China Disad - Cloudfront.net

M C D ONALD C HINA TSDC

C

HINA

D

ISAD

C HINA D ISAD .................................................................................................................................. 1

1NC ................................................................................................................................................ 2

U NIQUENESS E XT ........................................................................................................................... 5

L INK E XT ...................................................................................................................................... 10

Link – Generic ......................................................................................................................... 11

Link- XO 12333 ........................................................................................................................ 12

Link – Section 702 ................................................................................................................... 13

I NTERNAL L INKS E XT .................................................................................................................. 14

I MPACT E XT ................................................................................................................................. 20

Impact- Econ ............................................................................................................................ 21

Impact-Democracy .................................................................................................................. 23

Impact-Great Power Wars ..................................................................................................... 24

XO O FFENSE /S OLV .

D EFICIT ...................................................................................................... 29

A FF A NSWERS .............................................................................................................................. 31

Non-Unique .............................................................................................................................. 32

No Link-Generic ...................................................................................................................... 35

Link turn .................................................................................................................................. 36

No Impact-Cyber Wars ........................................................................................................... 38

No Impact- War with China ................................................................................................... 42

Impact Turns............................................................................................................................ 45

A2: Econ Impact Add on ........................................................................................................ 50

A2: Democracy Add on .......................................................................................................... 51

War for the Interwebs 1


1NC

T HE CURRENT STATE OF DOMESTIC SECURITY IS SHAKY BUT WILL STABILIZE

–

CYBER SECURITY IS KEY

Conte 2015

[Andrew Conte, “Military Branches Assemble to Break Ground on National Cybersecurity Strategy” Government Technology June 24, 2015. http://www.govtech.com/security/Military-Branches-Assemble-to-Break-Ground-on-National-Cybersecurity-Strategy.html]{MEM}

U.S. military discussions about cyber capabilities have been taking place for more than a decade, but have focused primarily on the country's offensive capabilities rather than defenses , said Anthony Shaffer, a retired Army lieutenant colonel who is a senior fellow at the

London Center for Policy Research, a New York-based think-tank.

¶ “We don't do (planning) to the level necessary now to understand that if we can do this to somebody else, for goodness sake, they're going to do it to us,” Shaffer said .

¶ The first phase of the War College's cybersecurity focus in

February laid out policy recommendations that included increasing the Defense Department's participation in cyber-response planning at the federal, state and local levels, as well as increased private-sector accountability for critical infrastructure such as power grids.

¶ The War College events break down barriers that prevent groups from communicating about the cyber threat and what to do about it, said Thomas Arminio, a homeland security professor at Penn State University in Harrisburg.

¶ “We have to avoid any notion of ‘my turf versus your turf,' ” Arminio said, “because the problem is only going to be solved by collaboration.”

A

ND

,

CURTAILING DOMESTIC SURVEILLANCE MAKES THE

U.S.

VULNERABLE TO CYBER ATTACKS FROM

C

HINA

Griffiths 2015

[James Griffiths, reporter for South China Morning Post. “US panel warned of economic and national security threat posed by Chinese hackers” South China

Morning Post, June 16, 2015 http://www.scmp.com/tech/social-gadgets/article/1822795/us-panel-warned-economic-and-national-security-threat-posed]{MEM}

Cyberespionage by hackers linked to China poses a severe threat to companies in the United States, as well as a risk to national security , a US congressional panel heard on Monday.

¶ Speaking at a hearing called by the US-China Economic and Security Review Commission, experts outlined to lawmakers how Chinese hackers have targeted US companies to steal intellectual property and trade secrets. ¶

"The Chinese government has engaged in a systematic programme of commercial cyber espionage designed to advance [its] economic and industrial goals," said Paul Tiao, a partner at Washington DC-based law firm Hunton and Williams who specialises in cybersecurity issues. ¶

Hacking groups tied to China’s People's Liberation Army are "systematically stealing vast stores of intellectual property, business sensitive information, and personal information from US companies,” he added. In May 2014, the US Department of Justice officially indicted five senior PLA officials on charges of commercial cyberespionage. It accused them of hacking into a number of American companies, including nuclear power company Westinghouse and renewable energy firm SolarWorld. ¶ The targeting of companies focusing on nuclear and renewables is common, one witness told the panel, as China seeks to diversify its energy supply and reduce its reliance on coal in a bid to tackle endemic pollution issues.


M C D ONALD TSDC

1NC

C HINA

U.S.-S

INO CYBER CONFLICTS WOULD ESCALATE TO A MULTINATIONAL CONFLICT

Renda , 2013

[Andrea Renda, Senior Research Fellow, Centre for European Policy Studies, Cybersecurity and Internet Governance, May 3, 2013, http://www.cfr.org/councilofcouncils/global_memos/p32414]

Cybersecurity is now a leading concern for major economies. Reports indicate that hackers can target the U.S. Department of Justice or Iranian nuclear facilities just as easily as they can mine credit card data.

Threats have risen as the Internet has become a critical infrastructure for the global economy , with thousands of operations migrating onto it. For example, the innocuous practice of bring-your-own-device to work presents mounting dangers due to malware attacks--software intended to corrupt computers.

¶ Between April and December 2012, the types of threats detected on the Google Android platform increased by more than thirty times from 11,000 to 350,000, and are expected to reach one million in 2003, according to security company

Trend Micro (See Figure 1).

¶ Put simply, as the global economy relies more on the Internet, the latter becomes increasingly insidious.

There is no doubt that the Internet is efficient. But it now needs a more concerted global effort to preserve its best aspects and guard against abuses.

¶ The rise of the digital cold war ¶

Cyber threats and cyberattacks also reveal an escalating digital cold war . For years the United States government has claimed that cyberattacks are mainly state-sponsored, initiated predominantly by China, Iran, and Russia. The penetration of the U.S.

Internet technology market by corporations such as Huawei, subsidized by the Chinese government, has led to more fears that sensitive information is vulnerable. After an explicit exchange of views between President Barack Obama and President Xi Jinping in February 2013, the United States passed a new spending law that included a cyber espionage review process limiting U.S. government procurement of Chinese hardware.

¶ U.S. suspicions intensified when Mandiant, a private information security firm, released a report detailing cyber espionage by a covert Chinese military unit against 100 U.S. companies and organizations. In March 2013, the U.S. government announced the creation of thirteen new teams of computer experts capable to retaliate if the United States were hit by a major attack.

¶ On the other hand, Chinese experts claim to be the primary target of state-sponsored attacks , largely originating from the United States. But in reality the situation is more complex. Table 1 shows that cyberattacks in March 2013 were most frequently launched from Russia and Germany, followed by Taiwan and the United States.

¶ What is happening to the Internet?

¶

Created as a decentralized network, the Internet has been a difficult place for policymakers seeking to enforce the laws of the real world . Distributed Denial of Service (DDoS) attacks—consisting of virus infected systems (Botnet) targeting a single website leading to a Denial of Service for the end user—became a harsh reality by 2000, when companies such as Amazon, eBay, and Yahoo! had been affected. These costs stem from the direct financial damage caused by loss of revenue during an attack, disaster recovery costs associated with restoring a company's services, a loss of customers following an attack, and compensation payments to customers in the event of a violation of their service level agreements.

¶ As the Internet permeates everyday life, the stakes are becoming even higher . In a few years, society could delegate every aspect of life to information technology imagine driverless cars, machine-to-machine communications, and other trends that will lead to the interconnection of buildings to trains, and dishwashers to smartphones. This could open up these societies to previously unimaginable disruptive cyber events. What is as concerning is that in cyberspace, attacks seem to have a structural lead over defense capabilities: it can be prohibitively difficult to foresee where, how, and when attackers will strike.

¶ Confronted with this challenge, the global community faces a dilemma.

The neutrality of the Internet has proven to be a formidable ally of democracy, but the cost of protecting users' freedom is skyrocketing. Critical services, such as e-commerce or e-health, might never develop if users are not able to operate in a more secure environment. Moreover, some governments simply do not like ideas to circulate freely.

¶ Besides the "giant cage" built by China to insulate its Internet users, countries like Pakistan have created national firewalls to monitor and filter the flow of information on the network . And even the Obama administration, which has most recently championed Internet freedom initiatives abroad, is said to be cooperating with private telecoms operators on Internet surveillance, and Congress is discussing a new law imposing information sharing between companies and government on end-user behavior, which violates user privacy.

¶ The question becomes more urgent every day: Should the Internet remain an end-to-end, neutral environment, or should we sacrifice Internet freedom on the altar of enhanced security? The answer requires a brief explanation of how the Internet is governed, and what might change.

¶ The end of the Web as we know it?

¶ Since its early days, the Internet has been largely unregulated by public authorities , becoming a matter for private selfregulation by engineers and experts, who for years have taken major decisions through unstructured procedures. No doubt, this has worked in the past. But as cyberspace started to expand, the stakes began to rise.

¶ Informal bodies such as the Internet Corporation for Assigned Names and Numbers

(ICANN)—a private, U.S.-based multi-stakeholder association that rules on domain names and other major aspects of the Internet have been increasingly put under the spotlight. Recent ICANN rulings have exacerbated the debate over the need for more government involvement in Internet governance , either through a dedicated United Nations agency or through the International Telecommunications Union (ITU), an existing UN body that ensures international communication and facilitates deployment of telecom infrastructure. But many experts fear that if a multi-stakeholder model is abandoned, the World

Wide Web would cease to exist as we know it.

¶ Last year's World Conference on International Telecommunications, held in Dubai, hosted a heated debate on the future of cyberspace. Every stakeholder was looking for a different outcome. The ITU looked to expand its authority over the Internet; European telecoms operators wanted to secure more revenues by changing the rules for exchanging information between networks; China, Russia, and India wanted stronger government control over the

Internet; the United States and Europe stood to protect the multi-stakeholder model of ICANN; and a group of smaller countries sought to have Internet access declared a human right.

¶ When a new treaty was finally put to vote, unsurprisingly, as many as fifty-five countries (including the United States and many EU member states) decided not to sign. Since then, the question on how the Internet will be governed remains unresolved.



1NC

C HINA

T

HAT CAUSES GREAT POWER WARS

Gompert & Saunders 11

(David C. Gompert, bachelor's degree in engineering from the U.S. Naval Academy, where he once served on the faculty, and a master of public affairs degree from

Princeton University's Woodrow Wilson School of Public and International Affairs. Office of the Director of National Intelligence, Gompert most recently worked as a senior fellow at the RAND Corp, and Phillip C. Saunders, phD in IR from Princeton, Distinguished Research Fellow Director of Studies, Center for Strategic Research

Director, Center for Study of Chinese Military Affairs, “The Paradox of Power Sino-American Strategic Restraint in an Age of Vulnerability”, http://www.ndu.edu/inss/docuploaded/Paradox%20of%20Power.pdf)

Cyber war capabilities can contribute to crisis instability

.

Cyber attacks have little or no counterforce potential for either side

, in the sense that the attacking side is no less vulnerable to cyber attacks for having conducted them

.

The advantage in striking first in cyberspace lies

not in protecting oneself from retaliatory strikes but in degrading the opponent’s C

4 ISR and operations before one’s own are degraded

. Conversely, exercising restraint with no expectation that the opponent will do likewise could be disadvantageous. In any case, if either side is inclined to use cyber war to degrade the capabilities and performance of the other’s military forces, there is logic in doing so early

.

Because striking early could be advantageous, there is the potential that a cyber attack could be the trigger that turns a confrontation into a conflict

.

The U nited S tates (or China) would likely interpret Chinese (or American) cyber attack as a prelude to physical attack .

An

improbable but extremely consequential danger is that an attack by either side on the other’s C4 ISR could be interpreted as intended to obstruct the ability to mobilize strategic nuclear forces

. The separation of tactical and strategic C4 ISR is not a public matter. However, i n the confusion of disrupted surveillance and command networks, the possibility cannot be excluded that strategic forces would at least

be placed on higher alert , creating a risk of faulty calculation with incalculable results.

T he Chinese would be imprudent to think that the United States would respect firebreaks

in cyberspace. Whether it acts preemptively or in retaliation, the United States would have an incentive to attack Chinese cyberspace broadly rather than narrowly on dedicated and protected Chinese military networks.

Not only would this harm China’s economic activity

,

it could also degrade the ability of the leadership to direct Chinese operations and even to communicate with the population.

U.S. attacks could isolate Chinese leadership and sow confusion in the population.

Chinese cyber attacks could prompt the U nited

S tates

to retaliate without diminishing U.S. capability to do so. The

Chinese have a lot to consider before beginning cyber war. Another feature of cyber warfare may aggravate this crisis instability

: the option of subtle attacks

or demonstrations. Before hostilities have begun, it might occur to one side that a mild cyber attack—a nonlethal display of one’s resolve—could warn and deter the other side and demonstrate its vulnerability. Knowing this, the side attacked might well opt to escalate in cyberspace

.

Even more dangerous is the potential that a cyber attack intended to show resolve could be interpreted as a prelude to general hostilities, thus triggering, instead of deterring, a conflict. It would be a gamble for either side to bet that cyber war could be controlled

.

Every network, whether military or dual-use, that could support military operations would likely be targeted.

Networks that support intelligence collection and dissemination would be attacked, making both sides less certain about what was happening but by no means more passive in the conflict.

Moreover, one side or the other might consider escalating cyber war to critical networks such as those supporting economic and financial functions, transportation, power, and state control .

In sum, the existence of dual-use networks

, the possibility of willful escalation, and the difficulty of controlling viruses, worms, and other infections, regardless of human plans, lead to a conclusion that limiting cyber war to the tactical military level would be hard.

¶



U

NIQUENESS

E

XT

C YBER CAPABILITIES KEY TO PREVENT CYBER WAR

Kramer et. al 12

(Franklin D. Kramer is a distinguished research fellow in the Center for Technology and National Security Policy at the National Defense University. He served as the assistant secretary of defense for international security affairs from 1996 to 2001. Stuart H. Starr is also a distinguished research fellow in the Center for Technology and National Security Policy at the National Defense University. He concurrently serves as the president of the Barcroft Research Institute. Larry Wentz is a senior research fellow in the Center for Technology and National Security Policy at the National Defense University., “Cyberpower and National Security”, p. 318)

No cyber deterrence strategy can hope to be airtight to prevent all minor attacks

.

However, a strategy can increase the chances that major cyber attacks can be prevented ; this could protect the U nited

S tates and its allies not only from a single major attack but also from serial cyber aggressions and resulting damage

.

A worthwhile goal of a cyber deterrence strategy would be to transform medium-sized attacks into low-probability events

and to provide practically 100 percent deterrence of major attacks.

A cyber deterrence strategy could contribute to other key defense activities and goals

, including assurance of allies, dissuasion, and readiness to defeat adversaries in the event of actual combat . The goal of dissuading adversaries is crucially important. Thus far, the U nited

S tates has not been noticeably forceful in stating its intentions to deter major cyber attacks and,

if necessary, to respond to them with decisive force employing multiple instruments of power . Meanwhile, several countries and terrorist groups are reportedly developing cyber attack capabilities

.

Dissuasion of such activities is not an easy task

: it requires investment in technical capabilities as well as building an internal consensus to employ these capabilities.

If some of these actors can be dissuaded from entering into cyber competition with the United States and its allies, t he dangers of actual cyber aggression will diminish.

How would a cyber deterrence strategy operate

, and how can its potential effectiveness be judged?

Deterrence depends on the capacity of the U nited

S tates to project an image of resolve, willpower, and capability in sufficient strength to convince a potential adversary to refrain from activities that threaten U.S.

and allied interests

. As recent experience shows, deterrence can be especially difficult in the face of adversaries who are inclined to challenge the United States and otherwise take dangerous risks

. In cases of failure, deterrence might well have been sound in theory but not carried out effectively enough to work.

The aggressions of

Saddam

Hussein

, Slobodan

Milosevic

, and al Qaeda might not have been carried out had these actors been convinced that the United States would respond with massive military force

.

These aggressions resulted because of a failure to communicate U.S. willpower and resolve

, not because the attackers were wholly oblivious to any sense of restraint or self-preservation, nor because the logic of deterrence had lost its relevance.



US

PREPARING FOR PRE

-

EMPTIVE CYBER WAR NOW

Martin ’13

[Patrick, Global Research. http://www.globalresearch.ca/obamas-cyberwarfare-first-strike-using-offensive-cyber-effects-operations-oceo-to-destabilizecountries/5338457]

C HINA

The US government is developing detailed plans to attack other countries using cyberwarfare techniques , according to a report Friday in the British daily newspaper Guardian. President Obama gave the orders to plan for cyber attacks, including preemptive strikes by the

US, in a n 18-page directive issued last October and leaked to the newspaper , which published it on its web site. Presidential Policy Directive 20 defines

Offensive Cyber Effects Operations (OCEO), which “can offer unique and unconventional capabilities to advance US national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging.” ¶ It continues: ¶ “The United States government shall identify potential targets of national importance where OCEO can offer favorable balance of effectiveness and risk as compared with other instruments of national power.” ¶ The directive instructs the secretary of defense, the director of national intelligence, and the director of the CIA to “prepare for approval by the president through the

National Security Advisor a plan that identifies potential systems, processes and infrastructure against which the United States should establish and maintain OCEO capabilities.” Since the deadline for this action is six months after the approval of the directive, which came in October, this plan has presumably already been developed and submitted to the National Security Council.

¶ In relation to foreign targets of cyberwarfare, the directive authorizes actions by US government agencies in circumstances where the identity and nationality of the “adversary” are uncertain. The US government “shall make all reasonable efforts, under circumstances prevailing at the time, to identify the adversary and the ownership and geographic location of the targets and related infrastructure where DCEO or OCEO will be conducted or cyber effects are expected to occur.” ¶ Translated into plain language, this means that a US government attack on alleged hackers could target a foreign government or military without definitively identifying them as the source of the hacking. In recent months, the Obama administration and US media, spearheaded by the New York Times, have hyped the threat of Chinese hackers, supposedly organized through a Chinese military office in Shanghai, without providing any actual proof of the linkage.

¶ As one of its intelligence sources told the Guardian, US complaints about Chinese cyberwarfare efforts were hypocritical: “We hack everyone everywhere. We like to make a distinction between us and the others. But we are in almost every country in the world.” ¶ The directive acknowledges that cyberwarfare efforts by the US government may produce “potential unintended or collateral consequences,” not only within the targeted countries, but worldwide and in the US itself. These consequences could include “loss of life, significant responsive actions against the United States, significant damage to property, serious adverse US foreign policy consequences, or serious economic impact on the United States.”

¶

The directive essentially reiterates the doctrine of preventive warfare, enunciated by

George W. Bush in 2002 in the run-up to the invasion of Iraq. Bush declared that the United States had the right to attack other countries, not merely to preempt an impending attack, but to prevent any potential attack at any time in the future—a formula for unlimited worldwide aggression.

C

YBER

-

SECURITY POLICY HAS SHIFTED FROM DEFENSIVE TO OFFENSIVE

Gjelten, 13

(Tom, correspondent for NPR, "First Strike: US Cyber Warriors Seize the Offensive", Jan/Feb, www.worldaffairsjournal.org/article/first-strike-us-cyber-warriors-seizeoffensive)

When the Pentagon launched its much-anticipated “Strategy for Operating in Cyberspace” in July 2011, it appeared the US military was interested only in protecting its own computer networks , not in attacking anyone else’s. “The thrust of the strategy is defensive,” declared Deputy Secretary of Defense William Lynn. The Pentagon would not favor the use of cyberspace “for hostile purposes.” Cyber war was a distant thought.

“Establishing robust cyber defenses,” Lynn said, “no more militarizes cyberspace than having a navy militarizes the ocean.”

¶ That was then. Much of the cyber talk around the Pentagon these days is about offensive operations.

It is no longer enough for cyber troops to be deployed along network perimeters, desperately trying to block the constant attempts by adversaries to penetrate front lines. The US military’s geek warriors are now prepared to go on the attack, armed with potent cyberweapons that can break into enemy computers with pinpoint precision .

¶ The new emphasis is evident in a program launched in October 2012 by the Defense Advanced Research Projects

Agency (DARPA), the Pentagon’s experimental research arm. DARPA funding enabled the invention of the Internet, stealth aircraft, GPS, and voice-recognition software, and the new program, dubbed Plan X, is equally ambitious.

DARPA managers said the Plan X goal was “to create revolutionary technologies for understanding, planning, and managing cyberwarfare.”

The US Air Force was also signaling its readiness to go into cyber attack mode, announcing in August that it was looking for ideas on how “to destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries [sic] ability to use the cyberspace domain for his advantage. The new interest in attacking enemies rather than simply defending against them has even spread to the business community . Like their military counterparts, cybersecurity experts in the private sector have become increasingly frustrated by their inability to stop intruders from penetrating critical computer networks to steal valuable data or even sabotage network operations. The new idea is to pursue the perpetrators back into their own networks . “We’re following a failed security strategy in cyber,” says Steven Chabinsky, formerly the head of the FBI’s cyber intelligence section and now chief risk officer at CrowdStrike, a startup company that promotes aggressive action against its clients’ cyber adversaries. “There’s no way that we are going to win the cybersecurity effort on defense. We have to go on offense.”

¶ The growing interest in offensive operations is bringing changes in the cybersecurity industry.

Expertise in patching security flaws in one’s own computer network is out; expertise in finding those flaws in the other guy’s network is in. Among the “hot jobs” listed on the career page at the National Security Agency are openings for computer scientists who specialize in “vulnerability discovery.”

Demand is growing in both government and industry circles for technologists with the skills to develop ever more sophisticated cyber tools, including malicious software—malware—with such destructive potential as to qualify as cyberweapons when implanted in an enemy’s network.

“ Offense is the biggest growth sector in the cyber industry right now,” says Jeffrey Carr, a cybersecurity analyst and author of Inside Cyber

Warfare. But have we given sufficient thought to what we are doing? Offensive operations in the cyber domain raise a host of legal, ethical, and political issues, and governments, courts, and business groups have barely begun to consider them.


M C D ONALD

US

PREPARING FOR CYBER WAR NOW

TSDC C HINA

Smith, 13

(Gerry, Huffington Post, "Obama Cyber Memo Is Just The Latest Sign That The U.S. Is Preparing For Cyberwar", 6/7, www.huffingtonpost.com/2013/06/07/obamacyber-memo_n_3404916.html)

A top-secret presidential memo published Friday marked the latest sign that the Obama administration is ready to go on the offensive in a potential cyberwar .

¶ On Friday, the Guardian published a secret presidential directive calling on national security and intelligence officials to create a list of potential foreign targets for U.S. cyber attacks. The 18-page document, known as Presidential Policy Directive 20, aims "to put in place tools and a framework to enable government to make decisions" on cyber actions, a senior administration official told the Guardian.

¶ The directive states that cyber attacks can be launched as part of "anticipatory action taken against imminent threats," but should comply with U.S. and international law and receive approval from the president if they are

"reasonably likely to result in significant consequences," according to the Guardian.

¶ The memo is the latest sign that the Obama administration is laying the groundwork to retaliate in a potential cyber conflict . Earlier this year, Gen. Keith Alexander, who runs the Pentagon's Cyber Command, told Congress he is establishing "an offensive team" of 13 teams of experts to carry out cyberattacks against foreign countries that target the United States with destructive computer code.

¶ President Barack Obama has directed the United States, along with Israel, to launch a series of cyber attacks known as Stuxnet that damaged Iran's nuclear program,according to The New York Times.

¶ Last year, the Washington Post reported on Plan X, a Pentagon effort to develop new technologies to launch cyber attacks, including a plan to map the entirety of cyberspace and build a system that can launch cyberweapons without human operators typing in the code.

¶ But while the U.S. takes steps to build its offensive cyber muscle, its digital defenses remain weak, officials say.

Last month, the deputy inspector for the Department of Homeland Security told a Congressional committee that the nation's critical infrastructure "are increasingly under attack by a variety of malicious sources," and that a majority of the companies in the energy sector had experienced cyber attacks.

T HE US HAS BEEN POSTURING TOWARD CYBER WARFARE

–

O BAMA

’

S AGGRESSIVE DOCTRINE ENSURES

ESCALATION .

Greenwald and MacAskill 13

(Glen (American political commentator, lawyer, columnist, blogger, and author) and Ewan (Staff Writer for the Guardian), “Obama orders US to draw up overseas target list for cyber-attacks”, The Guardian, 6-7-13, http://www.theguardian.com/world/2013/jun/07/obama-china-targets-cyber-overseas)

Obama's move to establish a potentially aggressive cyber warfare doctrine will heighten fears over the increasing militarization of the internet .

¶ The directive's publication comes as the president plans to confront his Chinese counterpart Xi Jinping at a summit in California on Friday over alleged Chinese attacks on western targets.

¶ Even before the publication of the directive, Beijing had hit back against US criticism, with a senior official claiming to have "mountains of data" on American cyber-attacks he claimed were every bit as serious as those China was accused of having carried out against the US .

¶ Presidential Policy Directive 20 defines OCEO as "operations and related programs or activities … conducted by or on behalf of the United States Government, in or through cyberspace, that are intended to enable or produce cyber effects outside United States government networks." ¶ Asked about the stepping up of US offensive capabilities outlined in the directive, a senior administration official said: "Once humans develop the capacity to build boats, we build navies. Once you build airplanes, we build air forces." ¶ The official added: "As a citizen, you expect your government to plan for scenarios. We're very interested in having a discussion with our international partners about what the appropriate boundaries are." ¶ The document includes caveats and precautions stating that all US cyber operations should conform to US and international law, and that any operations "reasonably likely to result in significant consequences require specific presidential approval".

¶ The document says that agencies should consider the consequences of any cyber-action. They include the impact on intelligence-gathering; the risk of retaliation; the impact on the stability and security of the internet itself; the balance of political risks versus gains; and the establishment of unwelcome norms of international behaviour.

¶ Among the possible "significant consequences" are loss of life; responsive actions against the US; damage to property; serious adverse foreign policy or economic impacts .

¶

The US is understood to have already participated in at least one major cyber attack, the use of the Stuxnet computer worm targeted on Iranian uranium enrichment centrifuges, the legality of which has been the subject of controversy. US reports citing high-level sources within the intelligence services said the US and Israel were responsible for the worm.

¶ In the presidential directive, the criteria for offensive cyber operations in the directive is not limited to retaliatory action but vaguely framed as advancing "US national objectives around the world".

