Zero Days Neg Update –CFPP Final

-notesCredit to the hella rad students in CFPP who contributed

Aden BartonCayla LeeJosh SpaethMark XuSage Young Taya SmithWilliam Fang

Honeypots DA

1nc shellHoneypots are in place now in most corporations – made to protect them from zero-daysWinn 3-26 (Michael M.; [Major, U.S. Army, DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY]; “CONSTRUCTING COST-EFFECTIVE AND TARGETABLE ICS HONEYPOTS SUITED FOR PRODUCTION NETWORKS”; 3/26/2015; pgs. 6-7) JKSThere are generally two categories of honeypots: production honeypots and research honeypots. Production honeypots are primarily intended as sensors or decoys to supplement existing security mechanisms on a production network [31]. Since they are deployed on a production network, the goals are detection and deception; keeping the attacker engaged with the honeypot so that they will not attack other assets on the network. The ultimate goal is to use the production honeypot as a tool to supplement signature-based detection devices in quickly detecting and recovering from an attack. Production honeypots focus on minimizing costs and risk to the existing network. Research honeypots are intended to attract an attacker and sustain the attack for as long as possible for the purpose of collecting detailed information such as unforeseen attack vectors, zero-day exploits, or post-attack activity (e.g., search terms for sensitive data, production of phishing email messages, or capturing the attacker’s key strokes). While this information is not directly valuable to the average business organization , it helps security researchers develop an understanding of the attacker, their methods, and their motivations [30]. Research honeypots must be highly authentic, so they are generally more complex to configure and involve more effort to deploy, monitor, and analyze. 2.2.2 Levels of Interaction. There are generally two levels of interaction to describe the authenticity of a honeypot. Low interaction honeypots emulate a limited behavior of a small number of services. For example, a low interaction honeypot could return a static HTML file in response to an HTTP GET request on TCP port 80. Low interaction honeypots can range from simple scripts to elaborate emulation programs that require little configuration, resources, or effort to deploy and manage, particularly in great numbers. For these reasons, low interaction honeypots are an attractive foundation for production honeypots [25]. Since low interaction honeypots only expose a subset of exploitable features, they are limited in the amount of information they can collect. The reduced authenticity also contributes to reduced risk. An attacker interacts with a controlled simulation of predetermined responses and behaviors; a carefully designed low interaction honeypot is less likely to become assimilated into a botnet or used as a pivot than a real system. High interaction honeypots expose the full functionality of an operating system and applications. Since it can be compromised in unexpected ways, additional mitigation techniques are required to isolate the malicious activity and reduce the risk to the production network. High interaction honeypots often require extensive configuration and dedicated equipment to ensure they are believable to an attacker. Common techniques include rigging them with specific vulnerabilities, default passwords, and phony sensitive data files. Covert monitoring logs all activity on the honeypot without the attacker being able to detect that their

activities are being recorded [25]. The advantages and disadvantages of the two levels of interaction are summarized in Table 2.1.

