information
unrelated to customer privacy. 39 Most fundamentally, most intrusions probably go undetected. Despite these challenges, there have been
some efforts to put a number on losses. Symantec has written that IP theft (including but not limited to cyber-enabled theft) “is
staggeringly costly to the global economy: U.S. businesses alone are losing upwards of $250 billion every year.”40 A May 2013 report
described in terms that enable valuation calculations. In addition, while
from the Commission on the Theft of American Intellectual Property claimed that annual losses to the American economy due from international IP theft
were likely over $300 billion.41 Reasonable people can of course differ regarding the accuracy of these assessments. It is beyond doubt, however, that the
annual cost to American companies of trade secret theft generally, and of cyber-enabled trade secret theft specifically, is many billions of dollars.
Valuable trade secrets attract the attention of highly skilled attackers who have access to a continuing stream of new exploits.
Citing data from the National Vulnerability Database,42 HP’s 2013 “Cyber risk report” noted that over 4700 new vulnerabilities were reported through
November 2013, and that this number was about 6% lower than the corresponding number for 2012.43 Stated another way, the number of
reported new vulnerabilities averages well over ten per day; the number of unreported new vulnerabilities is clearly
higher. The HP report also cited approximately 250 vulnerabilities disclosed in 2013 through HP’s Zero Day Initiative, which provides
compensation to researchers who disclose verified vulnerabilities and then coordinates the release of patch by the affected product
vendor.44 In addition, cyberespionage attacks are notable both in their sophistication and in their increasing frequency. The Verizon
2014 Data Breach Investigations Report45 examined 511 cyberespionage incidents in 2013, noting “consistent, significant growth of incidents in the
dataset”46 and that cyberespionage “exhibits a wider variety of threat actions than any other pattern.” 47
AT: CHINA WAR DEFENSE
A China-US war escalates to nuclear—weapons overlap and miscalculation
Riqiang 14 Associate Professor at the School of International Studies, Renmin University of China, Ph.D. in
political science (Wu, “China-US Inadvertent Nuclear Escalation” 5/2/14,
http://d3qi0qp55mx5f5.cloudfront.net/cpost/i/docs/Wu_Policy_Memo.pdf) | js
The fog of war refers to the difficulty of collecting and interpreting information of an ongoing war, and using it to
control the war. The impact of the fog of war on the escalatory risk is twofold. First, it makes the U.S. military difficult to
discriminate between China’s nuclear and conventional systems, so the U.S. military might attack Chinese
nuclear weapons inadvertently. Second, the fog of war also makes the Chinese military difficult to know how many
nuclear weapons survive, and the readiness of the surviving weapons, creating high uncertainty in Chinese leaders’
confidence of nuclear retaliation. China’s command and control system is a priority target of the U.S. military.
Should a conventional war occur, the combination of Chinese and American military strategies would cause very high
escalatory risk. The core of China’s military strategy is “active defense” (jiji fangyu), under which detailed military strategy
guidelines were developed. The latest guideline is to win “local war under informationalized conditions.” Given U.S. conventional superiority, the
basic principle of Chinese military planning is “asymmetric strategy,” which means to develop asymmetric capabilities to
attack the weak links of American kill chain, with the hope of degrading the war-fighting effectiveness of the whole weapon system.
Among other capabilities, missiles and submarines, so called anti-access/area denial (A2/AD) capabilities (in Chinese, shashoujian, Assassin’s Mace), are
the backbone of China’s asymmetric strategy
AT: HEG RESILIENT
IP theft destroys American technological superiority
Melnitzky 12 Assistant Attorney General at Office of the Attorney General of the State of New York
(Alexander B., Cardozo Journal of International and Comparative Law, “NOTE: DEFENDING AMERICA
AGAINST CHINESE CYBER ESPIONAGE THROUGH THE USE OF ACTIVE DEFENSES” p.566-7, Winter
2012, Lexis) | js
Because it only takes a few key strokes to initiate this 'transformation,' cyber
espionage should be treated as a potential armed
attack from the outset. Relying on the potential transformation of cyber espionage into a more lethal attack to justify the use of active defenses
skirts the more difficult issue of whether cyber espionage, by itself, is ever enough to justify such defensive actions. Under the effects- based approach,
cyber espionage alone can be sufficient to warrant military action. The severity of the problem of data theft is simply
too great and its effects are too harmful. Today, "the speed, volume, and global reach of cyber activities make cyber
espionage fundamentally and qualitatively different from""" more traditional forms of spying. The scale of theft is
unprecedented: "Every year, an amount of intellectual property many times larger than all the intellectual property
contained in the Library of Congress is stolen from networks maintained by U.S. businesses, universities, and
government agencies."""' So too, is the lack of risk.""' In the case of the theft of the F-35 data, "[i]f a Cold War spy wanted to move that much
information out of a secret, classified facility, he would have needed a small moving van and a forklift. He also would have risked getting caught or
killed."2"" As already mentioned, the U.S. government cites the loss in economic value of intellectual property to U.S.
businesses in 2008 alone as upwards of $1 trillion.2'" America is being robbed of its most valuable asset: its
technological superiority. Prior to the Internet, looting on such a scale could only have been accomplished by a military occupation. The effectsbased approach requirement that a cyberattack must cause damage only previously possible by traditional military force is therefore satisfied. In
Offensive Cyber Operations and the Use of Force, Lin provides a series of hypothetical cyberattacks and analyzes whether such attacks would constitute
an armed attack." One hypothetical involves a cyberattack that disrupts the stock exchange of the fictitious country of Zendia.2"3 Lin provides the
following analysis: Bombs dropped on Zendia's stock exchanges at night. so that casualties were minimized, would be regarded as a use of force or an
armed attack by most observers, even if physical backup facilities were promptly available so that actual trading was disrupted only for a few hours. The
posited cyber attack could have the same economic effects, except that the buildings themselves would not be destroyed. In this case, the cyber attack
may be less likely to be regarded as a use of force than a kinetic attack with the same (temporary) economic effect, simply because the lack of physical
destruction would reduce the scale of the damage caused. However, a cyber attack against the stock exchanges that occurs
repeatedly and continually, so that trading is disrupted for an extended period of time, for days or weeks, would
surely constitute a use of force or even an armed attack, even if no buildings were destroyed. 2"' At the heart of Lin's analysis seems to be
the idea that a cyberattack causing sustained and substantial economic damage, without any physical damage, can
rise to the level of an armed attack. The argument this Note makes regarding cyber espionage is no different, except with cyber
espionage, the assault has not lasted mere days or weeks, but years. The important point is that once it is accepted that an armed attack
can occur without physical damage, to limit the use of active defenses to cyber "attacks"-the corruption of data-as opposed to
cyber "espionage"-the theft of data-is an overly mechanical distinction, which ignores the basic idea of the effects-based
approach. It is the effect that matters most.
AT: RUSSIA WAR DEFENSE
War with Russia likely and devastating
Nichols 5/7/15 Professor of National Security Affairs at the Naval War College and an adjunct at the Harvard
Extension School (Tom, The National Interest, “How America and Russia Could Start a Nuclear War” 5/7/15,
http://www.nationalinterest.org/feature/how-america-russia-could-start-nuclear-war-12826)
Part of the problem is that Russia now openly considers the use of nuclear weapons in any scenario in which they begin to
lose to a superior force. In an ironic reversal of the situation during the Cold War, NATO is now the dominant conventional coalition in Europe, while Russia is a
weak state with a large but less powerful army. The Russian Federation has no significant ability to project power far from its borders, and likely cannot sustain a major
conventional engagement with a capable opponent for any prolonged period. As a result of this imbalance, the Kremlin has embraced a doctrine of “de-escalation” in which
Russia would threaten to use nuclear weapons during a conflict in order to deter an opponent from pursuing
further military gains. (While China maintains a public pledge never to be the first to use nuclear arms, Beijing likely has a similar plan should war with the
Americans go badly.) How might this doctrine come into play during a crisis? There is far less at stake between Russia and the West now, and the Russians are not
commanding a global empire dedicated to a revolutionary ideology. That does not mean, however, that Russian leaders, including President Vladimir Putin, accept the
outcome of the Cold War. And so imagine, in the wake of Russia’s successes in Ukraine, that the Russian leadership under Vladimir Putin
decides to test its
belief that NATO, as a political alliance, can be broken with a show of force. To this end, the Kremlin attempts to replicate the
2014 Ukraine operation, only this time in a NATO nation, perhaps in the Baltics or Poland. “Little green men” begin assisting “separatists” in isolating a slice of
NATO territory. This time, however, the target responds forcefully: instead of the hapless and disorganized Ukrainians of 2014, the Russians find themselves facing
troops with better training and superior Western weapons, who briskly dispatch the Russian “volunteers” and showcase an array of captured
Russian arms. The Kremlin, now watching its plans unspool, doubles down. Clinging to the assumption that NATO will fracture and abandon the victim to Russian aggression,
the men in Moscow send in Russian regulars to help their “brothers” in the struggle. NATO leaders, contrary to these unrealistic Russian expectations, activate Article V of the
NATO charter. Now it’s a real war, and after they clear the skies of inferior Russian aircraft, Western jets soon begin pounding Russian soldiers and obliterating Russian
equipment in numbers that defy even the most pessimistic assumptions of the Russian General Staff. Russian
losses, viewed instantly and globally across the internet,
are heavy. The Russians soon realize they face the prospect of a humiliating defeat. Worse, they may fear a
counter-offensive that could spill into Russian territory. The idea of NATO stepping even an inch into Russia fills the generals and their
president with dread, especially as the Russian public watches their soldiers being cut to pieces in a foreign country. The Kremlin, at this point, threatens to use nuclear
weapons. The West responds by reiterating its demands that the Russians leave NATO territory, by initiating a renewed offensive against the invading forces, and by increasing
U.S., British, and French nuclear readiness."As during the Cold War, the
keys to a strategic nuclear exchange are rigid military planning,
political misperception, and natural human frailty." What happens next is too hard to predict in political terms. If the Russians pull back and
borders are restored, the crisis is over. If, on the other hand, they decide to go all in on what was supposed to be a bluff, they might launch a limited
number of tactical nuclear strikes against NATO targets, such as a small number of airfields or command posts, in order to “deescalate” the situation. (If all of this sounds crazy, remember that this is exactly the scenario the Russians exercised in 1999—while the far more pro-American
Russian President Boris Yeltsin was still in power—and have repeatedly practiced since.) As the world reels from the news that nuclear weapons have been detonated in
Europe, the Kremlin then issues a warning: everything stops right here, right now, with all forces left in place. Or else. Before the ink dries on the Russian demand, NATO’s
response is quick, calibrated, and forceful. A few symbolic targets are chosen: a Russian naval formation in the Black Sea or in the Baltic are destroyed with submarinelaunched nuclear weapons. Russian territory is not breached (Yet.) All Western
strategic forces are on full alert, ready to strike the entire
Russian nuclear infrastructure, including Moscow. The Russians, likewise, are ready to strike hundreds of North American ICBM sites, along with U.S.,
British, and French submarine pens and bomber bases. If the Russians respond with another round of nuclear strikes inside NATO, a combined Anglo-American (or even
Anglo-Franco-American) attack on targets inside Russia near the fighting might be the West’s last ditch to convince the Russians to pull away from their failed gambit. Once
a nuclear weapon explodes on Russian soil, however, Russian hardliners, civilian and military, will demand a strike on
America or Britain, or both, as revenge and as a show of resolve. If the crisis goes beyond this initial exchange of nuclear
force, with hundreds of thousands of people already dead and injured from nuclear strikes in multiple countries, we can expect all sides to execute their Cold War-era plans,
since they’re really still the only ones anyone has. Driven by fear and military logic, the United States and Russia will attack each other’s strategic
nuclear capability as quickly as possible, including command and control centers located in or near major cities like Washington and Moscow.
Carefully crafted nuclear war plans, with all their elegant, complicated options, will fall apart in the midst of chaos. Even taking into
account weapons destroyed by surprise, rendered inactive by flawed orders, or neutralized by some kind of technical malfunction, a combined total of several
hundred nuclear weapons will fall on each country, including a fair number on Canada, the United Kingdom and France. In the United States,
much of the eastern seaboard will burn. Even a limited strike will require the immediate destruction of Washington along with Navy
nuclear installations from Virginia to Florida. In the west, San Diego and Seattle will suffer the most. Omaha, the home of the U.S. Strategic Command, will be gone, along with
missile bases and airfields in the mountain states. Fallout will kill many more to the east of all of these targets, and irradiate large swaths of America’s agricultural heartland.
In the immediate aftermath, governors will take control of their states as best they can until something like a U.S. government can reconstitute itself. National Guardsmen,
along with state and local police forces, will be forced to cope with a terrified and gravely wounded population. Soldiers and cops will find themselves doing everything from
protecting food stocks to euthanizing doomed burn victims. Along with the grisly human cost, the damage to the fragile, electronically-based U.S. infrastructure will be
massive. Areas that were untouched in the strikes, from Northern New England to the Deep South, will drown under an influx of refugees. Civil disorder will eventually spiral
out of the control of even the most dedicated state military organizations and police forces. Martial law will be common and persistent. In Russia, the situation will be even
worse. The full disintegration of the Russian Empire, begun in 1905 and interrupted only by the Soviet aberration, will finally be complete. A second Russian civil war will
erupt, and Eurasia, for decades if not longer, will be a patchwork of crippled ethnic states led by strongmen. Some Russian rump state may emerge from the ashes, but it will
likely be forever suffocated by a Europe unwilling to forgive so much devastation. I am not enough of an expert on Chinese strategy to know if this situation would be
replicated in the Pacific. I cannot help but wonder, however, if the weak and insecure Chinese state, faced by a stunning conventional loss, might panic and take the nuclear
option, hoping to shock America into a cease-fire. The devastation to America might even be worse in this case: in order to achieve maximum effect, the small Chinese strategic
nuclear force is almost certainly targeted against American cities, from the West Coast inward. The United States of America, in some form, will survive. The People’s Republic
of China, like the Russian Federation, will cease to exist as a political entity. How any
in any sense, impossible.
of this might happen is pure speculation. The important point is that it is not,
Russia eager to exercise nuclear capabilities—war will go global
Fisher 6/29/15 foreign affairs editor for Vox (“How World War III became possible” 6/29/15,
http://www.vox.com/2015/6/29/8845913/russia-war)
The Western side believes it is playing a game where the rules are clear enough, the stakes relatively modest, and the competition easily winnable. The
Russian side, however, sees a game where the rules can be rewritten on the fly, even the definition of war itself altered.
For Russia, fearing a threat from the West it sees as imminent and existential, the stakes are unimaginably
high, justifying virtually any action or gamble if it could deter defeat and, perhaps, lead to victory. Separately, the ever-paranoid
Kremlin believes that the West is playing the same game in Ukraine. Western support for Ukraine's government and efforts to broker a ceasefire to the
war there, Moscow believes, are really a plot to encircle Russia with hostile puppet states and to rob Russia of its rightful sphere of influence.
Repeated Russian warnings that it would go to war to defend its perceived interests in Ukraine, potentially even
nuclear war, are dismissed in most Western capitals as bluffing, mere rhetoric. Western leaders view these threats through Western
eyes, in which impoverished Ukraine would never be worth risking a major war. In Russian eyes, Ukraine looks much more important: an extension of
Russian heritage that is sacrosanct and, as the final remaining component of the empire, a strategic loss that would unacceptably weaken Russian
strength and thus Russian security. Both side are gambling and guessing in the absence of a clear understanding of what the
other side truly intends, how it will act, what will and will not trigger the invisible triplines that would send us careening into war. Today's
tensions bear far more similarity to the period before World War I During the Cold War, the comparably matched Western and Soviet blocs prepared for
war but also made sure that war never came. They locked Europe in a tense but stable balance of power; that balance is gone. They set clear red lines and
vowed to defend them at all costs. Today, those red lines are murky and ill-defined. Neither side is sure where they lie or what really happens if they are
crossed. No one can say for sure what would trigger war. That is why, analysts will tell you, today's tensions bear far more similarity to the
period before World War I: an unstable power balance, belligerence over peripheral conflicts, entangling
military commitments, disputes over the future of the European order, and dangerous uncertainty about what
actions will and will not force the other party into conflict. Today's Russia, once more the strongest nation in Europe and yet weaker than its
collective enemies, calls to mind the turn-of-the-century German Empire, which Henry Kissinger described as "too big for Europe, but too small for the
world." Now, as then, a rising power, propelled by nationalism, is seeking to revise the European order. Now, as then, it
believes that through superior cunning, and perhaps even by proving
its might, it can force a larger role for itself. Now, as then,
the drift toward war is gradual and easy to miss — which is exactly what makes it so dangerous. But there is one way
in which today's dangers are less like those before World War I, and more similar to those of the Cold War: the apocalyptic logic of
nuclear weapons. Mutual suspicion, fear of an existential threat, armies parked across borders from one another, and hair-trigger
nuclear weapons all make any small skirmish a potential armageddon. In some ways, that logic has grown even more dangerous.
Russia, hoping to compensate for its conventional military forces' relative weakness, has dramatically relaxed its rules for
using nuclear weapons. Whereas Soviet leaders saw their nuclear weapons as pure deterrents, something that existed precisely so they would
never be used, Putin's view appears to be radically different. Russia's official nuclear doctrine calls on the country to launch a
battlefield nuclear strike in case of a conventional war that could pose an existential threat. These are more than just
words: Moscow has repeatedly signaled its willingness and preparations to use nuclear weapons even in a more
limited war. This is a terrifyingly low bar for nuclear weapons use, particularly given that any war would likely occur along Russia's
borders and thus not far from Moscow. And it suggests Putin has adopted an idea that Cold War leaders considered unthinkable: that a
"limited" nuclear war, of small warheads dropped on the battlefield, could be not only survivable but winnable. "It’s not just a difference
in rhetoric. It’s a whole different world," Bruce G. Blair, a nuclear weapons scholar at Princeton, told the Wall Street Journal. He called Putin's decisions
more dangerous than those of any Soviet leader since 1962. "There’s a low nuclear threshold now that didn’t exist during the Cold War." Nuclear theory
is complex and disputable; maybe Putin is right. But many theorists would say he is wrong, that the logic of nuclear warfare means a
"limited" nuclear strike is in fact likely to trigger a larger nuclear war — a doomsday scenario in which major
American, Russian, and European cities would be targets for attacks many times more powerful than the bombs that leveled
Hiroshima and Nagasaki. Even if a nuclear war did somehow remain limited and contained, recent studies suggest that environmental and
atmospheric damage would cause a "decade of winter" and mass crop die-outs that could kill up to 1 billion
people in a global famine.
US and Russian cyber capabilities increase risk of nuclear war—miscalculation
Cimbala 14 Distinguished Professor of Political Science, Penn State Brandywine, author of numerous books
and articles in the fields of international security studies, defense policy, nuclear weapons and arms control,
intelligence (Stephen J., Air & Space Power Journal 28.2, “Nuclear Deterrence and Cyber: The Quest for
Concept” p. 88 – 90, Mar/Apr 2014, ProQuest) | js
What are the implications of potential overlap between concepts or practices for cyber war and for nuclear deterrence?4 Cyber war and nuclear
weapons seem worlds apart. Cyber weapons should appeal to those who prefer a nonnuclear or even a postnuclear military-technical arc of
development. War in the digital domain offers, at least in theory, a possible means of crippling or disabling enemy assets without the need for kinetic
attack or while minimizing physical destruction.5 Nuclear weapons, on the other hand, are the very epitome of "mass" destruction, such that their use for
deterrence or the avoidance of war by the manipulation of risk is preferred to the actual firing of same. Unfortunately, neither nuclear deterrence
nor cyber war will be able to live in distinct policy universes for the near or distant future. Nuclear weapons, whether held back for
deterrence or fired in anger, must be incorporated into systems for command, control, communications, computers, intelligence, surveillance, and
reconnaissance (C4ISR). The weapons and their C4ISR systems must be protected from attacks both kinetic and digital
in
nature. In addition, the decision makers who have to manage nuclear forces during a crisis should ideally have the best
possible information about the status of their own nuclear and cyber forces and command systems, about the forces and
managing a
nuclear crisis demands clear thinking and good information. But the employment of cyber weapons in the early stages of a
crisis could impede clear assessment by creating confusion in networks and the action channels that depend
upon those networks.6 The temptation for early cyber preemption might "succeed" to the point at which nuclear
crisis management becomes weaker instead of stronger. Ironically, the downsizing of US and post-Soviet Russian strategic
nuclear arsenals since the end of the Cold War, while a positive development from the perspectives of nuclear arms control and nonproliferation,
C4ISR of possible attackers, and about the probable intentions and risk acceptance of possible opponents. In short, the task of
makes the concurrence of cyber and nuclear attack capabilities more alarming. The supersized deployments of missiles and bombers and expansive
numbers of weapons deployed by the Cold War Americans and Soviets had at least one virtue. Those arsenals provided so much redundancy against firststrike vulnerability that relatively linear systems for nuclear attack warning, command and control, and responsive launch under-or after-attack sufficed.
At the same time, Cold War tools for military cyber mischief were primitive compared to those available now. In addition, countries and their armed
forces were less dependent on the fidelity of their information systems for national security. Thus the reduction of US, Russian, and possibly other forces
to the size of "minimum deterrents" might compromise nuclear flexibility and resilience in the face of kinetic attacks preceded or accompanied by cyber
war.7 Offensive and defensive information warfare as well as other cyberrelated activities is obviously very much on the minds of US military leaders and
others in the American and allied national security establishments.8 Russia has also been explicit about its cyber-related con- cerns. President Vladimir
Putin urged the Russian Security Council in early July 2013 to improve state security against cyber attacks.9 Russian security expert Vladimir
Batyuk, commenting favorably on a June 2013 US-Russian agreement for protection, control, and accounting of nuclear materials (a successor to the
recently expired Nunn-Lugar agreement on nuclear risk reduction), warned that pledges by Presidents Putin and Barack Obama for cooperation on
cybersecurity were even more important: "Nuclear weapons are a legacy of the 20th century. The challenge of the 21st
century is cybersecurity."10 On the other hand, arms control for cyber is apt to run into daunting security and
technical issues, even assuming a successful navigation of political trust for matters as sensitive as these. Of special significance is
whether cyber arms-control negotiators can certify that hackers within their own states are sufficiently under
control for cyber verification and transparency. The cyber domain cuts across the other geostrategic domains for warfare as well: land,
sea, air, and space. However, the cyber domain, compared to the others, suffers from the lack of a historical perspective. One author argues that the cyber
domain "has been created in a short time and has not had the same level of scrutiny as other battle domains."11 What this might mean for the cybernuclear intersection is far from obvious. Thble 1 summarizes some of the major attributes that distinguish nuclear deterrence from cyber war, according
to experts, but the differences between nuclear and cyber listed here do not contradict the prior observation that cyber and
nuclear domains inevitably interact in practice. According to research professors Panayotis A. Yannakogeorgos and Adam B. Lowther at
the US Air Force Research Institute, "As airmen move toward the future, the force structure-and, consequently, force-development
programs-must change to emphasize the integration of manned and remotely piloted aircraft, space, and cyber-power
projection capabilities."12
AT: NO RUSSIAN MODERNIZATION
Russian nuclear militarization now
Reid 15 Professor of Law at University of St. Thomas School of Law (Charles J., University of St. Thomas
Journal of Law and Public Policy, “VLADIMIR PUTIN’S CULTURE OF TERROR: WHAT IS TO BE DONE?” p.
