Agenda – aff uq cybersecurity Aff

Download 0.95 Mb.
Date conversion20.11.2016
Size0.95 Mb.
  1   2   3   4   5   6   7   8   9   ...   22

___AGENDA – **AFF** UQ___

**Cybersecurity Aff

2ac UQ

Won’t pass –
Turf wars, partisanship, and SOPA hangover overcome PC – we control vote count

Martinez, 4-25 – Jennifer, Daring the Senate on cybersecurity , POLITICO,

The bills — including the controversial Cyber Intelligence Sharing and Protection Act — are expected to pass the House without a problem by Friday, giving Republicans a partisan talking point and providing them cover should cyberenemies execute attacks against American agencies or utilities. It’s a tough spot for Senate Majority Leader Harry Reid and for President Barack Obama, whose aides lean toward the Senate’s comprehensive cybersecurity approach but have been unwilling to box themselves in by criticizing the House bill directly. For now, Reid remains paralyzed by turf wars, an inability to collect the 60 votes needed to get a bill to the floor and the hangover effect from anti-piracy legislation that left many Democratic senators preternaturally afraid of crossing the Internet companies and activists behind the anti-SOPA efforts. On CISPA, some tech and Internet firms — such as Facebook, Microsoft and IBM — support the House bill. But cyberliberties groups have taken to social media to wage a campaign to brand it as a “cyberspying” bill that would let companies share private information on users with the federal government. At the heart of the cyberfight in Congress is a partisan impasse over how far the government should go in requiring private companies and utilities to maintain specific cybersecurity standards.

PC won’t solve – predictive ev

Cassata, 4-26 – Donna, House moves ahead with cybersecurity bill,

House Republicans are pushing ahead with legislation to protect the nation's critical infrastructure and corporations from electronic attacks despite Obama administration objections that the legislation fails to protect Americans' civil liberties. The House begins work Thursday on the bill designed to address the cybersecurity threat by getting the private sector and government to share information to thwart attacks from foreign governments, terrorists and cybercriminals. Although the information sharing is voluntary, civil liberties groups fear the measure could lead to government spying on Americans. The administration objections run deeper. "The sharing of information must be conducted in a manner that preserves Americans' privacy, data confidentiality and civil liberties and recognizes the civilian nature of cyberspace," the administration said in a statement Wednesday. "Cybersecurity and privacy are not mutually exclusive." The administration also complained that the bill's liability protection for companies that share information is too broad and argued that the Homeland Security Department should have a primary role in domestic cybersecurity. In its current form, the administration said, the president's advisers would recommend a veto of the bill. Yet White House opposition is not expected to derail the House bill, which has bipartisan support, Republicans and Democrats said Wednesday. "It certainly will have an impact, I think, on the margin of the vote, but the bill is still likely to pass," said Rep. Adam Schiff, D-Calif., who had hoped to amend the bill by limiting the government's ability to collect information, such as birthdays, that could be used to identify individuals. His measure reflected the concerns of the White House, but Republicans refused to allow its consideration. A final vote on the bill is expected Friday. Rep. Mike Rogers, R-Mich., the chairman of the House Intelligence Committee, has worked closely with Rep. C.A. "Dutch" Ruppersberger of Maryland, the panel's top Democrat, on the overall legislation as well as on several amendments to clarify parts of the measure. Republicans, the U.S. Chamber of Commerce and companies such as Facebook and Google are receptive to the legislation because it does not impose new regulations on businesses requiring them to share information, making that step voluntary. "The basis for the administration's view is mostly based on the lack of critical infrastructure regulation, something outside of our jurisdiction," Rogers and Ruppersberger said in a joint statement late Wednesday after the administration veto threat. "We would also draw the White House's attention to the substantial package of privacy and civil liberties improvement announced yesterday, which will be added to the bill on the floor." One possible foe also has signaled that it won't work to defeat the bill. The Center for Democracy and Technology, a leading organization on Internet freedom, said this week that the Intelligence Committee had made "important privacy improvements" in the bill. The organization still raised concerns about the flow of Internet data to the National Security Agency. "We will not oppose the process moving forward in the House," the group said in a statement. "We will focus on the amendments and subsequently on the Senate." The administration backs a Senate bill sponsored by Sens. Joe Lieberman, I-Conn., and Susan Collins, R-Maine, that would give the Department of Homeland Security the authority to establish security standards. "The government applies safety standards for cars, food, building structures and toys, to name a few," Lieberman, Collins and Sens. Jay Rockefeller, D-W.Va., and Dianne Feinstein, D-Calif., said in a statement. "Why not do the same for the infrastructure that powers our economy and provides us with the highest standard of living in the world?" However, that legislation remains stalled, facing opposition from senior Senate Republicans. Arizona Sen. John McCain, the top Republican on the Senate Armed Services Committee, said during a hearing last month that the Homeland Security Department is "probably the most inefficient bureaucracy that I have ever encountered" and is ill-equipped to determine how best to secure the nation's essential infrastructure. McCain has introduced a competing bill. House Republicans are determined to secure passage of their bill, a step they hope will force the Senate to act.
No chance of Cybersecurity – differences are irreconcilable