Removal of zero-days removes honeypots – no longer have a useGrimes 13 (Roger A.; [InfoWorld contributing editor, holds over 40 computer certifications and has authored eight books on computer security]; “No honeypot? Don't bother calling yourself a security pro”; 4/9/2013; http://www.infoworld.com/article/2614083/security/no-honeypot--don-t-bother-calling-yourself-a-security-pro.html) JKS A honeypot is a computer software or device that exists simply to be attacked. You can take any computer -- typically one you're getting ready to decommission because it's old and underpowered -- and use it as a honeypot. Because it's no longer a legitimate production asset, no person or service should be connecting to it. When something (such as a hacker or malware) connects to it, the honeypot sends an alert that can trigger an immediate incident response. Honeypots are excellent early-warning systems. After a little fine-tuning, they're incredibly low noise, producing few false positives -- unlike firewalls or IDSes (intrusion detection systems). They can easily capture zero-day exploits , freshly minted malware, and roaming APT hackers. Honeypots are great at detecting malicious activity from both outsiders and insiders; they turn up rogue exploits the other tools miss. Best of all, they do it at very low cost with little ongoing maintenance. Sticky business: Honeypots compared In preparing for a recent customer engagement, I had the opportunity to check out the latest honeypot technology and see how the players were doing. Unfortunately, no one appears to be getting rich developing honeypot software. Of the 30 or so projects listed by the Honeynet Project, perhaps 90 percent are dead or headed in that direction. That's the bad news. The good news is that great open source and commercial honeypot projects are alive and well. Glastopf is a low-interaction, open source honeypot that emulates a vulnerable Web server. Running on Python, PHP, and MySQL, Glastopf can emulate literally thousands of vulnerabilities and is intended to be Web crawled, a recognition that today's attackers frequently use search engines to find innocent websites to infect. Glastopf has GUI management and reporting features, and it's actively maintained and updated. Specter, a commercial honeypot, hasn't been updated significantly in years, but it's still actively sold and supported. It's GUI-based and has a few interesting features (it updates its own content, has "marker" files that can be used to trace hackers, and more) that make it a honeypot to check out. I also like the free USB emulation honeypot known as Ghost USB. It mounts as a fake USB drive to enable easier capture and analysis of malware that uses USB drives to replicate. It could come in very handy during the next USB worm outbreak. But my favorite commercial honeypot, KFSensor, still leads the way by a large margin. It's easily the most feature-rich and mature honeypot product out there. Its developer continues to add new features, and while this post isn't an official Test Center review, I can't find anything else that holds a candle close to it. If you want a great commercial honeypot product with enterprise features, KFSensor is it.

Honeypots key to preventing cyberterrorSpitzner 3 (Lance; [internationally recognized leader in the field of cyber threat research and security training and awareness]; “Honeypots: Catching the Insider Threat”; 2003; http://www.acsac.org/2003/papers/spitzner.pdf; pg. 1) JKSHoneypots are a powerful, new technology with incredible potential. They can do everything from detecting new attacks never seen in the wild before, to tracking automated credit card fraud and identity theft. In the past several years we have seen the technology rapidly develop, with new concepts such as honeypot farms, commercial and open source solutions, and documented findings released. However, a great deal of research has been focused on identifying, capturing, and researching external threats. While malicious and dangerous, these attacks are often random with attackers more interested in how many systems they can break into then which systems they break into. To date, limited research has been done on how honeypots can apply to a far more dangerous and devastating threat, the advanced insider . This trusted individual knows your networks and organization. Often, these individuals are not after computers, but specific information. This is a risk that has proven far more dangerous, and far more difficult to mitigate.

2nc o/v and turnEliminating zero-days eliminates the honeypots in place to disclose them in the squo – they’re key to prevent cyberattacks, which the plan is actually creating instead of solving – China proves

China has the capability to attack with nuclear consequences Clinch 14 (Matt; [trainee financial journalist at CNBC Europe]; “China originates 35% of 'nuclear bomb' cyber attacks”; 1/29/2014; http://www.cnbc.com/2014/01/29/china-originates-35-of-nuclear-bomb-cyber-attacks.html) JKSOver a third of cyber-attacks come from China, according to U.S.-based content delivery network Akamai Technologies, with the nation once again topping the global charts for hacking. The report uses measurements from monitoring systems – which it calls "unadvertised agents" -- deployed across the internet which log connection attempts. Akamai then assesses whether these attempts are "attack traffic". In the third quarter of 2013, China originated 35 percent of these attacks, Akamai said, up from 33 percent in the previous quarter. China overtook Indonesia, who had taken a surprise lead in the second quarter and since fallen back to second place with 20 percent of attack traffic. The U.S. was in third, ahead of Taiwan and Russia. Akamai state that It is important to note that the originating country as identified by an IP (internet protocol) address may not represent the nation in which an attacker resides. "Overall, the concentration of attacks declined during the third quarter of 2013, with the top 10 countries originating 83 percent of observed attacks, compared to 89 percent in the second quarter. China and Indonesia, however, continued to originate more than half of all observed attack traffic," the report, released on Tuesday, said. Akamai it saw more attacks through the third quarter of 2013 (807 attacks) than it did in all of 2012 (768 attacks).China has on many occasions been accused of being a haven for hacking activity. A report by the cyber security company Mandiant on February 19 identified a unit of the 2nd Bureau of the People's Liberation Army (PLA) as being the most likely culprit in hacking attacks on a wide range of industries. Chinese officials have stringently denied the accusations. At a press conference in Beijing back in April, General Fang Fenghui of the PLA said that the activities were not tolerated in China and that the country itself suffers from the attacks. Chinese officials have stringently denied the accusations. At a press conference in Beijing back in April, General Fang Fenghui of the PLA said that the activities were not tolerated in China and that the country itself suffers from the attacks. "As the Internet is increasingly used, as the Internet is getting access into more and more important terminals, if the security of the Internet cannot be guaranteed, then I may not – I cannot exaggerate the importance of the Internet. The damaging consequences being caused may not—may be as serious as a nuclear bomb," he said, according to a transcript of the speech on the Joint Chiefs of Staff website.