¶

The revelation that the US is preparing a specific target list for offensive cyberaction is likely to reignite previously raised concerns of security researchers and academics, several of whom have warned that large-scale cyber operations could easily escalate into full-scale military conflict.

¶ Sean Lawson, assistant professor in the department of communication at the University of Utah, argues: "When militarist cyber rhetoric results in use of offensive cyber attack it is likely that those attacks will escalate into physical, kinetic uses of force ."

E

X

-NSA C

OMMANDER OF

US C

YBER

C

OMMAND FEARS CRIPPLING CYBER ATTACK ON

US

ENERGY


M C D ONALD

INFRASTRUCTURE IS IMMINENT

.

TSDC C HINA

Evans-Pritchard 15

(Ambrose Evans-Pritchard, Telegraph – Sun, Apr 26, 2015 “NSA veteran chief fears crippling cyber-attack on Western energy infrastructure“ https://uk.finance.yahoo.com/news/nsa-veteran-chief-fears-crippling-202910565.html)

The West lacks a shield against formidable foes and is losing the battle against Jihadi terrorism as chaos spreads across the Middle East ¶ The West is losing the worldwide fight against jihadist terrorism and faces mounting risks of a systemic cyber-assault by extremely capable enemies, the former chief of the National Security Agency has warned.

¶ " The greatest risk is a catastrophic attack on the energy infrastructure. We are not prepared for that ," said General Keith Alexander, who has led the US battle against cyber-threats for much of the last decade .

¶

Gen Alexander said the "doomsday" scenario for the West is a hi-tech blitz on refineries, power stations, and the electric grid , perhaps accompanied by a paralysing blow to the payments nexus of the major banks .

¶ "We need something like an integrated air-defence system for the whole energy sector," he said, speaking at a private dinner held by IHS CERAWeek in Texas.

¶ More insidiously, there is now a systematic effort by statebacked hacking teams to steal technology from Western companies. "This is the biggest wealth transfer in history ," he said.

¶

Gen

Alexander warned that the US and it allies have failed to check the advance of Islamic State (Isil) or its expanding network of franchises across the Middle East. The West is increasingly at risk of a strategic defeat in the region.

"It is getting worse. Twenty-five countries are now unstable, just look at Yemen," he said.

¶ Saudi-led air strikes against the Shia Houthi rebels in Yemen have killed over 1,000 civilian and displaced

150,000, without restoring any semblance of political order. A particularly aggressive faction of the Jihadi nexus al-Qaeda in the Arabian Penisula has exploited the crisis to free its prisoners and seize the country's fifth biggest city.

¶ The French oil group Total (Swiss: FP.SW - news) has suspended operations in Yemen, cutting off

30pc of the state's budget revenues. The country risks becoming another failed side along the lines of Libya.

¶ Diplomats warn that the crisis evolved into a Sunni-Shia proxy war between Iran and the Saudis, with the risk of a boomerang back into Saudi Arabia itself, where a restive Shia minority is sitting on the world's biggest oil field.

¶ Gen Alexander, who served as head of US Cyber Command as well as director of the electronic eavesdropping agency, listed five countries able to conduct cyber-warfare at the highest level: the US, UK, Israel, Russia, and surprisingly Iran .

¶ He did not include North

Korea, describing the cyber-sabotage of Sony (Swiss: SONC.SW - news) last year as relatively primitive. The attack could have been prevented with early warning sensors that pick up changes in the "behaviour" of computer systems.

¶ China clearly has first-rate hackers, allegedly concentrated at a 2,000-strong cell of the People's Liberation Army in Shanghai . The current NSA chief Michael Rogers testified late last year that China is capable of cyber-attacks that could cause "catastrophic failures" of the water system or the electricity grid .

¶ Hank Paulson, the former US Treasury Secretary and author of a new book entitled "Dealing With China", told the CERAWeek conference that

Chinese hackers have been stealing intellectual property on a large scale.

¶ “That’s the most quarrelsome issue because it plays to the common perception that China doesn’t play fair. US companies have got to do a better job of hardening their systems,” he said.

¶ There is no suggestion that China has an intention to use its power to damage US infrastructure. NSA officials are less confident that Iran will show self-restraint.

¶ The Iranians revealed their skill in August 2012 with a taunting virus attack on Saudi Aramco, Saudi Arabia's state-owned oil giant. Hackers erased most of the company's emails and documents, leaving an image of a burning American flag on the computer system as their calling card . There was a similar attack on Qatar's state-energy group RasGas.

¶ The action was a form or retaliation for economic sanctions against Iran, but also a warning shot to Riyadh in an escalating battle for Mid-East dominance by the two regional superpowers. It is highly pertinent today given comments by leading figures in Tehran that the Saudis will be "punished" for their decision to drive down the price of oil.

¶ A report by the cybersecurity firm Cylance Corp claimed that Iran's experts have hacked into the email systems of the US navy and marines, as well as other critical computer systems in Britain, France, and Germany.

¶

The American Enterprise Institute has issued its own report concluding that the nuclear deal with Iran will merely enable the country to step up its step up its attacks . " It would be comforting to imagine that a new era of détente will end this cyber arms race. There is

, unfortunately, no reason to believe that that will be the case ," it said.

U.S.

NATIONAL SECURITY IS IMPROVING

–

ADVANCES IN CYBER SECURITY MEASURES


M C D ONALD TSDC C HINA

Conte 2015

[Andrew Conte, “Military Branches Assemble to Break Ground on National Cybersecurity Strategy” Government Technology June 24, 2015. http://www.govtech.com/security/Military-Branches-Assemble-to-Break-Ground-on-National-Cybersecurity-Strategy.html]{MEM}

(TNS) — When it comes to cybersecurity, we're all in this together .

¶ The nation's best defense in cyberspace involves not only the military but private citizens and corporations, top security planners said Tuesday in a closed-door meeting at the U.S. Army

War College in Carlisle, Pa.

¶ “You do not want this to be a military approach,” said speaker Mark Troutman, the director of the Center for Infrastructure

Protection & Homeland Security at George Mason University.

“We are Americans. We secure ourselves at the end of the day with an active and engaged citizenry.”

¶ Participants at the event are working to break ground on a national cybersecurity strategy that would provide direction for the federal government in the event of a major computer attack, said William Waddell, director of mission command and the cyber division at the War College.

¶

Sessions on the first of three days of planned talks included about two dozen planners representing multiple military branches, federal agencies such as Homeland Security, National Security Agency, Defense

Department and Defense contractors, as well as security professors.

¶ The Carlisle discussions are taking place as high-level talks between the United States and China play out at the Strategic and Economic Forum in Washington. U.S. Treasury

Secretary Jack Lew opened the three-day forum Tuesday by saying Washington remains “deeply concerned about government-sponsored cyber theft from companies and commercial sectors.” ¶ The comment reflected U.S. concerns that China might have been behind a massive computer hack on the federal Office of Personnel Management involving millions of government employee files. U.S.-China talks on cybersecurity issues were suspended last year when federal prosecutors in Pittsburgh filed criminal charges against several members of the Chinese military for allegedly stealing trade secrets.

C

YBER SECURITY STANDARDS IN THE

U.S.

ARE IMPROVING

–

O

BAMA

’

S RECENT ACTIONS PROVE

Risen 2015

[Tom, technology and business reporter for U.S. News & World Report. “Obama's Cyberthreat Sanctions Aimed at Bigger Target” U.S. News & World Report April 2,

2015. http://www.usnews.com/news/articles/2015/04/02/obamas-cyberthreat-sanctions-aimed-at-bigger-targets]{MEM}

President Barack Obama has turned up the heat against hackers by authorizing financial sanctions against businesses that sponsor attacks on U.S. networks or the theft of trade secrets from American companies.

Time will tell , however, if this new effort will deter online crime emanating from places like Russia and China.

¶ Obama on Wednesday issued an executive order giving agencies the authority to coordinate on sanctions that would penalize “individuals or entities that engage in malicious cyber-enabled activities that create a significant threat to the national security, foreign policy, or economic health or financial stability of the

United States.”

Targets would be named, their U.S. funds would be seized and they would be banned from the U.S. financial system, The Associated Press reports.

Individuals also could be banned from entering the country.

¶ " Cyberthreats pose one of the most serious economic and national security challenges to the United States," Obama said in a statement.

¶

Hackers have recently stolen Americans’ information through online attacks targeting companies like JPMorgan Chase, Target and health insurer Anthem. The sanctions announced by Obama, however, are aimed at large-scale attacks that could qualify as an even greater emergency, such as the theft of U.S. trade secrets from energy and defense companies, explains James Lewis, a cybersecurity researcher at the Center for Strategic and International Studies.



L

INK

E

XT

C HINA



L INK – G ENERIC

C HINA

C

URTAILING CYBER SECURITY MEASURES ALLOWS

C

HINESE CYBER ESPIONAGE

Nakashima 2014

[Ellen, national security reporter for The Washington Post. “FBI warns industry of Chinese cyber campaign” The Washington Post. Oct 15, 2014. http://www.washingtonpost.com/world/national-security/fbi-warns-industry-of-chinese-cyber-campaign/2014/10/15/0349a00a-54b0-11e4-ba4bf6333e2c0453_story.html]{MEM}

The U.S. government has publicly called on the Chinese government to halt its widespread cybertheft of corporate secrets, but

Beijing has denied such activities.

When the Justice Department in May announced the indictments of five PLA officials on charges of commercial cyberespionage, the government responded by pulling out of talks to resolve differences between the two nations over cyberspace issues.

¶ The FBI’s alert, obtained by

The Washington Post, coincided with the release of a preliminary report on the same hackers by a coalition of security firms, which have dubbed the group Axiom.

“The Axiom threat group is a well-resourced and sophisticated cyber espionage group that has been operating unfettered for at least four years, and most likely more,” said the report, issued by Novetta Solutions, a Northern Virginia cybersecurity firm that heads the coalition.

¶ The cyberspying campaign is in support of

China’s strategic national interests, the report said. Specifically, Axiom targets organizations that have strategic financial and economic interest, influence energy and environmental policy and develop high-tech equipment such as microprocessors, the report said.

¶

The group’s sophistication is demonstrated less in how it gains access to targets’ computers and more in how it moves “laterally’’ once inside the system, disguising its behavior to look normal so it goes undetected, said Peter B. LaMontagne, Novetta

Solutions chief executive officer.

T

HE

U.S.

CAN

’

T AFFORD TO CURTAIL DOMESTIC SURVEILLANCE

–

C

HINA IS LOOKING FOR ANY OPENINGS FOR

A CYBER ATTACK

Robb 2015

[Robert, editorial columnist for The Arizona Republic since 1999, and a participant in and observer of Arizona government and politics for nearly four decades. “To curb Chinese cyber attacks, threaten market access” AZ Central, 06/16/2015 http://www.azcentral.com/story/robertrobb/2015/06/16/curb-chinesecyber-attacks-by-threatening-market-access/28833313/]{MEM}

Nevertheless, the Chinese cyber threat represents a vulnerability that should be unacceptable . So, what to do about it?

¶ Regard this less as a concrete proposal than as a thought experiment, exploring how to think about the problem.

¶ The call for the U.S. to harden its cyber defenses is widespread.

Although well beyond my ken, I suspect that, however important, this would be far from sufficient. This would appear to be a field in which defense will always be struggling to keep up with offense.

¶

The United States has more to lose than gain in a game of retaliatory attacks.¶ The U.S. has tried to engage China in diplomacy over the issue, to set some boundaries and protocols. The Chinese have no interest in such a dialogue. They simply deny that they are conducting cyber attacks in the United States.¶ China is difficult for the

United States to engage on any subject.

It cares less about what the United States does or says than any other country in the post-World War II era. It doesn't care about our diplomatic heft. It is moving rapidly to neutralize whatever influence our military capabilities in its region might give us.¶

In fact, the United States really has only one source of leverage that might get China's attention: access to our markets.



L INK -

XO 12333

C HINA

T

HE PRESENCE OF

XO 12333

HAS SHIELDS THE

U.S.

FROM A MULTITUDE OF CYBER THREATS IN THE STATUS

QUO

.

A

REMOVAL MAKES US VULNERABLE

Cohen 2015

[Michael A., fellow at The Century Foundation and is author of “Live From the Campaign Trail: The Greatest Presidential Campaign Speeches of the 20th

Century and How They Shaped Modern America” (Walker Books: 2008). Previously, Michael served in the U.S. Department of State as chief speechwriter for

U.S. Representative to the United Nations Bill Richardson and Undersecretary of State Stuart Eizenstat. “To Rein in NSA, Target Foreign Activities, Not

Domestic Surveillance” World Politics Review, June 10, 2015. http://www.worldpoliticsreview.com/articles/15966/to-rein-in-nsa-target-foreign-activities-notdomestic-surveillance]{MEM}

In fact, it is the NSA’s international spying where the real action is occurring—and where few people are paying attention and reform is practically non-existent. The NSA’s overseas mission is informed not by congressional fiat, but rather by executive order 12333, signed by then-President Ronald Reagan in 1981, which lays out the agency’s roles and responsibilities.

¶ Like any other spy agency, the

NSA uses its capabilities to gather up as much information as possible—things like tracking potential terrorists, determining the intentions of foreign governments and their leaders, keeping tabs on enemies and allies alike and providing U.S. leaders with intelligence information that give them leverage in international negotiations.

Or to put it more succinctly, the things that all spy agencies try to do.

¶ But some of the material Snowden leaked risked serving the purposes of America’s rivals.

For instance, Snowden’s revelations not only exposed U.S. eavesdropping on foreign leaders, like Russian President Vladimir Putin, but also provided technical details about that surveillance.

Other revelations that America’s enemies could find quite valuable included the tactics used by al-Qaida to ward off U.S. drone strikes; the aforementioned operational details of NSA spying in China; and the techniques and tools used by the NSA’s most elite hackers, though it is uncertain whether this material came from the Snowden tranche.

The Snowden leaks have also led to enhanced encryption standards, new political pressures on countries that cooperate with the United States and the increasing reluctance of U.S. tech companies to cooperate with the U.S. government on cyber-defense measures.



L INK – S ECTION 702

C HINA

S

ECTION

702

IS A CRITICAL ELEMENT IN WARDING OFF CYBER ESPIONAGE SPECIFICALLY FROM

C

HINA IN THE

STATUS QUO

.

I

TS REMOVAL IS A HUGE RISK FOR CYBER SECURITY

Nakashima 2015

[

Ellen, national security reporter for The Washington Post. “DOJ approved NSA targeting of foreign hacker ‘signatures’ under 2008 law” The Washington Post, June

4, 2015. https://www.washingtonpost.com/world/national-security/doj-approved-nsa-targeting-of-foreign-hacker-signatures-under-2008-law/2015/06/04/48f09d48-

0ad1-11e5-95fd-d580f1c5d44e_story.html]{MEM}

The law in question is Section 702 of the FISA Amendments Act, passed in 2008. That law put under court oversight a program of warrantless surveillance begun shortly after the Sept. 11, 2001, terrorist attacks.

¶ The law also expanded the government’s surveillance authority in this area, allowing the NSA to collect not only communications of foreign terrorist groups but also those that pertain to foreign intelligence generally. That meant Section 702 became useful for a wide variety of espionage, from spying on proliferators of nuclear weapons to learning the intentions of Russian and Chinese officials.

¶ The NSA began to notice a “huge collection gap against cyberthreats to the nation,” according to the documents, because under the law it could target foreign hackers who could be linked to a foreign government or terrorist group, but not those who could not.

¶ Thus in May and July 2012, the Justice Department approved the targeting of “certain [hacker] signatures” and certain Internet addresses, although a definitive link to a foreign power may be difficult to establish.

Signatures are patterns of computer activity or strings of computer code that indicate the presence of a hacker.

N

ATIONAL

I

NTELLIGENCE

D

IRECTOR

J

AMES

C

LAPPER VERIFIES

S

ECTION

702

IS KEY TO CYBER

SURVEILLANCE EFFORTS WHILE UNDER SCRUTINY .

T HE PLAN NOT ONLY WRECKS CYBER SECURITY BUT ALSO

LEAVES THE

US

TERRIBLY VULNERABLE TO THREATS

.

AFPS 13

(Department of Defense News: American Forces Press Service. “Clapper: U.S. Surveillance Activities Are Lawful” http://www.defense.gov/news/newsarticle.aspx?id=120244)

WASHINGTON, June 8, 2013 – Despite what some media outlets are reporting, surveillance activities carried out by the U.S. government under the Foreign Intelligence Surveillance Act are lawful , James R. Clapper, the director of national intelligence, said in a statement issued today.

¶ Clapper’s statement reads as follows: ¶ Over the last week we have seen reckless disclosures of intelligence community measures used to keep Americans safe.

In a rush to publish, media outlets have not given the full context -- including the extent to which these programs are overseen by all three branches of government -- to these effective tools.

¶ In particular, the surveillance activities published in The Guardian and

The Washington Post are lawful and conducted under authorities widely known and discussed, and fully debated and authorized by Congress. Their purpose is to obtain foreign intelligence information, including information necessary to thwart terrorist and cyber attacks against the United States and its allies .

¶ Our ability to discuss these activities is limited by our need to protect intelligence sources and methods. Disclosing information about the specific methods the government uses to collect communications can obviously give our enemies a “playbook” of how to avoid detection. Nonetheless, Section 702 has proven vital to keeping the nation and our allies safe.

It continues to be one of our most important tools for the protection of the nation’s security

.

¶

However, there are significant misimpressions that have resulted from the recent articles. Not all the inaccuracies can be corrected without further revealing classified information. I have, however, declassified for release the attached details about the recent unauthorized disclosures in the hope that it will help dispel some of the myths and add necessary context to what has been published.

¶ James R. Clapper, Director of National Intelligence



I

NTERNAL

L

INKS

E

XT

US VULNERABILITY IS STILL AT AN ALL TIME HIGH

–

SECTORS ARE INTERCONNECTED AND A CYBERATTACK

WOULD COLLAPSE MISSION EFFECTIVENESS GLOBALLY

.

Liff 12

(ADAM P. LIFF, Doctoral Candidate, Department of Politics, Princeton University, “Cyberwar: A New ‘Absolute Weapon’? The Proliferation of Cyberwarfare

Capabilities and Interstate War” Journal of Strategic Studies¶ Volume 35, Issue 3, 2012 http://www.tandfonline.com/doi/pdf/10.1080/01402390.2012.663252,)

Many argue that the most worrisome aspect of cyberwarfare is its ¶ low cost, which may help to level the strategic playing field among ¶ states.15 Coupled with the weakness of existing military and civilian ¶ cyberdefenses, the idea is that relatively low barriers to entry may ¶ afford actors with weak conventional military capabilities the ability to ¶ threaten more powerful states.

¶ Why is cyberwarfare believed to be more likely to be asymmetric ¶ than conventional warfare? Take the salient example of the US ¶ military. Much of the US’s conventional military preeminence stems¶ from its effective exploitation of

advanced technology, in particular ¶ networks and information systems . However, the US dependence on ¶ computers and networks in both the military and civilian sectors,

¶ together with the US military’s conventional dominance, paradoxically

¶ make it an inviting and vulnerable target for cyberattack.

¶ US military dependence on computers, information operations, and ¶ cyberspace – not only classified networks for network-centric warfare ¶ but also unclassified military and civilian networks for precisely ¶ coordinated logistics – could be exploited in a counter-force ¶ cyberattack by conventionally inferior adversaries .16 Meanwhile, a cyberattack could be launched against US critical civilian infrastructure ¶ in a manner that completely bypasses military defenses. Widespread ¶ vulnerabilities to distributed denial-of-service

( DDoS) attacks, network¶ intrusions, viruses and malware

suggest that CNA may be particularly ¶ useful for fomenting crises, including environmental disasters and ¶ large-scale power outages .17

The US military’s growing dependence on

¶ commercial off-the-shelf products , many of which are made overseas, ¶ and the growing number of operational control systems (e.g., SCADA ¶

(Supervisory Control and Data Acquisition systems) and ICS (Industrial ¶ Control Systems)) that are connected to an IP (Internet Provider) ¶ network have made both military and civilian infrastructure increasingly vulnerable to cyberattack.

18 Supposedly exacerbating US vulnerability is the fact that, unlike most powerful conventional weapons, ¶ many of the basic computers and electronic technologies necessary to ¶ carry out cyberattacks are increasingly affordable for most states.

¶ A second reason why cyberwarfare may function as a ‘great ¶ equalizer’ is that in cyberspace the geographical distance between the

¶ attacker and the target is basically irrelevant . Everything being equal, it ¶ is basically as easy to launch a cyberattack against a geographically ¶ contiguous system or network as one halfway across the world (or in ¶ orbit).19 A state that has invested in developing a sophisticated ¶ cyberwarfare capability may not need to use its limited resources to ¶ build a (more) expensive physical weapons platform such as an aircraft ¶ carrier in order to ‘project force’ and coerce a distant adversary.20

¶ This fact reduces the significance of the ‘guns vs. butter’ trade-off by

¶ lowering the costs of developing a force projection capability.

¶ Furthermore, Cyberattacks may allow the attacking state to project force ¶ without placing conventional forces in harm’s way

or reducing ¶ homeland defenses to deploy units to a distant theater, thereby ¶ (potentially) further lowering the expected costs of an attack.

E

SCALATION OF CONFLICT IS INEVITABLE WITHOUT SPEEDY

OCO

S MAKING PRE

-

EMPTIVE ATTACKS

–

PLAN

KILLS THEIR EFFECTIVENESS .

Gjetlen 13 (Tom Gjelten is a correspondent for NPR., January / February, “First Strike: US Cyber Warriors Seize the Offensive”, http://www.worldaffairsjournal.org/article/first-strike-us-cyber-warriors-seize-offensive)

In the aftermath of the Stuxnet

revelations, discussions about cyber war became more realistic and less theoretical.

Here was a cyberweapon

that had been designed and used for the same purpose and with the same effect as a kinetic weapon

: like a missile or a bomb, it caused physical destruction.

Security experts had been warning that a US adversary could use a cyberweapon to destroy power plants, water treatment facilities, or other critical infrastructure assets here in the United States, but the Stuxnet story showed how the American military itself could use an offensive cyberweapon against an enemy.

The advantages of such a strike were obvious. A cyberweapon could take down computer networks and even destroy physical equipment without the civilian casualties that a bombing mission would entail.

Used preemptively , it could keep a conflict from evolving in a more lethal direction.

The targeted country would have a hard time determining where the cyber attack came from. In fact, the news that the United States had actually developed and used an offensive cyberweapon gave new significance to hints US officials had quietly dropped on previous occasions

about the enticing potential of such tools. In remarks at the Brookings Institution in April 2009, for example, the then Air Force chief of staff, General

Norton

Schwartz, suggested that cyberweapons could be used to attack an enemy’s air defense system

. “Traditionally,”

Schwartz said, “ we take down integrated air defenses via kinetic means. But if it were possible to interrupt radar systems or surface to air missile systems via cyber

, that would be another very powerful tool in the tool kit allowing us to accomplish air missions.”

He added, “We will develop that—have [that]—capability.” A full two years before the Pentagon rolled out its “defensive” cyber strategy, Schwartz was clearly suggesting an offensive application. The Pentagon’s reluctance in 2011 to be more transparent about its interest in offensive cyber capabilities may simply have reflected sensitivity to an ongoing dispute within the Obama administration. Howard Schmidt, the White House Cybersecurity Coordinator at the time the Department of Defense strategy was released, was steadfastly opposed to any use of the term “cyber war” and had no patience for those who seemed eager to get into such a conflict. But his was a losing battle.



Pentagon planners had already classified cyberspace officially as a fifth “domain” of warfare, alongside land, air, sea, and space. As the 2011 cyber strategy noted, that designation

“allows DoD to organize, train, and equip for cyberspace as we do in air, land, maritime, and space to support national security interests.

” That statement by itself contradicted any notion that the Pentagon’s interest in cyber was mainly defensive.

Once the US military accepts the challenge to fight in a new domain, it aims for superiority in that domain over all its rivals, in both offensive and defensive realms.

Cyber is no exception. The US Air Force budget request for 2013 included $4 billion in proposed spending to achieve

“cyberspace superiority

,” according to Air Force Secretary Michael Donley.

It is hard to imagine the US military settling for any less

, given the importance of electronic assets in its capabilities . Even small unit commanders go into combat equipped with laptops and video links. “We’re no longer just hurling mass and energy at our opponents in warfare,” says John Arquilla, professor of defense analysis at the Naval Postgraduate School. “Now we’re using information, and the more you have, the less of the older kind of weapons you need.” Access to data networks has given warfighters a huge advantage in intelligence, communication, and coordination. But their dependence on those networks also creates vulnerabilities, particularly when engaged with an enemy that has cyber capabilities of his own. “

Our adversaries are probing every possible entry point into the network

, looking for that one possible weak spot,”

said General William Shelton, head of the Air Force

Space Command, speaking at a CyberFutures Conference in 2012. “ If we don’t do this right, these new data links could become one of those spots.”

Achieving “cyber superiority

” in a twenty-first-century battle space is analogous to the establishment of air superiority in a traditional bombing campaign

. Before strike missions begin against a set of targets, air commanders want to be sure the enemy’s air defense system has been suppressed.

Radar sites, antiaircraft missile batteries, enemy aircraft, and command-and-control facilities need to be destroyed before other targets are hit. Similarly, w hen an information-dependent combat operation is planned against an opposing military, the operational commanders may first want to attack the enemy’s computer systems

to defeat his ability to penetrate and disrupt the US military’s information and communication networks.

Indeed, operations like this have already been carried out

. A former ground commander in Afghanistan, Marine Lieutenant General Richard Mills, has acknowledged using cyber attacks against his opponent while directing international forces in southwest Afghanistan in 2010.

“I was able to use my cyber operations against my adversary with great impact,”

Mills said, in comments before a military conference in August 2012. “

I was able to get inside his nets

, infect his command-and-control, and

in fact defend myself against his almost constant incursions to get inside my wire, to affect my operations.

” Mills was describing offensive cyber actions.

This is cyber war,

waged on a relatively small scale and at the tactical level, but cyber war nonetheless. And, as DARPA’s Plan X reveals, the

US military is currently engaged in much larger scale cyber war planning

. DARPA managers want contractors to come up with ideas for mapping the digital battlefield so that commanders could know where and how an enemy has arrayed his computer networks, much as they are now able to map the location of enemy tanks, ships, and aircraft.