WSJ, 4-27 – House Passes Cybersecurity Bill,

Congress moved toward gridlock over how to improve the security of the nation's computer networks when the House of Representatives approved a measure opposed by the White House and at odds with Senate efforts on the issue. House passage of its measure, the Cyber Intelligence Sharing and Protection Act, came on a 248-168 vote Thursday and was supported by both Republicans and Democrats. The House vote came despite a warning by the White House that senior advisers would recommend a presidential veto if the measure also passed the Senate, which is considered unlikely. The White House prefers a Senate bill that would concentrate cybersecurity efforts in the Department of Homeland Security and would require companies to bolster security for critical infrastructure, such as electrical and water systems. The House bill only facilitates the swapping of threat data between private companies and the National Security Agency and other government departments. The House version also was criticized by civil-liberties groups that said its provisions allowing businesses to share information with the government to improve cybersecurity could compromise American citizens' privacy. The American Civil Liberties Union called it "a dangerously overbroad bill that would allow companies to share our private and sensitive information with the government without a warrant and without proper oversight." The Obama administration says cybersecurity should be overseen by civilian agencies. The Senate bill favored by the White House and supported by Democrats and Sen. Susan Collins (R., Maine), would place Homeland Security officials in charge of the effort. However, the Senate measure is opposed by business groups because of requirements that businesses adopt measures to improve security, steps executives see as burdensome. The twin controversies—whether to regulate security and whether a civilian agency should head up the effort—seem likely to snarl efforts to plug the growing gaps in network security. Earlier attempts at cybersecurity legislation drew broad, bipartisan support but little momentum. In the past year, the debate has grown more polarized over whether government should play a larger role in requiring businesses to strengthen their cybersecurity.
Cybersecurity won’t pass and it’s subject to massive delay even if it does

Cassata, 4-27 – House passes CISPA cybersecurity bill Obama opposes, Chicago Sun Times, 2

The House’s solid bipartisan vote for a cybersecurity bill sends a message to the Senate: Now it’s your turn to act. Ignoring a White House veto threat, the House approved the Cyber Intelligence Sharing and Protection Act–known as CISPA–which would encourage companies and the federal government to share information collected on the Internet to help prevent electronic attacks from cybercriminals, foreign governments and terrorists. The vote Thursday was 248-168, with 42 Democrats joining 206 Republicans in backing the measure. Congressional leaders are determined to get a cybersecurity bill completed this election year but that may be difficult. The Obama administration and several leading Senate Democrats and Republicans want a bill that would give the Homeland Security Department the primary role in overseeing domestic cybersecurity and the authority to set security standards. The House bill would impose no new regulations on businesses, an imperative for Republicans. In the coming weeks, the Senate will try to proceed on its bill by Sens. Joe Lieberman, I-Conn., and Susan Collins, R-Maine, who have said the House bill is inadequate in protecting against cyberattacks. Senior Senate Republicans, such as Sen. John McCain of Arizona, argue that Homeland Security is ill-equipped to determine how best to secure the nation’s essential infrastructure and has introduced his own bill.

1ar UQ – Top**

Leading conservatives block

Sasso, 4-23 – Brendan, OVERNIGHT TECH: Conservative groups slam House cybersecurity bill, The Hill,

Six leading conservative groups urged Congress to re-work the Cyber Intelligence Sharing and Protection Act (CISPA) on Monday. In a letter to bill sponsors Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), the conservative groups wrote that CISPA "risks unduly expanding federal power, undermining freedom of contract, and harming U.S. competitiveness in the technology sector." The letter was signed by the Competitive Enterprise Institute, TechFreedom, FreedomWorks, Americans for Limited Government, the Liberty Coalition and American Conservative Union Chairman Al Cardenas. The goal of CISPA is to help companies beef up their defenses against hackers who steal business secrets, rob customers' financial information and wreak havoc on computer systems. The measure would tear down legal barriers that discourage companies from sharing information about cyber threats. But the conservative groups slammed CISPA for using a broad definition for "cyber threat information" and for a sweeping immunity provision for companies that hand over information to the government. The groups warned that the bill would prevent companies from assuring customers that they could protect their private data. The letter explained that the bill would allow third parties, such as data storage companies, to share information with the government even if they had signed a contract with other companies to secure the data. The conservative groups also criticized CISPA for allowing the government to use the information for purposes other than addressing cybersecurity threats and for not including tougher oversight requirements for how the government handles the data it collects. Although the bill allows only for voluntary information sharing, the groups said the bill should be amended to ban government agencies from pressuring companies to share information. "If CISPA is not revised to reflect our concerns, however, it may have serious unintended consequences for America’s vibrant technology sector — and for our constitutional rights. Therefore, we urge CISPA’s sponsors to consider these recommendations before sending the bill to the House floor," the groups wrote. The House is set to vote on the bill this week. Rep. Ron Paul (R-Texas) also criticized CISPA in an op-ed in The Hill, comparing it to the failed Stop Online Piracy Act (SOPA).