Double bind – either the DA takes out all of solvency with this turn or it fails and means that there are no impacts to cyberattacks.

Russian Modernization Good

1nc russian aggression turn shellRussian modernization is focused on nuclear deterrence—it’s working nowITAR-TASS 2012 (“Russia's nuclear defense sector through with stagnation period,” Feb 16, Lexis)The nuclear segment of Russia's defense sector has got out of a stagnation period and is capable of fulfilling the state defense order, director general of Russia's state nuclear corporation Rosatom Sergei Kiriyenko said on Thursday."Thanks to timely measures taken by the country's leaders, Russia's nuclear weapons segment is capable of ensuring the country's defense capacity in a long-term perspective and making a contribution to the innovation development of the country," he said at hearings at the Federation Council upper parliament house dedicated to problems of the Russian defense sector.According to Kiriyenko, Rosatom's defense sector lived through a period of stagnation in 2005-2006. A number of production facilities, such as production of beryllium, were shut as far back as the time of the collapse of the former Soviet Union. Some plants and research institutions were on the verge of closure, the country lagged behind in such areas and production of electronics, lasers and hardware. "In 2005-2006, we were 20 times inferior to the United States in terms of computational capability," he said. Moreover, a ban was imposed on nuclear tests, which impacted the process of weaponry upgrading, whilst rivals never stopped to carry out research on new technologies.Apart from that, "wages and funding that in the Soviet era used to be twice as big as in other sectors by 2005 were lower than in the civil sector," he noted. Hence, young specialists opted for other jobs.The situation began to change in 2006 when a program for the development of the nuclear segment was adopted, Kiriyenko said. The portfolio of defense orders in the nuclear segment increased by more than five times, and financing went up by 4.5 times. As a result, he noted, the infrastructure of the central testing ground in Novaya Zemlya has been restored. The overall supercomputer capacity reached two petaflops, which is on a par with that in the United States' nuclear sector. Powerful radiographic complexes have been commissioned. These complexes, in his words, are in no way inferior to those of Russia's competitors. All critical nuclear technologies have been preserved. New production lines have been established to make up for those lost after the collapse of the Soviet Union. The sector's demand in fissionable materials has been satisfied. Average wage has been increased by 3.3 times. And the main thing, Kiriyenko stressed, is that "the state defense order has been fully fulfilled.""Orders from the Ministry of Defense have been met both in terms of quantity and in terms of quality, the country's nuclear potential is permanently monitored," he noted. More to it, nuclear sector enterprises are engaged in the development of enhanced-capacity parts for the Khrizantema and Shturm anti-tank guided missiles systems, Igla-S air defense missile systems, laser systems repelling portable missiles.