47 – 49)
By the end of 1999, however, with Vladimir Putin the rising power in the Kremlin, shifts were becoming discernible. Instead of viewing nuclear
weapons as a last resort where national survival was at stake,390 nuclear doctrine was revised to reserve to Russia “[t]he use of
all forces and means at its disposal, including nuclear weapons, in case [Russia] needs to repel an armed
aggression, if all other measures of resolving the crisis situation have been exhausted or proved ineffective.”391
Commentators immediately noticed that the revised doctrine struck a far different nuclear posture from the Gorbachev/Yeltsin policy.392 Nikolai
Sokov wrote that Putin’s doctrine now “allowed for the use of nuclear weapons as a deterrence to smaller-scale
wars that do not necessarily threaten Russia’s existence and sovereignty.”393 Ian Traynor found something else to worry
about in the Putin’s new pronouncement: He had in another part of his statement “unequivocally declar[ed] the West a hostile
power that must be resisted.”394 Furthermore, even while he said he would not increase his nuclear arsenal, Putin
promised from his first days in office to modernize and upgrade it.395 And as if to underscore his altered focus, in 2001 Putin moved
tactical nuclear weapons to Kaliningrad, the former East Prussian city of Königsberg, now a small Russian enclave set among the Baltic States and
geographically separated from Russia proper.396 In the years since, Putin has taken steps to build a nuclear arsenal with what is
known as intermediate force capability. At law, there is an obstacle to such development. In 1987, Ronald Reagan and Mikhail Gorbachev
agreed to the Intermediate Range Nuclear Forces Treaty,397 which called for the elimination of cruise missiles and ground-launched inter-continental
ballistic missiles with a range between 500 and 5,500 kilometers (300 to 3,400 miles).398 In February, 2007, Putin indicated a desire to withdraw from
the Treaty.399 The Americans, he said, had taken actions inconsistent with its obligations by proposing to construct a missile defense in Eastern
Europe400 and there was additionally a need to deter growing Chinese nuclear capability.401 Putin did not formally withdraw from the intermediate
forces treaty,402 although the evidence is compelling that he has now developed a modern and sophisticated arsenal of intermediate-range nuclear
weapons. It was alleged in a letter to the Russian government in the summer of 2014 that as far back as 2008, Russia began testing “a prohibited groundlaunched cruise missile.”403 Without providing supporting documentation, the United States Department of State subsequently declared
categorically that “the Russian Federation
is in violation of its obligations under the INF Treaty not to possess, produce,
or flight-test a ground-launched cruise missile [within the prohibited range].”404 There has been substantial speculation as to the types
of missiles Putin has been testing.405 Some have suggested that the Russians might have modified the R-500 short-range cruise missile to a range that
now falls within the Treaty’s prohibition.406 Others have guessed that Russia has modified a sea-launched cruise missile for land-based deployment.407
In response to the Department of State’s allegations, Russia threatened to withdraw from the Treaty.408 In September, 2014, Vladimir
Putin issued a series of more direct challenges. He reminded the world that “Russia is one of the most powerful
nuclear nations. This is a reality, not just words.”409 He test-fired an inter-continental ballistic missile.410 And he
declared that Russia is, indeed, working on new generation of “nuclear and conventional weapons.”411
AT: NO RUSSIAN IP THEFT
Russian IP theft will target US military technology
ONCIX 11 United States Office of the National Counterintelligence Executive (“FOREIGN SPIES STEALING
US ECONOMIC SECRETS IN CYBERSPACE” p. 7-8, Oct. 2011,
http://www.ncsc.gov/publications/reports/fecie_all/Foreign_Economic_Collection_2011.pdf) | js
Little change in principal threats. The IC anticipates that China and Russia will remain aggressive and capable collectors of
sensitive US economic information and technologies, particularly in cyberspace. Both will almost certainly continue
to deploy significant resources and a wide array of tactics to acquire this information from US sources ,
motivated by the desire to achieve economic, strategic, and military parity with the United States. China will continue to be driven
by its longstanding policy of “catching up fast and surpassing” Western powers. An emblematic program in this drive is Project 863, which provides
funding and guidance for efforts to clandestinely acquire US technology and sensitive economic information. The project was launched in 1986 to
enhance China’s economic competitiveness and narrow the science and technology gap between China and the West in areas such as nanotechnology,
computers, and biotechnology. • The growing interrelationships between Chinese and US companies—such as the employment of Chinese-national
technical experts at US facilities and the off-shoring of US production and R&D to facilities in China—will offer Chinese Government agencies and
businesses increasing opportunities to collect sensitive US economic information. • Chinese actors will continue conducting CNE against US targets. Two
trends may increase the threat from Russian collection against US economic information and technology over the next several years. • The many Russian
immigrants with advanced technical skills who work for leading US companies may be increasingly targeted for recruitment by the Russian intelligence
services. • Russia’s increasing economic integration with the West is likely to lead to a greater number of Russian companies affiliated with the
intelligence services—often through their employment of ostensibly retired intelligence officers—doing business in the United States. Technologies likely
to be of greatest interest. Although all aspects of US economic activity and technology are of potential interest to foreign
intelligence collectors, we judge that the highest interest may be in the following areas. Information and communications
technology (ICT). ICT is a sector likely to remain one of the highest priorities of foreign collectors. The computerization of manufacturing and the push
for connectedness mean that ICT forms the backbone of nearly every other technology used in both civilian and military applications. • Beijing’s Project
863, for example, lists the development of “key technologies for the construction of China’s information infrastructure” as the first of four priorities.
Military technologies. We expect foreign entities will continue efforts to collect information on the full array of US
military technologies in use or under development. Two areas are likely to be of particular interest: • Marine systems. China’s desire to
jump-start development of a blue-water navy—to project power in the Taiwan Strait and defend maritime trade routes—will drive efforts to obtain
sensitive US marine systems technologies. • Aerospace/aeronautics. The air supremacy demonstrated by US military operations in
recent decades will
remain a driver of foreign efforts to collect US aerospace and aeronautics technologies .
Russian IP theft motivated by need for economic and military development
Smith 12 Director of the Potomac Institute Cyber Center; former US Ambassador at the US-Soviet Defense
and Space talks, Chief Operating Officer of the National Institute for Public Policy, President of Global
Horizons, Inc. consulting on defense and international security, Chief of Staff for Arizona Congressman Jon
Kyl, Assistant for Strategic Policy and Arms Control to Senate Republican Leader Bob Dole, professional staff
for the Senate Committee on Foreign Relations, staff of the Joint Chiefs of Staff (David J., Defense Dossier,
“How Russia Harnesses Cyberwarfare” p. 14, Aug. 2012, http://www.afpc.org/files/august2012.pdf) | js
Unsurprisingly, Russia’s diplomatic activities on the cyber front reflect its policies on information warfare and
information security. While steadfastly refusing to sign the European Convention on Cybercrime, a highly effective international approach to
cyber security challenges, it joins China and a few others in plying proposals aimed at enhancing information security—that is, shielding autocratic states
from the free flow of information across the Internet. Meanwhile, Russia has undertaken a major effort at strategic cyber
espionage against the United States. It is strategic in the sense that it is not just a government’s spy agency trying to steal bits of classified
information or an enterprise conducting industrial espionage. Rather, it is a concerted effort to steal American intellectual
property to achieve a level technological development that Russia cannot achieve on its own. In this regard, it is worth
repeating an October 2011 finding of the U.S. Counterintelligence Executive. Motivated by Russia’s high dependence on natural
resources, the need to diversify its economy, and the belief that the global economic system is tilted toward US and
other Western interests at the expense of Russia, Moscow’s highly capable intelligence services are using HUMINT, cyber,
and other operations to collect economic information and technology to support Russia’s economic development
and security.8 In sum, Russia—in its capabilities and its intent—presents a major cyber challenge to the United States. The only difference between
it and China may be, as Jeff Carr points out, that it is seldom caught. And that, alone, may make it the number one cyber threat.
Russian IP theft motivated by need for economic and military development
Booz Allen Hamilton 12 American consulting firm (“Cyber Theft of Corporate Intellectual Property: The Nature
of The Threat” p. 15, http://www.boozallen.com/media/file/Cyber-Espionage-Brochure.pdf)
Russia's own espionage effort is also driven by a desire to diversify its economy and reduce its dependence on
natural resources, according to the NCIX report. Russia too has a sense of grievance; it believes the global economic system is tilted in the favor of
Western countries at its expense. Though Russia has denied hacking, it has enlisted its intelligence services to help carry out its economic policy goals.
The director of Russia's Foreign Intelligence Service, Mikhail Fradkov, said in December 2010 that it 'aims at supporting
the process of
modernization of our country and creating the optimal conditions for the development of its science and
technology.' IP theft threatens some companies more than others. Companies that are less dependent on IP for competitive advantage may be able to
recover fairly quickly. Indeed, the ElU's survey shows that many executives are optimistic about their companies'abi|ities to respond to IP attacks, with
48% of respondents saying that while die theft of IP would cause damage in the short-term, they would be able to recover. Companies that innovate
quickly-and develop new IP-may find that they continue to outpace aIso-ran competitors who have tried to steal their older ideas. In the most alarmist
scenarios, however, IP theft by low-cost competitors manifests itself only years later in reduced industry competitiveness, slower economic growdi, lost
jobs, and even lower living standards. By the same token, defense technologies and secrets stolen from US industry and
government networks could give China and Russia military advantages worth billions.
CRITICAL INFRASTRUCTURE ADVANTAGE
2AC CRITICAL INFRASTRUCTURE BRINK
Critical infrastructure is on the brink now—risk of cyberattacks has surpassed terrorism as the
biggest threat
Assante 14 (Mr. Assante is director of Industrial Control Systems as well as Supervisory Control and Data
Acquisition Networks for the SANS Institute. “America’s critical infrastructure vulnerable to cyberattacks”.
11/11/2014, http://www.forbes.com/sites/realspin/2014/11/11/americas-critical-infrastructure-is-vulnerableto-cyber-attacks/)
Even as the
U.S. government confronts rival powers over widespread Internet espionage, it has become the biggest buyer in a
burgeoning gray market where hackers and security firms sell tools for breaking into computers. The strategy is spurring concern in the
technology industry and intelligence community that Washington is in effect encouraging hacking and failing to disclose to software
companies and customers the vulnerabilities exploited by the purchased hacks. That's because U.S. intelligence and
military agencies aren't buying the tools primarily to fend off attacks. Rather, they are using the tools to infiltrate computer networks overseas, leaving
behind spy programs and cyber-weapons that can disrupt data or damage systems. The core problem: Spy tools and cyber-weapons rely on
vulnerabilities in existing software programs, and these hacks would be much less useful to the government if the flaws were exposed through public
warnings. So the more the government spends on offensive techniques, the greater its interest in making sure that security holes in widely used software
remain unrepaired. Moreover,
the money going for offense lures some talented researchers away from
work on defense , while tax dollars may end up flowing to skilled hackers simultaneously supplying criminal groups. "The only people paying
are on the offensive side," said Charlie Miller, a security researcher at Twitter who previously worked for the National Security Agency. A spokesman for
the NSA agreed that the proliferation of hacking tools was a major concern but declined to comment on the agency's own role in purchasing them, citing
the "sensitivity" of the topic. America's offensive cyber-warfare strategy - including even the broad outlines and the total spending levels is classified information. Officials have never publicly acknowledged engaging in offensive cyber-warfare, though the one case that has been
most widely reported - the use of a virus known as Stuxnet to disrupt Iran's nuclear-research program - was lauded in Washington. Officials confirmed to
Reuters previously that the U.S. government drove Stuxnet's development, and the Pentagon is expanding its offensive capability through the nascent
Cyber Command. Stuxnet, while unusually powerful, is hardly an isolated case. Computer researchers in the public and private sectors say
the U.S.
government, acting mainly through defense contractors, has become the dominant player in fostering the
shadowy but large-scale commercial market for tools known as exploits, which burrow into hidden computer vulnerabilities.
In their most common use, exploits are critical but interchangeable components inside bigger programs. Those programs can steal financial account
passwords, turn an iPhone into a listening device, or, in the case of Stuxnet, sabotage a nuclear facility. Think of a big building with a lot of hidden doors,
each with a different key. Any door will do to get in, once you find the right key. The pursuit of those keys has intensified. The Department of Defense and
U.S. intelligence agencies, especially the NSA, are spending so heavily for information on holes in commercial computer systems, and on exploits taking
advantage of them, that they are turning the world of security research on its head, according to longtime researchers and former top government
officials. Many talented hackers who once alerted companies such as Microsoft Corp to security flaws in their products are now selling the information
and the exploits to the highest bidder, sometimes through brokers who never meet the final buyers.
Defense contractors and
agencies spend at least tens of millions of dollars a year just on exploits , which are the one essential
ingredient in a broader cyber-weapons industry generating hundreds of millions annually, industry executives said privately. Former
White House cybersecurity advisors Howard Schmidt and Richard Clarke said in interviews that the government in this way has been putting
too much
emphasis on offensive capabilities
that by their very nature depend on
leav ing U.S. business and
consumers at risk . "If the U.S. government knows of a vulnerability that can be exploited, under normal circumstances, its
first obligation is to tell U.S. users," Clarke said. "There is supposed to be some mechanism for deciding
how they use the information, for offense or defense. But there isn't." Acknowledging the strategic trade-offs, former NSA director
Michael Hayden said: "There has been a traditional calculus between protecting your offensive capability and strengthening your defense. It might be
time now to readdress that at an important policy level, given how much we are suffering." The issue is sensitive in the wake of new disclosures about the
breadth and scale of hacking attacks that U.S. intelligence officials attribute to the Chinese government. Chinese officials deny the allegations and say
they too are hacking victims. Top U.S. officials told Congress this year that poor Internet security has surpassed terrorism
to become the single greatest threat to the country and that better information-sharing on risks is
crucial. Yet neither of the two major U.S. initiatives under way - sweeping cybersecurity legislation being weighed by Congress and President Barack
Obama's February executive order on the subject - asks defense and intelligence agencies to spread what they know about vulnerabilities to help the
private sector defend itself. Most companies, including Microsoft, Apple Inc and Adobe Systems Inc, on principle won't pay researchers who report flaws,
saying they don't want to encourage hackers. Those that do offer "bounties", including Google Inc and Facebook Inc, say they are hard-pressed to
compete financially with defense-industry spending. Some national-security officials and security executives say the U.S. strategy is perfectly logical: It's
better for the U.S. government to be buying up exploits so that they don't fall into the hands of dictators or organized criminals. UNINTENDED
CONSEQUENCES When a U.S. agency knows about a vulnerability and does not warn the public, there can be
unintended consequences. If malign forces purchase information about or independently discover the same hole, they can use it to cause
damage or to launch spying or fraud campaigns before a company like Microsoft has time to develop a patch. Moreover, when the U.S. launches a
program containing an exploit, it can be detected and quickly duplicated for use against U.S. interests before any public warning or patch.
2AC FOOD SHORTAGES ADD-ON
The rest of the world depends on the US for food, but Water disruption collapses
ag
Smith 14 (Ron Smith is editor at Southwest Farm Press. Farm Futures: “U.S. Ag: Poised to Feed the World?”
published January 12th, 2014. http://farmfutures.com/story-ag-poised-feed-world-18-107236) KalM
The challenge is daunting: Within
40 years, farmers across the world will need to double production and do it with
fewer resources - especially water - to feed, clothe and provide energy for a global population of 9 billion souls.
“Farmers will need to produce as much food, feed and fiber during the first half of this century as has been produced over the last 100 centuries
combined to meet the growing demand,” says Greg Hart, John Deere sales manager for the U.S. Western Region. Hart says the “future
of the
world depends on agriculture,” and much of that increased production will come from
U.S. farmers. “U.S. agriculture will be at the forefront of solving food production challenges for
the world," he says. "No one is better positioned than U.S. farmers.” It will not be easy. Most of the population growth
expected to occur by 2050 will take place where diets are already less than adequate. Africa will account for 41% of the population growth, second to
Asia’s 49%. North American growth is anticipated to increase only 4% and South America only 7%. Europe’s population could decline by about 1%.
Obstacles include meshing productivity with sustainability and resource stewardship. Lack of a skilled labor force, especially in developing nations, also
poses significant problems. “Our challenge is to do more with less skilled labor,” Hart says. Production variables will continue to challenge farmers.
Weather is the big one. Hart said agricultural
yield has followed a strong upward trend since the early 1990s. “But
we also had a reduction in 2012 from drought. In 2013, the Southwest had a late spring that hurt production.” Much of the region
remains in a three-year drought cycle. “We are just one or two weather events away from either a surplus or a
deficit. That’s the volatility of agriculture. We must continue to work to optimize production and continue to improve that trend
line.” Increased production Agriculture has to increase productivity with more limited resources. “The resource base is shrinking. In 10
years, water demand will be 17& higher than availability,” Hart says. Improving irrigation efficiency will help. Currently, 18% of the world’s agricultural
land is irrigated, but that 18% provides 40% of crop production and 60% of cereal production. “But more than half of the world’s irrigation is by the most
inefficient method, gravity flow,” Hart adds. Focusing on more efficient systems, such as low energy precision application (LEPA) and subsurface drip
irrigation (SDI), will help. “Agriculture
will have to compete for water, and we will see more regulation and
higher costs.” Including energy production into the equation puts even more pressure on agricultural
productivity. Achieving production targets, he says, will demand “smart use of available resources.
WMD conflict and extinction
Lugar, 4 (Richard G., former U.S. Senator – Indiana and Former Chair – Senate Foreign Relations
Committee, “Plant Power”, Our Planet, 14(3), http://www.unep.org/ourplanet/imgversn/143/lugar.html)
In a world confronted by global terrorism, turmoil in the Middle East, burgeoning nuclear threats and other crises, it is easy to lose sight of the long-
range challenges. But we do so at our peril. One of the most daunting of them is meeting the world’s need for food and
energy in this century. At stake is not only preventing starvation and saving the environment , but also world peace and
security. History tells us that states may go to war over access to resources, and that poverty and famine have often bred fanaticism
and terrorism. Working to feed the world will minimize factors that contribute to global instability and the proliferation
of w eapons of m ass d estruction. With the world population expected to grow from 6 billion people today to 9 billion by mid-century, the demand
for affordable food will increase well beyond current international production levels. People in rapidly developing nations will have the means
greatly to improve their standard of living and caloric intake. Inevitably, that means eating more meat. This will raise demand for feed grain at the same
time that the growing world population will need vastly more basic food to eat. Complicating a solution to this problem is a dynamic that must be better
understood in the West: developing countries often use limited arable land to expand cities to house their growing populations. As good land
disappears, people destroy timber resources and even rainforests as they try to create more arable land to feed themselves.
The long-term environmental consequences could be disastrous for the entire globe . Productivity revolution To meet the
expected demand for food over the next 50 years, we in the United States will have to grow roughly three times more food on the land
we have. That’s a tall order. My farm in Marion County, Indiana, for example, yields on average 8.3 to 8.6 tonnes of corn per hectare – typical for a farm
in central Indiana. To triple our production by 2050, we will have to produce an annual average of 25 tonnes per hectare. Can we possibly boost output
that much? Well, it’s been done before. Advances in the use of fertilizer and water, improved machinery and better tilling techniques
combined to generate a threefold increase in yields since 1935 – on our farm back then, my dad produced 2.8 to 3 tonnes per hectare. Much US
agriculture has seen similar increases. But of course there is no guarantee that we can achieve those results again. Given the urgency of expanding food
production to meet world demand, we must invest much more in scientific research and target that money toward projects that promise to have
significant national and global impact. For the United States, that will mean a major shift in the way we conduct and fund agricultural science.
Fundamental research will generate the innovations that will be necessary to feed the world. The United States can take a leading position
in a productivity revolution. And our success at increasing food production may play a decisive humanitarian role in the
survival of billions of people and the health of our planet.
2AC ECON ADD-ON
Cyber-attacks are the biggest threat to the US economy
Moy 15 (Ed Moy: B.A. from the University of Wisconsin-Madison with majors in economics, international
relations and political science. News Max Finance: “Cyber Attacks Pose Biggest Unrecognized Threat to
Economy” published May 8th, 2015. Accessed June 25, 2015. http://www.newsmax.com/Finance/EdMoy/cyber-attack-terrorism-economy/2015/05/07/id/643241/) KalM
There is no shortage of threats to the U.S. economy: fragile growth, increasing regulation, the timing of the Fed’s raising interest rates,
White House and congressional inaction, out-of-control entitlements, and a punitive and complicated tax system. Yet the biggest threat may
be one that is least mentioned: cyber attacks. Cyber attacks have been expanding quickly from criminal gain to
corporate espionage to ideological warfare. And these attacks have been increasing in frequency, scale,
sophistication and severity. The primary reason for cyber attacks has been financial gain. Criminals go where the money is and there is easy
money using personal data to commit fraud. Credit card data are sold to other criminals who use them to make purchases. Medical data are used to
create new personal identities for credit card and bank fraud. Health insurance information is used to make false claims, access addictive prescription
drugs and get free medical treatment. As a result, stealing personal data has reached epidemic proportions. The numbers from recent data breaches are
staggering: credit card information from 56 million Home Depot and 70 million Target customers, 145 million login credentials from eBay, contact
information for 76 million J.P. Morgan Chase customers and 80 million Anthem customers. Even small companies are not immune to these cyber
attacks. From card skimmers to point-of-sale intrusions, data theft rings have targeted relatively unprotected small businesses as a new and vast profit
center. The economic costs are monumental. It costs the breached organization an average of $200 per
compromised record, mostly from business disruption and revenue loss. That does not include intangible costs
like losing customer loyalty or hurting a company’s brand. To add insult to injury, corporate espionage attacks
are increasing. Stealing intellectual property and spying on competitors comprises a growing number of attacks and come at
huge costs to the company that has been hacked. And the big difference with corporate spying is that the attacker usually does not give up until they are
successful. Finally, and most dangerous, are ideologically and politically motivated attacks. Cyber attacks have proven
that computers are very vulnerable. But like any profit-driven enterprise, criminals and corporations are adverse to killing the goose that
lays their golden eggs. Even nation states like China and Russia may be too co-dependent on the U.S. But the growth of ideologically driven
movements is changing the risk. It is not a huge leap of imagination to envision a radical environmental group
hacking into our energy infrastructure. Or terrorist groups like ISIS, Boko Haram and al Qaeda wanting to
bring down our banking system. Ideological or political enemies can exploit the same vulnerabilities but have no remorse about maiming or
killing the goose. In the recent annual threat assessment delivered to Congress, the National Director of Intelligence said that cyber attacks by
politically and criminally motivated actors are the biggest threat to U.S. national security. In this brave new world, the
good guys are playing catch up to the bad guys, who seem to always be one step ahead.
Economic decline leads to war – empirics: Jobs and econ decline can each trigger the impact
Mead 9 (2/4, Walter Russell, Henry A. Kissinger Senior Fellow in U.S. Foreign Policy at the Council on
Foreign Relations, Only Makes You Stronger: Why the recession bolstered America, The New Republic,
http://www.newrepublic.com/article/only-makes-you-stronger-0) //JRW
None of which means that we can just sit back and enjoy the recession. History may suggest that financial crises actually help capitalist great powers
maintain their leads--but it has other, less reassuring messages as well. If financial crises have been a normal part of life during the
so has war. The wars of the League of Augsburg and the
Spanish Succession; the Seven Years War; the American Revolution; the Napoleonic Wars; the two World
Wars; the cold war: The list of wars is almost as long as the list of financial crises. Bad economic times can breed
wars. Europe was a pretty peaceful place in 1928, but the Depression poisoned German public opinion and
helped bring Adolf Hitler to power. If the current crisis turns into a depression, what rough beasts might start
slouching toward Moscow, Karachi, Beijing, or New Delhi to be born? The United States may not, yet, decline,
but, if we can't get the world economy back on track, we may still have to fight.
300-year rise of the liberal capitalist system under the Anglophone powers,
2AC PLAN SOLVES CRITICAL INFRASTRUCTURE
Absent federal action, zero-day vulnerabilities threaten critical US infrastructure
Castelli 14 (Christopher J. Castelli, Senior Correspondent at Inside Cybersecurity, “Policy debate looms on
U.S. role in market for 'zero-day' cyber threats”, May 5, 2014, http://insidecybersecurity.com/CyberGeneral/Cyber-Public-Content/policy-debate-looms-on-us-role-in-market-for-zero-day-cyber-threats/menuid-1089.html)//CLi
In a bid to address questions about the federal government's willingness to conceal and exploit cybersecurity vulnerabilities for intelligence purposes, the
White House last week issued a statement on how it decides whether to reveal such a flaw, noting a key factor is protecting critical infrastructure. But
there remains a looming policy debate about how to control the proliferation of zero-day exploits and whether the United States is in some ways
contributing to the problem. The United States has been accused of creating and fueling the market for zero-day exploits
by paying very high prices for them, former Pentagon homeland-defense chief Paul Stockton and a co-author noted earlier this year in an
essay for the Yale Law and Policy Review. Both "white hat" and "black hat" markets have emerged for identified zero-day threats, which exploit
previously unknown vulnerabilities.