Won’t pass – can’t reconcile different bills

Bartz, 4-11 – Diane, House to take up cybersecurity bill with revisions, Reuters,

Lee Tien, a senior staff attorney with the Electronic Frontier Foundation, said he had not seen the proposed amendments, and could not say if they would allay his group's concerns. The Senate is considering two cybersecurity bills, both of which overlap with the information-sharing measure proposed by the Rogers-Ruppersberger bill. James Lewis, a cybersecurity expert who calls the Rogers-Ruppersberger bill "nice to have but not enough," predicted a rough road for the legislation. "You're going to see a bill out of the Senate and out of the House that are markedly different," he said.

Partisanship, elections and time all block – empirics prove

Smith, 3-19-12 – Gerry, Cybersecurity Bill Faces Uncertain Future In Fight Over Regulation, Huffington Post,

Yet in recent weeks, the prospect of passing major cybersecurity legislation for the first time has grown uncertain. Senators have introduced competing bills amid differences over whether the Department of Homeland Security should be given power to enforce cybersecurity standards at private companies, which own and operate 85 percent of critical infrastructure. Many Republicans and business lobbyists, including the U.S. Chamber of Commerce, oppose legislation with regulations, claiming they would harm companies, while many Democrats say DHS enforcement is the only way to properly address cyber vulnerabilities to critical infrastructure. Comprehensive cybersecurity legislation has never reached the floor of Congress for a vote. After a year in which numerous government agencies and major corporations revealed that hackers had infiltrated their networks to steal corporate secrets or leak sensitive customer data, many still think this could be the year to pass a cyber bill. Thus far, more than 30 cybersecurity bills have been unveiled on Capitol Hill, emerging from a wide range of committees, including Commerce, Foreign Affairs, Intelligence and Homeland Security. But privately, several Congressional aides and observers say the debate over cyber legislation has become increasingly partisan and that time is running short to pass legislation in an election year.

Competing proposals, regulations and privacy doom it

I.S.I., 3-22 – Infosec Island, online news source “designed especially for IT and network professionals who manage security, risk, and compliance issues.” “Lawmakers Continue Clash Over Cybersecurity Legislation,”

Lawmakers continue to clash over a myriad of proposed cybersecurity bills even as Congressional oversight committees are presented with testimony that underscores the urgency presented by an rapidly growing threat to national security. “It is critical that we strengthen our cybersecurity posture, and we urge Congress to recognize the need for new tools to more effectively prevent and respond to potential cyber attacks on the homeland,” said assistant to the president for Homeland Security and Counterterrorism John Brennan. Brennan's statements backup FBI Director Robert Mueller's statements made last week to a Senate oversight committee when he warned that terrorist groups are actively "using cyberspace to conduct operations." "While to date terrorists have not used the Internet to launch a full-scale cyber attack, we cannot underestimate their intent," Mueller said. In February, Senators Joe Lieberman, Susan Collins, John D. Rockefeller IV, and Dianne Feinstein jointly introduced the Cybersecurity Act of 2012 which was intended to reconcile multiple bills previously proposed for consideration. The legislation enjoys strong bipartisan support, making it the leading contender for passage, but the bill could be held up for debate for some time. "That’s the most comprehensive bill and probably the most likely to change behavior in the private sector. Without holding the private sector to a general standard, we haven’t really addressed the hardest issue," said former assistant DHS secretary Stewart Baker. Despite having prompted the introduction of the Cybersecurity Act of 2012, Senate Majority Leader Harry Reid has plans to reintroduce legislation proposed by the White House last year - legislation that many private sector leaders say is too punitive in nature and would disincentivize companies from both investing in better security measures and from disclosing data loss events. “That’s the part that could sink the whole bill,” said Internet Security Alliance Larry Clinton. "There's really no doubt that they have proposed here developing a fairly extensive regulatory structure and again that is precisely the opposite of what the president himself promised when he released the cyberspace policy review back in 2009," Clinton stated during a taping of C-SPAN's "The Communicators" which aired last August. The Obama administration's proposal is "a punitive model where we're trying to blame the victims of the attack. I don't think that the administration's proposal really does anything that I can see to enhance cybersecurity," Clinton had said. Also in contention is a proposed bill offered by Senator John McCain which has less of a regulatory focus than the White House proposal, and instead seeks to break down barriers to threat intelligence sharing within government and with the private sector. Critics have lambasted the bill over privacy concerns and argue it would give law enforcement and intelligence agencies too much access to private information that should not be subject to routine government oversight.