Plan prevents Russian modernization – that’s key to nuclear deterrenceNTI 2012 (Nuclear Threat Initiative, “Russia Supplies Yars, Topol-M ICBM Units to 10 Military Regiments,” Global Security Newswire, March 20, http://www.nti.org/gsn/article/russia-supplies-yars-topol-m-icbm-units-10-regiments/)“The strategic nuclear forces still remain a reliable guarantor of deterring aggression,” he said. “Their required numerical strength and the three-component structure have been preserved” (ITAR-Tass I, March 20).Serdyukov said a new cruise missile that would be fired from the air is now operational, RIA Novosti reported. The defense chief on Tuesday offered no additional details about the weapon.International Institute of Strategic Studies air conflict specialist Douglas Barrie said the air force missile was probably a conventional iteration of the Kh-55 nuclear cruise missile or an atomically armed Kh-101 system (RIA Novosti, March 20).Air force commander Col. Gen. Alexander Zelin said his service could procure as many as 140 Su-34 strategic bomber aircraft, Interfax reported on Monday (see GSN, Feb. 14)."The figure for Su-34 has already been announced -- 92 aircraft. But overall, the air force will have 124 of such aircraft, and subsequently up to 140," Zelin told the publication Nezavisimoye Voyennoye Obozreniye.The officer reaffirmed plans to entirely retire Russia's Su-24 bomber aircraft in favor of the Su-34 planes by the end of this decade."We are planning to make it a carrier of other long-range missiles. Such work is under way, and I think that it is the platform that can solve the problem of increasing nuclear deterrence forces within the air force strategic aviation," the official stated.Russia would field the aircraft at Chelyabinsk, Khurba, Krymsk, Lipetsk and Voronezh, Zelin said, adding "flying groups of 24, 28 and 30 Su-34 aircraft" would be established at the sites.Su-24 planes that are still operational are also undergoing updates, Zelin said. "One can say that the results we obtained for this aircraft are fully satisfactory. We shall continue both upgrading and cutting numbers of

ordinary Su-24s that we still have in service. They, of course, are completing their service cycle, it is a formidable soldier aircraft that did its job," he said (Interfax, March 19).Separately, Russian President Dmitry Medvedev on Tuesday said he is pleased with alterations to his nation's military, ITAR-Tass reported.The changes "match modern challenges and can give a response to potential threats against us," he said."Strategic nuclear forces were built up, the common air and space defense system was created to bring together the troops of air defense, missile defense, early missile warning systems and outer space control systems," Medvedev noted (ITAR-Tass II, March 20).Until 2020, Russia would provide "not below 2.8 percent" of its gross domestic product to military-related enterprises, he said (ITAR-Tass III, March 20).

"By 2015, the share of new armaments must increase to 30 percent, and by 2020 -- to 70 to 100 percent," he said, adding Russia would provide $785.6 billion for the effort (ITAR-Tass IV, March 20).

Russian nuclear deterrence is critical to prevent U.S. attack which escalates to human extinctionSHARAVIN ET AL 2007 (Major General Alexander Vladimirov, Vice President of the Military Expert Board; - Colonel General Vladimir Yesin, Senior Vice President of the Russian Academy of the Problems of Security, Defense, and Law; - Colonel General Leonid Ivashov, President of the Academy of Geopolitical Problems; and - Alexander Sharavin, Director of the Institute of Political and Military Analysis, Defense and Security, July 20)Ivashov: Numerous scenarios and options are possible. Everything may begin as a local conflict

that will rapidly deteriorate into a total confrontation. An ultimatum will be sent to Russia: say, change the domestic policy because human rights are allegedly encroached on, or give Western businesses access

to oil and gas fields. Russia will refuse and its objects (radars, air defense components, command posts, infrastructure) will be wiped out by guided missiles with conventional warheads and by aviation. Once this phase is over, an even stiffer ultimatum will be presented - demanding something up to the deployment of NATO "peacekeepers" on the territory of Russia. Refusal to bow to the demands will be met with a mass aviation and missile strike at Army and Navy assets, infrastructure, and

objects of defense industry. NATO armies will invade Belarus and western Russia. Two turns of events may follow that. Moscow may accept the ultimatum through the use of some device that will help it save face. The acceptance will be followed by talks over the estrangement of the Kaliningrad enclave, parts of the Caucasus and Caspian region, international control over the Russian gas and oil complex, and NATO control over Russian nuclear forces. The second scenario involves a warning from the Kremlin to the United States that continuation of the aggression will trigger retaliation with the use of all weapons in nuclear arsenals. It will stop the war and put negotiations into motion. Yesin: I'm firmly

convinced that there will be no war as long as Russia retains the nuclear deterrent potential. If, however, a war between Russia and the United States breaks out (a war,