Such visualizations would enable cyber war commanders to identify the computer targets they want to destroy and then assess the “battle damage” afterwards

. Plan X would also support the development of new cyber war architecture. The DARPA managers envision operating systems and platforms with “mission scripts” built in, so that a cyber attack, once initiated, can proceed on its own in a manner “similar to the auto-pilot function in modern aircraft.”

None of this technology exists yet, but neither did the Internet or GPS when DARPA researchers first dreamed of it.

A U.S.-S

INO CYBER CONFLICT WOULD BE CATASTROPHIC





That said

, the ambiguities that characterize cyberspace do not argue against exploring how deeper theories of deterrence

, which transcend nuclear weapons, could be applied in some conditions

—perhaps to Sino U.S. cyber war

. Most classes of cyber attackers—for example, nonstate actors and rogue states with little to lose—probably cannot be deterred by the threat of cyber retaliation. The source of lesser attacks and identity of the attackers may be difficult to determine. Consequences may be more annoying than devastating. Network defense may be adequate to contain if not prevent such attacks, reducing the importance of a threat of retaliation. Thus, deterrence is neither assured nor essential for most network attacks and attackers. Yet the fact that deterrence does not apply against every network threat does not mean it does not apply to any

.

Even if adequate network protection is possible against most attackers

, it might not be against all.

Even if many network attackers are themselves not vitally dependent on data

networking and thus unlikely to be bothered by the threat of retaliation, some might be

.

For our purposes , cyber deterrence need not apply generally: it need only apply to Sino-U.S. cyber war. Beyond simple logic that some cases may not prove all cases,

two factors suggest that deterrence might work under some conditions.

First

, states that pose the largest and most damaging network threats, for which defense is least promising, may themselves be dependent on networks and thus susceptible to threats of retaliation

. Second, those posing such threats are unlikely to carry them out except in a crisis or conflict, which could help identify the attacker

Generally speaking, deterrence is indicated when five conditions are satisfied:

25 ■ adequate defense is infeasible or unaffordable

■ the scale of expected harm makes it important to prevent attack

■ means of powerful retaliation exist

■ the enemy has more to lose from retaliation than to


M C D ONALD TSDC C HINA gain from attacking

■ the attacker is identifiable enough to support a credible threat of retaliation.

The first two conditions make deterrence necessary; the third, fourth, and fifth make it possible. This study finds that these conditions fit the case of Sino-American cyber war, albeit with important qualifications. The first two conditions have already been addressed.

If large-scale and sustained attacks were made against strategic networks on which the United States relies

—for example, those that enable financial transactions, powergrid management, telecommunications, transportation, national intelligence, or military operations— defenses are unlikely to be adequate to prevent large and lasting harm.

This does not mean that efforts to defend against major network attacks are pointless

; indeed, even an imperfect defense is more important against infrequent major attacks than frequent minor ones. Better defended U.S. networks may increase the adversary’s costs and difficulties and reduce its prospective gains from attack. However, for at least the days and weeks following a major attack, network defense alone cannot be counted on to avoid serious national damage. The third condition—means of powerful retaliation—has also been addressed.

The United States has the means to retaliate strongly for a Chinese attack, regardless of the scale of the attack and damage done

(because there is essentially no counterforce). The same could be said for Chinese retaliation for a U.S. cyberstrike.

The United States and China have ways to communicate a credible threat of retaliation, which is as much a matter of will and intent as it is of capabilities.

The fourth condition— the attacker’s vulnerability in cyberspace

— has also been addressed, at least where China and the

United States are concerned

.

Vital functions of each

, as well as their economic stability, could be badly if temporarily disrupted, with lasting effects

. In the Chinese case, this danger is compounded by uncertainty about how segments of the population would respond to the crisis to their material conditions and future. These dangers would be weighed against expected gains from launching a cyber attack or expected harm that might come from not doing so. The stakes for the United

States could be high—for example, the loss of some forces (aircraft carriers) and failure to prevent China from forcibly gaining control of Taiwan. For China, the stakes could be even higher— a crushing defeat by the United States, failure to reunify the country, and a setback in China’s quest to become a great power. For these reasons, cyber deterrence might not work. Yet the fact that one cannot be certain that the threat of retaliation will prevent cyber attack does not argue against a cyber deterrence strategy.

C

YBER DETERRENCE CAPABILITIES ARE CRITICAL TO AVOID CYBER WARFARE

Kramer et. al 12

(Franklin D. Kramer is a distinguished research fellow in the Center for Technology and National Security Policy at the National Defense University. He served as the assistant secretary of defense for international security affairs from 1996 to 2001. Stuart H. Starr is also a distinguished research fellow in the Center for Technology and National Security Policy at the National Defense University. He concurrently serves as the president o f the Barcroft Research Institute. Larry Wentz is a senior research fellow in the Center for Technology and National Security Policy at the National Defense University., “Cyberpower and National Security”, p. 318)

No cyber deterrence strategy can hope to be airtight to prevent all minor attacks

.

However, a strategy can increase the chances that major cyber attacks can be prevented; this could protect the U nited

S tates and its allies not only from a single major attack but also from serial cyber aggressions and resulting damage

.

A worthwhile goal of a cyber deterrence strategy would be to transform medium-sized attacks into low-probability events

and to provide practically 100 percent deterrence of major attacks.

A cyber deterrence strategy could contribute to other key defense activities and goals

, including assurance of allies, dissuasion, and readiness to defeat adversaries in the event of actual combat . The goal of dissuading adversaries is crucially important. Thus far, the U nited

S tates has not been noticeably forceful in stating its intentions to deter major cyber attacks and,

if necessary, to respond to them with decisive force employing multiple instruments of power . Meanwhile, several countries and terrorist groups are reportedly developing cyber attack capabilities

.

Dissuasion of such activities is not an easy task

: it requires investment in technical capabilities as well as building an internal consensus to employ these capabilities.

If some of these actors can be dissuaded from entering into cyber competition with the

United States and its allies , the dangers of actual cyber aggression will diminish.

How would a cyber deterrence strategy operate

, and how can its potential effectiveness be judged?

Deterrence depends on the capacity of the

U nited

S tates to project an image of resolve, willpower, and capability in sufficient strength to convince a potential adversary to refrain from activities that threaten U.S.

and allied interests

. As recent experience shows, deterrence can be especially difficult in the face of adversaries who are inclined to challenge the United States and otherwise take dangerous risks

. In cases of failure, deterrence might well have been sound in theory but not carried out effectively enough to work.

The aggressions of

Saddam

Hussein

, Slobodan

Milosevic

, and al Qaeda might not have been carried out had these actors been convinced that the United States would respond with massive military force

.

These aggressions resulted because of a failure to communicate U.S. willpower and resolve

, not because the attackers were wholly oblivious to any sense of restraint or self-preservation, nor because the logic of deterrence had lost its



C

YBER DETERRENCE IS NECESSARY ON ALL FRONTS

–

A

3 RD

PARTY CAN INSTIGATE THE CONFLICT

.

T

HIS IS A

TINDERBOX WAITING TO BE LIT

.

Owens et al 9

(William A. Owens, as an Admiral in the United States Navy and later Vice Chairman of the Joint Chiefs of Staff, **Kenneth W. Dam, served as Deputy Secretary of the Treasury from 2001 to 2003, where he specialized in international economic development, **Herbert S. Lin, Senior Scientist and Study, “Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities” 4/27/2009, http://www.lawfareblog.com/wp-content/uploads/2013/01/NRC-Report.pdf)

Catalytic conflict refers to the phenomenon in which a third party ¶ instigates conflict between two other parties.

These parties could be ¶ nation-states or subnational groups, such as terrorist groups. The canonical scenario is one in which the instigator attacks either Zendia or Ruritania in such a way that Zendia attributes the attack to Ruritania, or vice ¶ versa. To increase confidence in the success of initiating a catalytic war, ¶ the instigator might attack both parties , seeking to fool each party into ¶ thinking that the other party was responsible . ¶ As also noted in

Section 2.4.2, high-confidence attribution of a cyberattack under all circumstances is arguably very problematic, and an instigator would find it by comparison very easy to deceive each party about ¶ the attacker’s identity.

Thus, a catalytic attack could be very plausibly ¶ executed . In addition, if a state of tension already exists between the ¶ United States and Zendia, both U.S. and Zendian leaders will be predisposed toward thinking the worst about each other —and thus may be

¶ less likely to exercise due diligence in carefully attributing a cyberattack.

¶ A Ruritanian might thus choose just such a time to conduct a catalytic ¶ cyberattack.

T

HE DEBATES OVER THE PLAN ALONE WEAKEN THE EXECUTIVE

–

KILLS RESOLVE

,

COLLAPSES THE ECONOMY

,

SPURS AGGRESSION

Posner and Vermeule, 10

(Eric Posner, professor of law at the University of Chicago, and Adrian Vermeula, professor of law at Harvard, The Executive Unbound, p. 60)

In this way, measures urged by the executive to cope with a crisis of unclear magnitude acquired a kind of self-created momentum.

Rejection of those measures would themselves create a political crisis that might, in turn, reduce confidence and thus trigger or exacerbate the underlying financial crisis . A similar process occurred in the debates over the AUMF and the Patriot Act, where proponents of the bills urged that their rejection would send terrorist groups a devastating signal about American political willpower and unity, thereby encouraging more attacks . These political dynamics , in short, create a self-fulfilling crisis of authority that puts legislative institutions under tremendous pressure to accede to executive demands, at least where a crisis is even plausibly alleged.

Critics of executive power contend that the executive exploits its focal role during crises in order to bully and manipulate Congress , defeating Madisonian deliberation when it is most needed. On an alternative account, the legislature rationally submits to executive leadership because a crisis can be addressed only by a leader . Enemies are emboldened by institutional conflict or a divided government; financial markets are spooked by it . A government riven by i nternal conflict will produce policy that varies as political coalitions rise and fall. Inconsistent policies can be exploited by enemies, and they generate uncertainty at a time that financial markets are especially sensitive to agents’ predictions of future government action. It is a peculiar feature of the 2008 financial crises that a damaged president could not fulfill the necessary leadership role, but that role quickly devolved to the Treasury secretary and Fed chair who, acting in tandem, did not once express disagreement publicly.

C URRENT DEFENSES NEED ACCESS TO MONITOR OVERSEAS COMPUTERS TO EFFECTIVELY PROTECT THE US

FROM LARGE

-

SCALE CYBER ATTACKS

.

CSM 11 (3/7, Mark Clayton, Christian Science Monitor, “The new cyber arms race,” www.csmonitor.com/USA/Military/2011/0307/The-new-cyber-arms-race)

ARLINGTON, VA.; AND IDAHO FALLS, IDAHO — Deep inside a glass-and-concrete office building in suburban Washington , Sean

McGurk grasps the handle of a vault door, clicks in a secret entry code, and swings the steel slab open. Stepping over the raised lip of a submarinelike bulkhead, he enters a room bristling with some of the most sophisticated technology in the United States.

¶ Banks of computers , hard drives humming on desktops, are tied into an electronic filtering system that monitors billions of bits of information flowing into dozens of federal agencies each second . At any given moment, an analyst can pop up information on a wall of five massive television screens that almost makes this feel like Cowboys Stadium in

Arlington, Texas, rather than a bland office building in Arlington, Va.

¶ The overriding purpose of all of it: to help prevent what could lead to the next world war .

¶ Specifically, the "Einstein II" system, as it is called, is intended to detect a large cyberattack against the US.

The first signs of such an "electronic Pearl Harbor" might include a power failure across a vast portion of the nation's electric grid . It might be the crash of a vital military computer network . It could be a sudden poison gas release at a chemical plant or an explosion at an oil refinery. Whatever it is, the scores of analysts staffing this new multimillion-dollar "watch and warn" center would, presumably, be able to see it and respond, says

Mr. McGurk, the facility director. The National Cybersecurity and Communications Integration Center (NCCIC, pronounced en-kick) is one of the crown jewels of the Department of Homeland Security (DHS). It is linked to four other key watch centers run by the FBI, the

Department of Defense (DOD), and the National Security Agency (NSA) that monitor military and overseas computer networks .

¶ They are monuments to what is rapidly becoming a new global arms race. In the future , wars will not just be fought by soldiers with guns or with planes that drop bombs. They will also be fought with the click of a mouse a half a world away that unleashes carefully weaponized computer programs that disrupt or destroy critical industries like utilities,


M C D ONALD TSDC C HINA transportation, communications, and energy. Such attacks could also disable military networks that control the movement of troops, the path of jet fighters, the command and control of warships.

¶ "The next time we want to go to war, maybe we wouldn't even need to bomb a country," says Liam

O'Murchu, manager of operations for Symantec Security Response, a Mountain View, Calif., computer security firm. "We could just, you know, turn off its power." ¶ In this detached new warfare, soldiers wouldn't be killing other soldiers on the field of battle. But it doesn't mean there might not be casualties. Knocking out the power alone in a large section of the US could sow chaos.

What if there were no heat in New England in January? No refrigeration for food? The leak of a radiation plume or chemical gas in an urban area? A sudden malfunction of the stock market? A disrupted air traffic control system?

W

ILL AND INTENT TO USE CYBER OPS CAN SOLVE A CHINA WAR


(David C. Gompert, Office of the Director of National Intelligence, and Phillip C. Saunders, Center for Strategic Research Director, Center for Study of Chinese

Military Affairs, “The Paradox of Power Sino-American Strategic Restraint in an Age of Vulnerability”, http://www.ndu.edu/inss/docuploaded/Paradox%20of%20Power.pdf)

That said

, the ambiguities that characterize cyberspace do not argue against exploring how deeper theories of deterrence

, which transcend nuclear weapons, could be applied in some conditions

—perhaps to Sino U.S. cyber war

. Most classes of cyber attackers—for example, nonstate actors and rogue states with little to lose—probably cannot be deterred by the threat of cyber retaliation. The source of lesser attacks and identity of the attackers may be difficult to determine. Consequences may be more annoying than devastating. Network defense may be adequate to contain if not prevent such attacks, reducing the importance of a threat of retaliation. Thus, deterrence is neither assured nor essential for most network attacks and attackers. Yet the fact that deterrence does not apply against every network threat does not mean it does not apply to any

.

Even if adequate network protection is possible against most attackers

, it might not be against all.

Even if many network attackers are themselves not vitally dependent on data

networking and thus unlikely to be bothered by the threat of retaliation, some might be

.

For our purposes , cyber deterrence need not apply generally: it need only apply to Sino-U.S. cyber war. Beyond simple logic that some cases may not prove all cases,

two factors suggest that deterrence might work under some conditions.

First

, states that pose the largest and most damaging network threats, for which defense is least promising, may themselves be dependent on networks and thus susceptible to threats of retaliation

. Second, those posing such threats are unlikely to carry them out except in a crisis or conflict, which could help identify the attacker

Generally speaking, deterrence is indicated when five conditions are satisfied:

25 ■ adequate defense is infeasible or unaffordable

■ the scale of expected harm makes it important to prevent attack

■ means of powerful retaliation exist

■ the enemy has more to lose from retaliation than to gain from attacking

■ the attacker is identifiable enough to support a credible threat of retaliation.

The first two conditions make deterrence necessary; the third, fourth, and fifth make it possible. This study finds that these conditions fit the case of Sino-American cyber war, albeit with important qualifications. The first two conditions have already been addressed.

If large-scale and sustained attacks were made against strategic networks on which the

United States relies

—for example, those that enable financial transactions, powergrid management, telecommunications, transportation, national intelligence, or military operations— defenses are unlikely to be adequate to prevent large and lasting harm.

This does not mean that efforts to defend against major network attacks are pointless

; indeed, even an imperfect defense is more important against infrequent major attacks than frequent minor ones.

Better defended U.S. networks may increase the adversary’s costs and difficulties and reduce its prospective gains from attack. However, for at least the days and weeks following a major attack, network defense alone cannot be counted on to avoid serious national damage. The third condition—means of powerful retaliation—has also been addressed.

The United

States has the means to retaliate strongly for a Chinese attack, regardless of the scale of the attack and damage done

(because there is essentially no counterforce). The same could be said for Chinese retaliation for a U.S. cyberstrike.

The United States and China have ways to communicate a credible threat of retaliation, which is as much a matter of will and intent as it is of capabilities.

The fourth condition— the attacker’s vulnerability in cyberspace

— has also been addressed, at least where China and the United States are concerned

.

Vital functions of each

, as well as their economic stability, could be badly if temporarily disrupted, with lasting effects

.

In the Chinese case, this danger is compounded by uncertainty about how segments of the population would respond to the crisis to their material conditions and future. These dangers would be weighed against expected gains from launching a cyber attack or expected harm that might come from not doing so. The stakes for the United States could be high—for example, the loss of some forces (aircraft carriers) and failure to prevent China from forcibly gaining control of Taiwan. For China, the stakes could be even higher—a crushing defeat by the United States, failure to reunify the country, and a setback in China’s quest to become a great power. For these reasons, cyber deterrence might not work. Yet the fact that one cannot be certain that the threat of retaliation will prevent cyber attack does not argue against a cyber deterrence strategy.

P RE EMPTIVE CYBER STRIKES ON C HINA IS INEVITABLE NOW

—

MUST CONSTRAIN THE POWERS TO PREVENT


M C D ONALD

IT FROM HAPPENING

TSDC C HINA

Sanger and Shanker, 13

(David E Sanger and Thom Shanker, reporters for the New York Times, "Broad Powers Seen for Obama in Cyberstrikes", Feb 3, www.nytimes.com/2013/02/04/us/broad-powers-seen-for-obama-in-cyberstrikes.html?pagewanted=all&_r=0)

Cyberweaponry is the newest and perhaps most complex arms race under way. The Pentagon has created a new Cyber Command, and computer network warfare is one of the few parts of the military budget that is expected to grow . Officials said that the new cyberpolicies had been guided by a decade of evolution in counterterrorism policy, particularly on the division of authority between the military and the intelligence agencies in deploying cyberweapons. Officials spoke on condition of anonymity because they were not authorized to talk on the record.

¶ Under current rules, the military can openly carry out counterterrorism missions in nations where the United States operates under the rules of war, like Afghanistan. But the intelligence agencies have the authority to carry out clandestine drone strikes and commando raids in places like Pakistan and Yemen, which are not declared war zones. The results have provoked wide protests.

¶ Mr.

Obama is known to have approved the use of cyberweapons only once, early in his presidency, when he ordered an escalating series of cyberattacks against Iran’s nuclear enrichment facilities. The operation was code-named Olympic Games, and while it began inside the Pentagon under President George W. Bush, it was quickly taken over by the National Security Agency, the largest of the intelligence agencies, under the president’s authority to conduct covert action.

¶ As the process of defining the rules of engagement began more than a year ago, one senior administration official emphasized that the United States had restrained its use of cyberweapons.

“ There are levels of cyberwarfare that are far more aggressive than anything that has been used or recommended to be done,” the official said. ¶ The attacks on Iran illustrated that a nation’s infrastructure can be destroyed without bombing it or sending in saboteurs.

¶

While many potential targets are military, a country’s power grids, financial systems and communications networks can also be crippled

. Even more complex, nonstate actors, like terrorists or criminal groups, can mount attacks, and it is often difficult to tell who is responsible. Some critics have said the cyberthreat is being exaggerated by contractors and consultants who see billions in potential earnings.

¶ One senior American official said that officials quickly determined that the cyberweapons were so powerful that — like nuclear weapons— they should be unleashed only on the direct orders of the commander in chief. ¶ A possible exception would be in cases of narrowly targeted tactical strikes by the military, like turning off an air defense system during a conventional strike against an adversary.

¶ “There are very, very few instances in cyberoperations in which the decision will be made at a level below the president,” the official said. That means the administration has ruled out the use of “automatic” retaliation if a cyberattack on America’s infrastructure is detected, even if the virus is traveling at network speeds.

¶

While the rules have been in development for more than two years, they are coming out at a time of greatly increased cyberattacks on American companies and critical infrastructure. The Department of Homeland Security recently announced that an American power station, which it did not name, was crippled for weeks by cyberattacks.The New York Times reported last week that it had been struck for more than four months, by a cyberattack emanating from China. The Wall Street

Journal and The Washington Post have reported similar attacks on their systems.

¶ “While this is all described in neutral terms — what are we going to do about cyberattacks — the underlying question is, ‘What are we going to do about China?’ ”

said Richard Falkenrath, a senior fellow at the Council on

Foreign Relations. “There’s a lot of signaling going on between the two countries on this subject.”

¶ International law allows any nation to defend itself from threats, and the United States has applied that concept to conduct pre-emptive attacks.



I

MPACT

E

XT

C HINA



I MPACT -

E CON

C HINA

C

YBER THREAT COULD COLLAPSE THE FINANCIAL SYSTEM

Holmes 2013

[Kim R., former assistance secretary of state and distinguished fellow at the Heritage Foundation. Washington Times, April 17, 2013. http://www.washingtontimes.com/news/2013/apr/17/holmes-staying-one-step-ahead-of-cyberattacks/]{MEM}

The threats to America’s cybersecurity are serious and growing

. They range from private hackers of individuals to state-sponsored cyberattacks on companies and government agencies and networks. Cyberthreats endanger the entire American financial and security system, including the flow of money in banks and the electrical grid. The federal government already has experienced at least 65 cybersecurity breaches and failures.

C

OLLAPSES

US

ECONOMIC GROWTH

–

MAJOR ATTACK ON INFRASTRUCTURE

Opderbeck 2012

[David W., Professor of Law at Seton Hall University Law School. “Cybersecurity and Executive Power,” Washington University Law Review, 89 Wash. U.

L. Rev. 795]{MEM}

In fact, cyberspace was in many ways the front line of the Egyptian revolution. Although Mubarak apparently lacked the support among the Egyptian military for sustained attacks on civilians, he waged a desperate last-gasp battle to shut down access to the Internet so that organizers could not effectively communicate with each other, the public, or the outside world. n5 ¶ Could a similar battle over cyberspace be waged in developed democracies, such as the United States? Policymakers in the West are justifiably concerned about cyberattacks, cyberterrorism, and the possibility of cyberwar . The raging question is whether a democratic state governed by constitutional principles and committed to free speech and private property rights can promote cybersecurity without destroying the

Internet's unique capacity to foster civil liberties.

¶ Cyberspace is as vulnerable as it is vital. The threat is real . President Obama recently declared that "cyber threat is one of the most serious economic and national security challenges we face as a nation" and that

"America's economic prosperity in the 21st century will depend on cybersecurity ." n6 Cybersecurity has been described as "a major national security problem for the United States." n7 Private and public cyber-infrastructure in the United States falls under nearly constant attack, often from shadowy sources connected to terrorist groups, organized crime syndicates, or foreign governments. n8 These attacks bear the potential to disrupt not only e-mail and other online communications networks , but also the national energy grid, military-defense ground and satellite facilities , transportation systems, financial markets, and other essential [*798] facilities . n9 In short, a substantial cyberattack could take down the nation's entire security and economic infrastructure. n10 ¶ U.S. policymakers are justifiably concerned by this threat.

Existing

U.S. law is not equipped to handle the problem . The United States currently relies on a patchwork of laws and regulations designed primarily to address the "computer crime" of a decade ago, as well as controversial antiterrorism legislation passed after the September 11 attacks, and some general (and equally controversial) principles of executive power in times of emergency.

E

CONOMIC COLLAPSE TRIGGERS NUCLEAR GREAT POWER WARS

Burrows and Harris 9

(Mathew J. Burrows, National Intelligence Council (NIC), Jennifer Harris “Revisiting the Future: Geopolitical Effects of the Financial Crisis”, The

Washington Quarterly, April 2009,http://www.ciaonet.org/journals/twq/v32i2/f_0016178_13952.pdf)

Increased Potential for Global Conflict Of course, the report encompasses more than economics and indeed believes the future is likely to be the result of a number of intersecting and interlocking forces. With so many possible permutations of outcomes, each with ample opportunity for unintended consequences, there is a growing sense of insecurity. Even so, history may be more instructive than ever. While we continue to believe that the Great Depression is not likely to be repeated, the lessons to bedrawn from that period include the harmful effects on fledgling democracies andmultiethnic societies (think Central

Europe in 1920s and 1930s) and onthe sustainability ofmultilateral institutions (think League of Nationsin thesame period). There is no reason to think that this would not be true in the twenty-first as much as in the twentieth century. For that reason, the ways in which the potential for greater conflict could grow would seem to be even more apt in a constantly volatile economic environment as they would be if change would be steadier. In surveying those risks, the report stressed the likelihood that terrorism and nonproliferation will remain priorities even as resource issues move up on the international agenda.

Terrorism’s appeal will decline if economic growth continues in the Middle East and youth unemployment is reduced

. For those terrorist groups that remain active in 2025, however, the diffusion oftechnologies and scientific knowledge will place some of the world’s mostdangerous capabilities within their reach .

Terrorist groups in 2025 will likely be a combination of descendants of long established groups inheriting organizational structures, command and control processes, and training procedures necessary to conduct sophisticated attack and newly emergentcollections of the angry and disenfranchised that become self-radicalized,particularly in the absence of economic outlets that would become narrowerin an economic downturn. The most dangerous casualty of any economically-induced drawdown of U.S. military presence would almost certainly be the Middle East. Although Iran’s acquisition of nuclear weapons is not inevitable, worries about a nuclear-armed Iran could lead states in the region to develop new security arrangements with external powers, acquire additional weapons, and consider pursuing their own nuclear ambitions. It is not clear that the type of stable deterrent relationship that existed between the great powers for most of the Cold War would emerge naturally in the Middle East with a nuclear Iran. Episodes of low intensity conflict and


M C D ONALD TSDC C HINA terrorism taking place under a nuclear umbrella could lead to an unintended escalation and broader conflict if clear red lines between those states involved are not well established. The close proximity of potential nuclear rivals combined with underdeveloped surveillance capabilities and mobile dual-capable

Iranian missile systems also will produce inherent difficulties in achieving reliable indications and warning of an impending nuclear attack

.

Thelack of strategic depth in neighboring states like Israel, short warning and missileflight times, and uncertainty of Iranian intentions may place more focus onpreemption rather than defense, potentially leading to escalating crises. Types of conflict that the world continuesto experience, such as over resources, could reemerge, particularly if protectionism grows and there is a resort to neo-mercantilist practices. Perceptions of renewed energy scarcity will drive countries to take actions to assure their future access to energy supplies.