1ar UQ – Elections

More evidence partisanship and elections make it impossible

Network World, 3-20-12 – Cybersecurity Bill Soap Opera,

So where are we on cybersecurity legislation at this point? Who knows. There is probably a bit of back office deal making going on but we can't expect much real action due to partisan politics and an election year. Beside, cybersecurity is too esoteric and geeky for broad appeal. Why focus on cybersecurity when you can simply call your opponent to task on emotional issues gasoline prices, health care reform, or social issues?

Won’t pass – elections, dueling bills, lobbies and Obama’s PC fails

Gorman, 3-9-12 – Siobhan, Cybersecurity Bills Duel Over Rules for Firms, WSJ,

A bipartisan Senate bill to bolster cybersecurity has sparked a competing proposal from Republicans wary of new regulations for businesses, a signal that burgeoning anti-government fervor has begun shaping national-security measures. The White House-backed proposal would require companies that own computer networks integral to key critical infrastructure like electric-power systems and nuclear reactors to meet certain cybersecurity standards. Sponsors include the chairman and ranking member of the Homeland Security panel, Sens. Joseph Lieberman (I., Conn.) and Susan Collins (R., Maine). The Republican alternative, unveiled last week, omits provisions for critical infrastructure security and instead focuses on creating better mechanisms for the sharing of cyberthreat information between the government and industry. The bills' future will likely depend on whether the debate is seen as one primarily about national security or economic growth, congressional and industry officials say. "Is this a national-security conversation or is this an economic-prosperity conversation?" said one telecommunications-industry official, who favors the Republican bill. "It's not about building a new battlefield." Election-year politics could derail enactment of any cybersecurity measure, but lawmakers and industry officials increasingly say they believe Congress will pass a bill. The competing measures are expected to reach the Senate floor soon. Much of the debate so far has focused on whether proposed new regulations would be too onerous and costly for the private sector. Business interests have played a key role in crafting both proposals. The bipartisan bill would create a new regulatory regime. The Homeland Security Department would work with industry to determine which computer systems within companies were running infrastructure where a cyberattack would be catastrophic. For those companies, Homeland Security and industry representatives would establish required standards. The regime would be overseen either by relevant federal regulators—for instance, the Federal Energy Regulatory Commission in the case of electric utilities—or by Homeland Security. Congressional officials said they have incorporated thousands of changes into the bipartisan legislation to address business concerns. For example, they have included waivers for industries that show they have met security standards, and have said that Homeland Security would oversee the standards only for industries not already regulated by another agency. "This bill actually takes a really innovative approach to regulation," said James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies who has advised the White House. The White House-backed bill also has measures that aim to improve threat data-sharing, like the GOP bill. Republicans have promoted their proposals as an effort to improve security without placing new requirements on the private sector. "Some may say our bill doesn't go far enough, because it does not impose layers of regulation on critical infrastructure," said Sen. Saxby Chambliss (R., Ga.) recently at the Republican bill announcement. "Private-sector innovation is the engine that drives our economy today, and more government is seldom the solution to any problem." The GOP bill has drawn significant industry support. The U.S. Chamber of Commerce is expected to support the framework of the bill. It backs "the overarching principles behind the nonregulatory approach to cybersecurity policy," said Chamber spokesman Bobby Maldonado. Industry representatives who oppose new cybersecurity requirements, however, are beginning to discuss what regulations they might be willing to accept, a telecom industry official said. "If it's crammed down our throats, what would we be OK with swallowing?" the telecom official said, describing the process. "You're preparing for the worst case." The White House sought this week to refocus the debate on national security. Officials deployed a small army of top intelligence and national-security officials to meet with senators to warn about inadequacies of the current system and explain why cybersecurity standards would improve security. To make their point, they played out a hypothetical situation of a cyberattack on the power grid in New York. "It was really pointing out this is a security bill," said Homeland Security Secretary Janet Napolitano, who was part of Wednesday's briefing, in an interview. "That we're being attacked now and that we haven't had a catastrophic attack, but we shouldn't wait until there is one to address the problem legislatively." White House officials said cybersecurity standards are essential to protecting the nation. "As long as there are weak links in the core critical infrastructure, there's a risk for everybody," said Howard Schmidt, the White House cybersecurity chief, adding that even seemingly small intrusions can escalate into large problems. Sen. Chambliss said the briefing didn't sway him from the Republican approach. "The case has not been made, especially in these difficult economic times, that more government regulation of critical infrastructure will clearly improve, rather than hinder, our cybersecurity," he said. Some cybersecurity specialists say the drafters of the White House-backed bill have already undermined the security provisions in making accommodations to business interests. For example, changes in the bill that raised the threshold for determining which computer systems would be required to meet the new-standards regime now leave out many critical systems, said Alan Paller, director of research for the SANS Institute cybersecurity firm. "That's a stellar example of how business can disembowel an important piece of legislation," he said.