not a petty local conflict), then it will end in a global Apocalypse. Vladimirov: Whatever the scenarios may be, I'm convinced that only one end is possible - our utter victory. This war will be an undisputable crime against mankind. It may only end in defeat of the United States of America. How can the Apocalypse be avoided? Sharavin: We should take care to avoid confrontations with the United States (try as I might, I cannot perceive a single valid reason for Russia to want a confrontation). And of course, Russia should concentrate on actual as opposed to virtual development of its Armed Forces. Ivashov: Russia should restore the might of its army and potential of its defense industry. It should concentrate on research into and design of new weapons. As for the national military doctrine, it should include a clause allowing for the use of nuclear arms against a full-scale aggression. Also importantly, Russia needs allies. Yesin: American ambitions should be firmly countered on the basis of Russian economic and military might. First and foremost, on the basis of the Russian nuclear forces. The existence of these forces is a guarantee that there will be no wars between Russia and the United States.

Double bind – either the turn works and takes out the impacts to Russian modernization, or the only way to prevent this DA from happening is if Russia doesn’t modernize in the first place, which takes out the entirety of the IP theft advantage.

2nc turns chinaPeace is an illusion—China has powerful incentives to invade RussiaSHARAVIN 2004 (Alexander, director of the Political and Military Analysis Institute, What the Papers Say, Jan 14)Question: In your view, who poses the greatest danger to Russia? Alexander Sharavin: In the Defense Ministry's latest report, known as the White Book, our likely opponents are not named - they remain anonymous. However, we believe in being specific. And we name China first. At present, China appears to have good neighborly relations with Russia, and constantly declares that its intentions are friendly; but

some of its actual actions prompt the thought that not everything is quite that simple. For

example, the state borders issue hasn't been fully resolved - and such matters are always time-bombs. The Russian media pays a lot of attention to the territory dispute with Japan over four small islands,

but it totally ignores China's pretensions, even though China aspires to claim much more territory - virtually all of Siberia and the Russian Far East. Or rather, official Beijing remains silent, but articles do appear in China's newspapers sometimes, and discontented voices are raised. It's hard to believe that anyone could permit themselves to speak out like that without authorization in totalitarian China. I repeat: there is no threat from China in the short term - Beijing's policies are entirely loyal in relation to us at present. But what might happen ten years from now? What guarantee is there that somebody won't try to play the territory card? Question: And we're selling Beijing modern fighter jets with extra engines. Alexander Sharavin: Yes, that's an alarming point. So it seems China is allowing for the possibility that the situation might change, and Russia might stop supplying spare parts for military hardware to its

neighbor? And is it any coincidence that China's strongest military forces are concentrated along our borders, even if they're at a distance of 200 kilometers? Is that any distance at all, to

them? And let's not forget that on our side of the border there are regions with depressed economies, with vast natural resources and small, ever-shrinking populations.

Russian nuclear deterrence is keyKLIMENKO 2002 (A.F., Military Thought, Jan 1, lexis)

In light of the aforementioned, largely conflicting, factors and processes and thanks to a robust, vibrant peace-loving foreign

policy course pursued by this country, and the maintenance of Russia's military capability, above all its nuclear deterrence, on an appropriate level, the threat of military aggression, in its

traditional forms, against Russia and its allies has declined. At the same time new military risk factors are growing in some areas that in certain circumstances could develop into a direct militarythreat. Russia has, with good reason, identified the following such factors: territorial claims to the Russian Federation; interference in its internal affairs and attempts to infringe on Russia s interestsin addressing international security problems and hinder its strengthening as a power center in the multi-polar world; ongoing armed conflicts, above all near Russia's borders and the borders of its allies;creating (building up) troops (forces), leading to disturbance of the existing balance of forces in border areas and in territorial seas;expansion of military blocs and the arming and training of armed formations and groups in other states with the aim of sending them to operate on the territory of the Russian Federation and its allies; information-technical and information-psychological impacts jeopardizing the security of Russia and its allies; discrimination against , and suppression of the rights, freedoms and legitimate interests of Russian citizens in foreign states, international terrorism, and other factors.