In the worst case, this could result in interstate conflicts if governmentleaders deem assured access to energy resources , for example, to be essential for maintaining domestic stability and the survival oftheir regime. Even actions short of war, however, will have important geopoliticalimplications. Maritime security concerns are providing a rationale for navalbuildups and modernization efforts, such as China’s and India’s development of blue water naval capabilities. If the fiscal stimulus focus for these countries indeed turns inward, one of the most obvious funding targets may be military. Buildup ofregional naval capabilities could lead to increased tensions, rivalries, andcounterbalancing moves , but it also will create opportunities for multinational cooperation in protecting critical sea lanes. With water also becoming scarcer inAsia and the

Middle East, cooperation to manage changing water resources is likely to be increasingly difficult both within and between states in amoredog-eat-dog world .

What Kind of World will 2025 Be? Perhaps more than lessons, history loves patterns. Despite widespread changes in the world today, there is little to suggest that the future will not resemble the past in several respects. The report asserts that, under most scenarios, the trendtoward greater diffusion of authority and power that has been ongoing for acouple of decades is likely to accelerate because of the emergence of new globalplayers, the worsening institutional deficit, potential growth in regional blocs , and enhanced strength of non-state actors and networks. The multiplicity of actors on the international scene could either strengthen the international system, by filling gaps left by aging post-World War II institutions, or could further fragment it and incapacitate international cooperation. The diversity in both type and kind of actor raises the likelihood of fragmentation occurring over the next two decades, particularly given the wide array of transnational challenges facing the international community. Because of their growing geopolitical and economic clout, the rising powers will enjoy a high degree of freedom to customize their political and economic policies rather than fully adopting Western norms. They are also likely to cherish their policy freedom to maneuver, allowing others to carry the primary burden for dealing with terrorism, climate change, proliferation, energy security, and other system maintenance issues. Existing multilateral institutions, designed for a different geopolitical order, appear too rigid and cumbersome to undertake new missions, accommodate changing memberships, and augment their resources. Nongovernmental organizations and philanthropic foundations, concentrating on specific issues, increasingly will populate the landscape but are unlikely to affect change in the absence of concerted efforts by multilateral institutions or governments. Efforts at greater inclusiveness, to reflect the emergence of the newer powers, may make it harder for international organizations to tackle transnational challenges. Respect for the dissenting views of member nations will continue to shape the agenda of organizations and limit the kinds of solutions that can be attempted. An ongoing financial crisis and prolonged recession would tilt the scales even further in the direction of a fragmented and dysfunctional international system with a heightened risk of conflict. The report concluded that the rising BRIC powers (Brazil, Russia, India, and

China) seem averse to challenging the international system, as Germany and Japan did in the nineteenth and twentiethcenturies, but this of course could change if their widespread hopes for greater prosperity become frustrated and the current benefits they derive from a globalizing world turn negative.



I MPACT -D EMOCRACY

C HINA

C

HINESE CYBER ESPIONAGE ALLOWS FOR AN EMPOWERMENT OF AUTHORITARIAN REGIMES

–

DAMAGES

DEMOCRACY PROMOTION

Naím 2015

[Moisés, contributing editor at The Atlantic and a distinguished fellow in the International Economics Program at the Carnegie Endowment for International

Peace. “Why Cyber War Is Dangerous for Democracies” The Atlantic, June 25, 2015. http://www.theatlantic.com/international/archive/2015/06/hackers-cyberchina-russia/396812/]{MEM}

Still, in this respect, the United States and other technologically advanced democracies can’t be placed in the same category as Russia, China, or North Korea

. In the U.S. political system , despite all its imperfections, there is still a strong separation of powers, functioning checks and balances, an active and independent media, and a legal system designed to ensure that government officials who break the law are held accountable and don’t enjoy the impunity their colleagues in Moscow and Beijing do.

U.S.-based criminal networks don’t operate internationally knowing that they can rely on the protection of friends and accomplices at the highest levels of government.

¶ In other words, while it is important that democracies not spy on their citizens, it is

as important that democracies have ways to defend themselves and their citizens from the dangerous cyber world that is emerging. This new world is significantly imbalanced in favor of non-democratic nations—not because authoritarian states are more technologically sophisticated than their democratic counterparts, but because they are more institutionally flexible, opaque, unaccountable, and often corrupt.

¶ Last May, for example, the U.S. Justice Department indicted five Chinese military hackers for “computer hacking, economic espionage and other offenses directed at six American victims in the U.S. nuclear power, metals and solar products industries.” The U.S. military is also active in cyberspace and surely trying to breach the cyber defenses of other governments. But in contrast to their rivals in China or Russia, U.S. companies cannot rely on their nation’s spy agencies to steal the commercial secrets of foreign competitors.

¶ The 9/11 attacks popularized a concept that until then was mostly found in reports by war planners or in academic texts on geopolitics: asymmetric warfare. It’s the kind of conflict in which one side has far less power and resources than the other, but still manages to score important victories and may even win the war. Al-Qaeda was far weaker than the United

States, but by using disruptive tactics and unconventional tools (suicide bombers, box cutters, and jetliners) succeeded in inflicting great damage on its enemy.

¶ The increasingly fierce barrage of cyber attacks originating from non-democracies against the governments of democratic nations and their private firms, scientific centers, foundations, and civil-society organizations is a new form of asymmetry for which democratic countries lack effective answers.

It’s yet another sign of this imbalance that Russia and China do not have their own Snowden.

D

EMOCRACY IS KEY TO WORLD STABILITY AND PREVENTS GREAT POWER WARS

Lagon 11

[Mark P. Lagon =Adjunct Senior Fellow for Human Rights at the council for forging relations, “Promoting Democracy: The Whys and Hows for the United States and the International

Community”, February 2011 http://www.cfr.org/democratization/promoting-democracy-whys-hows-united-states-international-community/p24090]

Furthering democracy is often dismissed as moralism distinct from U.S. interests or mere lip service to build support for strategic policies. Yet there are tangible stakes for the

United States and indeed the world in the spread of democracy—namely, greater peace, prosperity, and pluralism.

Controversial means for promoting democracy and frequent mismatches between deeds and words have clouded appreciation of this truth. Democracies often have conflicting priorities, and democracy promotion is not a panacea.

Yet one of the few truly robust findings in international relations is that established democracies never go to war with one another

.

Foreign policy “realists” advocate working with other governments on the basis of interests, irrespective of character, and suggest that this approach best preserves stability in the world. However, durable stability flows from a domestic politics built on consensus and peaceful competition

, which more often than not promotes similar international conduct for governments. There has long been controversy about whether democracy enhances economic development. The dramatic growth of China certainly challenges this notion. Still, history will likely show that democracy yields the most prosperity.

Notwithstanding the global financial turbulence of the past three years, democracy’s elements facilitate long-term economic growth.

These elements include above all freedom of expression and learning to promote innovation, and rule of law to foster predictability for investors and stop corruption from stunting growth.

It is for that reason that the UN Development Programme

(UNDP) and the 2002 UN Financing for Development Conference in Monterey, Mexico, embraced good governance as the enabler of development. These elements have unleashed new emerging powers such as

India and Brazil and raised the quality of life for impoverished peoples

.

Those who argue that economic development will eventually yield political freedoms may be

reversing the order of influences—or at least discounting the reciprocal relationship between political and economic liberalization.

Finally, democracy affords all groups equal access to justice—and equal opportunity to shine as assets in a country’s economy. Democracy’s support for pluralism prevents human assets

— including religious and ethnic minorities, women, and migrants— from being squandered.

Indeed, a shortage of economic opportunities and outlets for grievances has contributed significantly to the ongoing upheaval in the Middle East. Pluralism is also precisely what is needed to stop violent extremism from wreaking havoc on the world.



I MPACT -G REAT P OWER W ARS

C HINA

L

OSS OF MISSION EFFECTIVENESS CAUSES NUCLEAR WAR IN

3

DIFFERENT HOTSPOTS

– K

OREA

,

THE

P

ERSIAN

G

ULF

,

AND

T

AIWAN

.

Kagan and O’Hanlon 7

(Frederick, resident scholar at AEI and Michael, senior fellow in foreign policy at Brookings, “The Case for Larger Ground Forces”, April 2007, http://www.aei.org/files/2007/04/24/20070424_Kagan20070424.pdf)

We live at a time when wars not only rage in nearly every region but threaten to erupt in many places where the current relative calm is tenuous

. To view this as a strategic military challenge for the U nited

S tates is not to espouse a specific theory of America’s role in the world

or a certain political philosophy. Such an assessment flows directly from the basic bipartisan view of American foreign policy makers since World War II that overseas threats must be countered before they can directly threaten this country’s shores

, that the basic stability of the international system is essential to American peace

and prosperity, and that no country besides the U nited

S tates is in a position to lead the way in countering major challenges to the global order

. Let us highlight the threats and their consequences

with a few concrete examples, emphasiz ing those that involve key strategic regions of the world such as the Persian Gulf and East Asia, or

key potential threats to American security, such as the spread of nuclear weapons and the strengthening of the global

Al Qaeda/ jihadist movement

. The Iranian government has rejected a series of international demands to halt its efforts at enriching uranium and submit to international inspections. What will happen if the US—or Israeli—government becomes convinced that Tehran is on the verge of fielding a nuclear weapon? North

Korea

, of course, has already done so, and the ripple effects are beginning to spread . Japan’s recent election to supreme power of a leader who has promised to rewrite that country’s constitution to support increased armed forces—and, possibly, even nuclear weapons— may well alter the delicate balance of fear in Northeast Asia fundamentally and rapidly. Also, in the background, at least for now,

Sino Taiwanese tensions continue to flare, as do tensions between India and Pakistan, Pakistan and Afghanistan, Venezuela and the U nited

S tates, an d so on.

Meanwhile, the world’s nonintervention in Darfur troubles consciences from Europe to America’s Bible Belt to its bastions of liberalism, yet with no serious international forces on offer, the bloodletting will probably, tragically, continue

unabated. And as bad as things are in Iraq today, they could get worse. What would happen if the key Shiite figure, Ali al Sistani, were to die? If another major attack on the scale of the Golden Mosque bombing hit either side (or, perhaps, both sides at the same time)? Such deterioration might convince many Americans that the war there truly was lost—but the costs of reaching such a conclusion would be enormous. Afghanistan is somewhat more stable for the moment, although a major Taliban offensive appears to be in the offing.

Sound US grand strategy must proceed from the recognition that, over the next few years and decades, the world is going to be a very unsettled and quite dangerous place

, with Al Qaeda and its associated groups as a subset of a much larger set of worries.

The only serious response to this international environment is to develop armed forces capable of protecting America’s vital interests throughout this dangerous time. Doing so requires a military capable of a wide range of missions—including not only deterrence of great power conflict in dealing with potential hotspots in Korea

, the

Taiwan

Strait, and the Persian Gulf

but also associated with a variety of Special Forces activities and stabilization operations. For today’s US military, which already excels at high technology and is increasingly focused on re-learning the lost art of counterinsurgency, this is first and foremost a question of finding the resources to field a large-enough standing Army and Marine Corps to handle personnel intensive missions such as the ones now under way in Iraq and Afghanistan. Let us hope there will be no such large-scale missions for a while. But preparing for the possibility, while doing whatever we can at this late hour to relieve the pressure on our soldiers and Marines in ongoing operations, is prudent

. At worst, the only potential downside to a major program to strengthen the military is the possibility of spending a bit too much money.

Recent history shows no link between having a larger military and its overuse

; indeed, Ronald

Reagan’s time in office was characterized by higher defense budgets and yet much less use of the military

, an outcome for which we can hope in the coming years, but hardly guarantee. While the authors disagree between ourselves about proper increases in the size and cost of the military (with O’Hanlon preferring to hold defense to roughly 4 percent of GDP and seeing ground forces increase by a total of perhaps 100,000, and Kagan willing to devote at least 5 percent of GDP to defense as in the Reagan years and increase the Army by at least 250,000), we agree on the need to start expanding ground force capabilities by at least

25,000 a year immediately. Such a measure is not only prudent, it is also badly overdue.

M

ISCALC ALONE CAUSES

E

XTINCTION





Cyber war capabilities can contribute to crisis instability. Cyber attacks have little or no counterforce potential for either side

, in the sense that the attacking side is no less vulnerable to cyber attacks for having conducted them. The advantage in striking first in cyberspace lies not in protecting oneself from retaliatory strikes but in degrading the opponent’s C 4 ISR and operations before one’s own are degraded.

Conversely, exercising restraint with no expectation that the opponent will do likewise could be disadvantageous. In any case, if either side is inclined to use cyber war to degrade the capabilities and performance of the other’s military forces, there is logic in doing so early

.

Because striking early could be advantageous, there is the potential that a cyber attack could be the trigger that turns a confrontation into a conflict. The United States (or China) would likely interpret

Chinese (or American) cyber attack as a prelude to physical attack. An improbable but extremely consequential danger is that an attack by either side on the other’s C4 ISR could be interpreted as intended to obstruct the ability to mobilize strategic nuclear forces

. The separation of tactical and strategic C4 ISR is not a public matter. However, in the confusion of disrupted surveillance and command networks, the possibility cannot be excluded that strategic forces would at least be placed on higher alert, creating a risk of faulty calculation with incalculable results. The Chinese would be imprudent to think that the United



States would respect firebreaks

in cyberspace. Whether it acts preemptively or in retaliation, the United States would have an incentive to attack

Chinese cyberspace broadly rather than narrowly on dedicated and protected Chinese military networks. Not only would this harm China’s economic activity, it could also degrade the ability of the leadership to direct Chinese operations and even to communicate with the population. U.S. attacks could isolate Chinese leadership and sow confusion in the population. Chinese cyber attacks could prompt the United States to retaliate without diminishing U.S. capability to do so. The Chinese have a lot to consider before beginning cyber war. Another feature of cyber warfare may aggravate this crisis instability: the option of subtle attacks

or demonstrations. Before hostilities have begun, it might occur to one side that a mild cyber attack—a nonlethal display of one’s resolve—could warn and deter the other side and demonstrate its vulnerability. Knowing this, the side attacked might well opt to escalate in cyberspace. Even more dangerous is the potential that a cyber attack intended to show resolve could be interpreted as a prelude to general hostilities, thus triggering, instead of deterring, a conflict. It would be a gamble for either side to bet that cyber war could be controlled. Every network, whether military or dual-use, that could support military operations would likely be targeted.

Networks that support intelligence collection and dissemination would be attacked, making both sides less certain about what was happening but by no means more passive in the conflict.

Moreover, one side or the other might consider escalating cyber war to critical networks such as those supporting economic and financial functions, transportation, power, and state control. In sum, the existence of dual-use networks,

the possibility of willful escalation, and the difficulty of controlling viruses, worms, and other infections, regardless of human plans, lead to a conclusion that limiting cyber war to the tactical military level would be hard.

A N ATTACK IS LIKELY CAUSES GREAT POWER NUCLEAR WAR

Fritz 9

Researcher for International Commission on Nuclear Nonproliferation and Disarmament [Jason, researcher for International Commission on Nuclear Nonproliferation and Disarmament, former Army officer and consultant, and has a master of international relations at Bond University, “Hacking Nuclear Command and Control,” July, http://www.icnnd.org/latest/research/Jason_Fritz_Hacking_NC2.pdf)

This paper will analyse the threat of cyber terrorism in regard to nuclear weapons. Specifically, this research will use open source knowledge to identify the structure of nuclear command and control centres, how those structures might be compromised through computer network operations, and how doing so would fit within established cyber terrorists’ capabilities, strategies, and tactics. If access to command and control centres is obtained, terrorists could fake or actually cause one nucleararmed state to attack another , thus provoking a nuclear response from another nuclear power. This may be an easier alternative for terrorist groups than building or acquiring a nuclear weapon or dirty bomb themselves. This would also act as a force equaliser, and provide terrorists with the asymmetric benefits of high speed, removal of geographical distance, and a relatively low cost.

Continuing difficulties in developing computer tracking technologies which could trace the identity of intruders, and difficulties in establishing an internationally agreed upon legal framework to guide responses to computer network operations, point towards an inherent weakness in using computer networks to manage nuclear weaponry. This is particularly relevant to reducing the hair trigger posture of existing nuclear arsenals.

All computers which are connected to the internet are susceptible to infiltration and remote control. Computers which operate on a closed network may also be compromised by various hacker methods, such as privilege escalation, roaming notebooks, wireless access points, embedded exploits in software and hardware, and maintenance entry points. For example, e-mail spoofing targeted at individuals who have access to a closed network, could lead to the installation of a virus on an open network. This virus could then be carelessly transported on removable data storage between the open and closed network. Information found on the internet may also reveal how to access these closed networks directly. Efforts by militaries to place increasing reliance on computer networks , including experimental technology such as autonomous systems, and their desire to have multiple launch options, such as nuclear triad capability, enables multiple entry points for terrorists.

For example, if a terrestrial command centre is impenetrable, perhaps isolating one nuclear armed submarine would prove an easier task. There is evidence to suggest multiple attempts have been made by hackers to compromise the extremely low radio frequency once used by the US Navy to send nuclear launch approval to submerged submarines.

Additionally, the alleged Soviet system known as Perimetr was designed to automatically launch nuclear weapons if it was unable to establish communications with Soviet leadership. This was intended as a retaliatory response in the event that nuclear weapons had decapitated Soviet leadership; however it did not account for the possibility of cyber terrorists blocking communications through computer network operations in an attempt to engage the system. Should a warhead be launched, damage could be further enhanced through additional computer network operations. By using proxies, multi-layered attacks could be engineered. Terrorists could remotely commandeer computers in China and use them to launch a US nuclear attack against Russia.

Thus Russia would believe it was under attack from the US and the US would believe China was responsible.

Further, emergency response communications could be disrupted, transportation could be shut down, and disinformation, such as misdirection, could be planted , thereby hindering the disaster relief effort and maximizing destruction. Disruptions in communication and the use of disinformation could also be used to provoke uninformed responses.

For example, a nuclear strike between India and Pakistan could be coordinated with Distributed

Denial of Service attacks against key networks, so they would have further difficulty in identifying what happened and be forced to respond quickly. Terrorists could also knock out communications between these states so they cannot discuss the situation. Alternatively, amidst the confusion of a traditional large-scale terrorist attack, claims of responsibility and declarations of war could be falsified in an attempt to instigate a hasty military response. These false claims could be posted directly on Presidential, military, and government websites. E-mails could also be sent to the media and foreign governments using the IP addresses and


M C D ONALD TSDC C HINA e-mail accounts of government officials. A sophisticated and all encompassing combination of traditional terrorism and cyber terrorism could be enough to launch nuclear weapons on its own, without the need for compromising command and control centres directly.

C

YBER ATTACKS BETWEEN STATES RESULTS IN GREAT POWER WAR

Gable 2010

[Kelly A., Adjunct Professor of Public International Law, Drexel University Earle Mack School of Law “

Cyber-Apocalypse Now: Securing the Internet Against

Cyberterrorism and Using Universal Jurisdiction as a Deterrent” Vanderbilt Journal of Transnational Law, January, 2010, 43 Vand. J. Transnat'l L. 57]{MEM}

Spoofing attacks are concentrated on impersonating a particular user or computer, usually in order to launch other types of attacks.

n122 Spoofing is often committed in connection with password sniffing; after obtaining a user's log-in and password, the spoofer will log in to the computer and masquerade as the legitimate user. The cyberterrorist typically does not stop there, instead using that computer as a bridge to another, hopping in this fashion from computer to computer. This process, called "looping," effectively conceals the spoofer's identity, especially because he or she may have jumped back and forth across various national boundaries. n123

Even more disturbing is the possibility of misleading entire governments into believing that another, potentially hostile government is attempting to infiltrate its networks . Imagine that a cyberterrorist perpetrates an attack on the network maintained by the U.S. Treasury and steals millions of dollars, transferring the money to his own account to be used for funding further terrorist activities . n124 He has used the spoofing technique, however, which causes the U.S. government to believe the Russian government to be behind the attack and to accuse them of the attack.

The Russian government denies the accusation and is insulted at the seemingly unprovoked hostility. Tensions between the governments escalate and boil over, potentially resulting in war.

Though this may be only a hypothetical example, it is frighteningly plausible.

In fact, it may have been used in the attacks on U.S. and South

Korean websites - the South Korean government initially was so certain that North Korea was behind the attack that it publicly accused the

North Korean government , despite already tense relations. n125 Similarly , in the 2007 attack on Estonia, Estonian authorities were so certain that the Russian government was behind the attack that they not only publicly accused them but requested military assistance from NATO in responding to the attack. n126 It was later determined that Russia was not behind the attack and that at least some of the attackers were located in Brazil and Vietnam. n127

T HAT CULMINATES IN 3 SCENARIOS FOR NUCLEAR WAR

Austin 13

(Greg Austin, 8/6/13, Director of Policy Innovation at the EastWest Institute, “Costs of American Cyber Superiority,” http://www.chinausfocus.com/peacesecurity/costs-of-american-cyber-superiority/)

The U nited S tates is racing for the technological frontier in military and intelligence uses of cyber space . It is ahead of all others, and has mobilized massive non-military assets and private contractors in that effort. This constellation of private sector opportunity and deliberate government policy has been aptly labeled in recent months and years by so many credible observers ( in The Economist, The Financial Times and the MIT Technology Review ) as the cyber industrial complex .

¶

The United States is now in the unusual situation where the head of a spy agency (NSA) also runs a major military unified command (Cyber Command).

This is probably an unprecedented alignment of Praetorian political power in any major democracy in modern political history. This allocation of such political weight to one military commander is of course for the United States to decide and is a legitimate course of action. But it has consequences.

The Snowden case hints at some of the blow-back effects now visible in public. But there are others, less visible.

¶

The NSA Prism program exists because it is technologically possible and there have been no effective restraints on its international targeting . This lack of restraint is especially important because the command and control of strategic nuclear weapons is a potential target both of cyber espionage and offensive cyber operations.

The argument here is not to suggest a similarity between the weapons themselves, but to identify correctly the very close relationship between cyber operations and nuclear weapons planning. Thus the lack of restraint in cyber weapons might arguably affect ( destabilize) pre-existing agreements that constrain nuclear weapons deployment and possible use .

¶ The cyber superiority of the United States , while legal and understandable , is now a cause of strategic instability between nuclear armed powers. This is similar to the situation that persisted with nuclear weapons themselves until

1969 when the USSR first proposed an end of the race for the technological frontier potential planetary devastation . After achieving initial capability, the U.S. nuclear missile build up was not a rational military response to each step increase in Soviet military capability. It was a race for the technological frontier – by both sides – with insufficient recognition of the consequences.

This conclusion was borne out by a remarkable Top Secret study commissioned in 1974 by the U.S. Secretary of Defense , Dr James Schlesinger.

By the time it was completed and submitted in 1981, it assessed that the nuclear arms build-up by both sides was driven – not by a supposed tit for tat escalation in capability of deployed military systems – but rather by an unconstrained race for the technological limits of each side’s military


M C D ONALD TSDC C HINA potential and by its own military doctrinal preferences . The decisions of each side were not for the most part, according to this now declassified study, a direct response to particular systems that the other side was building.

A ND LOW RESPONSE TIMES MEANS THERE

’

S A GREATER TIMEFRAME AND PROBABILITY THAN TRADITIONAL

NUCLEAR ESCALATION

Dycus 10

(Stephen

Dycus, Professor of National Security Law, 10, "Congress’ Role in Cyber Warfare," Journal of National Security Law 26 Policy, 2010, p.161-164, http://jnslp.com/read/vol4no1/11_Dycus.pdf)

In other ways, cyber weapons are critically different from their nuclear counterparts . For one thing, the time frame for response to a cyber attack might be much narrower. A nuclear weapon delivered by a land-based ICBM could take 30 minutes to reach its target. An electronic attack would arrive instantaneously, and leave no time to consult with or even inform anyone outside the executive branch before launching a counterstrike, if that were U.S. policy.

US-C

HINA CYBER WAR CAUSES MILITARY ESCALATION

-

STIMULATES RISK TAKING AND LOWERS CONFLICT

INHIBITION

Dobbins et al. 11

[James F. Dobbins, David C. Gompert, David A. Shlapak, Andrew Scobell, the RAND Corporation. “Conflict with China,” Operational Control, http://www.rand.org/content/dam/rand/pubs/occasional_papers/2011/RAND_OP344.pdf]

The difficulties of direct defense could be greatly accelerated by Chinese development and ¶ use of cyber-attack and ASAT weapons, given the dependence of U.S. forces and operating ¶ concepts on computer-networked and space-based C4ISR. For this reason, the PLA appears to ¶ think that hostilities in space and cyber-space would favor China, and so might initiate them. ¶ At the same time, as China extends the reach of its own forces and C4ISR into the

Pacific, they will become vulnerable to U.S. cyber-attack and ASAT. In any case, any Sino-U.S. armed ¶ conflict will be increasingly affected if not decided by warfare in these new domains. ¶ The erosion of capabilities for direct defense will push the U nited S tates toward enhanced ¶ weapons , ranges, geography, and targets both to regain survivability and to strike Chinese ¶ forces, launchers, sensors, and other capabilities on the mainland (or elsewhere in the region ¶ outside of the immediate theater). In addition, as the PLA develops cyber and ASAT capabilities but also comes to rely more on advanced C4ISR, the United States will have to consider ¶ striking Chinese satellites and computer networks. These trends will thus lead both sides to ¶ widen their choice of targets in order to achieve dominance over any particular geographic ¶ objective, however limited. ¶ The increasing difficulty in ensuring direct defense can be consequential even if Sino-U.S. ¶ hostilities are unlikely, for they could stimulate Chinese risk-taking, increase

U.S. inhibitions, ¶ and weaken the resolve of U.S. allies and China’s neighbors in facing a China more insistent ¶ on settling disputes on its terms.

These trends are the result of underlying general technological progress, sustainable growth in military spending, PLA reform and doctrinal adaptation, ¶ and geographic distances for China and the United States. On the other hand, most of China’s ¶ neighbors are growing economically and in technological sophistication, and some may choose ¶ to keep pace in quality if not quantity with Chinese advances in the military field.