The re is also a " burgeoning gray market ," the essay notes, where companies sell
the exploits to governments and other unreported customers with screening that is "far too lenient to
safeguard critical U.S. infrastructure from attack ." Stockton's essay -- which underscored the risk the exploits pose to the
U.S. electric grid and other critical infrastructure sectors -- urged U.S. policymakers to consider reining in the practice of paying so much for the flaws,
adding there is "no evidence" that the agencies who exploit them weigh the benefits against the "potentially
catastrophic risks" that the zero-day market poses to U.S. security. "The time has come for Congress, Executive
Branch leaders, the software industry, and scholars to bring this tradeoff analysis into the open and determine
whether staying at the extreme end of the policy spectrum -- that of de facto support for a dangerous bazaar for zero-dayexploits -- best serves U.S. national security," wrote Stockton and co-author Michele Golabek-Goldman, a student at Yale University Law
School. Last spring, in a speech at Georgetown University, Eric Rosenbach, then the Pentagon's deputy assistant secretary of defense for cyber policy,
voiced serious concern about the black market for cyber vulnerabilities. "I am very, very concerned about that growing market for zero-day exploits, for
destructive malware," he said at the time. But when asked last week whether the Obama administration is considering reducing purchases of zero-day
exploits to control the booming market, Laura Lucas Magnuson, a spokeswoman for White House Cybersecurity Coordinator Michael Daniel, disputed
the notion of a booming market. "The U.S. government does not see evidence that there is a booming market for zero-day exploits," she told Inside
Cybersecurity. "Instead, the private sector is stepping up to create innovative solutions to our cybersecurity challenges such as 'bug bounty' programs or
crowd-sourcing the process of vulnerability discovery." These kinds of " innovative
solutions
...
are critical to improving
how we identify and patch unknown vulnerabilities and protect U.S. networks and the Internet
as a whole ," she continued. "We are looking at whether the U.S. government can or should play a role in encouraging the
development of such solutions." Congress has taken an interest in controlling the proliferation of zero-day and
other cyber exploits. How the administration responds to recent legislation could shed light on the way ahead. The fiscal year 2014 National
Defense Authorization Act directs the president to launch an interagency process to create an integrated policy to control the proliferation of cyber
weapons through various means. The legislation also mandates the development of a new cyber deterrence policy.
Cooperation with private sector key to defend critical infrastructure
Kramer et al 9 distinguished research fellow in the Center for Technology and National Security Policy at the
National Defense University, Distinguished Fellow at the Brent Scowcroft Center on International Security;
former Assistant Secretary of Defense for International Security Affairs, Deputy Assistant Secretary of Defense
for European and NATO Affairs, Principal Deputy Assistant Secretary of Defense for International Security
Affairs, Special Assistant to the Assistant Secretary of Defense for International Security Affairs, president of
the World Affairs Council of Washington, D.C, advisor for the Center for National Policy, advisor for the
Technical Advisory Committee for the Center for Naval Analyses' Strategic Policy Analysis Group, member of
the International Institute for Strategic Studies, principal of the Council for Excellence in Government
(Franklin, Cyber Power and National Security, p.553-4) | js
Here, too, the
Federal Government has not yet provided leadership on international cyber response and recovery
issues. The government must provide a clear definition of the factors that determine a cyber incident of national
significance, including specific triggers and protocols for response escalation. This policy should clarify the legal authorities of the Federal
Government during a cyber incident and set goals for expected Federal interactions with the private sector and with
government entities at the state and local level. It should strengthen international understanding of and cooperation on cyber issues and establish
initiatives to engage the international community in discussion of appropriate actions during cyber crises. The Federal Government should also set
expectations for the private sector. The business community plays a major role in critical infrastructure protection, but
there is widespread confusion as to how it should prepare for, respond to, or recover from catastrophic cyber incidents.
The private sector owns and operates a large share of the critical infrastructure in the United States, but the
Federal Government, too, owns and operates much of it. As part of its traditional role of managing catastrophic incidents, the
government has a responsibility to protect this infrastructure. The U.S. Government should leverage its extensive global networks
to establish early warning and information-sharing protocols that could be used by both the government and private sector in the event of emergency. In
serving as a leader to the private sector, the Federal Government should inform the private sector of what it can expect
from government departments and agencies; establish minimum expectations for actions from the private sector; and mandate
liabilities for failure to perform in a satisfactory manner. It should also establish central points of contact that are easily accessible to private sector
stakeholders. These government actions to manage catastrophic incidents should be clearly defined, so as to provide clear guidelines to the private
sector. The private sector also has a responsibility to protect its infrastructure. The business community must take the
initiative and not simply wait for guidance from the Federal Government. Private sector stakeholders must join to form their own points of contact. The
Information Sharing and Analysis Centers (ISACs) now established in several critical industry sectors are a start, but more is needed. The private
sector should communicate with the government to establish joint expectations that are acceptable to both the public and
private sectors. Business leaders should focus efforts on learning how to manage important economic issues that
may be affected by a cyber disruption, such as public trust and confidence in the markets.29 CEOS and other senior business officials must
plan within their own companies and industries in order to maintain business functionality during catastrophic incidents.
AT: CRITICAL INFRASTRUCTURE SAFE
Software vulnerability products are used to target variety of critical infrastructure
Scott 08 (Michael D. Scot, M.D. “Tort liability for vendors of insecure software: Has the time finally come?”
Maryland Law Review 67, 2 (2008);
http://digitalcommons.law.umaryland.edu/cgi/viewcontent.cgi?article=3320&context=mlr.) KalM
Software vulnerabilities cost businesses and consumers tens of billions of dollars each year .2 Every day brings
news of freshly discovered security flaws in major software products.3 While Microsoft, due to its prominence in the operating system
market,4 gets the brunt of the criticism for these flaws,5 there are many other companies whose software is also targeted for security-related complaints.6 Yet,
software vendors have traditionally refused to take responsibility for the security of their software, and have used various risk allocation provisions of the Uniform Commercial
Code (U.C.C.) to shift the risk of insecure software to the licensee.7 There were a few early cases in which licensees sought to have courts hold vendors liable for distributing
defective software. These cases were unsuccessful.8 Since September 11, 2001,9 increased attention has been given to the
security of critical
infrastructures ,10 including transportation, finance,11 the power grid,12 water supply and waste management
sys-tems,13 computer networks,14 military,15 and homeland security and disaster recovery,16 to name but a few.17
These sectors “are increasingly dependent on the evolving information infrastructure,”18 which in turn is
increasingly dependent on secure software.19 The growing risks inherent in insecure information technology systems
have prompted corporate executives,20 computer security experts,21 commentators,22 lawyers,23 and government officials24 to call for action.
Software vulnerabilities are abused for cyber attacks
Kuehn 14 (Andreas Kuehn: School of Information Studies, Syracuse University 221 Hinds Hall Syracuse, New
York 13244; Milton Mueller: School of Information Studies, Syracuse University 307 Hinds Hall Syracuse, New
York 13244. NSPW '14 Proceedings of the 2014 workshop on New Security Paradigms Workshop Pages 6368: “Shifts in the Cybersecurity Paradigm: Zero-Day Exploits, Discourse, and Emerging Institutions.”
Published 2014. Accessed June 24th, 2015.
Software vulnerabilities and exploits have attracted significant attention recently because of their implications for
cybersecurity, cyber crime, and cyber war. In recent years, actors began to realize the economic and military value of
retaining exclusive knowledge of vulnerabilities. A market has developed for the production and distribution of software
vulnerabilities; buyers sometimes pay over USD 100,000 for software exploits. Major software companies now run bug bounty
programs to acquire vulnerabilities in order to patch their products. Security firms, such as VUPEN, Endgame, Netragard, and TippingPoint’s Zero
Day Initiative bring together suppliers and buyers in this market. U.S. government intelligence services have become a de facto regulator by virtue of
their ability to spend millions to develop or acquire software exploits. A software vulnerability, also referred to as a security bug, is a flaw in computer
code that can compromise the security of a computer system. Software and network protocols often contain
security vulnerabilities that are unintended consequences of design choices or mathematical errors in models. An exploit makes use of
such vulnerabilities to circumvent security mechanisms and allows unauthorized actors to intrude into, destroy,
manipulate or steal data from an information system. A zero-day exploit (ZDE) is a special type of exploit. It makes use of an
undisclosed vulnerability, whose existence is kept secret. Thus, established security procedures and technologies such as antivirus or intrusion detection
systems cannot defend against them. Hence, ZDEs are a central component and provide effective means in cyber operations and attacks for offensive and
defensive ends. Stuxnet, Flame, and Aurora are examples of cyber weapons that made use of ZDEs [12, 24]. 1.1 Research Problem The proliferation
of exploits and ZDEs raises fundamental questions about the relationship between technology and society and heightens
concerns about the unaccountable use of cyber attack capabilities. Labeled a ‘digital arms race’ by some, it is
generating a transnational debate about control and regulation, the role of secrecy and disclosure, and the
ethics of exploit production and use (e.g., [18, 4]). The controversy reflects underlying conflicting rationales: while intelligence and military
circles are concerned about national security, industrial and civilian logics emphasize matters of trade, innovation and freedom. Recent revelations about
NSA spying have amplified this debate, including reports that the NSA spent USD 25 million in 2013 to acquire exploits [6]. The U.S. President’s Review
Group made specific recommendations regarding software exploits [2]. Issues regarding secrecy and disclosure, knowledge and ignorance, and
transparency and concealment are paramount in this debate [21, 22]. There is a longstanding debate in computer security about the role of disclosure in
improving or undermining security (e.g., [20]). Since
cybersecurity is one of the key problems facing our globally
interconnected society, understanding how software vulnerabilities and exploits – and cyber weapons more generally – are used,
de- fined, and controlled is of utmost importance for society as a whole and for policy-makers.
AT: GRID DEFENSE
Power grid at risk from terror attack
Snyder 4/8 (Christopher Snyder is the Joel Z. and Susan Hyatt Professor in the Department of Economics at
Dartmouth College, where he serves as Undergraduate Research Coordinator. Fox News: “Power grid’s failing
infrastructure at risk of cyberattack.” Published on April 8th 2015. Accessed June 26th, 2014.
http://www.foxnews.com/tech/2015/04/08/power-grids-failing-infrastructure-at-risk-of-cyberattack/) KalM
Fox News National Security Analyst KT McFarland spoke to experts Darren Hammell and Jonathan Pollet about potential threats. The
power grid “is very vulnerable, whether its physical attacks, mistakes like this one or even cyberattacks … there have been a lot of high
visibility outages lately and there are just more we can expect,” said Hammell, chief strategy officer and co-founder of the energy management firm
Princeton Power Systems. Other notable incidents include last December’s power outage in Detroit caused by an aging underground cable failing. In
2011, a major transmission line went offline, causing outages in Arizona and Southern California. “The problem is we’ve taken this old
infrastructure and only upgraded the computer technology … but the actual assets are still old,” Pollet, founder of
consulting firm Red Tiger Security, told FoxNews.com. Through the Recovery Act, the Energy Department has so far invested roughly $4.5 billion to
modernize and enhance the reliability of the nation's grid. Without action, the current setup will allow for potential
cyberattacks against the system. “We’ve taken an infrastructure that is older and we have this modernized
equipment on top of it that is vulnerable to the same type of hacking attack that you see with [companies] like
Target,” said Pollet.
Power grid threatened by cyber terror
DOE 15 (The United States Department of Energy is a Cabinet-level department of the United States
Government concerned with the United States' policies regarding energy and safety in handling nuclear
material. Energy.gov: “CYBERSECURITY.” No publishing date provided, but the post indicates a series of
goals announced on January 8th, 2015. Accessed June 26th, 2015. http://energy.gov/oe/services/cybersecurity)
KalM
Addressing cybersecurity is critical to enhancing the security and reliability of the nation’s electric grid .
Ensuring a resilient electric grid is particularly important since it is arguably the most complex and critical
infrastructure that other sectors depend upon to deliver essential services. Over the past two decades, the roles of electricity
sector stakeholders have shifted: generation, transmission, and delivery functions have been separated into distinct markets; customers have become
generators using distributed generation technologies; and vendors have assumed new responsibilities to provide advanced technologies and improve
security. These changes have created new responsibilities for all stakeholders in ensuring the continued security
and resilience of the electric power grid.
The grid is under constant threat: organized attacks would be huge
Reilly 3/24 (Steve Reilly: Investigative Reporter and Data Specialist, B.A. in Political Science from Vassar
College, reporter for USA Today. USA Today: “Bracing for a big power grid attack: 'One is too many'”
published March 24th 2015. Accessed June 26th, 2015.
http://www.usatoday.com/story/news/2015/03/24/power-grid-physical-and-cyber-attacks-concern-securityexperts/24892471/) KalM
About once every four days, part of the nation's power grid — a system whose failure could leave millions in the
dark — is struck by a cyber or physical attack, a USA TODAY analysis of federal energy records finds. Although the repeated
security breaches have never resulted in the type of cascading outage that swept across the Northeast in 2003,
they have sharpened concerns about vulnerabilities in the electric system. A widespread outage lasting even a
few days could disable devices ranging from ATMs to cellphones to traffic lights, and could threaten lives if
heating, air conditioning and health care systems exhaust their backup power supplies. Some experts and officials fear
the rash of smaller-scale incidents may point to broader security problems, raising questions about what can be
done to safeguard the electrical grid from an attack that could leave millions without power for days or weeks, with potentially
devastating consequences. "It's one of those things: One is too many, so that's why we have to pay attention," said Federal Energy
Regulatory Commission Chairman Cheryl LaFleur. "The threats continue to evolve, and we have to continue to evolve as well." An
examination by USA TODAY in collaboration with more than 10 Gannett newspapers and TV stations across the country, and drawing on thousands of
pages of government records, federal energy data and a survey of more than 50 electric utilities, finds: • More often than once a week, the physical and
computerized security mechanisms intended to protect Americans from widespread power outages are affected by attacks, with less severe cyberattacks
happening even more often. • Transformers and other critical equipment often sit in plain view, protected only by chain-link fencing and a few security
cameras. • Suspects have never been identified in connection with many of the 300-plus attacks on electrical infrastructure since 2011. • An organization
funded by the power industry writes and enforces the industry's own guidelines for security, and decreased the number of security penalties it issued by
30% from 2013 to 2014, leading to questions about oversight. Jon Wellinghoff, former chairman of the Federal Energy Regulatory Commission, said the
power grid is currently "too susceptible to a cascading outage" because of its reliance on a small number of critical substations and other physical
equipment. USA TODAY When the lights go out Because the nation's electrical grid operates as an interdependent network,
the failure of any one element requires energy to be drawn from other areas. If multiple parts fail at the
same time, there is the potential for a cascading effect that could leave millions in the darks for
days, weeks or longer .
Grid failure causes societal collapse and mass starvation
Lewis 14 (Patrice Lewis is a freelance writer. WND Commentary: “If the grid fails, will you die?” published
May 23rd, 2014 accessed June 26th, 2015. http://www.wnd.com/2014/05/if-the-grid-fails-will-you-die/) KalM
It seems too many people are flippant or dismissive of the potential hardships. “An electromagnetic pulse is a joke and would
be minor at best,” notes one person. “I say that because most people know how to survive without all the modern conveniences.” Or, “We’d go back
to the 1800s. Big deal. People lived just fine in the 1800s.” I’m not here to argue about the odds of an EMP taking out the grid. I’m not going to
discuss the technicalities of Faraday cages or the hardening of electronics. I’m here to state that if you think life in America without
electricity will merely revert us to pioneer days, you are dead wrong (no pun intended, I hope). We wouldn’t regress to
the 1800s; we would regress to the 1100s or earlier. Life would become a bitter, brutal struggle for survival.
Society thrived in the 1800s for four very simple reasons: 1) a non-electric infrastructure already existed; 2)
people had the skills, knowledge and tools to make do; 3) our population levels were far lower, and most people
lived rural and raised a significant portion of their own food; and 4) there were relatively few people who didn’t
earn their way. To be blunt, if you didn’t work, you seldom ate. Those who couldn’t work (the disabled, the elderly, etc.) were cared for by family
members or charitable institutions. There were no other options. These conditions no longer exist. Homes do not come equipped
with outhouses, hand water pumps and a trained horse stabled in the back. Many people don’t have the faintest
clue how to cook from scratch, much less grow or raise their own food . Eighty percent of Americans live in cities
and are fed by less than 2 percent of the population, which means farmers must mass-produce food for
shipments to cities. And there are far too many people on multi-generational entitlement programs who literally know no other lifestyle except an
endless cycle of EBT cards and welfare payments. Additionally, the interconnectivity that exists in today’s society is complex
beyond belief. It’s been proven again and again that a single weak link can bring down the whole chain. A
trucker’s strike or a massive storm at one end of the country can mean interrupted food deliveries at the other
end. Even the most humble object – a pencil, for example – has a pedigree of such unimaginable complexity
that its manufacture requires the cooperation of millions, and not one single person on the planet knows how
to make one from start to finish. Read this essay to see what I mean. How much more complex would it be to rebuild a fallen electrical grid
than a pencil? And yet some people claim that a grid-down situation will be a minor inconvenience. They think that
because they line-dry their clothes and have a few tomatoes on their patio, that they’ll be able to survive a
situation in which all services cease. They think food production and distribution is somehow independent of
fuel and electricity. In fact, it’s intimately connected. Ever try to till a 3,500-acre wheat field by horse-drawn
plow? Shut off power and you shut off food. Period. Some people contemptuously dismiss the hardships that would
ensue after grid-down by noting that we already posses the know-how for technological and medical advances.
We know how to treat or cure illness and injury. We know how to provide electrical power. We know how to make engines. Therefore, it will be easy to
rebuild America’s infrastructure in the event of a grid-down situation. And these people are right – we do possess the knowledge. What we
would lack is the infrastructure to rebuild the infrastructure. We lack the stop-gap services that would allow
engineers and manufacturers to rebuild society without facing starvation first. And if the people with the specialized
knowledge to rebuild die off in the interim before the infrastructure gets rebuilt, then where will we be? America’s connectivity, more than
anything else, will cripple our society should the power fail. It’s all well and good for a surgeon to have the knowledge of how to
operate on a cancerous tumor, but if sterile scalpels and anesthesia and dressings and other surgical accouterments are not available, the surgeon’s
abilities regress almost to the point of a tribal witch doctor by the lack of infrastructure, services and supplies.
AT: WATER SUPPLY SAFE
Water supplies are uniquely vulnerable to cyber-attacks
Ginter 15 (Andrew Ginter is the vice president of industrial security at Waterfall Security Solutions, a provider
of Unidirectional Security Gateways for industrial control networks and critical infrastructures.
WaterWorld.com: “High-Tech Threats: Top Cybersecurity Issues Facing Water Utility Control Systems.”
Copyright date is 2015. Accessed June 25th, 2015. http://www.waterworld.com/articles/print/volume29/issue-10/editorial-features/high-tech-threats-top-cybersecurity-issues-facing-water-utility-controlsystems.html) KalM
Recent Department of Homeland Security reports have highlighted poor security among the nation's water
utilities, where operations networks and control systems are inadequately protected. The security situation in critical
infrastructure is raising ratepayer concerns and prompting utilities to ask hard questions about which actions can truly improve their cybersecurity
situations. Are firewalls - the most common form of security in the market - capable of combatting modern threats? Would water system utilities be
better protected if they completely isolated their control-system networks from public networks? Or is there a third option that would retain the
efficiencies and cost savings that come from access to real-time operations information, while also protecting plants from cyber attacks? Technology that
routinely protects industrial control networks in power plants and other critical infrastructures can help water utilities answer these questions. Firewalls
and Modern Security Threats Firewalls are a staple of industrial cybersecurity programs, but they have many inherent
flaws that water facilities must identify, consider and address. Firewalls are complex software systems because they are difficult to
configure, and their configurations are difficult to understand and verify. The smallest error in these configurations can introduce
vulnerabilities. Defects are frequently discovered in firewall software and in the complex operating systems
underlying that software, some of which can be exploited as security vulnerabilities . In order to prevent
exploitation of known defects and vulnerabilities, firewall vendors issue a steady stream of security updates, which must be applied promptly. Even
worse, because the firewalls provide not only real-time data but also online access to mission-critical systems and networks, the firewalls fundamentally
expose these environments to numerous types of attacks. For example, phishing attacks send email through a firewall to persuade recipients to either
reveal passwords or to download and run malware. Meanwhile, vulnerabilities as simple as hard-coded passwords and hard-coded encryption keys have
been reported in industrial firewalls. In addition, cross-site scripting vulnerabilities in HTTP-based "VPN" proxy servers are difficult or impossible to fix
because they are essential to the design of the firewall's features. Waterfall Security Solutions. Defects are frequently discovered in firewall software and
in the complex operating systems underlying that software, some of which can be exploited as security vulnerabilities. Photo courtesy of Waterfall
Security Solutions. Even if connections through firewalls are initiated from the control network side, once the connections are established,
they permit bi-directional data to flow through the firewalls. Any of those flows can be used to launch attacks
back to systems on the protected network. This means that utilities cannot deliver any confidence that their
operational assets are adequately protected by firewalls. The level of risk is unacceptably high , and water utilities must
compensate for it.
The rest of the world depends on the US for food, but production is on the brink; Water
disruption collapses it empirically.
Smith 14 (Ron Smith is editor at Southwest Farm Press. Farm Futures: “U.S. Ag: Poised to Feed the World?”
published January 12th, 2014. http://farmfutures.com/story-ag-poised-feed-world-18-107236) KalM
The challenge is daunting: Within 40 years, farmers across the world will need to double production and do it with fewer
resources - especially water - to feed, clothe and provide energy for a global population of 9 billion souls. “Farmers will need to
produce as much food, feed and fiber during the first half of this century as has been produced over the last 100 centuries combined to meet the growing
demand,” says Greg Hart, John Deere sales manager for the U.S. Western Region. Hart says the “future of the world depends on
agriculture,” and much of that increased production will come from U.S. farmers. “U.S. agriculture
will be at the forefront of solving food production challenges for the world," he says. "No one is better
positioned than U.S. farmers.” It will not be easy. Most of the population growth expected to occur by 2050 will take place where diets are
already less than adequate. Africa will account for 41% of the population growth, second to Asia’s 49%. North American growth is anticipated to increase
only 4% and South America only 7%. Europe’s population could decline by about 1%. Obstacles include meshing productivity with sustainability and
resource stewardship. Lack of a skilled labor force, especially in developing nations, also poses significant problems. “Our challenge is to do more with
less skilled labor,” Hart says. Production variables will continue to challenge farmers. Weather is the big one. Hart said agricultural yield has
followed a strong upward trend since the early 1990s. “But we also had a reduction in 2012 from drought. In 2013,
the Southwest had a late spring that hurt production.” Much of the region remains in a three-year drought cycle. “We are just one or two
weather events away from either a surplus or a deficit. That’s the volatility of agriculture. We must continue to work to
optimize production and continue to improve that trend line.” Increased production Agriculture has to increase productivity with more limited
resources. “The resource base is shrinking. In 10 years, water demand will be 17& higher than availability,” Hart says. Improving irrigation
efficiency will help. Currently, 18% of the world’s agricultural land is irrigated, but that 18% provides 40% of crop production and 60% of cereal
production. “But more than half of the world’s irrigation is by the most inefficient method, gravity flow,” Hart adds. Focusing on more efficient systems,
such as low energy precision application (LEPA) and subsurface drip irrigation (SDI), will help. “Agriculture will have to compete for
water, and we will see more regulation and higher costs.” Including energy production into the equation puts
even more pressure on agricultural productivity. Achieving production targets, he says, will demand “smart use
of available resources.