The impact is extinctionSHARAVIN 2001 (Alexander, Director of the Institute for Military and Political Analysis, What the Papers Say, Oct 3)Chinese propaganda has constantly been showing us skyscrapers in free trade zones in southeastern China. It should not be forgotten, however, that some 250 to 300 million people live there, i.e. at most a quarter of China's population. A billion Chinese people are still living in misery. For them, even the living standards of a backwater Russian town

remain inaccessibly high. They have absolutely nothing to lose. There is every prerequisite for "the final throw to the north." The strength of the Chinese People's Liberation Army (CPLA) has been growing quicker than the Chinese economy. A decade ago the CPLA was equipped with inferior copies of Russian arms from late

1950s to the early 1960s. However, through its own efforts Russia has nearly managed to liquidate its most significant technological advantage. Thanks to our zeal, from antique MiG-21 fighters of the earliest modifications and S-75 air defense missile systems the Chinese antiaircraft defense forces have adopted Su-27 fighters and S-300 air defense missile systems. China's air defense forces have received Tor systems instead of anti-aircraft guns which could have been used during World War II. The shock air force of our "eastern brethren" will in the near future replace antique Tu-16 and Il-28 airplanes with Su-30 fighters, which are not yet available to the Russian Armed Forces! Russia may face the "wonderful" prospect of combating the Chinese army, which, if full mobilization is called, is comparable in size with Russia's entire population, which also has nuclear weapons (even tactical

weapons become strategic if states have common borders) and would be absolutely insensitive to losses (even a loss of a few million of the servicemen would be acceptable for China). Such a war would be more horrible than the World War II. It would require from our state maximal tension, universal mobilization and complete accumulation of the army military hardware, up to the last tank or a plane, in a single direction (we would have to forget such "trifles" like Talebs and Basaev, but this does not guarantee success either). Massive nuclear strikes on basic military forces and cities of China would finally be the only way out, what would exhaust Russia's armament completely. We have not got another set of intercontinental ballistic missiles and submarine-based missiles, whereas the general forces would be extremely exhausted in the border combats. In the long run, even if the aggression would be stopped after the majority of the Chinese are killed, our country would be absolutely unprotected against the "Chechen" and the

"Balkan" variants both, and even against the first frost of a possible nuclear winter.

2nc nuclear taboo

Russian nuclear weapons deter American aggression against Russia, encourage stability, and prevent American strikes on rogue statesIVASHOV 2002 (Col. Gen. Leonid, VP of the Geopolitical Problems Academy, Official Kremlin Int'l News Broadcast, June 28)And now about nuclear weapons. I disagree with the statement, I heard it in your question, that Russian nuclear weapons are dangerous for the world and Europe. I don't think they are dangerous for Europe or the world. Moreover, nuclear weapons today are a political weapon, primarily in Russia. Although the military doctrine says that Russia will not be the first to use them in case of a large-scale aggression threatening its sovereignty and state integrity, this provision in the doctrine serves as a political weapon, as a deterrence against the attempts to destroy the state or against a large-scale armed invasion. I think Russian nuclear weapons also facilitate the search for alternatives to the global processes that are objective but ceased by certain entities,

and facilitate stability as well. Let's imagine that with all the cowboy-like approaches in the US policy, Russia and China did not have this nuclear potential, what would Americans do on this planet and what would they do to Russia too? Nuclear weapons

are becoming a less and less deterring factor due to the policy of the Russian leadership, but still they do play some role in stabilizing the situation and in deterring cowboy-like approaches in managing the world, especially now that on June 1 Bush said 60 countries were potential targets for American strikes. I believe Russian nuclear weapon play a positive role in this respect.

U.S. nuclear strikes on rogue states undermine hegemony and cause widespread nuclear warSchneider 1997 (Barry, Director of the USAF Counterproliferation Center at Air University, Maxwell AFB, Alabama, and an Associate Professor of International Relations in the Department of Future Conflict Studies at the U.S. Air War College., Future War and Counterproliferation,On the other hand, nuclear threats may have a major downside, particularly if followed by nuclear first use. At the end of any such regional conflict, it would be very much harder for U.S. leaders to resurrect the nuclear weapons taboo that the United States had worked for decades to establish. Further, after unleashing a nuclear attack, the United States might be seen by large segments of the world community as a pariah state that used illegal and horrific means rather than following the rule of law. Moreover, other states may decide that the only way of deterring similar NBC attacks on their own forces or soil is to have a nuclear deterrent of their own and to be willing to use such nuclear forces in future conflicts. Nuclear first use may set a dangerous precedent that was unkind to U.S. and allied interests.