US-China war goes nuclear

Hunkovic 9

(

Lee J. Hunkovic, professor at American Military University, 09, [“The Chinese-Taiwanese Conflict Possible

Futures of a Confrontation between China, Taiwan and the United States of America”, American Military

University, p.54]

A war between China

, Taiwan and the U nited

S tates has the potential to escalate into a nuclear conflict and a third world war

, therefore, many countries other than the primary actors could be affected by such a conflict, including Japan, both Koreas, Russia, Australia, India and Great Britain,

if they were drawn into the war, as well as all other countries in the world that participate in the global economy, in which the United States and China are the two most dominant members. If China were able to successfully annex Taiwan, the possibility exists that they could then plan to attack Japan and begin a policy of aggressive expansionism in East and Southeast Asia, as well as the Pacific and even into India, which could in turn create an international standoff and deployment of military forces to contain the threat. In any case, if

China and the U nited

S tates

engage in a full-scale

conflict, there are few countries in the world

that will not be economically and/or militarily

affected by it.

However, China, Taiwan and United States are the primary actors in this scenario, whose actions will determine its eventual outcome, therefore, other countries will not be considered in this study.



E

VEN IF IT DOESN

’

T ESCALATE

, US-C

HINA CYBER WAR COLLAPSES THE ECONOMY AND HURTS

US-S

INO

COOPERATION ON

I

RAN AND

N

ORTH

K

OREA

Dobbins et al. 11

[James F. Dobbins, David C. Gompert, David A. Shlapak, Andrew Scobell, the RAND Corporation. “Conflict with China,” Operational

Control,http://www.rand.org/content/dam/rand/pubs/occasional_papers/2011/RAND_OP344.pdf]

Having conducted repeated intrusions into U.S. networks to exfiltrate sensitive data ¶ without U.S. reprisal, the People’s Liberation Army (PLA) might seek and receive authority ¶ to interfere with U.S. intelligence collection and dissemination on Chinese strategic-nuclear ¶ programs. Chinese civilian leaders might not grasp that such operations would be defined ¶ as cyber-attack by the United States and thus lead to retaliation. The attack could disrupt ¶ systems the United States relies on for critical intelligence, including warning. If confident ¶ that the PLA was the attacker, the United States might decide to retaliate. Given that corresponding PLA intelligence networks are not easily accessed, and choosing to signal dangers of ¶ escalation, the United States might retaliate against networks that support Chinese transport ¶ systems, including commercial shipping as well as military logistics. The impact on Chinese ¶ trade could be immediate. In addition, because the U.S. ability to observe

Chinese forces had ¶ been impaired, Pacific Command (PACOM) might be told to increase the readiness of its ¶ forces. While China does not want armed conflict, it could respond by conducting “soft-kill”

¶ attacks (e.g., link interference) on U.S. satellites that serve the Pacific command, control, communications, computer, intelligence, surveillance, and reconnaissance (C4ISR) grid, to which ¶ the United States responds in kind. Because both Chinese and U.S. network defenses are of ¶ limited value against such large and sophisticated attacks, both sides might resort to counterattacks in hopes of restoring deterrence. ¶ In the ensuing escalation, both China and the U nited St ates could suffer temporary but ¶ major disruptions of critical networks, precipitating shocks in stock, currency, credit, and trade

¶

markets . Although both sides avoid escalation to armed force, economic damage would be ¶ considerable . Sino-U.S. cooperation on Iran would likely come to a halt, and the situation in ¶

Korea could heat up.

There are no lives lost—just extensive harm, heightened antagonism, and ¶ loss of confidence in network security. There would be no

“winner.”



XO O

FFENSE

/S

OLV

.

D

EFICIT

T HE MERE PERCEPTION OF P RESIDENTIAL CONTROL OF OCO S FUELS FOREIGN UNCERTAINTY THAT CAUSES

EXTINCTION

Rothschild 13

(Matthew Rothschild, Editor of Progressive Magazine, Matthew Rothschild, editor of The Progressive magazine, “The Dangers of Obama’s Cyber War Power Grab,”

Feb. 2013 http://progressive.org/dangers-of-obama-cyber-war-power-grab)

There are no checks or balances when the President, alone, decides when to engage in an act of war .

¶ And this new aggressive stance will lead to a cyber arms race . The United States has evidently already used cyber weapons against Iran, and so many other countries will assume that cyber warfare is an acceptable tool and will try to use it themselves.

¶

Most troubling , U.S. cybersupremacy -- and that is Pentagon doctrine -- will also raise fears among nuclear powers like Russia, China, and North Korea that the United States may use a cyberattack as the opening move in a nuclear attack .

¶ For if the United States can knock out the command and control structure of an enemy's nuclear arsenal, it can then launch an all-out nuclear attack on that enemy with impunity . This would make such nuclear powers more ready to launch their nuclear weapons preemptively for fear that they would be rendered useless . So we've just moved a little closer to midnight.

¶ Now, I don't think Obama would use cyberwafare as a first strike in a nuclear war. But our adversaries may not be so sure, either about

Obama or his successors.

¶ They , too, worry about the temptations of a President .

C

ONGRESS IS KEY

—

CREATES TRANSPARENCY AND LEGAL STABILITY

—

EXECUTIVE CONTROL SNOWBALLS

Harman 13

(Jane Harman, Director of the Wilson Center, The Extrajudicial Use of Drones: The Need for a Post-9/11 Legal Framework, Apr. 2013 www.wilsoncenter.org/article/the-extrajudicial-use-drones-the-need-for-post-911-legal-framework)

As threats, technologies, and tactics have evolved, the law has not kept up. Before he left the White House for the CIA, John Brennan reportedly compiled a highly classified “playbook”—a set of standards to govern our counterterrorism actions.

¶ That’s a necessary short-term fix. But, in the long-term,

Congress needs to own the game…and insist on transparency and legislative limits.

¶ Using new tools —particularly lethal ones— without public debate or clear legal authority is a mistake…and a slippery slope

.

¶ We need a comprehensive counterterrorism strategy across the U.S. government. Disparate tactics, with varied consequences, will not win us any friends (we’ve lost quite a few along the way)—and will not ultimately help reduce threats against the United States. ¶ In fact, if we continue to operate without a comprehensive legal framework around our actions, we may end up creating more enemies than we’re eliminating

.

¶ “Why Are They the Enemy?” ¶ Consider what Gen. Stanley McChrystal, former commander of the International Security Assistance Force in Afghanistan (ISAF) and the Joint Special Operations Command, recently said about what he learned in

Iraq and Afghanistan.

¶ In Iraq, he says, the first question he asked was, “Where is the enemy?'” ¶ As things evolved, the question became, “Who is the enemy?” ¶ Then

“What’s the enemy doing or trying to do?'” and, finally, “Why are they the enemy?”

¶ This catechism is so revealing, but shouldn’t be surprising: the tactic of taking out bad guys may ultimately create more of them. I was recently on a panel at a security conference in Herzliya, Israel, where a thoughtful academic named Boaz Ganor discussed this so-called “boomerang effect.” The idea is that there is often a contradiction between dismantling the capability of terrorists and removing their motivation.

¶ Without a strategy and clear legal framework around our counterterrorism tactics, they can become inadvertent recruitment tools (think Gitmo). Moreover, playing whack-a-mole will not win the argument with the kid in rural Yemen deciding whether or not to strap on a suicide vest.

¶ Now that the American public is finally tuning in to the debate and insisting on clear limits on the tactics we use, Congress—the nation’s lawmakers— need to step back in.

¶ Change in Terror Threat ¶ Today, we face a horizontally organized threat.

¶ A confluence of multiple events – from reduction in al Qaeda Senior Leadership, to the rise of al Qaeda affiliates, to the new networks between Al Qaeda and among a range of extremist groups to the US drawdowns in Iraq and Afghanistan to the civil war in Syria – has changed the threat landscape tremendously. This constantly changing state of affairs – where the new “safehaven” is in many places, even hidden behind computer screens – means that the US will probably face an increase in smaller-scale attacks . ¶ Third, let’s discuss offensive cyber.

¶ Just two weeks ago, General Keith Alexander announced that the

Department of Defense Cyber Command has created 13 offensive cyber war teams to attack computer systems and networks.

¶

No reaction.

¶ Imagine if the Pentagon announced 13 new battalions were preparing to deploy anywhere, at any time. This is a huge deal.

¶ But there are some critical questions to raise: ¶ How will we decide whether to conduct denial of service attacks against adversaries or write malicious computer code?

¶ Does the victim of the attack matter? ¶ Will our response be different if an attack occurs on our banking system rather than our power grid? ¶ When will these teams engage? What are the red lines?

¶ There are just too many unanswered questions. I’m thrilled that the House is planning a cyber week April 15th to consider legislation, but we also need an explanation of the current US approach to offensive cyber by the Administration .

¶ Congress: Own the Game!

¶ In response to abuses of the

Nixon years, Congress established legislative oversight of intelligence through enacting FISA and creating the House and Senate Intel Committees.

¶ But then after 9/11, the Bush White House “leaned in” and asserted Executive power—which cut out Congress. ¶ I’ve heard all the arguments that the President is more uniquely positioned from an institutional perspective to exercise dexterity as it relates to national security. However, Congress is constitutionally and structurally capable of taking the lead on laying down the ground rules .

¶ So, what should our strategy look like? ¶ For starters, we must review the operational framework for new declarations of armed conflict or attacks if a group poses a sustained and organized threat to the US or its citizens. Congress must take the lead.


M C D ONALD

P

ERCEPTION OF

C

ONGRESS IS KEY

TSDC C HINA

Bastby 12

(Judy, CEO of Global Cyber Risk, "U.S. Administration’s Reckless Cyber Policy Puts Nation at Risk" June 4, 2012, http://www.forbes.com/sites/jodywestby/2012/06/04/u-s-administrations-reckless-cyber-policy-puts-nation-at-risk/)

Perhaps more important than being out of the cyber coordination loop, is the how the U.S.’s attitude is being perceived by others in the international community . If the U.S. were a member of IMPACT and taking an active role in the investigation, it would be upholding its role as a global cybersecurity power . Instead, the U.S. appears as the shirking nation state quietly standing on the sidelines while being accused of engaging in cyberwarfare tactics. “ People look to the U.S., Russia, and China for leadership and when the U.S. is absent, they will turn to the other two ,” observes Dr. Amin.

¶

The U.S. Administration’s failure to develop a strong foreign policy with respect to cybersecurity reveals a gross lack of attention at the highest levels of the U.S. Government to one of the country’s most vulnerable areas — the IT systems that underpin the functioning of our society and economy . This failure begins at basic strategy levels and extends to reckless disregard for the consequences of the risky covert Stuxnet operation and failure to secure classified information about the program.

For example, in May 2011, government delegations from around the world gathered in Geneva for the

World Summit on the Information Society (WSIS), one of the most important communications and technology conferences globally. Noticeably, the U.S. did not have a delegation present. Yet, it was during the WSIS event that the U.S. Administration chose to release its International Strategy for Cyberspace – from Washington, D.C. rather than Geneva. WSIS participants were dumbstruck. For the few private sector Americans who were present, including myself, it was embarrassing.

¶ If in fact the

Administration did authorize targeting Iranian nuclear systems with Stuxnet and/or Flame, it was a dangerous and reckless decision, especially since the U.S.

Government has no idea how many computers in America may be infected with malware capable of being activated by Iran or one of its allies in retaliation. Such

“backdoor” malware is capable of having enormous consequences to life and property. A similar CIA covert operation successfully destroyed a Soviet pipeline. In

1982, President Reagan approved a plan to transfer software used to run pipeline pumps, turbines, and valves to the Soviet Union that had embedded features designed to cause pump speeds and valve settings to malfunction. The plot was revealed in a 2004 Washington Post article by David Hoffman in advance of its discussion in former Air Force Secretary Thomas C. Reed’s book, At the Abyss: An Insider’s History of the Cold War. Reed recalled to Hoffman that, “The result was the most monumental non-nuclear explosion and fire ever seen from space.” Unlike Stuxnet, however, the program remained classified for 22 years until the CIA authorized

Reed to discuss it in his book. Sanger’s information came from loose-lipped persons involved with the Stuxnet operation.

¶ Before pulling a trigger (or launching malware) a nation should assess its strengths and resources and its correlation of vulnerabilities , which, in 2012, includes understanding what an adversary can do when firing back using cyber capabilities . In addition, before launching covert operations, such as Stuxnet , a nation also should ensure that the secrecy of the intelligence operations can be maintained .

¶ Conversations with Hill staffers indicate that

Congress believes the State Department’s

2011 appointment of Coordinator for Cyber Issues has sufficiently addressed concerns about the lack of U.S. involvement in international cybersecurity matters . Clearly, this is narrow, wishful thinking. Congress needs to stop focusing on what it believes it should force businesses to do about cybersecurity and instead focus on what it should demand that the U.S. Government do to protect our critical infrastructure businesses and avoid retaliatory cyber attacks. The kind of reckless cyber diplomacy and foreign policy now at work has put our nation at risk and demonstrates cyber irresponsiblity, not cyber leadership.



A

FF

A

NSWERS

C HINA



N ON -U NIQUE

C HINA

T

HE

U.S.

IS WIDELY UNPROTECTED FROM A MULTITUDE OF POTENTIAL ATTACKS

–

CYBER ATTACKS

INCLUDED

Kredo 2015

[Adam Kredo, senior writer for the Washington Free Beacon. Formerly an award-winning political reporter for the Washington Jewish Week, where he frequently broke national news, Kredo’s work has been featured in outlets such as the Jerusalem Post, the Jewish Telegraphic Agency, and Politico, among others. “U.S. Power

Grid Being Hit With ‘Increasing’ Hacking Attacks, Government Warns” June 24, 2015. http://freebeacon.com/national-security/u-s-power-grid-being-hit-withincreasing-hacking-attacks-government-warns/]{MEM}

While experts have long signaled that the U.S. power grid and related systems are vulnerable to physical attacks by terrorists and other individuals, the U.S. government is now warning that sensitive computer systems that maintain the grid are increasingly being attacked , according to a Congressional Research Service (CRS) report that was not made public until the Federation of American Scientists

(FAS) disclosed it this month.

¶ The report warns that hackers potentially affiliated with terrorist groups or rogue nations have the ability to insert harmful malware into the internal systems governing the U.S. grid, which increasingly are being hooked into the Internet.

¶ These types of computer viruses are able to comb internal systems for private information in a clandestine manner; they can also be used to wrest control of certain computers away from their owners.

¶ “In recent years, new threats have materialized as new vulnerabilities have come to light, and a number of major concerns have emerged about the resilience and security of the nation’s electric power system,” the report says. “In particular, the cyber security of the electricity grid has been a focus of recent efforts to protect the integrity of the electric power system.”

¶ The threat is compounded by the revelation that many power companies are only living up to the “minimum standards” set for cyber security by the U.S. government.

¶ “Although malware intrusions may not have resulted in a significant disruption of grid operations so far, they still have been possible even with mandatory standards in place,” the report states.

¶ Cyber attacks on the U.S. grid and power companies are becoming more prevalent.

D OMESTIC SECURITY FROM CYBER ATTACKS IS ALREADY IN SHAMBLES

O’Malley 2015

[Martin, former governor of Maryland and a Democratic candidate for president of the United States. “The U.S. Government – And The Next President – Needs To

Take Cybersecurity Seriously” Foreign Policy, 06/09/2015. http://foreignpolicy.com/2015/06/09/the-u-s-government-and-the-next-president-needs-to-takecybersecurity-seriously/]{MEM}

Time is of the essence. Cyberattacks around the world are on the rise,jumping nearly 50 percent last year. The software security firm

McAfeeestimates that cybercrime robs the global economy of more than $400 billion each year. And that same report estimated that cybercrime could cost as many as 200,000 American jobs due to stolen intellectual property and lost exports.

When hackers attacked the American retail chain Target last year, they stole data from an astonishing 110 million shoppers — roughly one in three Americans. The thieves then sold the information for more than

$50 million on the black market. They committed these crimes all without stepping away from their computers .

¶ Cyberattacks threaten not just

Americans’ privacy, personal credit information, and intellectual property but also military operations and national security intelligence.

For centuries, nation-states sought to protect themselves from attacks by land and sea. With the invention of human flight, nations also had to protect themselves from air attacks. Now, in the hyper-connected information age, we must understand how to better defend ourselves — and our economy — from attacks carried out through the Internet. Adm. Mike Mullen, the former chairman of the Joint Chiefs of Staff, called cyberattacks “the single biggest existential threat that’s out there” because of their ability to shut down our infrastructure and transportation systems, including our air traffic control system.

¶ A new agenda is urgently needed to improve our nation’s cybersecurity.

¶ First, unlike the military’s command-and-control approach to past defense challenges, this new threat will require a collaborative and networked approach across public and private sectors. The data that cyberattacks target do not reside completely in one sector or another.

We need to ensure that privacy issues are directly and adequately addressed in order to build the trust necessary for businesses and other organizations to work with the government on the safeguards we need to protect both.

T

HE PLAN SOLVES

– US

NORMS AGAINST

OCO’

S IS CRITICAL TO REVERSE CYBER WEAPON PROLIFERATION

Goldsmith 10

(Jack Goldsmith, teaches at Harvard Law School and is on the Hoover Institution's Task Force on National Security and Law. He was a member of a 2009 National

Academies committee, “Can we stop the cyber arms race?” February 01, 2010, http://articles.washingtonpost.com/2010-02-01/opinions/36895669_1_botnets-cyberattacks-computer-attacks)

In a speech this month on "Internet freedom," Secretary of State Hillary Clinton decried the cyberattacks that threaten U.S. economic and national security interests.

"Countries or individuals that engage in cyber attacks should face consequences and international condemnation," she warned, alluding to the China-Google kerfuffle.

We should "create norms of behavior among states and encourage respect for the global networked commons." ¶ Perhaps so. But the problem with Clinton's call for accountability and norms on the global network -- a call frequently heard in policy discussions about cybersecurity -- is the enormous array of cyberattacks originating from the United States. Until we acknowledge these attacks and signal how we might control them, we cannot make progress on preventing cyberattacks emanating from other countries.

¶ An important weapon in the cyberattack arsenal is a botnet, a cluster of thousands and sometimes millions of compromised computers under the ultimate remote control of a "master." Botnets were behind last summer's attack on South Korean and American government Web sites, as well as prominent attacks a few years ago on Estonian and Georgian sites. They are also engines of spam that can deliver destructive malware that enables economic espionage or theft.

¶ The United States has the most, or nearly the most, infected botnet computers and is thus the country from which a good chunk of botnet attacks stem. The government could crack down on botnets, but doing so would


M C D ONALD TSDC C HINA raise the cost of software or Internet access and would be controversial. So it has not acted, and the number of dangerous botnet attacks from America grows.

¶ The

United States is also a leading source of "hacktivists" who use digital tools to fight oppressive regimes. Scores of individuals and groups in the United States design or employ computer payloads to attack government Web sites, computer systems and censoring tools in Iran and China. These efforts are often supported by U.S. foundations and universities, and by the federal government. Clinton boasted about this support seven paragraphs after complaining about cyberattacks.

¶ Finally, the

U.S. government has perhaps the world's most powerful and sophisticated offensive cyberattack capability. This capability remains highly classified. But the New York

Times has reported that the Bush administration used cyberattacks on insurgent cellphones and computers in Iraq, and that it approved a plan for attacks on computers related to Iran's nuclear weapons program. And the government is surely doing much more. "We have U.S. warriors in cyberspace that are deployed overseas" and "live in adversary networks," says Bob Gourley, the former chief technology officer for the Defense Intelligence Agency.

¶ These warriors are now under the command of Lt.

Gen. Keith Alexander, director of the National Security Agency. The NSA, the world's most powerful signals intelligence organization, is also in the business of breaking into and extracting data from offshore enemy computer systems and of engaging in computer attacks that, in the NSA's words, "disrupt, deny, degrade, or destroy the information" found in these systems. When the Obama administration created "cyber command" last year to coordinate U.S. offensive cyber capabilities, it nominated Alexander to be in charge.

¶ Simply put, the United States is in a big way doing the very things that Clinton criticized. We are not, like the Chinese, stealing intellectual property from U.S. firms or breaking into the accounts of democracy advocates. But we are aggressively using the same or similar computer techniques for ends we deem worthy.

¶ Our potent offensive cyber operations matter for reasons beyond the hypocrisy inherent in undifferentiated condemnation of cyberattacks. Even if we could stop all cyberattacks from our soil, we wouldn't want to. On the private side, hacktivism can be a tool of liberation. On the public side, the best defense of critical computer systems is sometimes a good offense. "My own view is that the only way to counteract both criminal and espionage activity online is to be proactive,"

Alexander said last year, adding that if the Chinese were inside critical U.S. computer systems, he would "want to go and take down the source of those attacks." ¶ Our adversaries are aware of our prodigious and growing offensive cyber capacities and exploits. In a survey published Thursday by the security firm McAfee, more information technology experts from critical infrastructure firms around the world expressed concern about the United States as a source of computer network attacks than about any other country. This awareness, along with our vulnerability to cyberattacks, fuels a dangerous public and private cyber arms race in an arena where the offense already has a natural advantage.

¶ Everyone agrees on the need to curb this race by creating proper norms of network behavior. But like Clinton, U.S. cybersecurity policymakers are in the habit of thinking too much about those who attack us and too little about our attacks on others. Creating norms to curb cyberattacks is difficult enough because the attackers' identities are hard to ascertain. But a nother large hurdle is the federal government's refusal to acknowledge more fully its many offensive cyber activities , or to propose which such activities it might clamp down on in exchange for reciprocal concessions by our adversaries.

P LAN REFORMS ENDING LARGE SCALE PREEMPTIVE ATTACKS IS KEY

–

PROVIDES INTERNATIONAL

CREDIBILITY AND DETERS ATTACK

Clarke and Knake ‘12

(Richard (former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States) and Robert (Cybersecurity and homeland security expert at the Council on Foreign Relations), Cyber War: The Next Threat to National Security and What to Do About It, Harper Collins Books, 2012, RSR)

Balancing our desire for military flexibility with the need to address the fact that cyber war could ¶ damage the U.S. significantly, it may be possible to craft international constraints short of a complete ban.

¶ An international agreement that banned, under any circumstances, the use of cyber weapons is the most ¶ extreme form of a ban. In the previous chapter, we looked briefly at the proposal of a no-first-use ¶ agreement, which is a lesser option. A no-first-use agreement could simply be a series of mutual ¶ declarations , or it could be a detailed international agreement. The focus could be on keeping cyber ¶ attacks from starting wars , not on limiting their use once a conflict has started. We could apply the pledge ¶ to all nations, or only to those nations that made a similar declaration or signed an agreement.

¶

Saying we won’t be the first ones to use cyber weapons may in fact have more than just diplomatic ¶ appeal in the international arena . The existence of the pledge might make it less likely that another nation ¶ would initiate cyber weapons use because to do so would violate an international norm that employing ¶ cyber weapons crosses a line, is escalatory, and potentially destabilizing . The nation that goes first and ¶ violates an agreement has added a degree of international opprobrium to its actions and created in the ¶ global community a presumption of misconduct. International support for that nation’s

underlying position

¶ in the conflict might thus be undermined and the potential for international sanctions increased.

S

TATUS QUO SOLVES LIMITS FOR CYBER AGGRESSION

Nakashima 12

(Ellen, Washington Post staff writer, November 14, "Obama signs secret directive to help thwart cyberattacks", http://www.washingtonpost.com/world/nationalsecurity/obama-signs-secret-cybersecurity-directive-allowing-more-aggressive-military-role/2012/11/14/7bf51512-2cde-11e2-9ac2-1c61452669c3_story.html)

President Obama has signed a secret directive that effectively enables the military to act more aggressively to thwart cyberattacks on the nation’s web of government and private computer networks. Presidential Policy Directive 20 establishes a broad and strict set of standards to guide the operations of federal agencies in confronting threats in cyberspace , according to several U.S. officials who have seen the classified document and are not authorized to speak on the record. The president signed it in mid-October. The new directive is the most extensive White House effort to date to wrestle with what constitutes an “offensive” and a “defensive” action in the rapidly evolving world of cyberwar

and cyberterrorism, where an attack can be launched in milliseconds by unknown assailants utilizing a circuitous route. For the first time, the directive explicitly makes a distinction between network defense and cyber-operations to guide officials charged with making often-rapid decisions when confronted with threats . The policy also lays out a process to vet any operations outside government and defense networks and ensure that U.S. citizens’ and foreign allies’ data and privacy are protected and international laws of war are followed . “What it does, really for the first time, is it explicitly talks about how we will use cyber- operations,” a senior administration official said. “Network defense is what you’re doing inside your own networks. . . . Cyber-operations is stuff outside that space, and recognizing that you could be doing that for what might be


M C D ONALD TSDC C HINA called defensive purposes.” The policy, which updates a 2004 presidential directive, is part of a wider push by the Obama administration to confront the growing cyberthreat, which officials warn may overtake terrorism as the most significant danger to the country. “It should enable people to arrive at more effective decisions,” said a second senior administration official. “In that sense, it’s an enormous step forward.” Legislation to protect private networks from attack by setting security standards and promoting voluntary information sharing is pending on the Hill, and the White House is also is drafting an executive order along those lines. James A.

Lewis, a cybersecurity expert at the Center for Strategic and International Studies, welcomed the new directive as bolstering the government’s capability to defend against “destructive scenarios,” such as those that Defense Secretary Leon E. Panetta recently outlined in a speech on cybersecurity. “It’s clear we’re not going to be a bystander anymore to cyberattacks,” Lewis said. The Pentagon is expected to finalize new rules of engagement that would guide commanders on when and how the military can go outside government networks to prevent a cyberattack that could cause significant destruction or casualties. The presidential directive attempts to settle years of debate among government agencies about who is authorized to take what sorts of actions in cyberspace and with what level of permission. An example of a defensive cyber-operation that once would have been considered an offensive act, for instance, might include stopping a computer attack by severing the link between an overseas server and a targeted domestic computer. “That was seen as something that was aggressive,” said one defense official, “particularly by some at the State

Department” who often are wary of actions that might infringe on other countries’ sovereignty and undermine U.S. advocacy of Internet freedom. Intelligence agencies are wary of operations that may inhibit intelligence collection. The Pentagon, meanwhile, has defined cyberspace as another military domain — joining air, land, sea and space — and wants flexibility to operate in that realm. But cyber-operations , the officials stressed, are not an isolated tool . Rather, they are an integral part of the coordinated national security effort that includes diplomatic, economic and traditional military measures. Offensive cyber actions, outside of war zones, would still require a higher level of scrutiny from relevant agencies and generally White House permission .