Water security on the brink now
Goldenberg 14 (Suzanne Goldenberg is the US environment correspondent of the Guardian. The Guardian:
“Why global water shortages pose threat of terror and war” published February 8th, 2014. Accessed June 25,
2015. http://www.theguardian.com/environment/2014/feb/09/global-water-shortages-threat-terror-war)
KalM
Already a billion people, or one in seven people on the planet, lack access to safe drinking water. Britain, of course, is
currently at the other extreme. Great swaths of the country are drowning in misery, after a series of Atlantic storms off the south-western coast. But that
too is part of the picture that has been coming into sharper focus over 12 years of the Grace satellite record. Countries at northern latitudes and in the
tropics are getting wetter. But those countries at mid-latitude are running increasingly low on water. "What we see is very much a picture of the wet areas
of the Earth getting wetter," Famiglietti said. "Those would be the high latitudes like the Arctic and the lower latitudes like the tropics. The middle
latitudes in between, those are already the arid and semi-arid parts of the world and they are getting drier." On the satellite images the biggest losses
were denoted by red hotspots, he said. And those red spots largely matched the locations of groundwater reserves. "Almost all of those red hotspots
correspond to major aquifers of the world. What Grace shows us is that groundwater depletion is happening at a very rapid rate in
almost all of the major aquifers in the arid and semi-arid parts of the world." The Middle East, north Africa and
south Asia are all projected to experience water shortages over the coming years because of decades of bad
management and overuse. Watering crops, slaking thirst in expanding cities, cooling power plants, fracking oil
and gas wells – all take water from the same diminishing supply. Add to that climate change – which is
projected to intensify dry spells in the coming years – and the world is going to be forced to think a lot more
about water than it ever did before. The losses of water reserves are staggering. In seven years, beginning in 2003, parts of
Turkey, Syria, Iraq and Iran along the Tigris and Euphrates rivers lost 144 cubic kilometres of stored freshwater – or about the same amount of water in
the Dead Sea, according to data compiled by the Grace mission and released last year. A small portion of the water loss was due to soil drying up because
of a 2007 drought and to a poor snowpack. Another share was lost to evaporation from lakes and reservoirs. But the majority of the water lost, 90km3, or
about 60%, was due to reductions in groundwater. Farmers, facing drought, resorted to pumping out groundwater – at times on a massive scale. The
Iraqi government drilled about 1,000 wells to weather the 2007 drought, all drawing from the same stressed supply. In south Asia, the losses of
groundwater over the last decade were even higher. About 600 million people live on the 2,000km swath that extends from eastern Pakistan, across the
hot dry plains of northern India and into Bangladesh, and the land is the most intensely irrigated in the world. Up to 75% of farmers rely on pumped
groundwater to water their crops, and water use is intensifying. Over the last decade, groundwater was pumped out 70% faster
than in the 1990s. Satellite measurements showed a staggering loss of 54km3 of groundwater a year. Indian farmers were
pumping their way into a water crisis. The US security establishment is already warning of potential conflicts –
including terror attacks – over water. In a 2012 report, the US director of national intelligence warned that overuse of water – as in
India and other countries – was a source of conflict that could potentially compromise US national security. The report
focused on water basins critical to the US security regime – the Nile, Tigris-Euphrates, Mekong, Jordan, Indus, Brahmaputra and Amu Darya. It
concluded: "During the next 10 years, many countries important to the United States will experience water problems – shortages, poor water quality, or
floods – that will risk instability and state failure, increase regional tensions, and distract them from working with the United States." Water, on its own,
was unlikely to bring down governments. But the report warned that shortages could threaten food production and energy supply
and put additional stress on governments struggling with poverty and social tensions. Some of those tensions are already
apparent on the ground. The Pacific Institute, which studies issues of water and global security, found a fourfold increase in violent confrontations over
water over the last decade. "I think the risk of conflicts over water is growing – not shrinking – because of increased
competition, because of bad management and, ultimately, because of the impacts of climate change," said Peter
Gleick, president of the Pacific Institute. There are dozens of potential flashpoints, spanning the globe. In the Middle East, Iranian
officials are making contingency plans for water rationing in the greater Tehran area, home to 22 million people. Egypt has demanded Ethiopia stop
construction of a mega-dam on the Nile, vowing to protect its historical rights to the river at "any cost". The Egyptian authorities have called for a study
into whether the project would reduce the river's flow. Jordan, which has the third lowest reserves in the region, is struggling with an influx of Syrian
refugees. The country is undergoing power cuts because of water shortages. Last week, Prince Hassan, the uncle of King Abdullah, warned that a war
over water and energy could be even bloodier than the Arab spring. The United Arab Emirates, faced with a growing population, has invested in
desalination projects and is harvesting rainwater. At an international water conference in Abu Dhabi last year, Crown Prince General Sheikh Mohammed
bin Zayed al-Nahyan said: "For us, water is [now] more important than oil." The chances of countries going to war over water were slim – at least over
the next decade, the national intelligence report said. But it warned ominously: "As water shortages become more acute beyond the next 10 years, water
in shared basins will increasingly be used as leverage; the use of water as a weapon or to further terrorist objectives will become more likely beyond 10
years." Gleick predicted such conflicts would take other trajectories. He expected water tensions would erupt on a more local scale. "I think the biggest
worry today is sub-national conflicts – conflicts between farmers and cities, between ethnic groups, between pastoralists and farmers in Africa, between
upstream users and downstream users on the same river," said Gleick. "We have more tools at the international level to resolve disputes between nations.
We have diplomats. We have treaties. We have international organisations that reduce the risk that India and Pakistan will go to war over water but we
have far fewer tools at the sub-national level." And new fault lines are emerging with energy production. America's oil and gas rush is putting growing
demands on a water supply already under pressure from drought and growing populations. More than half the nearly 40,000 wells drilled since 2011
were in drought-stricken areas, a report from the Ceres green investment network found last week. About 36% of those wells were in areas already
experiencing groundwater depletion. How governments manage those water problems – and protect their groundwater reserves – will be critical. When
California emerged from its last prolonged dry spell, in 2010, the Sacramento and San Joaquin river basins were badly depleted. The two river basins lost
10km3 of freshwater each year in 2012 and 2013, dropping the total volume of snow, surface water, soil moisture and groundwater to the lowest levels in
nearly a decade. Without rain, those reservoirs are projected to drop even further during this drought. State officials are already preparing to drill
additional wells to draw on groundwater. Famiglietti said that would be a mistake. "We are standing on a cliff looking over the edge
and we have to decide what we are going to do," he said.
Water shortages are destabilizing
Ahmed 15 (Nafeez Ahmed PhD, is an investigative journalist and an international security scholar. Ecologist:
“Global water crisis causing failed harvests, hunger, war and terrorism.” Published March 27th, 2015. Accessed
June 25th, 2015.
http://www.theecologist.org/News/news_analysis/2803979/global_water_crisis_causing_failed_harvests_h
unger_war_and_terrorism.html) KalM
The world is already experiencing water scarcity driven by over-use, poor land management and climate
change, writes Nafeez Ahmed. It's one of the causes of wars and terrorism in the Middle East and beyond, and if we
fail to respond to the warnings before us, major food and power shortages will soon afflict large parts of the
globe fuelling hunger, insecurity and conflict. Countries like Iraq, Syria and Yemen, where US counterterrorism operations are in full swing, are right now facing accelerating instability from terrorism due to the
destabilising impacts of unprecedented water shortages. The world is already in the throes of an epidemic of local and regional
water shortages, and unless this trend is reversed, it will lead to more forced migrations, civil unrest and outbreaks of conflict Behind the escalating
violence in Iraq, Syria and Yemen, as well as the epidemic of civil unrest across the wider region, is a growing shortage of water. New peer-
reviewed research published by the American Water Works Association (AWWA) shows that water scarcity
linked to climate change is now a global problem playing a direct role in aggravating major conflicts in the
Middle East and North Africa.
US water security on the brink now
Dimick 14 (Dennis Dimick is National Geographic's Executive Editor for the Environment. National
Geographic: “If You Think the Water Crisis Can't Get Worse, Wait Until the Aquifers Are Drained” published
August 21st, 2014. Accessed June 25th, 2015. http://news.nationalgeographic.com/news/2014/08/140819groundwater-california-drought-aquifers-hidden-crisis/#) KalM
This coincides with a nationwide trend of groundwater declines. A 2013 study of 40 aquifers across the United States by the
U.S. Geological Survey reports that the rate of groundwater depletion has increased dramatically since 2000, with almost
25 cubic kilometers (six cubic miles) of water per year being pumped from the ground . This compares to about 9.2 cubic
kilometers (1.48 cubic miles) average withdrawal per year from 1900 to 2008. Scarce groundwater supplies also are being used for
energy. A recent study from CERES, an organization that advocates sustainable business practices, indicated that competition for water by
hydraulic fracturing—a water-intensive drilling process for oil and gas known as "fracking"—already occurs in dry regions of the
United States. The February report said that more than half of all fracking wells in the U.S. are being drilled in regions
experiencing drought, and that more than one-third of the wells are in regions suffering groundwater depletion. Satellites have allowed us to
more accurately understand groundwater supplies and depletion rates. Until these satellites, called GRACE (Gravity Recovery and Climate Experiment),
were launched by NASA, we couldn't see or measure this developing invisible crisis. GRACE has given us an improved picture of groundwater worldwide,
revealing how supplies are shrinking in several regions vulnerable to drought: northern India, the North China Plain, and the Middle East among them.
As drought worsens groundwater depletion, water supplies for people and farming shrink, and
this scarcity can set the table for social unrest . Saudi Arabia, which a few decades ago began pumping deep underground
aquifers to grow wheat in the desert, has since abandoned the plan, in order to conserve what groundwater supplies remain, relying instead on imported
wheat to feed the people of this arid land.
AT: WATER SHORTAGE IMPACT D
Water shortages are destabilizing
Ahmed 15 (Nafeez Ahmed PhD, is an investigative journalist and an international security scholar. Ecologist:
“Global water crisis causing failed harvests, hunger, war and terrorism.” Published March 27 th, 2015. Accessed
June 25th, 2015.
http://www.theecologist.org/News/news_analysis/2803979/global_water_crisis_causing_failed_harvests_h
unger_war_and_terrorism.html) KalM
The world is already experiencing water scarcity driven by over-use, poor land management and climate
change, writes Nafeez Ahmed. It's one of the causes of wars and terrorism in the Middle East and beyond, and if we
fail to respond to the warnings before us, major food and power shortages will soon afflict large parts of the
globe fuelling hunger, insecurity and conflict. Countries like Iraq, Syria and Yemen, where US counterterrorism operations are in full swing, are right now facing accelerating instability from terrorism due to the
destabilising impacts of unprecedented water shortages. The world is already in the throes of an epidemic of local and regional
water shortages, and unless this trend is reversed, it will lead to more forced migrations, civil unrest and outbreaks of conflict Behind the escalating
violence in Iraq, Syria and Yemen, as well as the epidemic of civil unrest across the wider region, is a growing shortage of water. New peer-
reviewed research published by the American Water Works Association (AWWA) shows that water scarcity
linked to climate change is now a global problem playing a direct role in aggravating major conflicts in the
Middle East and North Africa.
Water Shortages cause instability, state failure, and conflict
Goldenberg 4/9/14- Suzanne Goldenberg is the US environment correspondent of the Guardian and is based in Washington DC (“Suzanne
Goldenber”;Why Global Water Shortages Pose Threat of Terror and War; http://www.commondreams.org/views/2014/02/09/why-global-watershortages-pose-threat-terror-and-war)\\pranav/KalM
The Middle East, north Africa and south Asia are all projected to experience water shortages over the coming years because of decades of bad
management and overuse. Watering crops, slaking thirst in expanding cities, cooling power plants, fracking oil and gas wells – all take water from the
same diminishing supply. Add to that climate change – which is projected to intensify dry spells in the coming years – and the world is going to be forced
to think a lot more about water than it ever did before. The losses of water reserves are staggering. In seven years, beginning in 2003, parts of Turkey,
Syria, Iraq and Iran along the Tigris and Euphrates rivers lost 144 cubic kilometres of stored freshwater – or about the same amount of water in the Dead
Sea, according to data compiled by the Grace mission and released last year. A small portion of the water loss was due to soil drying up because of a 2007
drought and to a poor snowpack. Another share was lost to evaporation from lakes and reservoirs. But the majority of the water lost, 90km3, or about
60%, was due to reductions in groundwater. Farmers, facing drought, resorted to pumping out groundwater – at times on a massive scale. The Iraqi
government drilled about 1,000 wells to weather the 2007 drought, all drawing from the same stressed supply. In south Asia, the losses of groundwater
over the last decade were even higher. About 600 million people live on the 2,000km swath that extends from eastern Pakistan, across the hot dry plains
of northern India and into Bangladesh, and the land is the most intensely irrigated in the world. Up to 75% of farmers rely on pumped groundwater to
water their crops, and water use is intensifying. Over the last decade, groundwater was pumped out 70% faster than in the 1990s. Satellite measurements
showed a staggering loss of 54km3 of groundwater a year. Indian farmers were pumping their way into a water crisis. The
US security
establishment is already warning of potential conflicts – including terror attacks – over water. In a
2012 report, the US director of national intelligence warned that overuse of water – as in India and
other countries – was a source of conflict that could potentially compromise US national
securit y. The report focused on water basins critical to the US security regime – the Nile, TigrisEuphrates, Mekong, Jordan, Indus, Brahmaputra and Amu Darya. It concluded: "During the next 10
years, many countries important to the United States will experience water problems – shortages,
poor water quality, or floods
– that will risk instability and state failure , increase regional tensions, and distract them
from working with the United States." Water, on its own, was unlikely to bring down governments. But the report warned that shortages could threaten
food production and energy supply and put additional stress on governments struggling with poverty and social tensions. Some of those tensions are
already apparent on the ground. The Pacific Institute, which studies issues of water and global security, found a fourfold increase in violent
confrontations over water over the last decade. "I think the risk of conflicts over water is growing – not shrinking – because of increased competition,
because of bad management and, ultimately, because of the impacts of climate change," said Peter Gleick, president of the Pacific Institute. There
are dozens of potential flashpoints , spanning the globe. In the Middle East, Iranian officials are making contingency
plans for water rationing in the greater Tehran area, home to 22 million people. Egypt has demanded Ethiopia stop construction of a mega-dam on the
Nile, vowing to protect its historical rights to the river at "any cost". The Egyptian authorities have called for a study into whether the project would
reduce the river's flow. Jordan, which has the third lowest reserves in the region, is struggling with an influx of Syrian refugees. The country is
undergoing power cuts because of water shortages. Last week, Prince Hassan, the uncle of King Abdullah, warned that a war over water and energy could
be even bloodier than the Arab spring. The United Arab Emirates, faced with a growing population, has invested in desalination projects and is
harvesting rainwater. At an international water conference in Abu Dhabi last year, Crown Prince General Sheikh Mohammed bin Zayed al-Nahyan said:
"For us, water is [now] more important than oil." The chances of countries going to war over water were slim – at least over the next decade, the national
intelligence report said. But it warned ominously: "As water shortages become more acute beyond the next 10 years, water in shared basins will
increasingly be used as leverage; the use of water as a weapon or to further terrorist objectives will become more likely beyond 10 years."
Empirics prove
Fergusson 4/24/15- James Fergusson started out in journalism in 1989 on the Independent. He has written for many publications since,
covering current affairs in Europe, North and East Africa, the Far East, the Caribbean and, especially, Central Asia and Afghanistan. From 1998 to 2000
he worked in Sarajevo as a press spokesman for the Office of the High Representative, the body charged with implementing the Dayton Peace Accord
that ended Bosnia's civil war in 1995..(“James Fergusson”;The World Will Soon be at War Over Water; http://www.newsweek.com/2015/05/01/worldwill-soon-be-war-over-water-324328.html)\\pranav/KalM
The world is at war over water . Goldman Sachs describes it as “the petroleum of the next
century”. Disputes over water tend to start small and local – for instance, with the sort of protests that drought-stricken São Paolo has experienced
this year. But minor civil unrest can quickly mushroom, as the bonds of civilisation snap. It is often forgotten that the revolution against
Syrian president Bashar al-Assad began this way, when youths of the southern Syrian town of Daraa, angry at the local
governor’s corrupt allocation of scarce reservoir water, were caught spraying anti-establishment graffiti. Their arrest and
torture was the final straw for the tribes from which the youths came. It was a very similar story in Yemen, whose revolution began in 2011 in Taiz, the
most water-stressed city in that country. When we think of Syria now, we cannot see far past the threat posed by Islamists. But Isis, in the end, is a
symptom of social malfunction. If order is to be restored, we might do better to start focusing instead on the causes. Then we could perhaps look harder
for “soft power” solutions – the restoration of governance and basic services, such as electricity and water supply – rather than for hard power ones, such
as missiles and bombs. 1. THE MESOPOTAMIAN WAR As Islamic State’s leaders work to carve out their glorious new state, they have comprehended
that political power in Mesopotamia has always rested on the ability to supply its citizens with water. The prosperity of ancient Nimrud, the 7th-century
BC ruins that Isis recently bulldozed because they were “unIslamic”, was founded on its irrigation dam across the Tigris. The Sumerian city-state of Ur –
the first city, founded in 3800BC – was abandoned by 500BC following a protracted drought and the siltation of the Euphrates. Isis is headquartered at
Raqqah, a mere 40km down the Euphrates from the largest reservoir in Syria, Lake Assad. Raqqah’s economy has long depended on the cultivation of
cotton irrigated by the reservoir, which was formed by the Russian-assisted construction of the Tabqa dam in 1973, and designed to irrigate some 2,500
square miles of farmland. Last
August, Isis fought fiercely for control of the largest dam in Iraq, across the
Tigris at Mosul. Its fighters also took over two other dams across the Euphrates, one at Fallujah, the other at Haditha. In all cases, it took American air
strikes to drive them off, and the high value the terrorist group places on Mesopotamia’s dams suggests that further offensives against such targets are
likely. Even if Isis leaders in Raqqah succeed in holding one of these key pieces of hydro-infrastructure, however, they do not control the headwaters of
either the Tigris or the Euphrates, which rise in Turkey. It is the Turks, who have squabbled for 40 years with their downstream neighbours over use of
the rivers, who therefore hold the keys to the long-term future of Isis – and the Islamists know it. 2. TURKEY V ISIS Last summer, Isis accused the
Turkish government in Ankara, headed by Recep Tayyip Erdogan, of deliberately holding back the Euphrates through a series of dams on its territory,
lowering water levels in Lake Assad by a record six metres. Isis was apoplectic. Turkey’s dams have given Ankara a vital hold over Isis’s leaders, who, for
the present, twitch like puppets on a string. Ankara, it should be said, may not have been wholly responsible for the shrinking of Lake Assad. Local
farmers, emboldened by the collapse of governance in Syria, were reported last year to have siphoned off vast amounts of water to irrigate their own
cotton plantations. Nature played a role too; there was less than half as much rainfall in the Turkish highlands in the wet season of 2014 as in the
previous year. Nevertheless, Turkey’s stranglehold over its downstream neighbours is real – and it is set to tighten further in 2015, with the completion of
the controversial Ilisu hydro-dam on the Tigris, which will create a 10 billion cubic metre reservoir just 30 miles north of the Syrian border. The dam is
the latest of 22 envisioned under the Southeastern Anatolia Project (or GAP, to use its Turkish acronym), a vast regional development plan that was
originally mooted by Kemal Ataturk in the 1930s. The father of modern Turkey could not have foreseen how completely his country’s “blue gold” would
one day replace oil as the region’s most important resource. Iraq’s oil industry requires 1.8 billion cubic metres of water a year in order to function at all.
Ankara has adopted a canny and forward foreign policy for years now, extending its influence everywhere from Somalia to Afghanistan. What is
happening in Anatolia now suggests that “neo-Ottomanism” is not just political posturing: it really is the future for this part of the Middle East.
Hydrologists in Sweden recently suggested that by 2040, the volume of water being extracted from the mighty Tigris and Euphrates – rivers that once
delineated and sustained the cradle of civilisation – could be so great that they no longer reach the sea. 3. THE YANGTZE PROBLEM There
dozens of potential
dam-related
are
flashpoints around the world. The Permanent Court of
Arbitration in The Hague, which handles international water disputes, says 263 river basins are
contested globally. There are already more than 40,000 large dams around the world. These icons of post-war Western development irrigate
millions of square miles of farmland and produce a fifth of the world’s electricity through hydropower. An area the size of California – 0.3% of the world’s
total land mass – has been lost to artificial reservoirs since the golden age of dam-building began in the 1950s. The number of major schemes tailed off in
the 1990s, as environmental concerns grew and the economic efficiency of the largest projects was called into question. But booming demand has since
dramatically revived the industry. New mega-dams are now among the largest and most expensive engineering projects on the planet. The costliest so far
is China’s South-to-North Water Diversion Project, a scheme to divert the waters of the River Yangtze via dams, tunnels and three vast canals to the arid
north of the country. The project is still only half finished, yet by last year had swallowed more than $79bn (€73bn). Hundreds of thousands of villagers
have been forced from their homes by the project. The scheme’s long-term effect on the environment and economy of the south remains uncertain. Far to
the south, meanwhile, on the River Mekong, Laos is copying China by building two major dams that could devastate not just the local economies but the
lives of its downstream neighbours, Cambodia and Vietnam. The diet of some 50 million people is based on fish caught in the Mekong, which is already
the most dammed river in the world. Then there is the Rogun hydro-dam on the Amu Darya in Tajikistan which, when completed, could be 355 metres
high: the tallest dam in the world. The possible effect on the Amu Darya worries downstream Uzbekistan, which has responded with sanctions and travel
restrictions on the Tajiks. Congo A general view of Inga dam's eight massive turbines, only three of which work, on the mighty Congo River. With a flow
second only to the Amazon, the mighty Congo river spews forth 1.5 million cubic feet (42.5 million litres) into the Atlantic every second. Experts say it
could generate over 40,000 megawatts (MW) of electricity -- more than twice the projected capacity of China 's massive Three Gorges Dam, and a major
step to keeping up with fast-growing demand for electricity in Africa and beyond. MARLENE RABAUD/REUTERS 4. THE CONGO AND THE NILE The
most productive hydro-power dam, the Grand Inga, has recently been proposed for the River Congo, 225km south-west of Kinshasa. With a projected
price tag of £80bn (€74bn), developers claim it will “light up Africa”. Critics say that the electricity generated will mostly be transmitted to distant cities,
and that the continent’s poorest will see little benefit. The cost overruns in this notoriously corrupt part of the world could also end up making the South-
to-North China project look cheap. This month, Egypt and Ethiopia signed a treaty over the latter’s half-built Grand Renaissance dam on the Blue Nile,
which will be the largest hydro-scheme in Africa when it comes on stream in 2017. Downstream Egypt, whose development has depended on the Nile
since ancient times, originally objected so strongly that in June 2013 a meeting of the cabinet of the then president, Mohammad Morsi, was caught on
live television discussing ways of destroying the dam, including via covert support for anti-government rebels. Sanity seems now to have prevailed. 5.
AFGHANISTAN DRIES UP Nato’s
recently concluded engagement in southern Afghanistan is not normally cast as a
water conflict , although that is largely what it was. Helmand, the most hotly-disputed province, was once one of Afghanistan’s
breadbaskets thanks to the Helmand Valley Authority, an irrigation scheme set up in the 1950s by American engineers. But mismanagement of the
scheme’s 300 miles of canals, coupled with a period of protracted drought, meant that the area of irrigated land halved between 1979 and 2002. Local
tribes, spurred on by the vast profits to be made from the cultivation of poppies, fought over what remained, with the Taliban exploiting the conflict. One
of the centrepieces of the HVA was the Kajaki hydro-dam, completed in 1953 by the same US firm that built the Hoover Dam on the River Colorado. The
Americans returned in 2001, this time in order to bomb it. 6. INDIA V PAKISTAN The
Pakistan
over Kashmir – both the highest and longest-running in the world –
territorial dispute between India and
is largely about control of the headwaters of the
River Indus, on which Pakistan’s agricultural economy downstream has become ever more dependent. There are 200 million people in Pakistan:
double the number 30 years ago. Yet Dutch scientists think shrinking glaciers caused by climate change could reduce the Indus by 8% by 2050. India,
which has built or proposed some 45 hydro-schemes on the Indus’s upper reaches, insists that flow will never be affected. But Pakistan is as paranoid
about India as Isis is about Turkey, with a long track-record of blaming India for social ills at home. The rhetoric of extremists is already hot. Hafiz
Saeed, a militant linked to the Mumbai hotel atrocity of 2008, has spoken in the past of India’s “water terrorism”, and campaigned under slogans like
“Water flows, or blood”. Could diminishing water supply push these nuclear-armed neighbours towards a new war? Red Sea A plant is seen on the
parched shore of the Dead Sea. The Dead Sea is slowly but surely drying up, and could be gone completely in 50 years if no action is taken. The water
level is dropping at close to one metre (three feet) per year due to a sharp decrease in inflow from the Jordan and other rivers whose waters now irrigate
fields. BAZ RATNER/ REUTERS 7. ISRAEL V PALESTINE Finally,
there is Israel and Palestine, arguably the [precursor]
grand-daddy of all water conflicts. Israel, a state founded on Ben-Gurion’s dream of “making the desert bloom”, diverted the River
Jordan half a century ago, east and southwards towards the Negev desert, via a canal called the National Water Carrier. The Dead Sea has lost a third of
its surface area as a direct consequence, and the River Jordan of biblical antiquity has become a muddy trickle in a ditch. The reason Israel still occupies
the Golan Heights, captured from Syria in the Six-Day War of 1967, is because that is where the Jordan rises. All this has come at the expense of the
Palestinians, who accuse Israel of manipulating water supply to suppress them.