Won’t pass – election year makes partisan conflicts and failure inevitable

Lohrmann, 3-8-12 – Dan, Michigan's first chief security officer (CSO) and deputy director for cybersecurity and infrastructure protection, “Will New Cybersecurity Legislation Pass in 2012?” Government Technology,

The list of articles highlighting the need for cybersecurity legislation in 2012 goes on and on. So is this a done deal? Well … this is an election year and partisan battles are raging. While some groups like ISPs and civil libertarians are still saying no new regulations are needed, the holdup seems to be dueling bills between the two sides of the aisle. The public rhetoric emphasizes two extremes of a government Internet takeover on one side versus the very serious cyber threat to all critical infrastructures and our economy on the other. There is also debate over who should do what, such as should the National Security Agency (NSA) have control over domestic monitoring and/or information sharing – which would be a big change in policy. A recent Reuters article reported this: “A Senate aide, speaking on condition of anonymity, said the Senate is unlikely to pass either the McCain bill or the Democratic version and that talks on a possible compromise could begin in the coming weeks. President Obama's proposed legislation, like the omnibus bill Reid wants, would leave DHS in charge of cybersecurity. DHS could ask for help from the NSA, but would be subject to closer oversight than actions led by the NSA and other parts of the Defense Department.”

1ar UQ – Mandates

Mandates hold up progress even if there’s broad consensus about the need for action

NPR, 3-22 – Cybersecurity Bill: Vital Need Or Just More Rules?

The prospect of such a paralyzing strike has convinced U.S. security officials and members of Congress that a new law may be needed to promote improved cyberdefenses at critical facilities around the country. Progress on that legislation, however, has been slowed by a debate over whether new cybersecurity measures should be mandated or merely encouraged. Heavy-Handed? The Lieberman-Collins initiative would also establish baseline cybersecurity standards that all companies in an industrial sector would be required to meet. The legislation, however, has run into stiff opposition from private firms, the Chamber of Commerce and from members of Congress who view it as heavy-handed. "Unelected bureaucrats at the [Department of Homeland Security] could promulgate prescriptive regulations on American businesses," charges Sen. John McCain, R-Ariz., the co-author of an alternative cybersecurity bill that favors voluntary information sharing between the government and private industry. Advocates of mandatory cybersecurity standards, however, say the owners and operators of critical assets have consistently underestimated their vulnerability to cyberattacks and therefore are unlikely on their own to take the steps necessary to bolster their own defenses, particularly if they cost money. Many operators, for example, do not realize their industrial controls may be accessible via the Internet.

Alt Cause 2ac

Private sector competition blocks effective cybersecurity

POLITICO, 3-21 – Budget cuts put cybersecurity at risk,

WANTED: cybersecurity experts willing to work for the federal government for less pay and fewer benefits than offered by private companies like Google. That sums up the federal government’s problem in trying to attract and retain a talented workforce to fight cybercrime. Budget limitations have hamstrung the government’s ability to compete with the private sector, which can offer cyber researchers more pay and more opportunities for advancement. And competition is particularly fierce in the U.S., where there is a shortage of students graduating with science, tech, engineering and math degrees. “Confronting today’s cyber challenges requires a highly skilled and motivated research community, and it’s well documented that the demand for cyber expertise greatly exceeds the supply,” James Peery, director of the Information Systems Analysis Center at Sandia National Laboratories, told a Senate Armed Services subcommittee hearing this week. And the problem isn’t just finding skilled employees — it’s also keeping them around. “We’ve all recognized that the talent is central to this entire discussion,” Zachary Lemnios, the Defense Department’s assistant secretary of defense for research and engineering, testified. “We are not competitive salary-wise,” NSA’s Research and Development Director Michael Wertheimer said.