C

YBER OPERATIONS WON

’

T BE THE FIRST LINE OF DEFENSE

—

NO RISK OF CYBER PREEMPTION

Nakashima 12

(Ellen, Washington Post staff writer, November 14, "Obama signs secret directive to help thwart cyberattacks", http://www.washingtonpost.com/world/nationalsecurity/obama-signs-secret-cybersecurity-directive-allowing-more-aggressive-military-role/2012/11/14/7bf51512-2cde-11e2-9ac2-1c61452669c3_story.html)

But repeated efforts by officials to ensure that the Cyber Command has that flexibility have met with resistance — sometimes from within the Pentagon itself — over concerns that enabling the military to move too freely outside its own networks could pose unacceptable risks . A major concern has always been that an action may have a harmful unintended consequence, such as shutting down a hospital generator. Officials say they expect the directive will spur more nuanced debate over how to respond to cyber-incidents . That might include a cyberattack that wipes data from tens of thousands of computers in a major industrial company, disrupting business operations, but doesn’t blow up a plant or kill people. The new policy makes clear that the government will turn first to law enforcement or traditional network defense techniques before asking military cyberwarfare units for help or pursuing other alternatives , senior administration officials said. “We always want to be taking the least action necessary to mitigate the threat,” said one of the senior administration officials. “We don’t want to have more consequences than we intend.”

S

TATUS QUO LIMITATIONS ARE SUFFICIENT

—

MODELS ARMED CONFLICT

Brennan 12

(John, Lieutenant Cololel, March 15, "United States Counter Terrorism Cyber Law and Policy, Enabling or Disabling?", http://nsfp.web.unc.edu/files/2012/09/Brennan_UNITED-STATES-COUNTER-TERRORISM-CYBER-LAW-AND-POLICY.pdf)

While Congress was pursuing legislative change , DoD leadership began to codify a list of pre-approved cyber weapons that can be employed on foreign networks without garnering the nod from national decision-makers . Although the details of this policy directive are classified, it is potentially a step in the right direction to put a valuable capability into the hands of the commanders who are engaged in combat operations.

Anonymous media sources have described the general theme of the proposed DoD approach a s one that more closely models the law of armed conflict, as opposed to one that resembles a policy to govern the use of weapon s of mass destruction . 69

N

EW DOCTRINAL CHANGES SOLVE

—

ESPECIALLY IN CONTEXT OF

C

HINA

Austin 12

(Greg, professorial fellow at the East West Institute, senior visiting fellow at King’s College, October 15, "America's Challenging Cyber Defense

Policy",http://www.internationalpolicydigest.org/2012/10/15/americas-challenging-cyber-defense-policy/)

The DoD foreshadowed some time ago that it would produce a new set of rules of engagement to cover cyber operations.

Panetta has characterized this as “the most comprehensive change to our rules of engagement in cyberspace in seven years”.

He said that these would make the “department more agile and provide us with the ability to confront major threats quickly .”

He foreshadowed strengthening of Cyber Command, a move reported by US sources to include having it stand alone as an independent unified command compared with its current position under Strategic Command. This will be a positive move since it will disassociate it from its current co-location with the command responsible of strategic nuclear forces, a relationship that has caused China some considerable consternation.



N O L INK -G ENERIC

C HINA

C

HINA WON

’

T HACK THE

U.S.

–

RECENT EVENTS PROVE

The Independent 2015

[“US and China to create 'code of conduct' for cyber espionage and hacking after talks” 06/25/2015, http://www.independent.co.uk/news/world/americas/us-andchina-to-create-code-of-conduct-for-cyber-espionage-and-hacking-after-talks-10343920.html]{MEM}

China and the US are working on a “code of conduct” for online espionage and hacking after months of trading accusations over cyber attacks .

¶ Officials in Washington have claimed a hack that stole the personal details of up to four million government employeesoriginated in China but Beijing said denied the accusations and called them “not responsible and counterproductive”.

¶ It was among the alleged attacks leading to what John Kerry described as “very frank discussions” between the two countries over three days of talks.

¶ President Barack Obama ended the Security and Economic

Dialogue by raising concerns to the Chinese delegation about the nation’s “cyber and maritime behaviour” in the South China

Sea.

¶ “He urged China to take concrete steps to lower tensions ,” a White House spokesperson said in a statement.

¶ Mr Kerry, the US

Secretary of State, met with senior Chinese politicians and diplomats yesterday to discuss trade, finance, climate change and the “standards of behaviour in cyber space”

.

¶ He said: “The United States is deeply concerned about cyber incursions that have raised security questions and, frankly, harmed American businesses .

¶ “ We believe very strongly that the United States and China should be working together to develop and implement a shared understanding of appropriate state behaviour in cyber space, and I’m pleased to say that

China agreed that we must work together to complete a code of conduct regarding cyber activities.”

C HINA WON

’

T HACK

–

ORGANIZATIONAL CHALLENGES AND COUNTERPRODUCTIVE

Lindsay 2015

[Assistant Professor of Digital Media and Global Affairs at the University of Toronto Munk School of Global Affairs beginning in July 2015. Assistant research scientist with the University of California Institute on Global Conflict and Cooperation, assistant adjunct professor at the UC San Diego School of International

Relations and Pacific Studies, and an Oxford Martin Associate with the Oxford Global Cyber Security Capacity Centre. "Exaggerating the Chinese Cyber Threat"

Belfer Center at Harvard University. May 2015 http://belfercenter.ksg.harvard.edu/publication/25321/exaggerating_the_chinese_cyber_threat.html]{MEM}

The rhetorical spiral of mistrust in the Sino-American relationship threatens to undermine the mutual benefits of the information revolution. Fears about the paralysis of the United States' digital infrastructure or the hemorrhage of its competitive advantage are exaggerated . Chinese cyber operators face underappreciated organizational challenges, including information overload and bureaucratic compartmentalization, which hinder the weaponization of cyberspace or absorption of stolen intellectual property.

More important, both the United States and China have strong incentives to moderate the intensity of their cyber exploitation to preserve profitable interconnections and avoid costly punishment. The policy backlash against U.S. firms and liberal internet governance by China and others is ultimately more worrisome for U.S. competitiveness than espionage; ironically , it is also counterproductive for

Chinese growth.

¶ The United States is unlikely to experience either a so-called digital Pearl Harbor through cyber warfare or death by a thousand cuts through industrial espionage.

There is, however, some danger of crisis miscalculation when states field cyberweapons. The secrecy of cyberweapons' capabilities and the uncertainties about their effects and collateral damage are as likely to confuse friendly militaries as they are to muddy signals to an adversary. Unsuccessful preemptive cyberattacks could reveal hostile intent and thereby encourage retaliation with more traditional (and reliable) weapons.

Conversely, preemptive escalation spurred by fears of cyberattack could encourage the target to use its cyberweapons before it loses the opportunity to do so. Bilateral dialogue is essential for reducing the risks of misperception between the United States and China in the event of a crisis.

C

HINA

’

S

I

NTERNET FOCUS IS BASED IN DOMESTIC AFFAIRS

–

NOT WORRIED ABOUT THE

U.S.

Hewitt 2015

[Duncan, Shanghai correspondent for Newsweek/IBT Media. He was previously a BBC correspondent in Beijng and Shanghai, and also worked for the BBC World

Service in London, focusing on East and Southeast Asia. He studied Chinese at Edinburgh University, and first lived in China in the late 1980s. His book ‘Getting Rich

First – Life in a Changing China’ (Vintage UK, 2008) looks at the social changes unleashed by China’s economic reforms. “China’s Draft National Security Law

Stresses Cyber-Sovereignty And Protecting Socialist Values, Increases Pressure On Hong Kong” IB Times May 8, 2015 http://www.ibtimes.com/chinas-draft-nationalsecurity-law-stresses-cyber-sovereignty-protecting-socialist-1914065]{MEM}

SHANGHAI --

The second draft of China’s national security law, announced by the country’s legislature this week, emphasizes the need to protect Internet security, what it calls “sovereignty in the national internet space” and to prevent the spread of

"harmful moral standards" online.

¶ The new draft confirms predictions that China would put increased emphasis on controlling its own Internet infrastructure. It also calls for strengthening China’s financial system and banking infrastructure, protecting core industries and areas of the economy, including guaranteeing grain security -- and avoiding food safety scandals, which have caused much alarm in recent years.

¶ The draft law, which could be passed by next spring, represents a significant expansion of

China’s previous counterespionage law, which it replaces. It’s been seen by experts as reflecting the desire of President Xi Jinping to get a clear grip on both domestic and international security issues, with the government seeing a range of potential threats at home and abroad. The wide-ranging draft not only talks about guaranteeing citizens’ welfare, and “sustainable and healthy” social and economic development, but also calls for protecting “core socialist values,” ensuring “cultural security” and combating the influence of “harmful moral standards.”

¶



L INK TURN

C HINA

C

URTAILING DOMESTIC SURVEILLANCE IMPROVES ENCRYPTION STANDARDS AND PROMOTES

CYBERSECURITY

.

Cate 2015

[Fred H., Distinguished Professor of Law at Indiana University and Director at the Center for Applied Cybersecurity Research. “Edward Snowden and the NSA: Law,

Policy, and Politics,” The Snowden Reader Ed. David P. Fidler. Indiana University Press pp. 36-7.]{MEM}

While the president ordered federal agencies to strengthen cyber defenses, and the intelligence community identified weaknesses in those defeases as part of the greatest threat the country faces, documents leaked by Snowden suggest the NSA has actually been weakening cyber security . According to a number of the documents, in its quest for tools to break into the communications of other countries and industries, the NSA has worked deliberately to weaken cyber security. The New York Times cataloged some of the ways disclosed in the NSA documents in which the NSA seeks to create and exploit cyber vulnerabilities. These include: The NSA’s SIGINT Enabling Project , “a $250 million-a-year program that works with Internet companies to weaken privacy by inserting back doors into encryption products…to undermine encryption used by the public.”

*NSA insertion of “vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets.” *NSA efforts to

“[i]fluence policies, standards and specifications for commercial public [encryption] key technologies.” *NSA work “with the manufacturing of the [encryption] chips to insert back doors or by exploiting a security flaw in the chip’s design.”51 These and other methods of weakening cyber security to advance the

NSA’s surveillance mission are profoundly problematic because

, in the words of cyber security expert Bruce Schneier, “

It’s sheer folly to believe that only the NSA can exploit the vulnerabilities they create.

”52 Ironically, the NSA is charged with two missions: securing the cyber infrastructure of the DOD and related agencies, and gathering foreign intelligence . Privacy and security advocates have long worried that in pursuit of the latter, increasingly dominant mission, the agency would learn about software and other vulnerabilities. Rather than disclose or attempt to fix them, the agency would exploit them, thus compromising its cyber defense mission.

What we now know is that the agency went a step further and actively introduced vulnerabilities into commercial security products and services to enhance its ability to collect intelligence, even though this actively weakens both government and private-sector cyber infrastructure. This problem is particularly challenging not only because the NSA holds two conflicting missions, but also because it is problematic to introduce vulnerabilities into the cyber ecosystem if cyber security is as important as the president and intelligence officials claim . And what the NSA is doing has huge costs for industry, individuals, and our nation . Industry is hurt because foreign business partners and government agencies are refusing to do business with U.S. information technology and telecommunications companies out of fear those companies are cooperating with, or are susceptible to, legal or financial pressure from, the NSA. Individuals are hurt because the software, hardware, and services that secure our data—our financial transactions, health records, and personal communications—are less secure from intrusion by the NSA and anyone else taking advantage of the NSA’s meddling. Our nation is hurt whenever our economy or civil liberties are attacked. Our entire government system---our tax records, benefit payments, air traffic control systems, fire and police protection, nuclear safety, and thousands of other vital functions—depends on networks and technologies that, thanks to the NSA, are less secure today.

G OVERNMENT SURVEILLANCE PROGRAMS STRONGLY ANTAGONIZE DATA SECURITY

–

MAKES CYBER

SECURITY AND PRIVACY IMPOSSIBLE

Doctorow 14

[Cory, journalist and science fiction author, Co-Editor of Boing Boing , Fellow at the Electronic Frontier Foundation, former Canadian Fulbright Chair for Public

Diplomacy at the Center on Public Diplomacy at the University of Southern California, recipient of the Electronic Frontier Foundation’s Pioneer Award, 2014 (“Crypto wars redux: why the FBI's desire to unlock your private life must be resisted,” The Guardian , October 9 th

, Available Online at http://www.theguardian.com/technology/2014/oct/09/crypto-wars-redux-why-the-fbis-desire-to-unlock-your-private-life-must-be-resisted]

Eric Holder , the outgoing US attorney general, has joined the FBI and other law enforcement agencies in calling for the security of all computer systems to be fatally weakened . This isn’t a new project – the idea has been around since the early 1990s, when the NSA classed all strong cryptography as a “munition” and regulated civilian use of it to ensure that they had the keys to unlock any technological countermeasures you put around your data.

¶ In

1995, the Electronic Frontier Foundation won a landmark case establishing that code was a form of protected expression under the First Amendment to the US constitution, and since then, the whole world has enjoyed relatively unfettered access to strong crypto.

¶ How strong is strong crypto? Really, really strong. When properly implemented and secured by relatively long keys, cryptographic algorithms can protect your data so thoroughly that all the computers now in existence, along with all the computers likely to ever be created, could labour until the sun went nova without uncovering the keys by “brute force”

– ie trying every possible permutation of password.

¶

The “crypto wars” of the early 19 90s were fuelled by this realisation – that computers were changing the global realpolitik in an historically unprecedented way.

Computational crypto made keeping secrets exponentially easier than breaking secrets, meaning that, for the first time in human history, the ability for people without social or political power to keep their private lives truly private from governments, police, and corporations was in our grasp .

¶ The arguments then are the arguments now. Governments invoke the

Four Horsemen of the Infocalypse (software pirates, organised crime, child pornographers, and terrorists) and say that unless they can decrypt bad guys’ hard drives and listen in on their conversations, law and order is a dead letter.¶ On the other side, virtually every security and cryptography expert tries patiently to explain that there’s no such thing as “a back door that only the good guys can walk through”

(hat tip to Bruce Schneier).

Designing a computer that bad guys can’t break


M C D ONALD TSDC C HINA into is impossible to reconcile with designing a computer that good guys can break into .

¶ If you give the cops a secret key that opens the locks on your computerised storage and on your conversations, then one day, people who aren’t cops will get hold of that key, too . The same forces that led to bent cops selling out the public’s personal information to Glen Mulcaire and the tabloid press will cause those cops’ successors to sell out access to the world’s computer systems, too, only the numbers of people who are interested in these keys to the (United) Kingdom will be much larger, and they’ll have more money, and they’ll be able to do more damage.

¶

That’s

really the argument in a nutshell . Oh, we can talk about whether the danger is as grave as the law enforcement people say it is, point out that only a tiny number of criminal investigations run up against cryptography, and when they do, these investigations always find another way to proceed. We can talk about the fact that a ban in the US or UK wouldn’t stop the “bad guys” from getting perfect crypto from one of the nations that would be able to profit (while US and UK business suffered) by selling these useful tools to all comers. But that’s missing the point: even if every crook was using crypto with perfect operational security, the proposal to back-door everything would still be madness.¶ Because your phone isn’t just a tool for having the odd conversation

with your friends – nor is it merely a tool for plotting crime – though it does duty in both cases. Your phone, and all the other computers in your life, they are your digital nervous system. They know everything about you. They have cameras, microphones, location sensors. You articulate your social graph to them , telling them about all the people you know and how you know them. They are privy to every conversation you have. They hold your logins and passwords for your bank and your solicitor’s website; they’re used to chat to your therapist and the STI clinic and your rabbi, priest or imam.

¶ That device – tracker, confessor, memoir and ledger – should be designed so that it is as hard as possible to gain unauthorised access to .

Because plumbing leaks at the seams, and houses leak at the doorframes, and lie-lows lose air through their valves. Making something airtight is much easier if it doesn’t have to also allow the air to all leak out under the right circumstances

.

¶ There is no such thing as a vulnerability in technology that can only be used by nice people doing the right thing in accord with the rule of law. The existing “back doors” in network switches

, mandated under US laws such as CALEA, have become the go-to weak-spot for cyberwar and industrial espionage . It was Google’s lawful interception backdoor that let the Chinese government raid the Gmail account of dissidents. It was the lawful interception backdoor in Greece’s national telephone switches that let someone – identity still unknown – listen in on the Greek Parliament and prime minister during a sensitive part of the 2005 Olympic bid (someone did the same thing the next year in Italy).

¶

The most shocking Snowden revelation wasn’t the mass spying (we already knew about that, thanks to whistleblowers like Mark Klein, who spilled the beans in 2005). It was the fact that the UK and US spy agencies were dumping $250,000,000/year into sabotaging operating systems, hardware, and standards, to ensure that they could always get inside them if they wanted to. The reason this was so shocking was that these spies were notionally doing this in the name of “national security”– but they were dooming everyone in the nation (and in every other nation) to using products that had been deliberately left vulnerable to attack by anyone who independently discovered the sabotage .

¶ There is only one way to make the citizens of the digital age secure, and that is to give them systems designed to lock out everyone except their owners . The police have never had the power to listen in on every conversation, to spy upon every interaction. No system that can only sustain itself by arrogating these powers can possibly be called “just.”



N O I MPACT -C YBER W ARS

C HINA

C

YBERWAR IS HEAVILY EXAGGERATED

—

MULTIPLE SOURCES

Healey 2013

[Jason, Director of the Cyber Statecraft Initiative at the Atlantic Council. “No, Cyberwarfare Isn’t as Dangerous as Nuclear War,” U.S. News March 20, 2013, www.usnews.com/opinion/blogs/world-report/2013/03/20/cyber-attacks-not-yet-an-existential-threat-to-the-us]{MEM}

America does not face an existential cyberthreat today, despite recent warnings.

Our cybervulnerabilities are undoubtedly grave and the threats we face are severe but far from comparable to nuclear war .

¶ The most recent alarms come in a Defense Science Board report on how to make military cybersystems more resilient against advanced threats (in short, Russia or China). It warned that the "cyber threat is serious, with potential consequences similar in some ways to the nuclear threat of the Cold War." Such fears were also expressed by Adm. Mike Mullen, then chairman of the Joint Chiefs of Staff, in 2011.

He called cyber "The single biggest existential threat that's out there" because "cyber actually more than theoretically, can attack our infrastructure, our financial systems." ¶ While it is true that cyber attacks might do these things, it is also true they have not only never happened but are far more difficult to accomplish than mainstream thinking believes.

The consequences from cyber threats may be similar in some ways to nuclear, as the Science Board concluded, but mostly, they are incredibly dissimilar.

¶ Eighty years ago, the generals of the U.S. Army Air Corps were sure that their bombers would easily topple other countries and cause their populations to panic, claims which did not stand up to reality. A study of the 25-year history of cyber conflict, by the Atlantic Council and Cyber Conflict Studies Association, has shown a similar dynamic where the impact of disruptive cyberattacks has been consistently overestimated .

¶ Rather than theorizing about future cyberwars or extrapolating from today's concerns, the history of cyberconflict that have actually been fought, shows that cyber incidents have so far tended to have effects that are either widespread but fleeting or persistent but narrowly focused. No attacks, so far, have been both widespread and persistent. There have been no authenticated cases of anyone dying from a cyber attack. Any widespread disruptions , even the 2007 disruption against Estonia, have been short-lived causing no significant

GDP loss.

¶ Moreover, as with conflict in other domains, cyberattacks can take down many targets but keeping them down over time in the face of determined defenses has so far been out of the range of all but the most dangerous adversaries such as Russia and China. Of course, if the United States is in a conflict with those nations, cyber will be the least important of the existential threats policymakers should be worrying about. Plutonium trumps bytes in a shooting war .

¶ This is not all good news. Policymakers have recognized the problems since at least 1998 with little significant progress. Worse, the threats and vulnerabilities are getting steadily more worrying. Still, experts have been warning of a cyber Pearl Harbor for 20 of the 70 years since the actual Pearl Harbor .

¶ The transfer of U.S. trade secrets through Chinese cyber espionage could someday accumulate into an existential threat. But it doesn't seem so seem just yet , with only handwaving estimates of annual losses of 0.1 to 0.5 percent to the total U.S. GDP of around $15 trillion. That's bad, but it doesn't add up to an existential crisis or "economic cyberwar."

C

YBER RELATED THREATS AREN

’

T REAL

The Economist 2012

[“Hype and Fear” 12/8/2012 http://www.economist.com/news/international/21567886-america-leading-way-developing-doctrines-cyber-warfare-other-countriesmay]{MEM}

EVEN as anxiety about jihadi terrorist threats has eased, thanks to the efforts of intelligence agencies and drone attacks’ disruption of the militants’ sanctuaries, fears over Western societies’ vulnerability to cyber-assaults have grown

. Political and military leaders miss no chance to declare that cyberwar is already upon us. America’s defence secretary, Leon Panetta, talks of a “cyber-Pearl Harbour” . A senior official says privately that a cyber-attack on

America that “would make 9/11 look like a tea party” is only a matter of time.

¶ The nightmares are of mouseclicks exploding fuel refineries, frying power grids or blinding air-traffic controllers . The reality is already of countless anonymous attacks on governments and businesses . These seek to disrupt out of malice, or to steal swathes of valuable commercial or security-related data. Some experts believe that such thefts have cost hundreds of billions of dollars in stolen R&D.

¶ Many of these attacks are purely criminal. But the most sophisticated are more often the work of states, carried out either directly or by proxies. Attribution—detecting an enemy’s fingerprints on a cyber-attack—is still tricky, so officials are reluctant to point the finger of blame publicly.

But China is by far the most active transgressor. It employs thousands of gifted software engineers who systematically target technically advanced Fortune 100 companies. The other biggest offenders are Russia and, recently, Iran (the suspected source of the Shamoon virus that crippled thousands of computers at Saudi

Arabia’s Aramco and Qatar’s RasGas in August).

¶ America and its allies are by no means passive victims. Either America, Israel or the two working together almost certainly hatched the Stuxnet worm, found in 2010, that was designed to paralyse centrifuges at Iran’s Natanz uranium-enrichment plant. The Flame virus, identified by

Russian and Hungarian experts this year, apparently came from the same source. It was designed to strike at Iran by infecting computers in its oil ministry and at targets in the West Bank, Syria and Sudan.

¶ Boring, not lurid ¶ For all the hype, policies on cyber-warfare remain confused and secretive. The American government is bringing in new rules and a clearer strategy for dealing with cyber-threats. Barack Obama is said to have signed in October a still-secret directive containing new guidelines for federal agencies carrying out cyber-operations. It sets out how they should help private firms, particularly those responsible for critical national infrastructure, to defend themselves against cyber-threats by sharing information and setting standards.

¶ The directive is partly a response to the stalling of cyber-legislation in the Senate.

Republican senators argue that it imposes too great a regulatory burden on industry, which is already obliged to disclose when it is subject to a cyber-attack. It is also meant to govern how far such bodies as the Department of Homeland Security can go in their defence of domestic networks against malware attacks.

¶ The Pentagon is also working on more permissive rules of engagement for offensive cyber-warfare, for example to close down a foreign server from which an attack was thought to be emanating. General Keith Alexander heads both Cyber Command (which has a budget of $3.4 billion for next year) and the National Security Agency. He has often called for greater flexibility in taking the attack to the “enemy”. The emergence of new cyber-warfare doctrines in America is being watched closely by allies who may follow where America leads—as well as by potential adversaries.

¶ However, Jarno Limnell of Stonesoft, a big computer security firm, says that all levels of government in the West lack strategic understanding on cyber-warfare. So, although questions abound, answers are few. For example, it is not clear how much sensitive information about threats or vulnerabilities government agencies should share even with private-sector firms that are crucial to national security. Often the weakest link is their professional advisers, such as law firms or bankers who have access to sensitive data.

¶ Almost all (roughly 98%) of the vulnerabilities in commonly used computer programmes that hackers exploit are in software created in America. Making private-sector companies more secure might involve a controversial degree of intrusion by government agencies, for example the permanent monitoring of e-mail traffic to make sure that every employee is sticking to security rules. Government hackers may also like to hoard such vulnerabilities rather than expose them. That way they can later create “backdoors” in the software for offensive


M C D ONALD TSDC C HINA purposes.

¶ Also controversial is the balance between defence and attack. General Alexander stresses that in cyber-warfare, the attacker has the advantage. Mr Limnell says that, although America has better offensive cyber-capabilities than almost anybody, its defences get only three out of ten.

¶ Setting rules for offensive cyber-warfare is exceptionally tricky. When it comes to real, physical war, the capability may become as important as air superiority has been for the past 70 years: though it cannot alone bring victory, you probably can’t win if the other side has it.

¶ China has long regarded the network-centric warfare that was developed by America in the late-

1980s and copied by its allies as a weakness it might target, particularly as military networks share many of the same underpinnings as their civilian equivalents. The

People’s Liberation Army (PLA) talks about “informationisation” in war, “weakening the information superiority of the enemy and operational effectiveness of the enemy’s computer equipment”. China’s planning assumes an opening salvo of attacks on the enemy’s information centres by cyber, electronic and kinetic means to create blind spots that its armed forces would then be able to exploit. Yet as the PLA comes to rely more on its own information networks it will no longer enjoy an asymmetric advantage. Few doubt the importance of being able to defend your own military networks from cyber-attacks (and to operate effectively when under attack), while threatening those of your adversaries.

¶

But to conclude that future wars will be conducted largely in cyberspace is an exaggeration. Martin Libicki of the RAND Corporation , a think-tank, argues that with some exceptions cyberwarfare neither directly harms people nor destroys equipment. At best it “can confuse and frustrate…and then only temporarily”. In short, “cyber-warfare can only be a support function”

for other forms of war.

¶ Four horsemen ¶ Besides the cyber element of physical warfare, four other worries are: strategic cyberwar (direct attacks on an enemy’s civilian infrastructure); cyber-espionage; cyberdisruption , such as the distributed denial-of-service attacks that briefly overwhelmed Estonian state, banking and media websites in 2007; and cyberterrorism . Gauging an appropriate response to each of these is hard. Mr Limnell calls for a “triad” of capabilities: resilience under severe attack; reasonable assurance of attribution so that attackers cannot assume anonymity; and the means to hit back hard enough to deter an unprovoked attack.