OCO’S ADVANTAGE
2AC COOPERATION KEY
Government and industry must cooperate to prevent cyber-attack escalation to kinetic war
Ashford 11 security editor for Computer Weekly (Ashford, Computer Weekly, “When IT threats turn into cyber war” 3/1/11, p.8) | js
RISK MANAGEMENT At what point do challenges to IT security warrant international government intervention? Warwick Ashford reports
Governments in the UK, US and elsewhere axe prioritising cyber security. There is plenty of talk of cyber war, but little consensus as to what the term
actually means. There seems to be more agreement about what cyber war is not. G? security experts say cyber war is distinct from criminal activity aimed
at financial gain, industrial espionage aimed at commercial advantage and military espionage aimed at stealing information about military hardware.
Michael Chertoff, former US Secretary of Homeland Security, says IT security threats comprise a spectrum of challenges ranging from theft
to espionage, to destruction of data, GG systems and physical entities. Lower level attacks will be tolerated, depending on the
consequences, but there is a point after which the consequences will demand action from government, he says, but it is
difficult to say where the shift occurs. "What constitutes cyber war, depends on scale and genesis," he told delegates at the RSA Conference 2011 in San
Francisco. But destruction alone cannot be used as a criterion for cyber war, says Bruce Schneier, chief security technology officer at BT. "In some
instances, attacks that cause destruction may simply be some form of cyber criminal activity. Classifying an attack as being an act of cyber war depends
on who is carrying out the attack and why," he told die RSA Conference. Mutual destruction deterrent Despite the ambiguity of the term cyber
war, Chertoff says it helps to emphasise the risk by reflecting the severity of the consequences. Cyber attacks are not only about G?
systems, but can result in loss of life. The good news is that, while state actors are best equipped to carry out devastating cyber attacks, they are
the least likely to do so because of the power of other nation states to retaliate in kind. But while there is a potential cold war situation of
mutual assured destruction acting as a deterrent, die concern voiced by many security experts is me potential of nonstate actors to acquire such capabilities. "The world is used to the model where, except for criminal matters, force is dealt will by the state,
but in cyber space there are no bystanders because attacks take place on the networks and computers of individuals. The
familiar categories no longer fit," said Chertoff. There is no single fix, he said, because threats to supply chains, insider threats and network
attacks require different remedies. For this reason, there has to be an appropriate legislative framework, says Mike McConnell, executive
vice-president at consultancy firm Booz Allen Hamilton. "We need to understand the vulnerabilities to business and the global
economy and ensure we have measures in place to mitigate the risk," he said. Government Intervention Schneier suggests the inflexion
point may be the point at which the market will not mitigate the risk. Business will secure against risk up to the value of the
business but no further, he says, and that is the point at which government will have to take over to fill the gap. But history
shows governments typically wait for a catastrophic event before taking action, said McConnell. Lessons can be learned
from the cyber attacks in Estonia in 2007, says Chertoff. Governments considering smart grids should use architectures
conducive to security and enable compartmentalisation akin to the watertight compartments in warships. "It would be foolish not to
recognise that we could get into a cyber war, because there is no doubt cyber will be a domain of conflict in any act of war that will be capable of
destroying systems and will not be dealt with by market forces," he said. Rules of engagement It is important governments consider wbat they are
capable of doing - and what they are authorised to do - in such a situation, said Chertoff. McConnell agreed a cyber element will be a part of any future
kinetic war, as demonstrated during Russia's incursion into Georgia in 2008. Schneier said that, in future conflicts, cyber attacks may be the first
wave of
aggression
that
will be followed by air attacks and ultimately military action on the
ground . Chertoff said governments need to decide policies on what would be a reasonable response to cyber attack. McConnell
these issues before it is too late, but
Schneier says the concern is that this debate is taking place too far down the command chain. There is also a risk that experimental cyber
weapons may be unleashed on the internet by accident, said Schneier. That is why there is a need for international
agreements and treaties. At the least there should be obligations on the creators of such weapons to warn of the threats and attempt to disable
them, said Chertoff. If there is any consensus around cyber war, it is this: although the term is over-used and over-hyped, the threat
is real - Stuxnet has proved that physical damage can be caused by cyber attack - and governments ought to be
preparing an appropriate defence capability. Enterprise Involvement But, according to the US government and military, while the public sector
is doing everything it can to secure cyber space, the private sector has an important role to play as well. "We need industry because cyber
security is a team sport that brings together government, industry and international allies," said General Keith Alexander,
commander of US Cyber Command. US deputy secretary of defence, William Lynn, also called for greater
collaboration between government and the private sector in tackling cyber thareats. He appealed to the information security
industry for help in developing technology to ensure government and business stay ahead in the cyber arms race.
believes informed dialogue and debate should be directed at encouraging governments to address
2AC CYBER ARMS RACE NOW
Current cyberspace engaged in an arms race—will escalate
Ranger 14 (Steve Ranger, UK editor of TechRepublic. He has been writing about the impact of
technology on people, business and culture for more than a decade. ’Inside the Secret Digital Arms
Race: Facing the Threat of a Global Cyberwar”, http://www.techrepublic.com/article/inside-thesecret-digital-arms-race/, April 24, 2014)//CLi
The military has been involved with the internet since its the start. It emerged from a US Department of Defense-funded project, so it's no surprise that
the armed forces have kept a close eye on its potential. And politicians and military leaders of all nations are naturally attracted to digital warfare as it
offers the opportunity to neutralise an enemy without putting troops at risk. As such, the
last decade has seen rapid investment in
what governments and the military have dubbed " cyberwar " — sometimes shortened to just "cyber." Yes, it sounds like a cheaply sensational term
borrowed from an airport thriller, (and to some the use of such an outmoded term reflects the limited level of understanding of the issues involved by
those in charge) but the intent behind the investment is deadly serious. The UK's defence secretary Philip Hammond has made no secret of the country's
interest in the field, telling a newspaper late last year, "We will build in Britain a cyber strike capability so we can strike back in cyberspace against
enemies who attack us, putting cyber alongside land, sea, air and space as a mainstream military activity." One of the participants in the UK
cybersecurity wargame scenario analyzes the situation. Image: Steve Ranger The UK is thought to be spending as much as £500m on the project over the
next few years. On an even larger scale, last year General Alexander revealed the NSA was building 13 teams to strike back in the event of an attack on the
US. "I would like to be clear that this team, this defend-the-nation team, is not a defensive team," he said told the Senate Armed Services Committee last
year. And of course, it's not just the UK and US that are building up a digital army. In a time of declining budgets, it's a way for defence ministries and
defence companies to see growth, leading some to warn of the emergence of a twenty-first century cyber-industrial complex. And the shift from
investment in cyber-defence initiatives to cyber-offensives is a recent and, for some, worrying trend. Peter W. Singer,
director of the Center for 21st Century Security and Intelligence at the Brookings Institution, said 100 nations are building cyber military
commands of that there are about 20 that are serious players, and a smaller number could carry out a whole cyberwar campaign. And the fear is that
by emphasising their offensive capabilities, governments will up the ante for everyone else. "We are seeing
some of the same manifestations of a classic arms race that we saw in the Cold War or prior to World War One. The
essence of an arms race is where the sides spend more and more on building up and advancing military capabilities but feel less and less secure — and
that definitely characterises this space today," he said. It's taken less than a decade for digital warfare to go from theoretical to the worryingly possible.
Politicians may argue that building up these skills is a deterrent to others, and emphasise such weapons would only be used to counter an attack, never to
launch one. But for some, far from scaring off any would-be threats, these investments in offensive cyber capabilities risk creating
more instability. " In international stability terms, arms races are never a positive thing : the problem is
it's incredibly hard to get out of them because they are both illogical [and] make perfect sense," Singer said. Similarly Richard Clarke, a former
presidential advisor on cybersecurity told a conference in 2012, "We turn an awful lot of people off in this country and around the world when we have
generals and admirals running around talking about 'dominating the cyber domain'. We need cooperation from a lot of people around the world
and in this country to achieve cybersecurity and militarising the issue and talking about how the US military have to dominate the cyber domain
is not helpful." Thomas Rid, a reader in War Studies at King's College London said that many countries now feel that to be taken seriously they need to
have a cyber command too. "What you see is an escalation of preparation. All sorts of countries are preparing and because these targets are intelligence
intensive you need that intel to develop attack tools you see a lot of probing, scanning systems for vulnerabilities, having a look inside if you can without
doing anything, just seeing what's possible," Rid said. As a result, in the shadows, various nations building up their digital military
presence are mapping out what could be future digital battlegrounds and seeking out potential targets, even leaving behind code to be
activated later in any conflict that might arise.
2AC CYBERWAR IMPACT
Cyberwar will crush the US economy – causes World War
Gerwirtz, Cybersecurity Expert 6/22 (David, 6/22/2015, Why the next World War will be a cyberwar
first, and a shooting war second, http://www.zdnet.com/article/the-next-world-war-will-be-a-cyberwar-firstand-a-shooting-war-a-distant-second/) /AMarb
Everything we do revolves around the Internet. Older technologies are finding themselves eclipsed by their
Internet-based substitute solutions. Even technologies historically unrelated to networking (like medical instruments) are finding themselves
part of the Internet, whether as a way to simply update firmware, or using the network to keep track of telemetry and develop advanced analytics. The
Edward Snowden revelations have rocked governments, global businesses, and the technology world. Here is our perspective on the still-unfolding
implications along with IT security and risk management best practices that technology leaders can put to good use. Whether we're talking
about social networking, financial systems, communications systems, journalism, data storage, industrial
control, or even government security -- it is all part of the Internet. That makes the world a very, very
dangerous place. Historically, wars are fought over territory or ideology, treasure or tradition, access or anger. When a war begins, the initial
aggressor wants something, whether to own a critical path to the sea or strategic oil fields, or "merely" to cause damage and build support among certain
constituencies. At first, the defender defends, protecting whatever has been attacked. Over time, however, the defender also seeks strategic benefit, to not
only cause damage in return, but to gain footholds that will lead to an end to hostilities, a point of leverage for negotiation, or outright conquest.
Shooting wars are very expensive and very risky. Tremendous amounts of material must be produced and
transported, soldiers and sailors must be put into harm's way, and incredible logistics and supply chain operations must be set up and managed on a
nationwide (or multi-national level). Cyberwar is cheap. The weapons are often co-opted computers run by the victims
being targeted. Startup costs are minimal. Individual personnel risk is minimal. It's even possible to conduct a
cyberwar without the victims knowing (or at least being able to prove) who their attackers are. Cyberwar can be
brutal, anonymous -- and profitable. But the damage done by a cyberwar can be huge, especially economically.
Let's follow that idea for a moment. One of the big reasons the U.S. won the Cold War (and scored highly in many of its other conflicts) is
because it had the economic power to produce goods for war, whether capital ships or food for troops. A economically
strong nation can invest in weapons R&D, creating a technological generation gap in terms of leverage and percapita effectiveness compared to weaker nations. But cyberwar can lay economic waste to a nation. Worse, the
more technologically powerful a nation is, the more technologically dependent that nation becomes. Cyberwar
can level the playing field, forcing highly connected nations to thrash, to jump at every digital shadow while
attackers can co-opt the very resources of the defending nation to force-multiply their attacks. Sony is still cleaning up
after the hack that exposed many confidential aspects of its relationship with stars and producers. Target and Home Depot lost millions of credit cards.
The Snowden theft, while not the result of an outside hack, shows the economic cost of a national security breach: nearly $47 billion. Cyberwar can
also cause damage to physical systems, ranging from electric power stations to smart automobiles. And when a
breach can steal deeply confidential information of a government's most trusted employees, nothing remains safe or secret. The U.S. Office of Personnel
Management was unwittingly funneling America's personnel data to its hackers for more than a year. Can you imagine? We think China was responsible
for the OPM hack. Despite the gargantuan nation's equally gargantuan investments in America (or, perhaps, because of them), China has been accused of
many of the most effective and persistent penetrations perpetrated by any nation. Providing additional reason to worry, Russia and China have recently
inked an agreement where they agreed to not launch cyberattacks against each other. They have also agreed to share cyberwarfare and
cyberdefense technology, creating an Asian axis of power that can split the world in half. On the other side of the
geopolitical spectrum are the American NSA and British GCHQ, two organizations who sharesignals intelligence and -- if the screaming is to be believed - spy as much upon their own citizens as enemies of the state. It is important to note that the destabilization of Allied intelligence can be traced to
Edward Snowden, who ran to and is currently living in Russia after stealing a vast trove of American state secrets. Ask yourself who gained from the
Snowden affair. Was it America? No. Was it Snowden? Not really. Was it Russia? You betcha. China, of course, supplies us with most of our
computer gear. Every iPhone and every Android phone, nearly all our servers, laptop computers, routers -- heck, the entire technological core of
American communications -- has come from China. The same China that has been actively involved in breaching American
interests at all levels. Russia and China. Again and again and again. In the center of all this is the main body of Europe, where
the last two incendiary world wars were fostered and fought. Nations fall when they are economically unstable. Greece is seeing the
writing on the wall right now. It is but one of many weak European Union members. Other EU members are former Soviet states who
look eastward towards Putin's Russia with a mixture of fear and inevitability. This time, Germany isn't the instigator of unrest, but instead
finds itself caught in the middle -- subject to spying by and active in spying on its allies -- the only nearly-super power of the EU. An enemy (or even a
supposed "friendly" nation) decides it needs the strategic upper hand. After years of breaches, it has deep access to nearly every powerful
government and business figure in the United States. Blackmail provides access into command and control and financial
systems. Financial systems are hit and we suffer a recession worse than the Great Recession of 2008-2009. Our
budget for just about everything (as well as our will) craters. Industrial systems (especially those that might post a physical or economic
threat to our attacker) are hit next. They are shut down or damaged in the way Stuxnet took out centrifuges in Iran.
Every step America takes to respond is anticipated by the enemy -- because the enemy has a direct pipeline to every important piece
of communication America produces, and that's because the enemy has stolen enough information to corrupt
an army of Snowdens. While this is all going on, the American public is blissfully in the dark. Citizens just get angrier and angrier at the
leadership for allowing a recession to take hold, and for allowing more and more foreigners to take American jobs. Europe, which has always relied on
America to keep it propped-up in the worst of times, will
be on its own. Russia will press in from the north east. ISIS will
continue to explode in the Middle East. China will keep up its careful dance as it grows into the world's leading
economic power. India, second in size only to China and a technological hotbed itself, remains a wild card, physically
surrounded by Europe, the Middle East, China, and Russia. India continues to live in conflict with Pakistan, and
with Pakistan both unstable and nuclear-tipped, Indo-Pak, too, is on the precipice. A world war is about huge
nations spanning huge geographic territories fighting to rewrite the map of world power. Russia, China, ISIS (which calls itself the Islamic State),
India, Pakistan, the US, the UK, and all of the strong and weak members of the EU: we certainly have the cast of characters for
another global conflict. I could keep going (and, heck, one day I might game the full scenario). But you can see how this works. If enemy
nations can diminish our economic power, can spy on our strategic discussions, and can turn some of our key
workers, they can take us out of the battle -- without firing a single shot. We are heading down this path now. I
worry that we do not have the national or political will to turn the tide back in our favor. This is what keeps me up at night.
2AC RUSSIA CYBERWAR IMPACT
US and Russian cyber capabilities increase risk of nuclear war—miscalculation
Cimbala 14 Distinguished Professor of Political Science, Penn State Brandywine, author of numerous books
and articles in the fields of international security studies, defense policy, nuclear weapons and arms control,
intelligence (Stephen J., Air & Space Power Journal 28.2, “Nuclear Deterrence and Cyber: The Quest for
Concept” p. 88 – 90, Mar/Apr 2014, ProQuest) | js
What are the implications of potential overlap between concepts or practices for cyber war and for nuclear deterrence?4 Cyber war and nuclear
weapons seem worlds apart. Cyber weapons should appeal to those who prefer a nonnuclear or even a postnuclear military-technical arc of
development. War in the digital domain offers, at least in theory, a possible means of crippling or disabling enemy assets without the need for kinetic
attack or while minimizing physical destruction.5 Nuclear weapons, on the other hand, are the very epitome of "mass" destruction, such that their use for
deterrence or the avoidance of war by the manipulation of risk is preferred to the actual firing of same. Unfortunately, neither nuclear deterrence
nor cyber war will be able to live in distinct policy universes for the near or distant future. Nuclear weapons, whether held back for
deterrence or fired in anger, must be incorporated into systems for command, control, communications, computers, intelligence, surveillance, and
reconnaissance (C4ISR). The weapons and their C4ISR systems must be protected from attacks both kinetic and digital
in
nature. In addition, the decision makers who have to manage nuclear forces during a crisis should ideally have the best
possible information about the status of their own nuclear and cyber forces and command systems, about the forces and
C4ISR of possible attackers, and about the probable intentions and risk acceptance of possible opponents. In short, the task of managing a
nuclear crisis demands clear thinking and good information. But the employment of cyber weapons in the early stages of a
crisis could impede clear assessment by creating confusion in networks and the action channels that depend
upon those networks.6 The temptation for early cyber preemption might "succeed" to the point at which nuclear
crisis management becomes weaker instead of stronger. Ironically, the downsizing of US and post-Soviet Russian strategic
nuclear arsenals since the end of the Cold War, while a positive development from the perspectives of nuclear arms control and nonproliferation,
makes the concurrence of cyber and nuclear attack capabilities more alarming. The supersized deployments of missiles and bombers and expansive
numbers of weapons deployed by the Cold War Americans and Soviets had at least one virtue. Those arsenals provided so much redundancy against firststrike vulnerability that relatively linear systems for nuclear attack warning, command and control, and responsive launch under-or after-attack sufficed.
At the same time, Cold War tools for military cyber mischief were primitive compared to those available now. In addition, countries and their armed
forces were less dependent on the fidelity of their information systems for national security. Thus the reduction of US, Russian, and possibly other forces
to the size of "minimum deterrents" might compromise nuclear flexibility and resilience in the face of kinetic attacks preceded or accompanied by cyber
war.7 Offensive and defensive information warfare as well as other cyberrelated activities is obviously very much on the minds of US military leaders and
others in the American and allied national security establishments.8 Russia has also been explicit about its cyber-related con- cerns. President Vladimir
Putin urged the Russian Security Council in early July 2013 to improve state security against cyber attacks.9 Russian security expert Vladimir
Batyuk, commenting favorably on a June 2013 US-Russian agreement for protection, control, and accounting of nuclear materials (a successor to the
recently expired Nunn-Lugar agreement on nuclear risk reduction), warned that pledges by Presidents Putin and Barack Obama for cooperation on
cybersecurity were even more important: "Nuclear weapons are a legacy of the 20th century. The challenge of the 21st
century is cybersecurity."10 On the other hand, arms control for cyber is apt to run into daunting security and
technical issues, even assuming a successful navigation of political trust for matters as sensitive as these. Of special significance is
whether cyber arms-control negotiators can certify that hackers within their own states are sufficiently under
control for cyber verification and transparency. The cyber domain cuts across the other geostrategic domains for warfare as well: land,
sea, air, and space. However, the cyber domain, compared to the others, suffers from the lack of a historical perspective. One author argues that the cyber
domain "has been created in a short time and has not had the same level of scrutiny as other battle domains."11 What this might mean for the cybernuclear intersection is far from obvious. Thble 1 summarizes some of the major attributes that distinguish nuclear deterrence from cyber war, according
to experts, but the differences between nuclear and cyber listed here do not contradict the prior observation that cyber and
nuclear domains inevitably interact in practice. According to research professors Panayotis A. Yannakogeorgos and Adam B. Lowther at
the US Air Force Research Institute, "As airmen move toward the future, the force structure-and, consequently, force-development
programs-must change to emphasize the integration of manned and remotely piloted aircraft, space, and cyber-power
projection capabilities."12
2AC VULNERABILITIES NOW
Cyber vulnerabilities increasing—lack of zero-day regulation poses a serious security threat
Fidler 14 (Mailyn Fidler, graduate student at the Center for International Security and Cooperation Freeman
Spogli Institute for International Studies, Stanford University. “ANARCHY OR REGULATION:
CONTROLLING THE GLOBAL TRADE IN ZERO-DAY VULNERABILITIES”, May 2014,
https://stacks.stanford.edu/file/druid:zs241cm7504/ZeroDay%20Vulnerability%20Thesis%20by%20Fidler.pdf)//CLi
5.2 The Zero-Day Trade as a National and International Security Problem These continuing
controversies underscore that zero-day
vulnerabilities and their trade constitute serious and complex national and international security problems .
Cybersecurity is of increasing concern to governments, and the zero-day problem touches nearly every dimension
of cybersecurity debates . Governments use zero-days for military, intelligence, and law enforcement cyber operations. Authoritarian
regimes employ them to monitor and silence citizens. Criminal organizations use them to disrupt systems and steal
information. Experts fear non-state actors might utilize zero-days to attack critical infrastructure. The zero-day trade
is global and lucrative, with the United States and other nations participating as buyers. Cybersecurity experts are concerned
this trade enables governments, non-state actors, and criminal organizations to obtain and
improve dangerous cyber capabilities . The U.S. government’s participation in the zero-day market and
their policies on zero-days amplify concerns about the trade. The U.S. government’s ability to keep
purchased zero days secret
to preserve military, intelligence, or law enforcement
utility undermines U.S. and
global cybersecurity . The seriousness and widespread nature of the consequences of the zero-day trade have generated a growing policy
debate about regulating the zero-day trade. This thesis contributes to this debate by exploring what is known about the market and analyzing domestic
and international options for controlling the zero-day trade. Domestically, it analyzed criminalization, unilateral export controls, and increased oversight
of U.S. government executive branch actions. It concludes that increased executive branch oversight is the best national strategy to address the problems
of existing U.S. zero-day policy. Internationally, this thesis investigated international legal approaches, voluntary collective action through export
controls, and cooperation through collective defense organizations. Voluntary collective action to harmonize export controls on zero days through the
Wassenaar Arrangement emerges as the most feasible international option. However, the obstacles confronting effective regulation of
the 170 zero-day trade are daunting, raising the real possibility that this trade will continue to contribute to the
cyber “security dilemma” that is emerging in contemporary international relations.
AT: CYBERWAR WON’T ESCALATE
Cyberwar is escalating – Iran attacks, China hacking, and North Korea’s assault
Leyden 6/4 (John, 6/4/15, We stand on the brink of global cyber war, warns encryption guru,
http://www.theregister.co.uk/2015/06/04/schneier_global_cyber_war_warns/) /AMarb
We are in the early years of a cyber war arms race, security guru Bruce Schneier warned delegates at the
Infosecurity Europe exhibition on Wednesday. Schneier, CTO of Resilient Systems, said the much publicised
Stuxnet attacks on Iran by the US and Israel in 2010, Iran’s attack on Saudi Aramco, China’s apparent role in
hacking GitHub, and the North Korean assault on Sony Pictures last year are all examples of the phenomenon.