Alt Cause 1ar

The government can’t compete – that’s a huge liability

POLITICO, 3-21 – Budget cuts put cybersecurity at risk,

At Sandia National Laboratories, staffers are being solicited by private companies offering a greater than 50 percent increase in salary and better benefits, Peery said — and more employees are taking companies up on their offers. North Carolina Sen. Kay Hagan, chairwoman of the Subcommittee on Emerging Threats and Capabilities, was alarmed by what she heard. “When we’re talking about the new threat of cybersecurity as the next terrorist activity, it really concerns me that we’re limited in pay scales and promotion scales.”

2ac IL D – Bill Fails

Any bill that can pass will fail – defer to quals

Kelly and Benson, 2-24-12 – U.S. gears up for cyberwar amid conflicting ideas on how to fight it, Reprint from CNN,

Saving business is a key concern of those drawing up the battle plan for this cyberwar, but protecting lives is important, too. One bill introduced last week in the Senate proposes to require private companies that operate "critical infrastructure" to prove that they are protecting themselves from cyber attack. Under the legislation, the Department of Homeland Security would determine which businesses are deemed "critical infrastructure." It would include things such as water filtration plants, air traffic control systems and electrical grids. But Stewart Baker, former assistant secretary for policy at DHS and now a partner at Steptoe & Johnson LLP, calls Genachowski's efforts little more than "jawboning." "It is an incremental step, but it's not even the beginning of the solution. The other guys have already lapped us and all we've done is tie our shoes," Baker said.

Industry solves it better on their own

Kelly and Benson, 2-24-12 – U.S. gears up for cyberwar amid conflicting ideas on how to fight it, Reprint from CNN,

Kevin Mandian was an unlikely cyber warrior. Stationed at the Pentagon in 1993 as an Air Force computer security officer, mainframes were his life from 9 to 5. He wanted to be a medical examiner and sort through the "blood and guts" to figure out what had caused some catastrophic event to a human body. Instead, he heads a firm that deconstructs cyberattacks and tells Fortune 100 companies just how the attack was launched. His company is actively investigating more than 40 intrusions reported by clients. When he started the company in 2004, it was a one employee operation. Today, he employs more than 200 people. He's flown more than 100,000 miles a year for the past several years visiting clients who have been the victims of cyber attacks. He's not a big believer in government curing the problem. "Cancer. We've known about cancer for 4,000 years and we've never cured it," Mandian said from his company headquarters in Alexandria, Virginia. "I think with a lot of the IT security woes, people think there's going to be a cure, you can legislate a cure, and to me it's almost like legislating a cure for cancer. It's more complex than that and the complexity is because a lot of the intrusions rely on human nature." Mandian literally banks on human nature. That's because part of the problem with Internet security is the user. Using a computer screen displayed on an oversize monitor, he overlays the user's screen with the hackers. As the user logs into his e-mail account, the hacker waits. He has done his research. He knows that just a day earlier, the user attended a conference on security. He knows that because of the Internet. Both the conference and a list of attendees was posted on a company website. The hacker has downloaded the PowerPoint presentation that was given, infected it with a malware program to take over the user's computer and e-mailed it to the user with the subject line reading: Thank you for attending the conference. PowerPoint presentation attacked. With one click, the user has allowed the hacker into his computer. "We are trusting and I think you've gotta be, and a lot of the intrusions I've seen would work on me," Mandian explains as he lays out just how cyberattack work so well. Mandian predicts decades of growth for cybersecurity specialists ahead, regardless of what the U.S. government eventually does to tackle the problem. "I think there's gonna be a growth in it because the private sector has to protect the private sector in this regard," Mandian said. "There's not going to be a magic phone number to get a DHS person on the phone for a computer intrusion."

2ac ! D

No impact – big actors have no motive and small groups aren’t deadly

Sasso, 3-17-12 – Brendan, 'System is blinking red': Alarming rhetoric in push for cybersecurity bills, Hillicon Valley, The Hill,

Jerry Brito, director of the Technology Policy Program at George Mason University, said the "rhetoric does not match the reality" on cybersecurity. "When members of Congress talk about [cybersecurity] they conflate the different threats," Brito said. He explained that cyber espionage is a "very real" problem that is "happening right now." Companies and foreign governments are hacking into the computer systems of American companies to steal their trade secrets and gain a competitive advantage. But Brito said the likelihood of a cyber attack having a major "kinetic effect"—meaning significant physical destruction—is low. He said he doubts that terrorist groups or hacker collectives like Anonymous have the sophistication to takedown critical infrastructure systems. Foreign governments, such as Russia or China, could probably wreak havoc with a cyber attack, Brito said, but they would likely only employ that tactic if the U.S. was already engaged in all-out war with them. Brito said comparing a potential cyber attack to Sept. 11 or Pearl Harbor is "totally hyperbolic." "We should be wary of people who are trying to make us afraid," he added.