¶ Few would argue against improving resilience, particularly of critical national infrastructure such as power grids, sewerage and transport systems. But such targets are not as vulnerable as is now often suggested . Cyber-attacks on physical assets are most likely to use what Mr Libicki calls “one-shot weapons” aimed at industrial control systems. Stuxnet was an example: it destroyed perhaps a tenth of the

Iranian centrifuges at Natanz and delayed some uranium enrichment for a few months, but the vulnerabilities it exposed were soon repaired . Its limited and fleeting success will also have led Iran to take measures to hinder future attacks. If that is the best that two first-rate cyber-powers can do against a third-rate industrial power, notes Mr Libicki, it puts into perspective the more alarmist predictions of impending cyber-attacks on infrastructure in the West .

¶ Moreover, anyone contemplating a cyber-attack on physical infrastructure has little idea how much actual damage it will cause, and if people will die. They cannot know if they are crossing an adversary’s red line and in doing so would trigger a violent “kinetic” response (involving real weapons). Whether or not America has effective cyber-weapons, it has more than enough conventional ones to make any potential aggressor think twice .

¶ For that reason, improving attribution of cyberattacks is a high priority. Nigel Inkster, a former British intelligence officer now at the International Institute for Strategic Studies, highlights the huge risk to the perpetrator of carrying out an infrastructure attack given the consequences if it is detected. In October Mr Panetta said that “potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests.” ¶ He may be over-claiming. Given that cyberattacks can be launched from almost anywhere, attribution is likely to remain tricky and to rely on context, motive and an assessment of capabilities as much as technology. That is one reason why countries on the receiving end of cyber attacks want to respond in kind—ambiguity cuts both ways. But poor or authoritarian countries attacking rich democratic ones may not have the sorts of assets that are vulnerable to a retaliatory cyber-attack.

¶ The difficulty is even greater when it comes to the theft (or “exfiltration”, as it is known) of data. For China and Russia, ransacking Western firms for high-tech research and other intellectual property is tempting.

The other way round offers thinner pickings. In 2009 hackers from an unnamed “foreign intelligence agency” made off with some 24,000 confidential files from

Lockheed Martin, a big American defence contractor. As a result they could eavesdrop on online meetings and technical discussions, and gather information about the sensors, computer systems and “stealth” technology of the F-35 Joint Strike Fighter. This may have added to the delays of an already troubled programme as engineers tried to fix vulnerabilities that had been exposed in the plane’s design. Investigators traced the penetrations with a “high level of certainty” to known Chinese IP addresses and digital fingerprints that had been used for attacks in the past. Less than two years later, China unveiled its first stealth fighter, the J-20.

¶ Theft from thieves ¶

As Mr Libicki asks, “what can we do back to a China that is stealing our data?” Espionage is carried out by both sides and is traditionally not regarded as an act of war. But the massive theft of data and the speed with which it can be exploited is something new. Responding with violence would be disproportionate, which leaves diplomacy and sanctions. But America and China have many other big items on their agenda, while trade is a very blunt instrument. It may be possible to identify products that China exports which compete only because of stolen data, but it would be hard and could risk a trade war that would damage both sides.

¶ Cyberdisruption has nuisance value and may be costly to repair, but it can be mitigated by decent defences. Cyber-terrorism has remained largely in the imagination of film-makers , but would be worth worrying about if it became a reality. Stonesoft’s Mr Limnell reckons that, though al-Qaeda and its offshoots show little sign of acquiring the necessary skills, they could buy them. Mr Libicki is more sceptical. Big teams of highly qualified people are needed to produce Stuxnet-type effects, which may be beyond even sophisticated terrorist groups. Also, the larger the team that is needed, the more likely it is to be penetrated .


M C D ONALD

N

O CYBER WAR

–

EXAGGERATION

Guo 12

TSDC C HINA

(Tony Guo, "Shaping Preventive Policy in "Cyber War" and Cyber Security: A Pragmatic Approach" Cyber Security and Information Systems Information Analysis

Center, Vol 1 Num 1, October 2012, https://www.csiac.org/journal_article/shaping-preventive-policy-cyber-war-and-cyber-security-pragmatic-approach)

“

Cyber war” today exists only in the hypothetical, and its

disastrous impacts are often exaggerated.

For instance, the Estonia incident is a commonly cited example by proponents of “cyber war,” where a number of Estonian government websites were temporarily disabled by angry Russian citizens. A crude distributed denial of service ( DDoS) attack was used to temporarily keep users from viewing government websites.

To borrow an analogy, the attack was akin to sending an army of robots to board a bus, filling the bus so that regular riders could not get on. A website would fix this the same way a bus company would, by identifying the difference between robots and humans, and preventing the robots from getting on. ¶ A following MSNBC article dressed up the

Estonia incident and asked the question, could a cyber skirmish lead the U.S. to actual war?

¶ Imagine this scenario: Estonia, a NATO member, is cut off from the Internet by cyber attackers who besiege the country’s bandwidth with a devastating denial of service attack. Then, the nation’s power grid is attacked, threatening economic disruption and even causing loss of life as emergency services are overwhelmed . . . outside researchers determine the attack is being sponsored by a foreign government and being directed from a military base. Desperate and outgunned in tech resources, Estonia invokes Article 5 of the NATO Treaty -- an attack against one member nation is an attack against all. ¶ The article claimed that “half of this fictional scenario occurred in 2007.” In reality, a lot less than half of it occurred, most Estonian sites immediately cut off access to international traffic soon after the increased bandwidth consumption, and botnet IP addresses were soon filtered out. Most of the attackers could not be traced, but one man was later arrested and fined £830 for an attack which blocked the website of the Prime Minister’s

Reform Party. ¶ “

Cyber war” has been a source of confusion due to the ubiquitous application of the terminology, inclusive of cyber crimes and cyber espionage.

Cyber warfare comes with many faulty premises, for instance, proponents argue that it might allow terrorists to successfully attack a much larger target and do disproportionate damage. However, the reality is that any sufficiently effective attack will invite disproportionate retaliation . For instance, one nation may be able to make the claim that any number of nations is harboring “cyber terrorists” and invoke the right of preemptory self-defense. However, “cyber war” as it exists today is not kinetic warfare and should not be confused with traditional notions of war. “Cyber war” is about how to prevent or respond to a DDoS attack, and how to secure systems and information. ¶ Short of “reengineering the Internet,” one could simply maintain government networks and critical infrastructure on closed-networks using proprietary software or protocols. If an organization has all its systems on a closed circuit, the only threats left are its users. Recent data suggests that problems of attribution may not be the major issue, but having reasonable security is. For instance, the U.S. Department of Homeland Security recently ran a test in 2011 where staff secretly dropped USB drives and CDs in the parking lots of government buildings and private contractors. Of those who picked up the media, an overwhelming 60% plugged them into office computers to see what they contained. If the drive or CD had an official logo, 90% were installed. “The test showed something computer security experts have long known: Humans are the weak link in the fight to secure networks against sophisticated hackers.” ¶ Moving forward, legislation and international treaties should focus on the immediate concern regarding cyber security, not on hypothetical accounts of “war .” Addressing security is practical--attacks are less likely to succeed on secured systems and networks with diligent operators, especially given that the majority of breaches today are as a result of system failures and employee negligence.

C OLD W AR D ETERRENCE S TRATEGY DOESN

’

T APPLY TO CYBERWARS

Weiner 12

(Weiner, research intern for the Project on Nuclear Issues, Boss, Internally cites Dr. Lewis who is the director of the Center for Homeland Security and Defense, https://www.hsdl.org/hslog/?q=node/9216)

On Thursday, November 15, Jim Lewis spoke on the role of deterrence in the nuclear, cyber and space domains as a part of Stimson's programming on Space Security, supported by DTRA and the New-Land Foundation.

¶ Lewis is Director and Senior Fellow of the Technology and Public Policy Program at the Center for Strategic and

International Studies, where his recent work has focused on cybersecurity, space, and technological innovation. Prior to joining CSIS, he served at the Departments of

State and Commerce as a Foreign Service officer, and as a member of the Senior Executive Service.

¶ Deterrence of unwanted actions in space is linked to deterrence in the nuclear and cyber domains.

Of the three, mechanisms for deterrence against nuclear attack are most highly developed.

Space deterrence mechanisms are a work in progress. Of the three domains, restraints on cyber deterrence are weak. What are the ramifications of cyber attacks for space and nuclear deterrence?

¶ Lewis argued that though the US has the most advanced cyber and space forces in the world, these forces fail to deter our opponents from malicious actions; the nuclear model of deterrence is not appropriate for the cyber and space domain s. Asymmetric vulnerability to attack, new classes of opponents with very different tolerance of risk, and the difficulty of crafting a proportional and credible threat, all erode the ability to deter in the cyber and space domain s.

¶ In these domains, actors confront asymmetrical degrees of risk tolerance in their opponents. Unlike cold War deterrence,

States may have difficulties in holding non-state actors "hostage," as these actors have minimal infrastructure or populations to defend from counter-attacks.

The challenges of attribution in the cyber and space domain s both emboldens attackers and restrains states seeking retaliation.

Questions of proportionality also confound efforts to apply a model of deterrence to the space and cyber domains. Lewis stated that crime and espionage do not justify the use of force, just as nuclear deterrence failed to deter espionage, proxy wars and low-level conflict during the Cold War, cyber and space opponents seem to have calculated the threshold they cannot cross in peacetime, and know to operate below it .

¶ Finally, Lewis argued that an essential aspect of deterrence is that it must threaten vital interests as understood by senior political figures - usually defined as territorial integrity and political independence. Lewis do es not believe that this threat to vital interests is possible to achieve in space or cyber. In the case of cyber, he stated that the destructiveness of a cyberattack is usually overstated. Cyber attacks can shape the battlefield and environment, but "they don't create existential harm."

He concluded by stating that states should not seek to deter unwanted actions in the space and cyber domains, but should "acquire and maintain the ability to fight through an attack and win," sustaining continuity of operations and war fighting abilities should be the focus of strategy and not deterrence.



O

RGANIZATIONAL CONFUSION DOOMS

OCO’

S FROM BEING EFFECTIVE

.

C HINA

GAO 11

(Government Accountability Office, Defense Department Cyber Efforts: DOD Faces Challenges In Its Cyber Activities, http://www.gao.gov/assets/330/321824.html)

DOD has assigned authorities and responsibilities for implementing cyberspace ¶ operations among combatant commands, military services, and defense

¶

agencies ; however, the supporting relationships necessary to achieve command

¶

and control of cyberspace operations remain unclear . In response to a major

¶

computer infection, U.S. Strategic Command identified confusion regarding ¶ command and control authorities and chains of command because the exploited ¶ network fell under the purview of both its own command and a geographic ¶ combatant command.

Without complete and clearly articulated guidance on ¶ command and control responsibilities that is well communicated and practiced ¶ with key stakeholders, DOD will have difficulty in achieving command and control ¶ of its cyber forces globally and in building unity of effort for carrying out ¶ cyberspace operations .



N O I MPACT -

W AR WITH C HINA

C HINA

N

O CYBER WAR WITH

C

HINA

—

INTERDEPENDENCE CHECKS

Austin and Gady 12

(Greg, professorial fellow at the EastWest Institute and senior visiting fellow in the department of War Studies at King’s College London, and Franz-Stefan, associate and foreign policy analyst at the EastWest Institute, "Cyber Detente Between the united States and China: Shaping the Agenda", http://www.ewi.info/system/files/detente.pdf)

That said , the two countries’ economies, though very different in many respects, are each highly dependent on a global Internet and shared communications platforms and hardware. While the Chinese economy is not as dependent on the Internet as the U.S., economy is, the difference between the two is fast shrinking.

China’s export-driven economy and its trade in financial services make it as vulnerable to cyber attack as the United States. This interdependence—despite occasional outbursts of confrontational rhetoric coming from both Beijing and Washington— can be leveraged to promote stability in bilateral relations. In fact, this is already happening.

We can think of this interdependency as a bal-ance of cyber power. If one accepts that both governments make rational calculations, than this new interconnectedness can be exploited to make conflict less likely . In today’s interconnected, digitalized world, the

“opportunity cost” associated with embarking on a confrontational course will deter both parties from engaging in open hostile actions. This of course does not preclude cyber espionage, intellectual property theft, or even what some analysts have called the “long game,” i.e. the slow and gradual infiltration of strategically significant economic ICT systems by hackers on both sides.

I NTERDEPENDENCE IS AMPLIFIED IN CYBER WAR

—

THE POTENTIAL IMPACTS PREVENT ANY POTENTIAL

CONFLICT

Austin and Gady 12

(Greg, professorial fellow at the EastWest Institute and senior visiting fellow in the department of War Studies at King’s College London, and Franz-Stefan, associate and foreign policy analyst at the EastWest Institute, "Cyber Detente Between the united States and China: Shaping the Agenda", http://www.ewi.info/system/files/detente.pdf)

China and the United States do have a com-plementary interest in cooperating on many aspects of cybersecurity. The most significant argument to support a claim for cooperation in China’s international behavior in cyberspace is mutual dependence among the major economic powers (including China, the United States, Japan and the European Union) in the economic sphere , in a situation where trillions of dollars of transactions occur through networked digital communications each day.

In speaking of the U.S.’s economic reliance on digital networks and systems, former Director of National Intelligence Mike McConnell observed in 2010: “The United States economy is $14 trillion a year. Two banks in New York City move $7 trillion a day. On a good day, they do eight trillion... All of those transactions are massive reconciliation and accounting. If those who wish us ill, if someone with a different world view was successful in attacking that information and destroying the data, it could have a devastating impact, not only on the nation, but the globe.” 31 The cost to global economic stability would likely be very high if there were a major confrontation between China and the United States. Sustained or repeated interruptions in connectivity, corruption of transaction data, or deletion of commercial records on a large scale could have major negative repercus-sions for the global economy.

Whether confidence after such attacks could be restored remains an open question. These costs would be so high that they should at least dampen if not fully deter states from resorting to cyber war. Cyberspace only amplifies traditional interdependence in trade.

N

O

US-C

HINA CYBER WAR

Fox 11

(Stuart Fox, Assistant Editor, July 2, 2011, “Why Cyberwar Is Unlikely,” Tech News Daily, http://www.technewsdaily.com/6962-cyberwar-unlikely-deterrence-cyberwar.html)

Even as more and more countries invest in the idea of cyberwarfare, cyberspace remains largely peaceful insofar as actual war is concerned.

¶

In the two decades since cyberwar first became possible, there hasn't been a single event that politicians, generals and security experts agree on as having passed the threshold for strategic cyberwar .

¶

In fact, the attacks that have occurred have fallen so far short of a proper cyberwar that many have begun to doubt that cyberwarfare is even possible.

¶ The reluctance to engage in strategic cyberwarfare stems mostly from the uncertain results such a conflict would bring, the lack of motivation on the part of the possible combatants and their shared inability to defend against counterattacks .

¶

Many of the systems that an aggressive cyberattack would damage are actually as valuable to any potential attacker as they would be to the victim.

¶

The five countries capable of large-scale cyberwar (Israel, the U.S., the U.K., Russia and China ) have more to lose if a cyberwar were to escalate into a shooting war than they would gain from a successful cyberattack.

¶ "The half-dozen countries that have cyber capability are deterred from cyberwar because of the fear of the American response. Nobody wants this to spiral out of control," said James Lewis, senior fellow and director of technology and public policy at the Center for Strategic and International Studies in Washington, D.C.


M C D ONALD

N

O

US-C

HINA CYBER WAR AND NO IMPACT

TSDC C HINA

Sanders 13

(Doug Sanders, author and journalist, “Our Computers Are Not Going to Kill Us: Cyber War is Military Fiction,” http://dougsaunders.net/2013/07/our-computers-arenot-going-to-kill-us-cyber-war-is-military-fiction/)

We tend to believe them. To those of us who grew up in the early decades of the Internet, reading William Gibson and watching Tron, the idea of a distinct and tangible

“cyberspace,” as Mr. Gibson coined it, seems believable. If war is hell in meatspace, then imagine what it will be like when it moves into the online world, where all our communications and private data are stored, where the machines that control our entire lives can be hacked. If the Internet is everywhere, wouldn’t a cyberwar be a total war?

¶ Once we started believing this, the whole world seemed to confirm it.

An online virus was used by Israel and the United States to disable a uranium-enrichment facility in Iran. China uses a facility to steal data from the West.

France, Britain and the United States, as we’ve recently learned, are mass-harvesting the online communications and phone calls of foreigners (and possibly their own citizens), and the man who revealed this, Edward

Snowden, is in the midst of a globe-trotting flight across the settings of vintage James Bond movies. If this is what cyber cold war looks like, how horrid would real cyberwars be?

¶ We can imagine them, and make movies about them, but the reality is far more mundane and less threatening.

¶

That’s the conclusion made by Thomas Rid, an expert on cybersecurity and intelligence at the department of war studies at London’s King’s

College.

His forthcoming book’s straight-up title, Cyber War Will Not Take Place, is a call for sanity: There is no distinct “online world,” and the many forms of online crime and mischief are not a threat to our existence or our civilization.

¶

“Cyber war has never happened in the past, it does not occur in the present, and it is highly unlikely that it will disturb our future,” Mr. Rid writes.

¶ Instead, he says, “the opposite is taking place: a computer-enabled assault on violence itself. All past and present political cyberattacks – in contrast to computer crime – are sophisticated versions of three activities that are as old as human conflict itself: sabotage, espionage and subversion … In several ways, cyberattacks are not creating more vectors of violent interaction; rather, they are making previously violent interactions less violent.”

¶ People who understand distributed systems and networks realize this: It may be possible , if hundreds of people work on the problem for years, to damage a single centrifuge facility using a virus – but still only if there’s also a human sabotage agent placed on site. To destroy or disable an entire country’s or region’s infrastructure using lines of code or electromagnetic pulses would be impossible – or, at least, given the need for human agents at each target, it would be the same as using bombs to do so (and bombs would be quicker and easier).

N

O WAR

-

NO MOTIVES OR CAPABILITY

Zetter 13

(Kim Zetter, senior reporter at Wired, "Spy Chief Says Little Danger of Cyber ’Pearl Harbor’ in Next Two

Years" March 12, 2013, http://www.wired.com/2013/03/no-cyber-pearl-harbor/)

CONTRARY TO MUCH of the fear-mongering that has been spreading through the nation’s capital on cybersecurity matters lately, the director of national intelligence bucked that trend on Tuesday when he told a senate committee that there was little chance of a major cyberattack against critical infrastructure in the next two years.

¶ DNI James Clapper was a singular voice of reason when he told the Senate

Select Committee on Intelligence that lack of skills on the part of most attackers and the ability to override attacks on critical infrastructure with manual controls would make such attacks unfeasible in the near future . He also said that nation states that might have the skills to pull off such an attack lack the motive at this point .

¶ “We judge that there is a remote chance of a major cyber attack against U.S. critical infrastructure systems during the next two years that would result in long-term, wide-scale disruption of services, such as a regional power outage,”

Clapper said in his statement to the committee. “The level of technical expertise and operational sophistication required for such an attack — including the ability to create physical damage or overcome mitigation factors like manual overrides — will be out of reach for most actors during this time frame. Advanced cyber actors — such as Russia and China — are unlikely to launch such a devastating attack against the United States outside of a military conflict or crisis that they believe threatens their vital interests.

”

¶ Clapper’s words come in the wake of increased rhetoric in

Washington over a recent report that Chinese hackers, presumed to be supported by that nation’s military and Communist Party apparatus, have been responsible for unprecedented cyber espionage attacks that have resulted in millions of dollars of intellectual property being lost. That report, published by computer security firm

Mandiant, suggested that Chinese spies were also targeting critical infrastructure systems with the possible intention of causing sabotage.



US/C

HINA CYBER TENSIONS UNLIKELY TO CAUSE WAR

C HINA

Moss 13

(Trevor Moss, "Is Cyber War the New Cold War?" The Diplomact, http://thediplomat.com/2013/04/is-cyber-war-the-new-cold-war/?all=true Apr. 2013)

Cyberspace is anarchic, and incidents there span a hazy spectrum from acts of protest and criminality all the way to invasions of state sovereignty and deliberate acts of destruction. Cyber attacks that might be considered acts of war have so far been rare . It is certainly hard to characterise the rivalry between

China and the U.S. as it stands as cyber warfare, argues Adam Segal, a senior fellow at the Council on Foreign Relations. “I tend to stay away from the term ‘cyber war’ since we have seen no physical destruction and no deaths,” he explains. Segal accepts that there is a conflict of sorts between China and the U.S. in cyberspace, though he says it is “likely to remain below a threshold that would provoke military conflict.”.=

¶ While there is no internationally accepted categorization of different kinds of cyber activity (individual states have varying definitions), it is self-evident that some episodes are more serious than others.

NATO’s Cooperative Cyber

Defence Centre of Excellence (CCDCOE) – a unit based, not by accident, in Estonia, which experienced a massive cyber-attack from Russia in

2007 – distinguishes between “cyber crime,”“cyber espionage,” and “cyber warfare.” ¶

China’s cyber operations,

for all their notoriety, have essentially been acts of theft – either criminals attempting to extract privileged data, or incidents of state-sponsored espionage (some of which, admittedly, had national security implications, such as the extraction of blueprints for the F-35 Joint Strike Fighter). But these operations did not seek to cause any physical destruction, and so would be hard to interpret as acts of war.

This may explain why the U.S. government has been quite tolerant of Chinese hacking until now, seeing it as an irritant rather than as anything more provocative.



I MPACT T URNS

C HINA

T

URN

M

ISCALC

-

ONLY THE PLAN SOLVES DETERRENCE FAILURES

.

Lord et al 11

(Lord, Vice President and Director of Studies at the Center for a New American Security June 2011 http://www.cnas.org/files/documents/publications/CNAS_Cyber_Volume%20I_0.pdf)

The Department of Defense, the intelligence ¶ community, the Department of Justice, ¶ Congress and the White House should clarify ¶ legal authorities related to military and intelligence ¶ operations in cyberspace. GEN Alexander ¶ told Congress in March 2011 that the U.S.

¶ military does not yet possess the legal authorities ¶ it needs to respond to a cyber attack against ¶ the United States or its allies.

197 LtGen Robert ¶ Schmidle, Jr., deputy commander of Cyber ¶ Command, elaborated that “There is a real ¶ dearth of doctrine and policy in the world of ¶ cyberspace,” pointing to the lack of coordination

¶ and guidance from civilian leadership.198

¶

This lack of clarity is understandable as cyber

¶ operations evolve faster than legal and political ¶ processes, but it could cause confusion and ¶ disorganization during a major cyber attack .

¶ By delineating the authorities granted to the ¶ military, the U.S. government will reduce uncertainty ¶ and thereby increase its ability to use the ¶ capabilities it has more effectively and without ¶ undue hesitation. This outcome will raise the¶ retaliatory costs suffered by potential adversaries¶ if they attack the United States and the attacks¶ can be attributed to them, which will help deter¶ them in the first place.

T

URN

-

ORGANIZATION CONFUSION DOOMS

OCO

S NOW

-

ONLY STATUTORY LEGISLATION SOLVES

.

Chesney 12

(Robert Chesney, Professor in Law, University of Texas School of Law, Military-Intelligence Convergence and the Law of the Title 10 Title 50 debate, http://jnslp.com/wp-content/uploads/2012/01/Military-Intelligence-Convergence-and-the-Law-of-the-Title-10Title-50-Debate.pdf)

That architecture is a complex affair, including what might be described ¶ as “framework” statutes and executive branch directives

generated in fits ¶ and starts over the past forty years. Ideally, it serve s to mediate the tension ¶ between the desire for flexibility, speed, and secrecy in pursuit of national ¶ defense and foreign policy aims , on one hand, and the desire to preserve a ¶ meaningful degree of democratic accountability and adherence to the rule ¶ of law, on the other. Of course, the legal architecture has never been ¶ perfect on this score, or even particularly close to perfection. But the ¶ convergence trend has made the current architecture considerably less ¶ suited towards these ends.

¶ First, it reduces the capacity of the existing rules to promote ¶ accountability . The existing rules attempt to promote accountability in two ¶ ways. They promote it within the executive branch by requiring explicit ¶ presidential authorization for certain activities, and they promote ¶ accountability between the executive branch and Congress by requiring ¶ notification to the legislature in a broader set of circumstances .

¶

Convergence undermines these rules by exposing (and exacerbating) the ¶ incoherence of key categorical distinctions upon which the rules depend, ¶ including the notion that there are crisp delineations separating intelligence ¶ collection, covert action, and military activity. As a result , it is possible, if ¶ not probable, that a growing set of exceptionally sensitive operations – up ¶ to and including the use of lethal force on an unacknowledged basis on the ¶ territory of an unwitting and nonconsenting state – may be beyond the ¶ reach of these rules .

¶ Second, the convergence trend undermines the existing legal ¶ architecture along the rule-oflaw dimension by exposing latent confusion ¶ and disagreement regarding which substantive constraints apply to military ¶ and intelligence operations. Is international law equally applicable to all ¶ such operations? Is an agency operating under color of “Title 50” at liberty ¶ to act in locations or circumstances in which the armed forces ordinarily ¶ cannot? Enhance Accountability within the Executive Branch. The current legal ¶ architecture requires presidential approval for

“covert action” programs, but

¶ the situation is complicated with respect to unacknowledged military ¶ operations.

An unacknowledged military operation must be authorized by ¶ the President or at least the Secretary of Defense if it is collateral to an ¶ anticipated overt military operation that is not yet imminent but for which ¶ operational planning has been authorized – a sweeping set of circumstances.

¶ But no such approval is required if the operation is collateral to ongoing ¶ hostilities. This makes sense if the unacknowledged operation occurs in the ¶ combat zone. If it occurs on the territory of another state outside the

“hot”

¶ battlefield, however, the risks are sufficient to warrant extension of the ¶ requirement of presidential or at least secretarial authorization. Notably, ¶ press accounts indicate that former Secretary of Defense Robert M. Gates ¶ had insisted upon such an approach for lethal operations outside the hot ¶ battlefield, as a matter of policy. At a minimum, that policy should be ¶ codified. Better still to extend it to all unacknowledged military operations ¶ outside the combat zone. The degree of accountability involved should be ¶ commensurate with the risks, and in light of convergence there is little ¶ reason to calibrate that judgment differently for the military than for the ¶

CIA, at least not outside combat zones.