“These nations are building up for cyber war and now we're all in the blast radius,” he warned, while speaking
in London. Most of these attacks — including Stuxnet and the assault on GitHub — inflict collateral damage,
Schneier told El Reg, adding that cyber attacks are likely to become mainstream aspect of many conflicts. “I’m
afraid things will get out of hand,” he said. During a keynote presentation, Schneier focused on a detailed
commentary on last year’s attack on Sony Pictures. After months of doubting North Korea’s involvement in the
attack Schneier was finally convinced of its role by a mid January article by David Sanger in the New York
Times. Other theories — most notably that a disgruntled insider collaborated with elements of Anonymous to
launch the attack — were widely touted in the weeks following the attack. This illustrates the wider point that
attributing attacks in cyberspace is very hard, Schneier said. “You can be attacked and not be sure if it's a
nuclear-powered government or two guys in a basement,” Schneier noted. The security industry has developed
technology to rebuff high volume, unfocused attacks. However, skilled and focused attackers, commonly
referred to in the infused biz as advanced persistent threats (APTs), or otherwise known as state-sponsored
cyberspies, remain a huge challenge. “A sufficiently skilled, funded and motivated attacker will never fail to get
in,” Schneier said. The “high skill, high focused” attack thrown against Sony would have floored most every
target, he added. “Fundamentally, I don't think any of us could withstand this type of attack from this type of
adversary,” Schneier concluded. Schneier claimed that the $15m clean-up costs booked by Sony Pictures in the
wake of the attack seem to under-estimate costs and further charges will likely follow. ®
AT: NO CYBERWAR
Cyber war can end the Internet—US vulnerabilities
May 10 president of the Foundation for the Defense of Democracies, a policy institute focusing on terrorism
(Clifford D., “U. S. is too vulnerable to cyber war, cyber crime” 3/8/10, p.A8, Access World News)
If a top intelligence expert said America was not prepared for war, and indeed that if we went to war "we would lose," that would worry you, wouldn't it?
Start worrying. The expert is Mike McConnell, who served as director of the National Security Agency under President Bill
Clinton and as director of national intelligence under President George Bush. He was referring not to a conventional war or a
guerrilla war. He was referring to a cyber war. But understand: Cyber war does not mean fun and video games. McConnell told a Senate
committee last week that the risk we face from cyber attacks "rivals nuclear weapons in terms of seriousness."
Cyber combatants could cause massive blackouts lasting for months. They could destroy the electronic processes
on which our banking, commerce and financial systems have been built, stealing-- or simply wiping out--vast
amounts of wealth. They could put our air transportation system in jeopardy. They might even be able to cripple our defense
and national security infrastructure. It is possible to defend against such threats. But we are not doing it adequately. A year ago Jim Lewis,
director of the Center for Strategic and International Studies, told Steve Kroft of "60 Minutes" that in 2007 America suffered "an espionage Pearl Harbor.
Some unknown foreign power, and honestly, we don't know who it is, broke into the Department of Defense, to the Department of State, the Department
of Commerce, probably the Department of Energy, probably NASA." After that, you would think a serious and comprehensive cyber-defense program
would have been initiated. But in an op-ed published recently, McConnell warned that the U.S. government has "yet to address the
cyber-conflicts. ... we lack a cohesive strategy to meet this challenge." Add to that the growing
menace of cyber crime, which Joseph Menn, in his brilliant and disturbing book, "Fatal System Error," reports is already a "shadow
economy that is worth several times more than the illegal drug trade, that has already disrupted national
governments, and that has the potential to undermine Western affluence and security." If cyber crime is not
curbed, Menn predicts, it is likely to get "far worse potentially wiping out faith in electronic transactions and rendering the
Internet unfit for more than entertainment and informal, quasi-public communication." What about the nightmare scenario of
most basic questions about
cyber criminals and cyber combatants joining forces? That's already happening. "The full truth," Menn writes, "is that a number of enormously powerful
national governments, especially those of
Russia and China, have picked up the blossoming of the Internet age as the
time to ally with organized crime. The Russian government, and possibly the Chinese government, has access to minds capable not only of
stealing millions upon millions of dollars, but potentially disrupting the Western economy. Why wouldn't they encourage additional research to nurture
such a weapon?" Terrorists are penetrating cyberspace as well. Menn reports that "three British jihadists convicted in 2007 for inciting
murder used access to a database with 37,000 stolen credit cards to buy 250 airline tickets, night-vision goggles, hundreds of pre-paid cell phones, GPS
devices and more--$3.5 million in total purchases--to assist others in the movement." Could Iranian linked or al Qaeda jihadists do the same--on their
own or by making common cause with either cyber criminals or cyber combatants from countries ruled by regimes that would like to see harm done to
the United States? All too easily. The good news is that there are solutions. "The problem is not one of resources,"McConnell says. "Even in our current
fiscal straits, we can afford to upgrade our defenses." But he also predicts that the United States may have to suffer a catastrophic cyber attack before the
public demands that its leaders make this threat a top priority. America has built an incredible high-tech society. But it is flying on
gossamer wings.Our enemies know how fragile it is. So do we. The difference is they will do everything they can to destroy it. And we're not doing
everything we can to defend ourselves and to defeat them.
Cyber war is real and unpredictably dangerous—four reasons
Clarke 10 former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the
United States (Richard A., Cyber War: The Next Threat to National Security and What to Do About It, p.21,
4/20/10) | js
Cyber war is real. What we have seen so far is far from indicative of what can be done. Most of these well-known skirmishes in
cyberspace used only primitive cyber weapons (with the notable exception of the Israeli operation). It is a reasonable guess that the
attackers did not want to reveal their more sophisticated capabilities, yet. What the United States and other nations are
capable of doing in a cyber war could devastate a modern nation. Cyber war happens at the speed of light. As the photons
of the attack packets stream down fiber-optic cable, the time between the launch of an attack and its effect is barely measurable, thus creating
risks for crisis decision makers. Cyber war is global. In any conflict, cyber attacks rapidly go global, as covertly acquired or hacked
computers and servers throughout the world are kicked into service. Many nations are quickly drawn in. Cyber
war skips the battlefield. Systems that people rely upon, from banks to air defense radars, are accessible from cyberspace and can
be quickly taken over or knocked out without first defeating a country’s traditional defenses. Cyber war has begun. In
anticipation of hostilities, nations are already “preparing the battlefield.” They are hacking into each other’s networks and
infrastructures, laying in trapdoors and logic bombs—now, in peacetime. This ongoing nature of cyber war, the blurring of
peace and war, adds a dangerous new dimension of instability. As later chapters will discuss, there is every reason to believe that
most future kinetic wars will be accompanied by cyber war, and that other cyber wars will be conducted as “standalone” activities, without explosions, infantry, airpower, and navies. There has not yet, however, been a full-scale cyber war in which
the leading nations in this kind of combat employ their most sophisticated tools against each other. Thus, we really do not know who would
win, nor what the results of such a cyber war would be. This book will lay out why the unpredictability associated with
full-scale cyber war means that there is a credible possibility that such conflict may have the potential to change the world
military balance and thereby fundamentally alter political and economic relations. And it will suggest ways to reduce that
unpredictability.
Cyberattacks are a huge threat to national security
Kshetri 10 Professor of International Affairs at the University of North Carolina (Nir, “The Global Cybercrime
Industry: Economic, Institutional and Strategic Perspectives” p.6-7, 6/25/10) | js
According to the US Homeland Security Department, compared to 2006, there was a 52% increase in
cyberattacks against US federal agencies in 2007 (United Press International, 2009). The Pentagon detected over 79,000
attempted intrusions in its network in 2005 (Reid, 2007) and more than 80,000 in 2007 (Hamilton, 2009). In a discussion of the national
security impacts, attacks against the Department of Defense (DOD) networks merit mention. Note that the DoD information network represents about
20% of the entire Internet (GAO Reports June 22, 2007). In 1999, Department of Defense (DOD) networks detected 22,144 attacks on its networks
compared to 5,844 in 1998 (Wolf, 2000). In 2008, the DoD estimated that its networks experienced more than 3 million attacks annually (Hess, 2008).
The DoD networks were reported to receive about 6 million probes/scans a day (GAO Reports June 22, 2007). Entire infrastructure including those of
emergency services call centers, electricity, nuclear power plants, communications, dams, air traffic control and
transportation, commercial databases and information systems for financial institutions and health care providers, and
military applications are vulnerable to attacks by cyberterrorists or hostile state actors (Ronfeldt & Arquilla, 2003, p. 314; Shackelford,
2009; The Economist, 2008). For many years, technology and policy analysts have been talking about the possibility of a
"digital Pearl Harbour"-an unexpected cyberattack on a nation's infrastructure. Some reports have indicated US
electricity grid infrastructures and F-35 lighter jet programs had been the target of cyberattacks (Beatty, 2009). The
US President Obama noted: "We know that cyber-intruders have probed our electrical grid and that in other countries, cyberattackers have plunged
entire cities into darkness" (cf. Harris, 2009). The FBI has ranked cybercrime as the third-biggest threat to US national
security after nuclear war and weapons of mass destruction (Sloane, 2009). In a 2007 testimony to the US Congress, an analyst
working on cyber defense systems for the Pentagon told that a mass cyberattack could leave up to 70% of the United States
without electrical power for 6 months (Reid. 2007). Another estimate suggested that a loss of4% of the North American power grid will
disconnect almost two-thirds of the entire grid in the region (Cetron & Davies, 2009). Likewise, a study of US Cyber Consequences Unit indicated that
the costs of a single wave of cyberattacks on US infrastructures could exceed US $700 billion, which is about the same
as the costs associated with 50 major hurricanes (Sloane, 2009). In a discussion of the Internet's national security impacts, cyberattacks against Estonia
in April-May 2007 and those against Georgia in 2008 deserve special attention. The cyberattacks against Georgia by civilians were
coordinated with physical attacks by a military force (Claburn, 2009b). Likewise, in a high-profile Distributed Denial of Service (DDOS)
attacks in 2007, a botnet of up to 1 million computers attacked Estonian computer networks, which shut down the country's
government ministries, parliament, and major banks (Grant, 2008). The attacks against Estonia were launched after the Estonian
government moved the Soviet memorial to the "Great Patriotic War" (1941-1945) (as well as the soldiers buried there) from downtown Tallinn to a
suburb location. Obviously, Russia was unhappy with this decision. Some cyberattack experts noted that they saw the involvement of the Russian
government in the attacks (Economist.com, 2007). Some analysts observed that the effects of the 2007 cyberattacks in Estonia "were
potentially just as disastrous as a conventional attack" (Shackelford, 2009, p. 193)
AT: NO MISCALC
That escalates and is uniquely dangerous—miscalculation and misattribution
Clarke 9 former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the
United States (Richard A., The National Interest, “War from Cyberspace” p. 32-3, Nov/Dec 2009,
http://users.clas.ufl.edu/zselden/coursereading2011/Clarkecyber.pdf) | js
We sit at a similar historical moment. War
fighting is forever changed. Though it will never produce the kind of death toll of nuclear
cyber-war battlefield. We’ve developed a plethora of gee-whiz
technological capabilities in the past few years, but cyber war is a wholly new form of combat, the implications of which we do
not yet fully understand. Its inherent nature rewards countries that act swiftly and encourages escalation. As in the 1960s, the
weapons, we can see echoes of these same risks and challenges in today’s newest
speed of war is rapidly accelerating. Then, long-range missiles could launch from the prairie of Wyoming and hit Moscow in only thirtyfive minutes.
Strikes in cyber war move at a rate approaching the speed of light. And this speed favors a strategy of preemption, which
means the chances that people can become trigger-happy are high. This, in turn, makes cyber war all the more likely. If a
cyber-war commander does not attack quickly, his network may be destroyed first. If a commander does not
preempt an enemy, he may find that the target nation has suddenly raised new defenses or even disconnected from the
worldwide Internet. There seems to be a premium in cyber war to making the first move. And much as in the nuclear era, there is a real risk of
escalation with cyber war. Nuclear war was generally believed to be something that might quickly grow out of conventional combat, perhaps initiated
with tanks firing at each other in a divided Berlin. The speed of new technologies created enormous risks for crisis instability and miscalculation.
Today, the risks of miscalculation are even higher, enhancing the chances that what begins as a battle of
computer programs ends in a shooting war. Cyber war, with its low risks to the cyber warriors, may be seen by a
decision maker as a way of sending a signal, making a point without actually shooting. An attacker would likely think of a cyber-
offensive that knocked out an electric-power grid and even destroyed some of the grid’s key components (keeping the system down for weeks), as a
somewhat antiseptic move; a way to keep tensions as low as possible. But for the millions of people thrown into the dark and perhaps
the cold, unable
to get food, without access to cash and dealing with social disorder, it would be in many ways the same as
if bombs had been dropped on their cities. Thus, the nation attacked might well respond with “kinetic activity.” Responding, however, assumes
that you know who attacked you. And, one of the major differences between cyber war and conventional war—one that
makes the battlefield more perilous—is what cyber warriors call “the attribution problem.” Put more simply, it is a matter of
whodunit. In cyberspace, attackers can hide their identity, cover their tracks. Worse, they may be able to mislead, placing blame
on others by spoofing the source. In 2007, the Russian government denied that it had engaged in primitive cyber war against Estonia that took out
such things as the financial-services sector, and in 2009 claimed it was not responsible for largely identical activity against Georgia; though Russia did
concede that some of its citizens, outraged over the conflict in Abkhazia, might have launched the denial-of-service attacks.
DISADVANTAGES
2AC CYBER-DETERRENCE DA
Deterrence doesn’t apply to cyberspace
Weiner 12 [Sarah, research intern for the Project on Nuclear Issues, boss, internally cites Dr. Lewis who is the
director of the Center for Homeland Security and Defense, https://www.hsdl.org/hslog/?q=node/9216]
Others vehemently disagree with this presupposition. Jim Lewis, for example, argued earlier this month at an event at the Stimson Center that
deterrence will not work in the cyber domain . He emphasized that difficulties in attributing attacks, “holding
hostage” adversaries’ cyber and physical assets, and achieving a proportional response all decrease the
credibility of US threats and reduce the costs of an adversaries’ hostile cyber operations. And Dr. Lewis has
considerable evidence on his side: public and private entities in the US experience cyber-attacks on a daily
basis. If these attacks are deterrable, we are doing a terrible job of leveraging our capabilities. For a number of
reasons, trying to apply nuclear deterrence logic to cyber warfare feels a bit too much like trying to fit a square
peg into a round hole. That does not mean, however, that we should abandon all attempts to draw analogies between cyber and nuclear strategy.
Despite a few close calls, the basic principles of nuclear deterrence and mutually assured destruction have prevented the use of nuclear weapons for over
60 years. Understanding the reason why this largely effective and stable model of deterrence cannot map cleanly onto the cyber world may help us better
conceptualize strategies for cyber-deterrence. The first difficulty is establishing an analogue between a nuclear attack and a cyber-attack. We know
when a nuclear bomb explodes, and we know it is unacceptable. The spectrum of cyber-attacks, however, spans
far, far below the destructiveness of a nuclear strike. Denial-of-service attacks, such as Iran’s recent shutdown
of several banks’ websites, are a world away from the detonation of any weapon, not to mention a nuclear
weapon. This creates the problem of credibility and proportionality Dr. Lewis spoke about: responding to such
low-level attacks with a military use of force is so disproportionate that it is not a credible threat . If the US instead
decides to use cyber capabilities to deter cyber-attacks, it runs into a second problem. Cyber “weapons” cannot be used in the same
way we use nuclear weapons because, unlike nuclear weapons, the demonstration of a cyber-capability quickly
renders that capability useless. If the US were to release the details of a cyber-weapon, intended to signal a
retaliatory capability, potential adversaries could attempt to steal the technology and/or harden their cyber
defenses against the US weapon’s specific attributes. This is the opposite of nuclear deterrence, in which the US pursues the most credible and reliable
force so that other nations know precisely how damaging a US counterstrike would be. Demonstrating that a nation could effectively mount a secondstrike in response to a nuclear attack creates a stabilizing dynamic of mutually assured destruction in which no nation believes it could gain militarily by
launching a nuclear attack. The trouble with cyber weapons, however, is that they cannot be so transparently deployed.
The only effective
cyber-attack is an unexpected attack, and that does nothing for signaling or deterrence .
Maintaining zero-days causes more vulnerabilities
Comninos and Seneque 14 [Alex, Justus-Liebig University Giessen, and Gareth, Geist Consulting, “Cyber
security, civil society and vulnerability in an age of communications surveillance,” GIS Watch, 2014,
http://giswatch.org/en/communications-surveillance/cyber-security-civil-society-and-vulnerability-agecommunications-sur] //khirn
Cyber security and vulnerability Cyber
security discourse should focus more on information security vulnerabilities,
rather than on threats and responses. This focus would help to delineate what constitutes a cyber security issue,
avoid cyber security escalating to a counter-productive national security issue, and place a practical focus on the protection
of all internet users. A security vulnerability, also called a “bug”, is a piece of software code that contains an error or
weakness that could allow a hacker to compromise the integrity, availability or confidentiality of information
contained, managed or accessed by that software.17When a vulnerability is discovered, a malicious hacker may make an “exploit”18
in order to compromise data or access to a computer. Malware – viruses and Trojan horses – require exploits (or collections
of exploits) that take advantage of vulnerabilities. Expertise in fixing vulnerabilities is improving but not keeping
up with the pace of the growth. Compared to 15 years ago, all popular and contemporary desktop operating systems (Windows, Linux and
Mac) offer regular automated security updates which fix or “patch” known vulnerabilities. While we are finding more vulnerabilities in code and viruses
than ever before, we are also getting better at finding them. At the same time we keep producing more software code, meaning that
the net
number of vulnerabilities is increasing .19 Viruses and botnets, including Stuxnet and other state-sponsored malware,
require vulnerabilities to work . Finding and fixing vulnerabilities contributes to a safer and secure
internet, counters surveillance and can even save lives. For example, a vulnerability in Adobe’s Flash software was recently used against dissidents in
Syria.20 There are two categories of vulnerabilities, each requiring different user and policy responses: zero-days and forever-days. Zero-days are
vulnerabilities for which there is no available fix yet, and may be unknown to developers. Forever-days are
vulnerabilities which are known of, and either do not have a fix, or do have a fix in the form of a patch or an update, but they are for the most part not
applied by users. Zero-day vulnerabilities When
a zero-day is found, the original software developer should be notified so
that they may find a fix for the vulnerability and package it as a patch or update sent out to users. Furthermore, at
some stage, users of the affected software that are rendered vulnerable should also be informed, so they can understand if they are or have been
vulnerable and take measures to recover and mitigate for the vulnerability. Throughout the history of computers, “hackers”21 have sought
to
use technology in ways that it was not originally intended. This has been a large source of technological innovation. Hackers have
applied this logic to computer systems and have bypassed security and found vulnerabilities for fun, fame, money, or in the interests of a more secure
internet. It is because of people that break security by finding vulnerabilities that we can become more secure. A problem for cyber security is that
“good” (or “white hat”) hackers or “security researchers” may not be incentivised to find zero-days and use this
knowledge for good. Rather than inform the software vendor, the project involved, or the general public of a vulnerability, hackers may
decide not to disclose it and instead to sell information about a vulnerability, or package it as an exploit and sell
it. These exploits have a dual use: “They can be used as part of research efforts to help strengthen computers against intrusion. But they can also be
weaponised and deployed aggressively for everything from government spying and corporate
espionage to flat-out fraud.”22 There is a growing market for zero-days that operates in a grey and
unregulated manner. Companies sell exploits to governments and law enforcement agencies around the world;
however, there are concerns that these companies are also supplying the same software to repressive regimes and to intelligence agencies. There is
also a growing black market where these exploits are sold for criminal purposes.23
Black markets bad --- causes massive IP theft
Goldsmith 10 [Jack, teaches at Harvard Law School and is a visiting fellow at the Hoover Institution at
Stanford University, “The New Vulnerability,” New Republic, June 7, 2010,
http://www.newrepublic.com/article/books-and-arts/75262/the-new-vulnerability] //khirn
Today powerful
criminal organizations operate in flourishing online black markets to buy and sell information
about software vulnerabilities and an endless variety of sophisticated malware weapons that can be used to
exploit these vulnerabilities. They infect, gather, and rent huge clusters of compromised zombie computers
known as “botnets” that can be used for denial-of-service attacks or “phishing” expeditions (feigned trustworthy
messages of the general sort that tricked the Google administrators). They buy and sell criminal services ranging from phishingfor-hire to money laundering. And they trade in stolen goods such as credit card and Social Security numbers
and identification and login credentials. According to the computer security firm Symantec, a stolen credit card number fetches between
eighty-five cents and thirty dollars on the black market. For twenty bucks you can buy someone’s essential identity information: name, address, birth
date, and Social Security number. President Obama noted last year that cyber criminals stole an estimated $1 trillion in intellectual
property from businesses worldwide in 2008. In truth, we lack both the reliable data and the metrics needed to know for
certain the amount of losses from online criminal activities. Most security experts believe that the already massive online
criminal industry is growing in size, sophistication, and success at a faster rate than companies, individuals,
and law enforcement authorities are improving computer defenses. And the losses are surely much greater
than have been made public, for most companies that are targets of cyber attacks and cyber exploitations have
a powerful incentive not to report their losses, which might lead to stock-price drops , lawsuits , and
consumer anger .
Overconcentration on offense is uniquely destabilizing- makes cyberwar inevitable
McGraw 13 [Gary, PhD, Chief Technology Officer of Cigital, and author of Software Security (AWL 2006)
along with ten other software security books. He also produces the monthly Silver Bullet Security Podcast
forIEEE Security & Privacy Magazine (syndicated by SearchSecurity), Cyber War is Inevitable (Unless We
Build Security In), Journal of Strategic Studies - Volume 36, Issue 1, 2013, pages 109-119] //khirn
Also of note is the balancing effect that extreme cyber vulnerability has on power when it comes to cyber war. In
the case of the Stuxnet attack, the balance of power was clearly stacked high against Iran. Subsequently, however, Iran responded with the (alleged)
hijacking of a US drone being used for surveillance in Iranian airspace.10 Ironically, it may be that the most highly developed
countries are more vulnerable to cyber warfare because they are more dependent on modern high-tech
systems. In any case, failure to build security into the modern systems we depend on can backlash, lowering the
already low barrier to entry for geopolitically motivated cyber conflict. Defending against cyberattack (by
building security in) is just as important as developing offensive measures. Indeed it is more so. War has both
defensive and offensive aspects, and understanding this is central to understanding cyber war. Over-concentrating on offense can
be very dangerous and destabilizing because it encourages actors to attack first and
ferociously, before an adversary can. Conversely, when defenses are equal or even superior to offensive
forces, actors have less incentive to strike first because the expected advantages of doing so are far lower.
The United States is supposedly very good at cyber offense today, but from a cyberdefense perspective it lives in
the same glasshouses as everyone else. The root of the problem is that the systems we depend on – the lifeblood of the modern world – are
not built to besecure.11This notion of offense and defense in cyber security is worth teasing out. Offense involves exploiting systems, penetrating systems
with cyberattacks and generally leveraging broken software to compromise entire systems and systems of systems.12 Conversely, defense means building
secure software, designing and engineering systems to be secure in the first place, and creating incentives and rewards for systems that are built to be
secure.13 What sometimes passes for cyber defense today – actively watching for intrusions, blocking attacks with network technologies such as firewalls,
law enforcement activities, and protecting against malicious software with anti-virus technology – is little more than a cardboard shield.14 If we do
not focus more attention on real cyber defense by building security in, cyber war will be inevitable .