Cyber-danger is hype – default to empirics

Rid, March ’12 – reader in war studies at King's College London, “Think Again: Cyberwar. Don't fear the digital bogeyman. Virtual conflict is still more hype than reality.” Foreign Policy, March/April,

No way. "Cyberwar is coming!" John Arquilla and David Ronfeldt predicted in a celebrated Rand paper back in 1993. Since then, it seems to have arrived -- at least by the account of the U.S. military establishment, which is busy competing over who should get what share of the fight. Cyberspace is "a domain in which the Air Force flies and fights," Air Force Secretary Michael Wynne claimed in 2006. By 2012, William J. Lynn III, the deputy defense secretary at the time, was writing that cyberwar is "just as critical to military operations as land, sea, air, and space." In January, the Defense Department vowed to equip the U.S. armed forces for "conducting a combined arms campaign across all domains -- land, air, maritime, space, and cyberspace." Meanwhile, growing piles of books and articles explore the threats of cyberwarfare, cyberterrorism, and how to survive them. Time for a reality check: Cyberwar is still more hype than hazard. Consider the definition of an act of war: It has to be potentially violent, it has to be purposeful, and it has to be political. The cyberattacks we've seen so far, from Estonia to the Stuxnet virus, simply don't meet these criteria. Take the dubious story of a Soviet pipeline explosion back in 1982, much cited by cyberwar's true believers as the most destructive cyberattack ever. The account goes like this: In June 1982, a Siberian pipeline that the CIA had virtually booby-trapped with a so-called "logic bomb" exploded in a monumental fireball that could be seen from space. The U.S. Air Force estimated the explosion at 3 kilotons, equivalent to a small nuclear device. Targeting a Soviet pipeline linking gas fields in Siberia to European markets, the operation sabotaged the pipeline's control systems with software from a Canadian firm that the CIA had doctored with malicious code. No one died, according to Thomas Reed, a U.S. National Security Council aide at the time who revealed the incident in his 2004 book, At the Abyss; the only harm came to the Soviet economy. But did it really happen? After Reed's account came out, Vasily Pchelintsev, a former KGB head of the Tyumen region, where the alleged explosion supposedly took place, denied the story. There are also no media reports from 1982 that confirm such an explosion, though accidents and pipeline explosions in the Soviet Union were regularly reported in the early 1980s. Something likely did happen, but Reed's book is the only public mention of the incident and his account relied on a single document. Even after the CIA declassified a redacted version of Reed's source, a note on the so-called Farewell Dossier that describes the effort to provide the Soviet Union with defective technology, the agency did not confirm that such an explosion occurred. The available evidence on the Siberian pipeline blast is so thin that it shouldn't be counted as a proven case of a successful cyberattack. Most other commonly cited cases of cyberwar are even less remarkable. Take the attacks on Estonia in April 2007, which came in response to the controversial relocation of a Soviet war memorial, the Bronze Soldier. The well-wired country found itself at the receiving end of a massive distributed denial-of-service attack that emanated from up to 85,000 hijacked computers and lasted three weeks. The attacks reached a peak on May 9, when 58 Estonian websites were attacked at once and the online services of Estonia's largest bank were taken down. "What's the difference between a blockade of harbors or airports of sovereign states and the blockade of government institutions and newspaper websites?" asked Estonian Prime Minister Andrus Ansip. Despite his analogies, the attack was no act of war. It was certainly a nuisance and an emotional strike on the country, but the bank's actual network was not even penetrated; it went down for 90 minutes one day and two hours the next. The attack was not violent, it wasn't purposefully aimed at changing Estonia's behavior, and no political entity took credit for it. The same is true for the vast majority of cyberattacks on record. Indeed, there is no known cyberattack that has caused the loss of human life. No cyberoffense has ever injured a person or damaged a building. And if an act is not at least potentially violent, it's not an act of war. Separating war from physical violence makes it a metaphorical notion; it would mean that there is no way to distinguish between World War II, say, and the "wars" on obesity and cancer. Yet those ailments, unlike past examples of cyber "war," actually do kill people.
Complexity prevents effective cyber-attacks

Rid, March ’12 – reader in war studies at King's College London, “Think Again: Cyberwar. Don't fear the digital bogeyman. Virtual conflict is still more hype than reality.” Foreign Policy, March/April,