¶ Enhance Information-Sharing with Congress. Operations constituting ¶ “covert action” must be reported to the House and Senate Intelligence ¶ Committees; by contrast, the unacknowledged military operations discussed ¶ above are not subject to this requirement. A separate law requires ¶ notification to Congress when the armed forces are deployed in ¶ circumstances involving a likelihood of hostilities, but given the strict ¶ interpretation of “hostilities” adopted in relation to the conflict in Libya it ¶ seems clear that a considerable amount of unacknowledged military activity ¶ might escape notification to Congress under that regime as well. An effort ¶ was made in 2003 to close this gap by requiring unacknowledged military ¶ activity to be reported to the Intelligence Committees when activity occurs ¶ outside the geographic confines of a state where the United States has an ¶ overt combat presence. The effort failed in the face of resistance from the ¶ Pentagon and the House and Senate Armed Services Committees. It should

¶

be revived, but with notification being made to the Armed Services ¶ Committees, subject to an option for close-hold notifications, based on the ¶ Gang of Eight model.

All such notification scenarios should be modified, ¶ however, to include participation by the chief majority and minority counsels of the relevant committees (creating, in effect, a “Gang of Twelve” ¶ system).

¶ Clarify Substantive Constraints on Title 50 Operations. It should be ¶ made clear that all U.S. government agencies comply with the law of war in ¶ any operation to which the law of war applies, regardless of whether the ¶ operation is categorized as a Title 10 or a Title 50 activity and regardless of ¶ which particular agency carries it out. This is not necessarily a change from ¶ current policy, but it would help to address concerns that critics have raised ¶ with respect to whether the CIA conforms its drone operations to law of war ¶ standards. On the other hand, it would not be appropriate to adopt a similar ¶ express commitment vis-a-vis international law’s treatment of state ¶ sovereignty, given


M C D ONALD TSDC C HINA lingering uncertainty with respect to whether and when ¶ international law prohibits one state from conducting espionage, covert ¶ action, or other operations within another state’s territory in the first place

T URN NSA OVERREACH WRECKS SECURITY , EMBOLDENS HOSTILE ACTORS , DISTRACTS FROM MORE

GENUINE THREATS , AND WEAKENS US LEVERAGE ON SECURITY COOPERATION .

Donohue ’15

(Laura K. Donohue ’15 (Georgetown University Law Center, “High Technology, Consumer Privacy, and U.S. National Security,” http://scholarship.law.georgetown.edu/facpub/1457)

C. Unintended Harmful Consequences There are various ways in which the NSA’s apparent failure to take account of the potential impact of public knowledge of the programs on U.S. industry may have acted to undermine U.S. security beyond weakening the economy. The backlash risks shielding foreign government actions from public scrutiny . It potentially undermines the ability of the United States to develop international norms against ubiquitous surveillance , which can be used for political or economic espionage. And it raises the possibility that the country will lose digital sight of active threats against the United States . As was previously noted, the data localization movement, given momentum by the NSA revelations, risks the creation of distinct, parallel Internets, which would stifle the free flow of information that connects not just economies, but cultures and people, with potential rollbacks for an increasingly globalized world. This would affect the country’s interest in democratic engagement and it would harm the United States’ international reach . The creation of national search engines, national email systems, and national social networks, moreover, means that foreign governments will have direct control over electronic communication networks, facilitating censorship and domestic surveillance and limiting outside view of the extent to which such steps are being taken . When Turkish Prime Minister Recep Erdoğan, for instance, tried to shut town Twitter, the international community was immediately put on notice. 111 #TwitterisblockedinTurkey #dictatorerdogan, and #occupytwitter quickly moved to popular trending topics internationally. 112 The United States, EU, and others formally objected to the action through diplomatic channels. Had Turkey been an isolated network, it may have secretly censored the politically damaging information (in this case, leaks revealing corruption in the Erdoğan government), without generating such immediate, international attention. Along the same lines, in

July 2014 President Vladimir Putin signed a new law requiring Internet companies to store all Russian users’ data within domestic borders. Russia’s media and parliament members have used Edward Snowden’s leaks about NSA spying to rally support for the new law. 113 The legislation, though, serves to intensify Putin’s control over Internet companies. 114 With internal data centers, it will be easier for the Russian president to enforce censorship policies and to collect information about members of the political opposition. The law could also give Putin an excuse to shut down major social media networks if they fail to comply with the new regulations.

The NSA revelations also have undermined U.S. credibility in challenging other countries’ efforts to obtain trade secrets and other information through state surveillance. China provides one of the strongest examples . Because of the NSA programs, U.S. objections to China selling surveillance technology to oppressive regimes look rather weak. Post-Snowden, Chinese efforts have become even more public and devastating to U.S. interests . Since 2005, when President Mahmoud Ahmadinejad first took office, Iran has stated its plan to develop a national Internet network.115 In the intervening decade, the country has been unable to do so. But in January 2014 Iran’s Ministry of Communications and Information Technology announced that China would officially be collaborating with them on the creation of the National Information Network. 116 Part of Iran’s aim has been to develop a system that allows the country to turn off the international components of the Internet, in a way that will enable the government and domestic banking industry to continue to operate. With more than half the population under age 35, Iran has a tech-savvy citizenry, which has, to date, found various ways around government efforts to block social media and other international sources. It is not clear whether Iran will be able to completely divest itself of access to the world wide web. What is clear is that in a post-Snowden era, their efforts to do so are being facilitated by countries with interests diametrically opposed to the United States. Online warfare between China and the United States simmered in the background, until in early 2013 the Obama Administration began to make it center stage . In January 2013, the New York Times reported that Chinese hackers had infiltrated its computers following a threat that if the paper insisted on publishing a story about its prime minister, consequences would follow. 117 The following month, a security firm, Mandiant, revealed that the Chinese military unit

61398 had stolen data from U.S. companies and agencies. 118 In March 2013 President Obama’s national security advisor publicly urged China to reduce its surveillance efforts—after which classified documents leaked to the public demonstrated the extent to which China had infiltrated U.S. government servers. 119 In May

2013, the National Security Advisor flew to China to lay the groundwork for a summit, in which cyber surveillance would prove center stage.120 Two days before the

Obama-Xi meeting was scheduled to take place, The Guardian ran the first story on the NSA programs. 121 On June 7, when Obama raised the question of Chinese espionage, Xi responded by quoting the Guardian and suggesting that the U.S. should not be lecturing the Chinese about surveillance.122 Although differences may mark the two countries’ approaches to surveillance (e.g., in one case for economic advantage, in the other for political or security advantage), the broader translation for the global community has been one in which the United States has lost high ground to try to restrict cybersurveillance . A final point is worth noting in this context: namely, to the extent that nonU.S. companies are picking up customers and business overseas, the United

States’ ability to conduct surveillance may be further harmed—thus going directly to the country’s national security interests. In other words, it may be in the country’s best interests to keep traffic routed through U.S. companies, which would allow the national security infrastructure, with appropriate legal process, to access the information in question. The apparent overreach of the NSA, however, may end up driving much of the traffic elsewhere, making it harder for the United States to obtain the information needed to protect the country against foreign threats .



T

ERMINAL

D

EFENSE

-

OVERSEAS OR NOT

,

SOURCE OF INFORMATION IS IRRELEVANT TO DATA SECURITY

,

AND

THE PLAN IS A PREREQUISITE

:

ITS MODEL BOLSTERS INTERNATIONAL COOPERATION

,

SOLVING CYBER

DETERRENCE .

Hill 14

(Jonah Force Hill, technology and international affairs consultant based in San Francisco and a Fellow of the Global Governance Futures program in 2014, “THE

GROWTH OF DATA LOCALIZATION POST-SNOWDEN: ANALYSIS AND RECOMMENDATIONS FOR U.S. POLICYMAKERS AND BUSINESS

LEADERS”)

Data Localization: An Unsound Policy Whatever mix of purposes constitute the “true” motivations behind the data localization movement, whether domestic industry protectionism, political opportunism, or a genuine – if misplaced – desire for improved data privacy and security, the reality is that data localization, in all of its various forms, creates serious problems without offering many, if any, actual benefits. The problems are manifest not just on a global scale of the efficiency of the Internet, but critically for the specific countries considering the policies. Moreover, some of the localization proposals under consideration – specifically, limitations on data flows to or around specific geographies – would likely require a fundamental restructuring of the

Internet’s core technical architecture and governance systems, a restructuring that carries with it its own serious drawbacks

.

Security and Counter-Surveillance Objectives are Not Well Served Looking first at data security (the enhancement of which is the ostensible reason for most localization proposals), there is little reason to believe that any of the proposals under consideration would do much, if anything, to mitigate the problems as they have been defined. Data security is ultimately not dependent on the physical location of the data or the location of the infrastructure supporting it. Data breaches can and do occur anywhere . Security is instead a function of the quality and effectiveness of the mechanisms and controls maintained to protect the data in question. Has an Internet service organization put in place comprehensive security policies, and has it routinely audited its software and infrastructure to identify and address security vulnerabilities? These are the useful procedures to protect data. Hence, as a purely technical issue (i.e., irrespective of matters of law and politics ), there are few reasons to suspect that a server in Germany will be any safer from attack by those seeking to access information than is a server in the United States , or in Costa Rica for that matter, assuming that they use the same technology and follow the same security procedures. Advocates for data localization who understand this fact often point to jurisdictional differences between nations as a reason to keep data local. Data stored in the U.S. is unsafe, they argue, because it can be obtained by the NSA under legal coercion. Data localization (as a restriction on data storage abroad), they insist, would negate this risk. While this may be true in certain respects, the argument omits an important reality, namely that while locating data beyond the borders of the United States might preclude the NSA or FBI from obtaining data via a subpoena or other formal legal mechanism, moving data abroad could actually empower the NSA by lowering the legal threshold required to obtain that same data by way direct intrusion into foreign data servers or data links . As was mentioned briefly above, U.S. domestic law (as it is currently written and interpreted) puts fairly strict limits on the collection of intelligence information on American soil. Data capture outside the U.S., by contrast, even when that data is in the hands of American firms, is in large measure legally permissible when there is a “national security interest,” a fairly broad criterion. Data localization (as a local data requirement) could potentially give the NSA greater freedom to mine data, not less .104 Furthermore, while moving data into the servers outside the

U.S. may prevent the U.S. government from obtaining certain types of data via subpoena (ignoring the direct intrusion distinction for a moment), data localization in that form would, at the same time, give domestic intelligence agencies of the home country increased data collection powers over their citizens’ data. Given the fact that it is those domestic agencies and their governments, and not the NSA and the United States, that can more immediately impose and enforce coercive measures upon the citizens, those citizens need to ask themselves, first, which presents the greater threat to their liberty generally, and to the security of their personal information in particular? And, once recognizing that one’s own government may not be trusted to abjure obtaining data of its citizens, is a domestic company possessing the data more or less likely than a giant like Google to knuckle under to the demands of one’s own government? With respect to most of the nations of the world, where there exist scant judicial independence and little governmental transparency, the questions, I would argue, are answered in the asking.105 Ultimately, the only real solution to the kinds of security and surveillance problems brought into the open by the Snowden disclosures lies in international negotiations, agreements, and the development of norms of state behavior . But besides that, what matters is whether or not the organizations hosting the data are protecting that data with the best possible security mechanisms and technology available, and being as transparent as they can be about how they cooperate with intelligence organizations. Accordingly, Internet users should have the freedom to decide which organizations, which companies, are best equipped and able to protect security and offer transparency, whether a Google, an Amazon or a domestic provider. With a number of studies showing that

Brazil,106 Indonesia,107 and many of the other countries considering localization are among the least well-equipped nations to protect their data , the argument that limiting competition in the market, limiting the options available to firms, and potentially jettisoning the most security-competent technology companies available would somehow improve security, rather than degrade it, is nonsense .



T

URN

NSA

SURVEILLANCE DESTROYS TRUST IN

D

ATA

I

NTEGRITY

,

WRECKING DATA SECURITY AT ITS CORE

.

Kehl et al 14

(Danielle Kehl with Kevin Bankston, Robyn Greene & Robert Morgus, analysts at New America’s Open Technology Institute, “Surveillance Costs: The NSA’s Impact on the Economy, Internet Freedom & Cybersecurity,” July 2014, https://static.newamerica.org/attachments/534-surveillance-costs-the-nsas-impact-on-the-economyinternet-freedom-cybersecurity/Surveilance_Costs_Final.pdf)

We have previously focused on the economic and political repercussions of the NSA disclosures both in the United States and abroad. In this section, we consider the impact on the Internet itself and the ways in which the NSA has both weakened overall trust in the network and directly harmed the security of the Internet.

Certainly, the actions of the NSA have created a serious trust and credibility problem for the United States and its Internet industry. “All of this denying and lying results in us not trusting anything the NSA says, anything the president says about the NSA, or anything companies say about their involvement with the NSA,” wrote security expert Bruce Schneier in September 2013.225 However, beyond undermining faith in American government and business, a variety of the NSA’s efforts have undermined trust in the security of the Internet itself. When Internet users transmit or store their information using the Internet, they believe—at least to a certain degree—that the information will be protected from unwanted third-party access. Indeed, the continued growth of the Internet as both an economic engine and an as avenue for private communication and free expression relies on that trust. Yet, as the scope of the NSA’s surveillance dragnet and its negative impact on cybersecurity comes into greater focus, that trust in the Internet is eroding.226 Trust is essential for a healthy functioning society.

As economist Joseph Stiglitz explains, “Trust is what makes contracts, plans and everyday transactions possible; it facilitates the democratic process, from voting to law creation, and is necessary for social stability.” Individuals rely on online systems and services for a growing number of sensitive activities, including online banking and social services, and they must be able to trust that the data they are transmitting is safe.

In particular, trust and authentication are essential components of the protocols and standards engineers develop to create a safer and more secure Internet, including encryption.228

The NSA’s work to undermine the tools and standards that help ensure cybersecurity—especially its work to thwart encryption—also undermines trust in the safety of the overall network .

Moreover, it reduces trust in the United States itself, which many now perceive as a nation that exploits vulnerabilities in the interest of its own security.220 This loss of trust can have a chilling effect on the behavior of Internet users worldwide .230

Unfortunately, as we detail below, the growing loss of trust in the security of Internet as a result of the latest disclosures is largely warranted. Based on the news stories of the past year, it appears that the Internet is far less secure than people thought—a direct result of the NSA’s actions. These actions can be traced to a core contradiction in NSA’s two key missions: information assurance—protecting America’s and Americans’ sensitive data—and signals intelligence—spying on telephone and electronic communications for foreign intelligence purposes. In the Internet era, these two missions of the NSA are in obvious tension. The widespread adoption of encryption technology to secure Internet communications is considered one of the largest threats to the NSA’s ability to carry out the goals of its signals intelligence mission. As the National Journal explained, “strong Internet security actually makes the NSA’s job harder.”231 In the 1990s, the NSA lost the public policy battle to mandate that U.S. technology companies adopt a technology called the “Clipper Chip” that would give the government the ability to decrypt private communications,232 and since then strong encryption technology has become a bedrock technology when it comes to the security of the Internet. The NSA lost that early battle against encryption, sometimes called the “Crypto War,”233 not only due to vocal opposition from privacy and civil liberties stakeholders, but also because the private sector convinced policymakers that subverting the security of American communications technology products would undermine the U.S. technology industry and the growth of the Internet economy as a whole.234 However, as an explosive New York Times story first revealed in September 2013, the NSA has apparently continued to fight the “Crypto War” in secret, clandestinely inserting backdoors into secure products and working to weaken key encryption standards.235

“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies ,” said a

2010 memo from the Government Communications Headquarters (GCHQ), the NSA’s British counterpart. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.” Given the amount of information the NSA is collecting, it is not surprising that the agency would also take aggressive steps to improve its ability to read that information. According to the “black budget” released by The Washington

Post in August 2013, 21 percent of the intelligence budget (roughly $11 billion) goes toward the Consolidated Cryptologic Program, with a staff of 35,000 in the NSA and the armed forces’ surveillance and code breaking units.237 “The resources devoted to signals intercepts are extraordinary,” wrote Barton Gellman and Greg

Miller.238 However, the agency has employed a variety of methods to achieve this goal far beyond simple code-breaking—methods that directly undermine U.S. cybersecurity, not just against the NSA, but also against foreign governments, organized crime, and other malicious actors. In this section, we consider four different ways that the NSA has damaged cybersecurity in pursuit of its signals intelligence goals: (1) by deliberately engineering weaknesses into widely-used encryption standards; (2) by inserting surveillance backdoors in widely-used software and hardware products; (3) by stockpiling information about security vulnerabilities for its own use rather than disclosing those vulnerabilities so that they can be remedied; and (4) by engaging in a wide variety of offensive hacking techniques to compromise the integrity of computer systems and networks around the worl d, including impersonating the web sites of major American companies like Facebook and LinkedIn.



T

URN

NSA

SURVEILLANCE IS COUNTERPRODUCTIVE AFTER

S

NOWDEN BECAUSE IT DETERS STORING DATA

IN THE

US

OR PASSING DATA THROUGH

US

SERVERS

.

Donohue ’15

(Laura K. Donohue ’15 (Georgetown University Law Center, “High Technology, Consumer Privacy, and U.S. National Security,” http://scholarship.law.georgetown.edu/facpub/1457)

III. ECONOMIC SECURITY AS NATIONAL SECURITY The NSA programs illustrate lawmakers’ failure to recognize the degree to which economic strength is central to national security, as well as the importance of the high technology industry to the U.S. economy. The concept of economic security as national security is not new: the Framers and the generations that followed acknowledged the importance of economic strength as central to national security. Our more recent understandings, however, have gotten away from the concept, in the process cleaving important interests out of the calculations required to accurately understand the implications of government actions.

Unintended consequences have resulted. The Snowden leaks, for instance , may have driven bad actors to seek non-U.S. companies for ISP services, creating gaps in insight into their operations . They have also undermined U.S. efforts to call other countries to heel for their exploitation of international communications to gain advantages over U.S. industry.

In sum, the expansive nature of the programs may well have acted to undermine U.S. national security in myriad ways linked to the country’s economic interests.



A2: E CON I MPACT A DD ON

C HINA

M

AINTAINING CURRENT DATA COLLECTION AND SURVEILLANCE STANDARDS SLOWS ECONOMIC GROWTH

–

REMOVAL WOULD ALLOW A

4%

GROWTH

Kehl et al 2014

[Danielle Kehl, Policy Analyst at New America’s Open Technology Institute (OTI). Kevin Bankston, Policy Director at OTI. Robyn Greene, a Policy Counsel at OTI.

Robert Morgus, Research Associate at OTI. “Surveillance Costs: The NSA’s Impact on the Economy, Internet Freedom & Cybersecurity,” New American’s Open

Technology Institute Policy Paper. https://www.newamerica.org/downloads/Surveilance_Costs_Final.pdf]{MEM}

Some analysts have questioned whether data localization and protection proposals are politically motivated and if they would actually enhance privacy and security for ordinary individuals living in foreign countries,160 especially given the existence of similar laws in a number of countries and Mutual Legal Assistance Treaties (MLATs) between nations that provide cross-border access to data stored for lawful investigations.161 Yet there is no doubt that

American companies will pay a steep price if these policies move forward. Mandatory data localization laws could lead to soaring costs for major Internet companies such as Google, Facebook, and Twitter, who would be faced with the choice of investing in additional, duplicative infrastructure and data centers in order to comply with new regulations or pulling their business out of the market altogether

.162 In testimony before Congress last November, for example, Google’s Director of Law Enforcement and Information Security suggested that requirements being discussed in Brazil could be so onerous that they would effectively bar

Google from doing business in the country .163 The penalties that companies face for violating these new rules are also significant. In some cases, unless U.S. policy changes, it may be virtually impossible for American companies to avoid violating either domestic or foreign laws when operating overseas

.164

The costs and legal challenges could easily prevent firms from expanding in the first Data Protection is made in Europe. Strong data protection rules must be Europe’s trade mark... Following the U.S. data spying scandals, data protection is more than ever a competitive advantage.”

-Viviane Reding, European Commissioner for Justice, Fundamental Rights, and Citizenship ,, New America’s Open Technology Institute 19 place or cause them to leave existing markets because they are no longer profitable.165

ITIF’s

Daniel Castro has suggested that data privacy rules and other restrictions could slow the growth of the U.S. technology-services industry by as much as four percent.

166

Data localization proposals also threaten to undermine the functioning of the Internet, which was built on protocols that send packets over the fastest and most efficient route possible, regardless of physical location.

If actually implemented, policies like those suggested by India and Brazil would subvert those protocols by altering the way Internet traffic is routed in order to exert more national control over data.167 The localization of Internet traffic may also have significant ancillary impacts on privacy and human rights by making it easier for countries to engage in national surveillance, censorship, and persecution of online dissidents, particularly where countries have a history of violating human rights and ignoring rule of law.168 “Ironically, data localization policies will likely degrade – rather than improve – data security for the countries considering them, making surveillance, protection from which is the ostensible reason for localization, easier for domestic governments, if not foreign powers, to achieve,” writes Jonah Force Hill.169

The rise in data localization and data protection proposals in response to NSA surveillance threatens not only

U.S. economic interests

, but also Internet Freedom around the world.



A2: D EMOCRACY A DD ON

T

HE

US

ISN

’

T MODELED AND DOMESTIC SURVEILLANCE ISN

’

T KEY

Naughton 15

C HINA

John Naughton is professor of the public understanding of technology at the Open University. (“Surveillance laws are being rewritten post-Snowden, but what will really change?; The ripples from the revelations of NSA surveillance can be felt around the world - but intelligence and law-enforcement agencies will carry on regardless,” Lexis Nexis, 6/17/2015) STRYKER

At one level it's a significant moment

: one in which - as a Guardian leader writer put it - "an outlaw rewrites the law".

And in a few other countries, notably Germany, Snowden's revelations do seem to be having a demonstrable impact

- as witnessed, for example, by the Bundestag's inquiry into

NSA surveillance within the Federal Republic.

These are non-trivial outcomes, but we shouldn't get carried away. The revelations have had close to zero effect on the way the British security agencies

- and their political masters - go about things

. And now that the Tories are liberated from the tiresome obsession of the Lib Dems with privacy and human rights, who knows what Theresa May and the spooks are cooking up? (The relevant passage in the Queen's speech merely says that

"new legislation will modernise the law on communications data".)

On the other side of the Atlantic, although the USA Freedom Act does introduce a number of reforms, the surveillance landscape remains largely unchanged. Americans' phone records will still be hoovered up

- but now by the telephone com panies, not the NSA - and access to them will require a warranting process. And elements of transparency around government surveillance and the operations of the secret Fisa court will be introduced.

So while there is some good news for American citizens in the new legislation, the position for the rest of the world is that nothing changes

. The US retains the right to snoop on us in any way it pleases - and of course to spy on any US citizen who has the misfortune to exchange a phone call or an email message with us. Edward

Snowden's revelations have thus brought about some amelioration in the domestic surveillance regime within the US, but so far they have done little to protect those who live outside that benighted realm and quaintly regard privacy as a basic human right

.

D

EMOCRACY PROMOTION INCREASES A RISK FOR CONFLICT

Taliaferro 7

Jeffrey W. Taliaferro is Associate Professor of Political Science at Tufts University. (“Hegemonic Delusions: Power, Liberal Imperialism, and the Bush Doctrine,” Lexis Nexis, 2007)

STRYKER

Finally,

Layne contends that his extraregional hegemony theory explains certain continuities in grand strategy

during and after the Cold

War. Maintaining U.S. preponderance and preventing the emergence of multipolarity in Eurasia figures prominently in the National Security Strategy reports released by the George H.W.

Bush, Bill Clinton, and George W. Bush administrations. Despite rhetorical and tactical differences with its predecessor, the current administration's grand strategy is hegemonic in scope, shaped by Open Door ideology, and largely blind to the longterm consequences of its actions and the legitimate concerns of other states. Regardless of whether Bush

, Vice President Dick

Cheney

, Secretary of State Condoleezza

Rice

, former Deputy Secretary of Defense Paul

Wolfowitz and the others in the administration actually believe their rhetoric about democracy promotion and the benign motives for U.S. policy, the fact is

[*179] that hardly anyone else believes them.

Layne notes, "

Wilsonian liberalism self-consciously rests on the conviction that the United States is a model for the world and that its values and institutions are superior to everybody else's

. . . .

The inclination to universalize liberal democracy puts the United States on a collision course with others whose ideologies, institutions, and values differ from America's

. . . ."


China Disad - Cloudfront.net

HINA

ISAD

War for the Interwebs 1

War for the Interwebs 2

1NC

War for the Interwebs 3

1NC

War for the Interwebs 4

NIQUENESS

XT

War for the Interwebs 5

War for the Interwebs 6

War for the Interwebs 7

War for the Interwebs 8

War for the Interwebs 9

INK

XT

War for the Interwebs 10

L INK – G ENERIC

War for the Interwebs 11

L INK -

XO 12333

War for the Interwebs 12

L INK – S ECTION 702

War for the Interwebs 13

NTERNAL

INKS

XT

War for the Interwebs 14

War for the Interwebs 15

War for the Interwebs 16

War for the Interwebs 17

War for the Interwebs 18

War for the Interwebs 19

MPACT

XT

War for the Interwebs 20

I MPACT -

E CON

War for the Interwebs 21

War for the Interwebs 22

I MPACT -D EMOCRACY

War for the Interwebs 23

I MPACT -G REAT P OWER W ARS

War for the Interwebs 24

War for the Interwebs 25

War for the Interwebs 26

War for the Interwebs 27

War for the Interwebs 28

FFENSE

OLV

EFICIT

War for the Interwebs 29

War for the Interwebs 30

FF

NSWERS

War for the Interwebs 31

N ON -U NIQUE

War for the Interwebs 32

War for the Interwebs 33

War for the Interwebs 34

N O L INK -G ENERIC

War for the Interwebs 35

L INK TURN

War for the Interwebs 36

War for the Interwebs 37

N O I MPACT -C YBER W ARS

War for the Interwebs 38

War for the Interwebs 39

War for the Interwebs 40

War for the Interwebs 41

N O I MPACT -

W AR WITH C HINA

War for the Interwebs 42

War for the Interwebs 43

War for the Interwebs 44

I MPACT T URNS

War for the Interwebs 45

War for the Interwebs 46