Cyberdefense outweighs any offensive capabilities --- deliberately weakening the internet
guarantees successful attacks
Masnick 13 [Mike, founder and CEO of Floor64 and editor of the Techdirt blog, Oct 7th 2013, “National
Insecurity: How The NSA Has Put The Internet And Our Security At Risk,” Techdirt,
https://www.techdirt.com/articles/20131005/02231624762/national-insecurity-how-nsa-has-put-internetour-security-risk.shtml] //khirn
But, really, the issue is that the
NSA's actions aren't actually helping national security, but they're doing the exact
opposite. They're making us significantly less safe . Bruce Schneier made this point succinctly in a recent interview: The NSA’s
actions are making us all less safe. They’re not just spying on the bad guys, they’re
deliberately weakening Internet security
for everyone—including the good guys. It’s sheer folly to believe that only the NSA can exploit the vulnerabilities they
create. Additionally, by eavesdropping on all Americans, they’re building the technical infrastructure for a police state. The folks over at EFF have dug
into this point in much greater detail as well. Undermining internet security is a really bad idea. While it may make it slightly
easier for the NSA to spy on people -- it also makes
it's making us a lot less secure.
it much easier for others to attack us . For all this talk of national security,
In trying to defend this situation, former NSA boss Michael Hayden recently argued that the
NSA,
a judgment call on whether or not it's worth fixing or exploiting itself. He
discussed how the NSA thinks about whether or not it's a "NOBUS" (nobody but us) situation, where only the US could
exploit the hole: You look at a vulnerability through a different lens if even with the vulnerability it requires
substantial computational power or substantial other attributes and you have to make the judgment who else
can do this? If there's a vulnerability here that weakens encryption but you still need four acres of Cray computers in the basement in order to work it
when it comes across security vulnerabilities, makes
you kind of think "NOBUS" and that's a vulnerability we are not ethically or legally compelled to try to patch -- it's one that ethically and legally we could
try to exploit in order to keep Americans safe from others. Of course, that ignores just how sophisticated and powerful certain other groups and
governments are these days. As that article notes, the
NSA is known as a major buyer of exploits sold on the market -- but that
also means that every single one of those exploits is known by non-NSA employees, and the idea that only the NSA is
exploiting those is laughable. If the NSA were truly interested in "national security" it would be helping to close
those vulnerabilities, not using them to their own advantage. This leads to two more troubling issues -- the fact that the "US Cyber
Command" is under the control of the NSA is inherently problematic. Basically, the NSA has too much overlap between its offensive and defensive
mandates in terms of computer security. Given what we've seen now, it's pretty damn clear that the
NSA highly prioritizes offensive
efforts to break into computers, rather than defensive efforts to protect Americans' computers. The second issue is
CISPA. The NSA and its defenders pushed CISPA heavily, claiming that it was necessary for "national security" in
protecting against attacks. But a key part of CISPA was that it was designed to grant immunity to tech companies from
sharing information with... the NSA, which was effectively put in control over "cybersecurity" under CISPA. It seems clear, at this
point, that the worst fears about CISPA are almost certainly true. It was never about improving defensive cybersecurity, but a
cover story to enable greater offensive efforts by the NSA which, in turn, makes us all a lot less secure .
Squo cyber-offense is a bad framework
Iasiello 14 (Emilio Iasiello has been a cyber-threat analyst for the past twelve years supporting the US
Departments of State and Defense, as well as a private sector security firm. “Hacking Back: Not the Right
Solution”.
http://www.strategicstudiesinstitute.army.mil/pubs/Parameters/issues/Autumn_2014/13_IasielloEmilio_Ha
cking%20Back%20Not%20the%20Right%20Solution.pdf)//CLi
Abstract: In cyberspace attackers enjoy an advantage over defenders, which has popularized the concept of “active cyber defense”— offensive
actions intended to punish or deter the adversary . This article argues active cyber defense is not a practical
course of action to obtain tactical and strategic objectives. Instead, “aggressive cyber defense,” a proactive
security solution, is a more appropriate option. Cyber Strategies Hacking Back: Not the Right Solution The ability to
retaliate against cyber attackers —irrespective of the legalities of such actions—appears to have gained traction in
the United States government , but is it a practical response for achieving tactical and strategic objectives in cyberspace?
Attribution limitations, collateral damage considerations, the Internet’s global archi- tecture, and
potential event escalation make the challenges of engaging in active cyber defense
course of action destined to achieve limited tactical successes at best; and
an
ineffective
it risks accelerating digital as well as physical
conflict . Too many variables prevent active cyber defense deter- ring or punishing adversaries in cyberspace. For that reason, this article advocates
a more productive solution—aggressive cyber defense—to frustrate attackers via nondestructive or damaging activities.
We have initiated a virtual Cold War—only a defensive model can deter escalation
Iasiello 14 (Emilio Iasiello has been a cyber-threat analyst for the past twelve years supporting the US
Departments of State and Defense, as well as a private sector security firm. “Is Cyber Deterrence an Illusory
Course of Action?”, Journal of Strategic Security,
http://scholarcommons.usf.edu/cgi/viewcontent.cgi?article=1337&context=jss, 2014)//CLi
With the U.S. government (USG) acknowledgement of the seriousness of cyber threats, particularly against its critical infrastructures, as
well as the Department of Defense (DoD) officially
label ing cyberspace as a war fighting domain , security experts,
policymakers , and think tank researchers have resurrected a potential Cold War strategy to implement
against the new threats fermenting in cyberspace.1 It is argued that the same principles that successfully contributed
to nuclear deterrence with the Soviet Union can be applied to cyberspace and the hostile actors that operate
within. However compelling, similar strategies are not transferrable and the key factors that made nuclear deterrence a viable solution does not carry
the same value in cyberspace. While only a handful of states have demonstrated the capability to develop nuclear weapons, more than 140
nations have or are developing cyber weapons, and more than thirty countries are creating military
cyber units, according to some estimates. Moreover, this threat actor landscape does not consist of nation states alone. Included are cyber criminals,
hackers, and hacktivists of varying levels of sophistication and resources willing to use their capabilities to support nefarious objectives.2 There are
advocates favoring the implementation of a cyber deterrence strategy to mitigate the volume of hostile cyber
activity against public and private sector interests. However, too many factors—including attribution challenges and
sustainability against this vast threat actor landscape—inhibit cyber deterrence options from achieving their desired outcome
in the near term. What’s more, other deterrent strategies such as those employed against nuclear weapon use,
terrorism, and rogue state behavior is not suitable models for the cyber realm. Despite some commonalities, the cyber domain lacks
the transparency and actor visibility required to develop deterrence measures. Despite these hindrances, nation states should seek to
develop, refine, and implement national level cyber security strategies that focus on cyber
defense improvements and enforce accountability to measure their successes. While there will always be sophisticated actors able to thwart the
most robust cyber security defenses, the success of hostile activity against networks are the result of poor cyber security practices such as unpatched
systems and users not well trained in information assurance principles. Cyber security is an ongoing effort that needs to be relentlessly monitored and
adapted to a constantly changing threat environment.
Squo policies makes companies and citizens vulnerable to hackers—we need to switch to
defense
Clarke and Swire 14 (Richard Clarke was a National Security official in the Bush, Clinton, and Bush
Administrations. Peter Swire was a White House official under Presidents Clinton and Obama, and now is a
professor at the Scheller College of Business of the Georgia Institute of Technology. “The NSA Shouldn’t
Stockpile Web Glitches”, 4/18/2014, http://www.thedailybeast.com/articles/2014/04/18/the-nsa-shouldn-tstockpile-web-glitches.html)//CLi
When word spread last week about the greatest cyberspace vulnerability in years, the aptly named Heartbleed vulnerability, the first question that many
asked was “Did NSA know?” Because of the prior revelations about NSA activity, there is now a natural suspicion among many citizens that the NSA
would be using such a weakness in the fabric of cyberspace to collect information. Bloomberg even reported that the NSA did know and had been
exploiting the mistake in encryption. But actually no U.S. government agency was aware of the problem; they learned about it along with the rest of us.
That is both reassuring and troubling. The question remains, however, what if, in a similar case in the future, the NSA or some other government agency
did learn about such a flaw in software? Should it be the NSA’s decision to tell us about the problem? Should the
government lean to offense, and use the vulnerability to create an exploit and collect information, or , instead, lean
toward defense, alerting citizens and companies so that they can protect themselves from malicious actors who
may also learn about the flaw? Although for some, the answer comes easily, it is in our minds a difficult decision. The temptation to stockpile
vulnerabilities for offense is easy to understand. After all, what if you could use a software glitch to destroy machines that Iran is using to make nuclear
bomb material? Or perhaps we can use a mistake in coding to get inside al Qaeda’s communications and learn about their next attack before it happens,
perhaps in time to stop it. In those hypothetical cases, what is the U.S. Government’s chief responsibility? To protect us from nuclear proliferation or
terrorism? Or, to patch up software that might be running critical infrastructure such as our banks, stock markets, electric power grid, or transportation
systems? The President’s Intelligence Review Group recommended earlier this year that the default decision, the assumption, should be to lean toward
defense. (Disclosure: We were two of the group’s five members.) The government, upon learning of a software vulnerability, should alert us and act
quickly with the IT industry to fix the error. We reasoned that if the U.S. government learns about a software glitch, others will
too, and it would be wrong to knowingly let U.S. citizens, companies and critical infrastructure be vulnerable to
hackers and foreign intelligence cyber spies. Usually, it is the U.S. who has the most to lose when there is
a hole in the fabric of cyberspace . We rely upon information technology systems and control networks more than any other
economy or society, and the potential damage that could be done to our country from malicious hacking could be
devastating. We also recommended that there be the opportunity for rare exceptions to the rule. If the government learns about a vulnerability in
some obscure piece of software, not widely present on U.S. critical networks but running on the systems of some real threat (such as al Qaeda or Iran’s
nuclear program), the president ought to be able to authorize for a limited time the use of that knowledge to collect intelligence or even to cause
destruction of threatening hardware. That decision, however, should not be the NSA’s to make alone. Balancing the offense/defense equities should be a
White House call, made after having heard from all sides of the issue. Those in the government who worry about defending critical, private sector
networks (the departments of Treasury, Homeland Security, Energy, Transportation) should have the opportunity to make their case that it would be
better to defend ourselves than to hoard our knowledge of a cyber problem to attack other nations’ networks. The reality is that there will be very
few cases where a strong argument could be made for keeping a software vulnerability secret. Even then, the issue
would be not whether to tell the American people about the cyberspace flaw, but how soon to tell. The president, according to a White House statement
last week, has decided to accept our recommendation. The Obama administration announced that, with very rare exceptions, when the U.S. government
learns of a software vulnerability, it will work with the software companies involved and with users to patch the mistake as quickly as possible. That
lean toward defense is, we believe, the right answer.
AT: CHINA/TAIWAN
Won’t go nuclear
Pike 11 – last modified 5/7/2011 (John, manager, Global Security, China’s Options in the Taiwan
Confrontation, http://www.globalsecurity.org/military/ops/taiwan-prc.htm)
China would almost certainly not contemplate a nuclear strike against Taiwan, nor would Beijing embark on a
course of action that posed significant risks of the use of nuclear weapons. The mainland's long term goal is to
liberate Taiwan, not to obliterate it, and any use of nuclear weapons by China would run a substantial risk of
the use of nuclear weapons by the United States. An inability to control escalation beyond "demonstrative" detonations would cause
utterly disproportionate destruction.
No miscalc
Cliff et al 11 – senior political scientist at the RAND Corporation [Cliff with Phillip C. Saunders Senior Research Professor at the National Defense
University's Institute for National Strategic Studies and Scott Harold”March 30, 2011 New Opportunities and Challenges for Taiwan's Security”
http://www.rand.org/content/dam/rand/pubs/conf_proceedings/2011/RAND_CF279.pdf Accessed July 12, 2011]
Moreover, other than pursuing the largely political goals of reunification and weakening the security relationship between Taiwan and the United States,
there doesn’t seem to be any compelling military need for such measures (which is, after all, the essence of CBMs). To be sure, there is always a risk of
conflict when two militaries face each other, and more, rather than less, certainty never hurts. However, there seems to be little reason to
be concerned over accidental conflict or misperception. There are informal understandings (the centerline being
the prime example): There is already some cooperation in rescue at sea, many (probably too many) channels of
communication exist, and even some unilateral statements of intent have been made. Moreover, and very importantly,
viewing the question from the mainland’s side, the frequent statements cited above regarding Taiwan’s desire to use CBMs to freeze the status quo
suggest that it is questionable whether Beijing really wants to - 45 - reinforce certainty regarding its intent and thus weaken its deterrent to the
independence forces, which is still considered to be so essential
Mutual consensus on avoiding deterioration
Sun 11—vice president of the Prospect Foundation (Yang-ming, 5 December 2011, “The Potential Crisis of
Asian-Pacific Stability,” http://www.carnegieendowment.org/2011/12/05/potential-crisis-of-asian-pacificstability/820d, RBatra)
The structural factors that contribute to the stability of the China-Taiwan relationship stem from
three different policy lines coming out of Taiwan, China, and the United States. For Taipei, when Mr. Ma won his 2008
campaign, he didn’t hesitate to construct a policy of “maintaining cross-Strait stability” according to his party platform. That platform was based on the
1992 Consensus, in which Beijing and Taipei agreed that there is one China, but that each side has its own interpretation of what that means. That policy line helped
eliminate the instability caused by the “one country on each side” principle that was raised by Ma’s predecessors from
the Democratic Progressive Party (DPP). It implied that China and Taiwan were separate countries, not just two political spheres within one country. In Beijing, almost immediately after Ma won the
presidency, there was a great debate over China’s Taiwan policy. Policymakers wondered whether Beijing should push Taiwan toward unification or maintain the current stage of cross-Strait peaceful
Chinese President Hu Jintao prudently concluded that the character of current cross-Strait relations should be
fixed on anti-independence rather than a push for unification, suggesting that the policy of “cross-Strait peaceful development” should remain intact. Last but not
least was Washington’s policy. The United States, as the most important player in the region, has been trying to maintain the
status quo. So, a stable framework was constructed through a vague saddle point to keep the current crossStrait situation from descending into chaos: Taipei acted to maintain cross-Strait stability; Beijing promoted cross-Strait peaceful development; and Washington sought
to maintain the status quo. The stability is no longer abstract but has a distinct structure , though that framework is still fragile and each side still has to
learn how to trust the others. Almost all the subsequent policies that can help bring about greater stabilization are based on this fragile structure. There is the potential for a
diplomatic truce, Taiwan’s participation in the World Health Organization, and, most importantly, Taipei’s involvement in the Economic
Cooperation Framework Agreement (ECFA), a trade agreement between China and Taiwan that came into effect in September 2010. The effects of ECFA have been greatly distorted. Those
development.
who criticize the agreement believe that it will only make Taiwan more dependent on the Chinese Mainland. They argue that Beijing also sees the agreement as a way to increase Taiwan’s dependence on
for Taipei, the ECFA represents something different. First, it tells Beijing
that Taiwan did not shut down all the possibilities of a common future, and this will definitely make Beijing
consider similar future policies more reasonably and rationally. Second, the ECFA is a gateway for Taiwan’s
economy. For the first decade of the twenty-first century, there were approximately 60 meaningful free trade agreements around the pan-Pacific region. Two countries were excluded from those
China, but that the Chinese use a different phrase: “deepening the interaction of the two sides.” But
agreements: North Korea and Taiwan. The result is that Taiwan has been gradually marginalized. The previous Taiwanese administration tried to push Beijing on this matter. But under the leadership of
Through the ECFA, Taipei has gotten closer to Southeast
Asia, America, Europe, and Japan. This helps create a favorable environment for the cross-Strait
peaceful development and peaceful competition, with benefits for both sides of Taiwan Strait. This group constitutes a
collective force resisting the economic magnet that is the Chinese Mainland. And this creates a strategic
balance across the Straits. Simultaneously, more relaxed cross-Strait relations allow Taiwan to move closer to the
West in the areas of ideology and security.
Chen Shui-bian, Taiwan failed to sign any trade or investment agreements with its neighbors.
AT: KOREA WAR
No escalation – they can’t fight a war
John Glaser 1-22-2014; journalist based in Washington, D.C. He has been published in The Washington Times, Al Jazeera English, the Huffington
Post, among other publications. “Are U.S. troops in South Korea still necessary?” http://america.aljazeera.com/opinions/2014/1/are-u-s-troopsinsouthkoreastillnecessary.html
But Seoul
can easily defend itself. South Korea’s GDP is $1.13 trillion, versus North Korea’s paltry $40 billion,
with similar disparities in the sizes of their respective defense budgets. The brutal authoritarian regime of North Korea is
made out to be a major threat to its neighbors, but it is comparatively weak, lacking the kind of advanced industrial
and technological military capacity of its southern neighbor and, certainly, the U.S. Experts consider Pyongyang unfit to
fight an extended modern battle.
Conflict will be limited and short-lived
Yong 11—Washington-based analyst of international affairs at Asia Times (Yong Kwon, © 2011,
“Misunderstandings may prove fatal,” http://www.atimes.com/atimes/Korea/MA08Dg02.html, RBatra)
The economic and military prowess of the DPRK in
relation to South Korea has diminished to such an extent that it makes any large-scale military action
implausible.
Radio Free Asia reported that the shelling of the Yeonpyeong Island caused widespread panic throughout North Korea because
of the belief that the United States would retaliate militarily. According to the same report, the panic caused a rush on foreign currency and forced the price of food
Nonetheless, there are several elements that make this analogy a dubious one when it comes to North Korea.
to rise, initiating a crisis similar to the one created by the currency revaluation in December 2009. [4]
Had the North Koreans feared the loss of their relative advantage, a large-scale invasion would have
commenced in the 1960s or 1970s, before the South Korean economy lifted off under the Park Chung-hee administration. With the mounting cost of
coercive bargaining, the North Koreans are not playing a zero-sum strategy game like the Japanese Empire in 1941, but a postfamine negative-sum survival game.
North Korea currently has two major military assets: its capacity to obliterate Seoul with its forward artillery, and its nuclear arsenal. A Pearl Harbor-like attack by North Korea will involve one and or both
there are questions as to whether North Korea has either the technological know-how or the
desire to actually utilize these military advantages.
There have been doubts on whether or not the two sensational nuclear tests have actually been successful. Several
observers of the North Korean nuclear crisis from both the United States and Russia have commented on the possibility that both tests may have merely
"fizzled". Furthermore, Pyongyang is a long ways from actually producing an inter-continental ballistic missile that can
of these assets. However,
reliably carry the necessary nuclear payload.
the direct artillery strike on Seoul as the only strategically advantageous military asset for North Korea. However, this would be an
inappropriate use of force for Pyongyang's foreign policy objectives. North Korea more or less gave up on their
initial objective of unifying the peninsula in the 1970s, when the DPRK leadership recognized their country's relative economic backwardness compared to
This leaves
South Korea. [5]
Since then, Pyongyang's policies have been geared towards coercive bargaining that will bring either legitimacy
or much-needed economic assistance to the regime. Any attack on Seoul would jeopardize the fine line between muchneeded subsidies and all-out war.
In terms of recent clashes, the scuttling of the Cheonan and the shelling of Yeonpyeong Island revealed fatal weaknesses in the South Korean defenses;
however, it did not reduce the deterrence against all-out war because North Korea cannot afford to take any physical
blows in its fragile state.
AT: POLITICS
Bipartisan support for NSA restrictions: recent votes prove
Coca 6/12 (Onan Coca is a graduate of Liberty University (2003) and earned his M.Ed. at Western Governors
University in 2012. Freedom Force: “Bipartisan House Votes for Further Restrictions on Surveillance on
Americans!” Published June 12th, 2015. Accessed June 29th, 2015. http://freedomforce.com/4275/bipartisanhouse-votes-for-further-restrictions-on-surveillance-on-americans/) KalM
In another win for freedom, the
House voted yesterday to pass additional restrictions on the intelligence community in an
effort to protect innocent Americans from being spied on. Congressmen Thomas Massie (R-KY and Zoe Lofgren (D-CA) came
together to prepare the Massie-Lofgren amendment to defund surveillance “backdoors.” Their amendment passed with a confusingly
bipartisan vote, 255 – 174. I say confusingly because 109 Republicans voted for it, 134 Republicans voted against it – almost a 50 – 50
split. On the Democrat side, things were less confused but still split, as 146 Democrats voted for the amendment and 40 voted against it! (You can see the
roll call vote here.) Here’s what Massie said about it on Facebook: Huge News: The House just voted for additional restrictions on surveillance! Today,
the House of Representatives passed the Massie-Lofgren amendment to defund two surveillance “backdoors” that currently allow intelligence agencies
access to Americans’ private data and correspondence without a warrant. The amendment, which is part of the Fiscal Year 2016 Department of Defense
appropriations bill (H.R. 2685), passed 255-174. #NSA Rep. Massie also released a press release explaining what the amendment was about and why it
was so important that it pass. Today, the House of Representatives passed an amendment by Congressman Thomas Massie (R-KY) and Congresswoman
Zoe Lofgren (D-CA) to defund two surveillance “backdoors” that currently allow intelligence agencies access to Americans’ private data and
correspondence without a warrant. The amendment, which is part of the Fiscal Year 2016 Department of Defense appropriations bill (H.R. 2685), passed
255-174. “The USA Freedom Act is not the last word on surveillance reform,” said Rep. Massie. “Backdoor surveillance authorized under Section 702 of
the FISA Amendments Act is arguably worse than the bulk collection of records illegally collected under Section 215 of the Patriot Act. This amendment
is a much needed next step as Congress continues to rein in the surveillance state and reassert the Fourth Amendment.” “This amendment is the most
meaningful step Congress can take to end warrantless bulk collection of US persons’ communications and data,” said Rep. Lofgren. “We know that mass
surveillance of Americans, as reported in the news, has taken place under the FISA Section 702 authority. This vote shows once again that the House is
committed to upholding the Constitution and protecting Americans from warrantless invasions of their privacy. Enacting this amendment into law will
benefit our economy, protect our competitiveness abroad, and make significant strides in rebuilding the public’s trust.” Under Section 702 of the FISA
Amendments Act, Americans’ private data and communications – including emails, photos, and text messages – can be collected by intelligence
agencies, provided that data or communication at some point crosses the border of the United States. Given the current fluid nature of electronic
communications and data storage, in which corporate and private server farms store Americans’ data all over the world, this loophole could allow
intelligence agencies access to a vast swath of communications and data without warrant protection. Intelligence officials have confirmed
to Congress that law enforcement agencies actively search the content of this intercepted data without probable
cause, and have used evidence gathered to assist in criminal prosecutions. Government agencies have also reportedly coerced individuals and
organizations to build encryption “backdoors” into products or services for surveillance purposes, despite industry and cryptologist claims that this
process is not technologically feasible without putting the data security of every individual using these services at risk. The Massie-Lofgren Amendment
would prohibit funding for activities that exploit these “backdoors.” An identical amendment to the Fiscal Year 2015 Department of Defense
Appropriations Act last year passed the House of Representatives by an overwhelming 293-123 vote, but it was not included in the omnibus spending
legislation that passed last December. The amendment is supported by a broad coalition of privacy and civil liberties
groups as well as tech companies, including the American Civil Liberties Union, Bill of Rights Defense Committee, Campaign for Liberty,
Constitutional Alliance, Council on American-Islamic Relations, CREDO Mobile, Defending Dissent Foundation, Demand Progress, DownsizeDC.org,
Electronic Frontier Foundation, Fight for the Future, Free Press Action Fund, FreedomWorks, Friends Committee on National Legislation, Generation
Opportunity, Google, Liberty Coalition, Media Alliance, New America’s Open Technology Institute, OpenMedia.org, OpenTheGovernment.org, Project
On Government Oversight, Public Knowledge, Restore The Fourth, RootsAction.org, Student Net Alliance, Sunlight Foundation, TechFreedom, and XLab.
Policymakers knew of and didn’t change NSA problems a long time before reform
Schulberg 6/1 (Jessica Schulberg is a reporter covering foreign policy and national security for The
Huffington Post. She has a master's degree in international politics from American University. Huff Post
Politics: “The Elephant In The Room: Senators Finally Credit Edward Snowden For Role In Patriot Act
Reforms” published June 1st, 2015. Accessed June 29th, 2015.
http://www.huffingtonpost.com/2015/06/01/snowden-nsa-patriot-act_n_7485702.html) KalM
WASHINGTON -- When
several key provisions of the broad, post-9/11 surveillance law known as the Patriot Act
were up for renewal five years ago, the Senate debated for just 20 seconds before reauthorizing the
sweeping powers by a voice vote . The following day, the House followed the upper chamber’s lead, voting
315-97 to extend the act’s most controversial elements.
Domestic surveillance is congressionally approved
Saletan 13 (Will Saletan is a journalist for Slate. He writes about politics, science, technology, and other stuff
for Slate. He’s the author of “Bearing Right”. Slate: “Stop Freaking Out About the NSA” published June 6th,
2013. Accessed June 29th, 2015.
http://www.slate.com/articles/news_and_politics/frame_game/2013/06/stop_the_nsa_surveillance_hysteri
a_the_government_s_scrutiny_of_verizon.html) KalM
3. It’s congressionally supervised. Any senator who’s expressing shock about the program is a liar or
a fool. The Senate Intelligence and Judiciary Committees have been briefed on it many times .