Just the opposite. U.S. Director of National Intelligence James R. Clapper warned last year that the volume of malicious software on American networks had more than tripled since 2009 and that more than 60,000 pieces of malware are now discovered every day. The United States, he said, is undergoing "a phenomenon known as 'convergence,' which amplifies the opportunity for disruptive cyberattacks, including against physical infrastructures." ("Digital convergence" is a snazzy term for a simple thing: more and more devices able to talk to each other, and formerly separate industries and activities able to work together.) Just because there's more malware, however, doesn't mean that attacks are becoming easier. In fact, potentially damaging or life-threatening cyberattacks should be more difficult to pull off. Why? Sensitive systems generally have built-in redundancy and safety systems, meaning an attacker's likely objective will not be to shut down a system, since merely forcing the shutdown of one control system, say a power plant, could trigger a backup and cause operators to start looking for the bug. To work as an effective weapon, malware would have to influence an active process -- but not bring it to a screeching halt. If the malicious activity extends over a lengthy period, it has to remain stealthy. That's a more difficult trick than hitting the virtual off-button. Take Stuxnet, the worm that sabotaged Iran's nuclear program in 2010. It didn't just crudely shut down the centrifuges at the Natanz nuclear facility; rather, the worm subtly manipulated the system. Stuxnet stealthily infiltrated the plant's networks, then hopped onto the protected control systems, intercepted input values from sensors, recorded these data, and then provided the legitimate controller code with pre-recorded fake input signals, according to researchers who have studied the worm. Its objective was not just to fool operators in a control room, but also to circumvent digital safety and monitoring systems so it could secretly manipulate the actual processes. Building and deploying Stuxnet required extremely detailed intelligence about the systems it was supposed to compromise, and the same will be true for other dangerous cyberweapons. Yes, "convergence," standardization, and sloppy defense of control-systems software could increase the risk of generic attacks, but the same trend has also caused defenses against the most coveted targets to improve steadily and has made reprogramming highly specific installations on legacy systems more complex, not less.

1ar ! D – Empirics

Ignore their alarmist predictions – even the worst-case scenario is NBD

Rid, March ’12 – reader in war studies at King's College London, “Think Again: Cyberwar. Don't fear the digital bogeyman. Virtual conflict is still more hype than reality.” Foreign Policy, March/April,

Keep waiting. U.S. Defense Secretary Leon Panetta delivered a stark warning last summer: "We could face a cyberattack that could be the equivalent of Pearl Harbor." Such alarmist predictions have been ricocheting inside the Beltway for the past two decades, and some scaremongers have even upped the ante by raising the alarm about a cyber 9/11. In his 2010 book, Cyber War, former White House counterterrorism czar Richard Clarke invokes the specter of nationwide power blackouts, planes falling out of the sky, trains derailing, refineries burning, pipelines exploding, poisonous gas clouds wafting, and satellites spinning out of orbit -- events that would make the 2001 attacks pale in comparison. But the empirical record is less hair-raising, even by the standards of the most drastic example available. Gen. Keith Alexander, head of U.S. Cyber Command (established in 2010 and now boasting a budget of more than $3 billion), shared his worst fears in an April 2011 speech at the University of Rhode Island: "What I'm concerned about are destructive attacks," Alexander said, "those that are coming." He then invoked a remarkable accident at Russia's Sayano-Shushenskaya hydroelectric plant to highlight the kind of damage a cyberattack might be able to cause. Shortly after midnight on Aug. 17, 2009, a 900-ton turbine was ripped out of its seat by a so-called "water hammer," a sudden surge in water pressure that then caused a transformer explosion. The turbine's unusually high vibrations had worn down the bolts that kept its cover in place, and an offline sensor failed to detect the malfunction. Seventy-five people died in the accident, energy prices in Russia rose, and rebuilding the plant is slated to cost $1.3 billion. Tough luck for the Russians, but here's what the head of Cyber Command didn't say: The ill-fated turbine had been malfunctioning for some time, and the plant's management was notoriously poor. On top of that, the key event that ultimately triggered the catastrophe seems to have been a fire at Bratsk power station, about 500 miles away. Because the energy supply from Bratsk dropped, authorities remotely increased the burden on the Sayano-Shushenskaya plant. The sudden spike overwhelmed the turbine, which was two months shy of reaching the end of its 30-year life cycle, sparking the catastrophe. If anything, the Sayano-Shushenskaya incident highlights how difficult a devastating attack would be to mount. The plant's washout was an accident at the end of a complicated and unique chain of events. Anticipating such vulnerabilities in advance is extraordinarily difficult even for insiders; creating comparable coincidences from cyberspace would be a daunting challenge at best for outsiders. If this is the most drastic incident Cyber Command can conjure up, perhaps it's time for everyone to take a deep breath.

  1   2   3   4   5   6   7   8   9   ...   22

The database is protected by copyright © 2017
send message

    Main page