Committee members have had access to the relevant FISA court orders and opinions. The intelligence
committee has also informed all senators in writing about the program, twice , with invitations to review classified
documents about it prior to reauthorization. If they didn’t know about it, they weren’t paying attention.
AT: SPENDING LINKS
Zero day vulnerabilities bought by USFG are expensive
Fung 13 (Brian Fung covers technology for The Washington Post, focusing on telecom, broadband and digital
politics. The Washington Post: “The NSA hacks other countries by buying millions of dollars’ worth of
computer vulnerabilities” Published August 31st, 2015. Accessed June 24th, 2015.
http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/31/the-nsa-hacks-other-countries-bybuying-millions-of-dollars-worth-of-computer-vulnerabilities/) KalM
Like any government agency, the
NSA hires outside companies to help it do the work it's supposed to do. But an analysis of the intelligence
agency's top hackers are also funneling money to firms of
dubious origin in exchange for computer malware that's used to spy on foreign governments . This year alone,
the NSA secretly spent more than $25 million to procure "'software vulnerabilities' from private malware vendors,"
community's black budget reveals that unlike most of its peers, the
according to a wide-ranging report on the NSA's offensive work by the Post's Barton Gellman and Ellen Nakashima. Companies such as Microsoft
already tell the government about gaps in their product security before issuing software updates, reportedly to give the NSA a chance to exploit those
bugs first. But the NSA is also reaching into the Web's shadier crevices to procure bugs the big software vendors don't even know about — vulnerabilities
that are known as "zero-days." Just who might the NSA be paying in this covert marketplace? One of the most famous players in the arena is Vupen, a
French company that specializes in selling zero-day exploits. A 2011 brochure made public on WikiLeaks showed Vupen boasting that it could "deliver
exclusive exploit codes for undisclosed vulnerabilities discovered in-house by Vupen security researchers. "This is a reliable and secure approach to help
[law enforcement agencies] and investigators in covertly attacking and gaining access to remote computer systems," the brochure continued. To take
advantage of the service, governments can purchase an annual subscription. The subscription comes with a number of "credits" that are spent on buying
zero-day exploits; more sophisticated bugs require more credits. In 2012, Vupen researchers who discovered a bug in Google Chrome turned down the
chance to win a $60,000 bounty from the search giant, presumably in order to sell the vulnerability to a higher bidder. The company announced earlier
this month that it would be opening an office in the same state as the NSA's headquarters in Fort Meade, Md. WikiLeaks identified a total of nearly 100
companies participating in the electronic surveillance industry worldwide, though not all of them are involved in the sale of software vulnerabilities.
Zero-days are particularly effective weapons that can sell for up to hundreds of thousands of dollars
each.
AT: TERRORISM DA
They’ve magnified the risk of the internal link—little chance that terrorists can access the zeroday market
Mueller 13 (Milton Mueller, Professor at the Syracuse University School of Information Studies. His research
and teaching explore the political economy of communication and information. For the past 15 years his
research, teaching and public service have concentrated on problems related to global Internet governance.
“REGULATING THE MARKET FOR ZERO-DAY EXPLOITS: LOOK TO THE DEMAND SIDE”,
http://www.internetgovernance.org/2013/03/15/regulating-the-market-for-zero-day-exploits-look-to-thedemand-side/, March 18, 2013)
We suggest focusing policy responses on the demand side rather than the supply side. The
buyers, with sellers responding to that demand. And if it is true that
zero-day market is largely a product of
much of the demand comes from the US
Government itself , we should have a civilian agency such as DHS compile information about the scope and scale of our participation in the
exploits market. We should also ask friendly nations to assess and quantify their own efforts as buyers, and share information about the scope of their
purchases with us. If U.S. agencies and allies are key drivers of this market, we may have the leverage
we need to bring the situation under control. One idea that should be explored is a new federal program to purchase zero-day
exploits at remunerative prices and then publicly disclose the vulnerabilities (using ‘responsible disclosure’ procedures that permit directly affected
parties to patch them first). The program could systematically assess the nature and danger of the vulnerability and pay commensurate prices. It would
need to be coupled with strong laws barring all government agencies – including military and intelligence agencies – from failing to disclose exploits with
the potential to undermine the security of public infrastructure. If other, friendly governments joined the program, the costs could be shared along with
the information. In other words, instead of engaging in a futile effort to suppress the market, the US would attempt to
create a near-monopsony that would pre-empt it and steer it toward beneficial ends. Funds for this purchase-to-disclose
program could replace current funding for exploit purchases. Obviously, terrorists, criminals or hostile states bent on destruction or break-ins would not
be turned away from developing zero-days by the prospect of getting well-paid for their exploits. But most of the known supply side of
the market does not seem to be composed of terrorists or criminals, but rather profit-motivated
security specialists. And it’s likely that legitimate, well-paid talent will discover more flaws than “the dark side” in the long run. Obviously the
details regarding the design, procedures and oversight of this program would need to be developed . But on its
face, a demand-side approach seems much more promising than railing against the morality of so-called cyber arms dealers.
Little risk of terrorism in the world of the aff—motive but no means
Chen 14 (Thomas Chen, professor in the College of Engineering at Swansea University, Swansea, United
Kingdom. He has 22 years of research experience in academia and industry, and frequently collaborates with
major security companies. Dr. Chen holds B.S. and M.S. degrees from the Massachusetts Institute of
Technology and a Ph.D. in electrical engineering from the University of California, Berkeley. “Cyberterrorism
after Stuxnet”, http://www.dtic.mil/dtic/tr/fulltext/u2/a603165.pdf, June 2014)
It is true that a multitude of easy-to-use software attack tools are readily available at no or low cost. For a small investment, attacks such as DDoS can be
waged with serious and costly impact. It
is also true that Islamic fundamentalist organizations such as Hamas, al-
Qaeda , Algeria’s Armed Islamic Group, Hezbollah, and the Egyptian Islamic Group are known to
be versed in information technology . However, the type of attacks that are possible with low-cost tools do
not yet rise anywhere near the level of “breaking things and killing people.” It is very unlikely that any
terrorist organization such as al-Qaeda will be able to deploy a cyberattack with the sophistication of Stuxnet.
Stuxnet was developed by military expert programmers with detailed knowledge about their 16 targets. It would take enormous time and human
resources to develop that level of sophisticated skills. Although terrorists might turn to the underground to hire hackers with
sufficient skills, Giampiero Giacomello has argued that this approach is unlikely, because it would be far more costly than traditional
physical attacks that terrorists have used more or less successfully in the past.28 In addition to IT skills, an important element of major cyberattacks is
zero-day exploits (as used in Stuxnet), because no patch is available to defend against them.
There is a thriving market for zero-
day exploits , and it might be assumed that terrorists might be able to buy them easily as needed. However, there
is also competition. At the recent Black Hat conference, representatives from the U.S. military and intelligence community were among the thousands of
attendees to learn about vulnerabilities and buy exploits and software tools, among other things. Many of the companies involved in
discovering vulnerabilities and creating exploits are in Western countries unfriendly to terrorists, so
terrorists may find it very difficult to acquire zero-day exploits.
Current zero-day vulnerabilities put us at risk of terrorists
Arce 2014 (Nicole Arce, staff reporter at Tech Times, “Operation Auroragold allows NSA to spy on Carriers
Worldwide and Plant Bugs”, http://www.techtimes.com/articles/21550/20141206/operation-auroragoldallows-nsa-to-spy-on-carriers-worldwide-and-plant-bugs.htm, December 6,2014)//CLi
Apart from the ethical implications of hacking into private companies and spying on their customers, security
experts believe Auroragold opens cellular networks ripe for the picking not just for government agencies but also for other individuals. Security
researcher and cryptographer Karsten Nohl says he finds it alarming that the NSA deliberately plotted to introduce new
weaknesses in worldwide communication systems for the purpose of spying. "Collecting an inventory [like this]
on world networks has big ramifications," Nohl tells The Intercept. "Even if you love the NSA and you say you have nothing to
hide, you should be against a policy that introduces security vulnerabilities because once NSA introduces a
weakness, a vulnerability, it's not only the NSA that can exploit it." Mikko Hypponen, a security researcher at F-Secure, agrees.
Hypponen says it is not only the NSA that will benefit from the security holes advertently created in cellphone
networks. The
criminals and terrorists the NSA claims to target will also be able to exploit these
holes. "If there are vulnerabilities on those systems known to the NSA that are not being patched on purpose, it's quite likely they are being misused
by completely other kinds of attackers," Hypponen says. "When they start to introduce new vulnerabilities, it affects everybody who uses that technology;
it makes all of us less secure." Auroragold is in direct conflict with the results of a surveillance review called by President Obama in December after
Snowden's revelations elicited public furor when it first came to light. The panel concluded that the NSA should not "in any way subvert,
undermine, weaken or make vulnerable generally available commercial software." It also said the NSA must
inform companies of newly discovered zero-day exploits, or exploits that developers had zero
days to fix . The White House confirmed these results but not without throwing in an escape clause that says the NSA is allowed not to disclose
security holes if in the presence of "a clear national security or law enforcement" threat. The NSA clearly sees this loophole to its advantage. NSA
spokesperson Vanee' Vines says the agency operates within the bounds of law and only spies on terrorists, weapons distributors and "valid foreign
targets," not "ordinary people." "NSA collects only those communications that is authorized by law to collect in response to valid foreign intelligence and
counterintelligence requirements - regardless of the technical means used by foreign targets, or the means by which those targets attempt to hide their
communication," Vines says.
COUNTERPLANS
AT: I-LAW CP
ILaw enforcement for cybercrime has failed – empirics
Fidler 14 – Masters in International Relations (MAILYN FIDLER, May 2014, ANARCHY OR
REGULATION: CONTROLLING THE GLOBAL TRADE IN ZERO-DAY VULNERABILITIES,
https://direct.decryptedmatrix.com/wp-content/uploads/2014/06/Fidler-Zero-Day-Vulnerability-Thesis.pdf)
/AMarb
The Convention on Cybercrime created by the Council of Europe seeks to harmonize substantive national
criminal law on cybercrime and strengthen mechanisms for international law enforcement cooperation on
cybercrime. The Convention entered into force in 2004 and was sponsored by the Council of Europe.463 The impetus for this treaty was
the need to harmonize national cybercrime laws to increase the chances of successful prosecution of cyber crimes across
borders.464 At the time, many states had yet to enact statutes criminalizing computer crimes, meaning cyber
criminals could find havens in these states.465 Countries with computer crime laws suffered from cyber crime, but some responsible
criminals went unpunished because they were located in other states without an adequate domestic legal framework or international legal agreement
with the affected country.466 Thus, the Convention on Cybercrime represents a direct use of treaty law to address a cybersecurity problem. Ten years
after the drafting of the Convention, the Obama administration stated that the Convention was “effective in breaking down barriers to transnational
cooperation and communication” and that the United States is “able to respond to potential threats more quickly and effectively than ever” as a result of
this collaboration.467 Still, the Convention exhibits several problems. Particularly, the treaty attempted to achieve consensus by adopting
overly broad definitions and including a plethora of requested items instead of only the core items that achieved consensus.468,469 The
Convention also provides fairly broad grounds for states to shirk obligations, leaving the door open for
significant reneging.470
AT: INTERNAL REVIEW SOLVES
Internal review fails --- won’t be followed or implemented
Kehl et al. 14 [Danielle Kehl is a Policy Analyst at New America’s Open Technology Institute (OTI). Kevin
Bankston is the Policy Director at OTI, Robyn Greene is a Policy Counsel at OTI, and Robert Morgus is a
Research Associate at OTI, New America is a nonprofit, nonpartisan public policy institute that invests in new
thinkers and new ideas to address the next generation of challenges facing the United States, Policy Paper,
“Surveillance Costs: The NSA’s Impact on the Economy, Internet Freedom & Cybersecurity,” July 2014,
https://www.newamerica.org/oti/surveillance-costs-the-nsas-impact-on-the-economy-internet-freedom-andcybersecurity/] //khirn
However, NSA
representatives revealed few details about the depth of information on zero-day vulnerabilities the
agency holds, its internal process for deciding when to disclose a vulnerability, and whether or how that process
interacts with the interagency process.297 Meanwhile, the White House has stated that a review of the interagency process is currently
underway in response to the recommendations of the President’s NSA Review Group. Michael Daniel, a Special Assistant to the President and
Cybersecurity Coordinator, asserted that the Intelligence Community should not abandon the use of vulnerabilities as a tactic for intelligence collection,
but did acknowledge that “building up a huge stockpile of undisclosed vulnerabilities while leaving the Internet vulnerable and the American people
unprotected would not be in our national security interest.”298 The White House purports to maintain a “bias” in the Vulnerabilities Equities Process
toward public disclosure in the absence of a clear national security or law enforcement need,299 but the scope of the NSA’s vulnerabilities
stockpile calls into question how effective this mysterious disclosure process really is. Furthermore, the
government’s repeated assertions that it has “reinvigorated” the interagency process in response to the
President’s NSA Review Group report suggests that it has not previously been strongly implemented or
consistently followed .300 The President’s Review Group report recommended that “US policy should generally move to
ensure that Zero Days are quickly blocked , so that the underlying vulnerabilities are patched on US
Government and other networks.”301 The authors went on to explain that “eliminating the vulnerabilities—‘patching’ them—
strengthens the security of US Government , critical infrastructure, and other computer
systems .” The group did carve out a narrow exception for a brief authorization for the delay of notification or patching of a zero-day vulnerability,
but only for “high priority intelligence collection, following senior, interagency review involving all appropriate departments.”302 Security experts like
Bellovin et al. also highlight that
disclosure should be the default response , especially when the vulnerability
itself may create a national security risk , such as affecting network routers and switches.303
AT: NATO CP
CP cant solve – members don’t want to share alliances and don’t trust the US
Fidler 15 -- 1NC Author Marshall Scholar, Department of Politics and International Relations, University of
Oxford (Mailyn, Summer 2015, REGULATING THE ZERO-DAY VULNERABILITY TRADE: A PRELIMINARY
ANALYSIS, http://moritzlaw.osu.edu/students/groups/is/files/2015/06/Fidler-Second-Review-ChangesMade.pdf, pg. 72-74) /AMarb
NATO members, however, are “extraordinarily sensitive to the alliance having any offensive cyber capabilities
or even discussing the need to think about the value of cyber capabilities and operations in missions NATO
might undertake,” as NATO has done with previous technological developments affecting its mission.318 Some
of this hesitancy stems from NATO members with cyber capabilities not wanting to share with less cybercapable alliance partners. Additionally, the Snowden disclosures adversely affected prospects for advancing
NATO discussions about offensive cyber capabilities because of increased mistrust toward the United States,
particularly after revelations of U.S. spying on NATO allies.319
NATO can’t just focus on Russia – hybrid warfare and new countries will emerge
Lewis, PhD 15 -- internationally recognized expert on cyber security (James, 2015, “The Role of
Offensive Cyber Operations in NATO’s Collective Defence”, NATO Cooperative Cyber Defence,
https://ccdcoe.org/sites/default/files/multimedia/pdf/TP_08_2015_0.pdf) /AMarb
Beyond deterrence, two other factors point to the need for additional consideration of NATO’s public posture
on offensive cyber operations. The first is that cyber techniques are essential for the kinds of combat operations
that NATO forces may carry out in the future. No modern air force would enter into combat without electronic
warfare (EW) capabilities; as cyber and EW merge into a single activity, air operations will require cyber
support. The same is true for special forces operations. Offensive cyber capabilities will shape the battlefields of
the future. Second, NATO’s potential opponents will use cyber techniques in new ways, in what some have
called “hybrid warfare”.6 These include countries traditionally of concern to NATO, but cyber threats could
also come from new actors, such as Iran or North Korea, and proxy or non-state actors such as the Syrian
Electronic Army. These nations and groups, using cyber techniques, now have new ways to strike NATO
countries
No net benefit – cooperation will cause conflicts and they won’t be able to respond
Lewis, PhD 15 -- internationally recognized expert on cyber security (James, 2015, “The Role of
Offensive Cyber Operations in NATO’s Collective Defence”, NATO Cooperative Cyber Defence,
https://ccdcoe.org/sites/default/files/multimedia/pdf/TP_08_2015_0.pdf) /AMarb
The emphasis is on political action and opinion shaping, seeking to portray the other side as fascists and
human rights violators against whom an oppressed population has risen in defiance. The US, NATO, and the
West are characterised as interlopers, seeking only to extend their hegemony and weaken the sovereign rights
of other nations. Such charges are intended to support the aggressor narrative and create
dissension among Western nations . Western military forces and governments are ill-equipped to
respond to this.9 Cyber operations used for coercive effect create uncertainty and concern within the target
government. The knowledge that an attacker may have infiltrated their networks, is monitoring
communications, and perhaps considering even more damaging actions, can have a paralysing effect. The
vast majority of these cyber operations are likely to fall below the level of an armed attack,
even under the new NATO guidelines, complicating any response . The effort to gain information
superiority falls in good measure outside of NATO’s purview, but the Alliance must take these into account in
planning for the role of cyber activities in conflict.10
AT: NATIONAL SECURITY PIC
Surveillance using zero-day vulnerabilities precludes corporate cybersecurity cooperation --closing loopholes is key to effective information sharing
Sasso 14 [Brendan, technology correspondent for National Journal, previously covered technology policy
issues for The Hill and was a researcher and contributing writer for the 2012 edition of the Almanac of
American Politics, “The NSA Isn't Just Spying on Us, It's Also Undermining Internet Security,” National
Journal, April 29, 2014, http://www.nationaljournal.com/daily/the-nsa-isn-t-just-spying-on-us-it-s-alsoundermining-internet-security-20140429] //khirn
In response to the report, the
administration adopted a new policy on whether the NSA can exploit “zero-days”—
vulnerabilities that haven’t been discovered by anyone else yet. According to the White House, there is a “bias” toward publicly
disclosing flaws in security unless “there is a clear national security or law enforcement need.” In a blog post Monday, Michael Daniel, the White House’s
cybersecurity coordinator, said that disclosing security flaws “usually makes sense.” “Building up a huge stockpile of undisclosed vulnerabilities while
leaving the Internet vulnerable and the American people unprotected would not be in our national security interest,” he said. But Daniel added that, in
some cases, disclosing a vulnerability means that the U.S. would “forego an opportunity to collect crucial intelligence that could thwart a terrorist attack,
stop the theft of our nation’s intellectual property, or even discover more dangerous vulnerabilities.” He said that the government weighs a variety of
factors, such as the risk of leaving the vulnerability un-patched, the likelihood that anyone else would discover it, and how important the potential
intelligence is.
But privacy advocates and many business groups are still uncomfortable with the U.S.
keeping security flaws secret . And many don’t trust that the NSA will only exploit the
vulnerabilities with the most potential for intelligence and least opportunity for other hackers. “The
surveillance bureaucracy really doesn’t have a lot of self-imposed limits. They want to get everything,” said Ed
Black, the CEO of the Computer & Communications Industry Association, which represents companies including Google, Microsoft, Yahoo, and Sprint.
“Now I think people dealing with that bureaucracy have to understand they can’t take anything for granted.” Most computer networks are
run by private companies, and the government must work closely with the private sector to improve cybersecurity. But companies have
become reluctant to share security information with the U.S. government, fearing the NSA could use any
information to hack into their systems . “When you want to go into partnership with somebody and
work on serious issues—such as cybersecurity—you want to know you’re being told the truth ,” Black said.
Google and one other cybersecurity firm discovered “Heartbleed”—a critical flaw in a widely used Internet encryption tool—in
March. The companies notified a few other private-sector groups about the problem, but no one told the U.S.
government until April. “Information you share with the NSA might be used to hurt you as a company ,”
warned Ashkan Soltani, a technical consultant who has worked with tech companies and helped The Washington Post with its coverage of the Snowden
documents.
AT: REGULATIONS CP
Strong legal framework is key --- reporting regulations fail
Bellovin et al. 14 [Steven M., professor of computer science at Columbia University, Matt Blaze, associate
professor of computer science at the University of Pennsylvania, Sandy Clark, Ph.D. student in computer
science at the University of Pennsylvania, Susan Landau, 2012 Guggenheim Fellow; she is now at Google, Inc.,
April, 2014, “Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet,” Northwestern
Journal of Technology and Intellectual Property, 12 Nw. J. Tech. & Intell. Prop. 1] //khirn
P167 However, this
does not mean that a law enforcement exploitation laboratory will be naturally inclined to
report the fruits of its labor to vendors. From the perspective of an organization charged with developing
exploits, reporting might seem an anathema to the mission , since it means that the tools it
develops will become obsolete more quickly . Discovering and developing exploits costs money, and an
activity that requires more output would need a larger budget . n249 P168 An obligation mandating that
law enforcement agencies report any zero-day vulnerabilities they intend to exploit should thus be supported
by a strong legal framework . Such a framework should create bright lines for what constitutes a
vulnerability that must be reported, when the reporting must occur , to whom the report should be
made , and which parts of the government are required to do the reporting. There are many grey areas.
AT: OVERSIGHT CP
Guidelines/oversight fail
Bellovin et al. 14 [Steven M., professor of computer science at Columbia University, Matt Blaze, associate
professor of computer science at the University of Pennsylvania, Sandy Clark, Ph.D. student in computer
science at the University of Pennsylvania, Susan Landau, 2012 Guggenheim Fellow; she is now at Google, Inc.,
April, 2014, “Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet,” Northwestern
Journal of Technology and Intellectual Property, 12 Nw. J. Tech. & Intell. Prop. 1] //khirn
P175 The simplest way to implement a default reporting policy would be guidelines that mandate reporting under certain circumstances promulgated by
the administration, likely the Department of Justice. n256 However,
a guidelines-only approach has inherent
weaknesses . First, the guidelines would be formulated, implemented, and enforced by the very department with
the most interest in creating exceptions to the rule, and that most "pays the cost" when the tools it develops and
uses are neutralized. Such conflicts of interest rarely end up with the strongest possible protections for the
public. P176 Therefore, a legislative approach may be more appropriate. Perhaps as part of the appropriations bill that
funds the exploit discovery effort, Congress could mandate that any vulnerabilities the unit discovers be
reported; alternatively, a reporting mandate could be added to the wiretap statute. This second approach has the
advantage that it is more permanent; however, amending the Wiretap Act has proven to be a long and contentious process. Regardless, and
as noted above, such legislation would need to be carefully drafted to capture a range of different circumstances.
CP can’t solve--congressional oversight key
Fidler 14 (Mailyn Fidler, graduate student at the Center for International Security and Cooperation Freeman
Spogli Institute for International Studies, Stanford University. “ANARCHY OR REGULATION:
CONTROLLING THE GLOBAL TRADE IN ZERO-DAY VULNERABILITIES”, May 2014,
https://stacks.stanford.edu/file/druid:zs241cm7504/ZeroDay%20Vulnerability%20Thesis%20by%20Fidler.pdf)//CLi
Transparency mechanisms for the seller-side of the trade are also worth exploring. I will only briefly address these here, because
industry oversight would require Congressional action, and this section primarily focuses on potential paths to executive oversight.
Possible public private transparency measures might include requiring a vendor to report to the government if a
vulnerability they sold or discovered is used in an illegal attack.437 Alternatively, a vendor could be required to inform the
government if a vulnerability they sold or discovered is subsequently found by a second party.438 Other potential public-private transparency building
mechanisms are conceivable; these represent a few possibilities. This topic would be fruitful to explore in further research. Beyond transparency,
executive oversight could be used to strengthen the equities process for disclosure of vulnerabilities, extending what
was recently announced. Particularly, instituting a post-use or post-stockpiling review process could ensure frequent reevaluation of vulnerabilities that
were exempted from disclosure during first-round review.
This review process could make sure that the original
national security need exempting the vulnerability from disclosure continues to validate
keeping the vulnerability undisclosed . Scott Charney reflected on the prospect of a post-use or post-stockpiling review process,
and commented that, indeed, after Stuxnet, it might be interesting to see what would happen if there was a review, if the government did a good job
balancing competing equities.439 Moreover, if purchased vulnerabilities are really not currently subject to the same initial review process as in-house
discovered vulnerabilities, this post-use or post-stockpiling review process would extend the equities process to this important category of vulnerabilities.