War Powers

links

Obama sees zero-days as a national security issueFarivar 14 (Cyrus; [senior business editor at Ars Technica, reporter for the Economist]; “Obama lets NSA use zero-day flaws given “clear national security” need”; 4/3/2014; http://arstechnica.com/tech-policy/2014/04/obama-lets-nsa-use-zero-day-flaws-given-clear-national-security-need/) JKSPresident Barack Obama has explicitly decided that when any federal agency discovers a vulnerability in online security, the agency should come forward rather than exploit it for intelligence purposes, according to The New York Times, citing unnamed “senior administration officials.” However, while there is now a stated “bias” towards disclosure, Obama also created a massive exception to this policy if "there is a clear national security or law enforcement need." The report comes just one day after the Office of the Director of National Intelligence (ODNI) responded to a Bloomberg News report. ODNI denied that story, explicitly stating that the “NSA or any other part of the government” had no prior knowledge of the notorious Heartbleed vulnerability that has wreaked havoc across the Internet. Obama's new decision was made in January, the Times added, when the president began a three-month review of recommendations (PDF) put forward by his Review Group on Intelligence and Communications Technologies. The ODNI statement released Friday concludes with this paragraph on the feds' vulnerability sharing: In response to the recommendations of the President’s Review Group on Intelligence and Communications Technologies, the White House has reviewed its policies in this area and reinvigorated an interagency process for deciding when to share vulnerabilities. This process is called the Vulnerabilities Equities Process. Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities. That coincides with the Review Group’s 308-page report (PDF), including this recommendation: We recommend that the National Security Council staff should manage an interagency process to review on a regular basis the activities of the US Government regarding attacks that exploit a previously unknown vulnerability in a computer application or system. These are often called “Zero Day” attacks because developers have had zero days to address and patch the vulnerability. US policy should generally move to ensure that Zero Days are quickly blocked, so that the underlying vulnerabilities are patched on US Government and other networks. In rare instances, US policy may briefly authorize using a Zero Day for high priority intelligence collection, following senior, interagency review involving all appropriate departments. Despite the ODNI statement and Obama's recommendation being framed as a new initiative, previous reports based on the Snowden documents indicate the NSA has been in the business of acquiring not-yet-patched flaws. In August 2013, The Washington Post wrote that: “The NSA designs most of its own implants, but it devoted $25.1 million this year to ‘additional covert purchases of software vulnerabilities’ from private malware vendors, a growing gray-market industry based largely in Europe.”

Protecting national security is the main power behind the presidentFisher 9 (Louis; [library of Congress]; “The White House Transition Project: PRESIDENTIAL POWER IN NATIONAL SECURITY: A GUIDE TO THE PRESIDENT-ELECT”; June 2009; http://www.loc.gov/law/help/usconlaw/pdf/presidential-power-national-security.pdf; pg. 1) JKSOver the last half century, Presidents have read their national security powers in sweeping terms, doing great damage to themselves, their parties, the nation, and regions around the world. The effective use of military force and foreign policy initiatives require the building of consensus, public understanding, and acting within the law. Too often, Presidents have claimed the unilateral power to commit the nation to war by making uninformed references to the Commander in Chief Clause. They have also asserted “preeminence” in the making and conduct of foreign policy. Heavy political and constitutional costs flowed from miscalculations by Harry Truman in Korea, Lyndon Johnson in Southeast Asia, and George W. Bush in Iraq. Over the last seven years, the reputation of the United States has lost credit around the world because of indefinite detention without trial, torture memos, Abu Ghraib, Guantanamo, the claim of “law-free zones,” extraordinary rendition, and other U.S. policies and practices. Respect for the Constitution and joint action with Congress provide the strongest possible signal to both enemies and allies. By following those principles, other countries understand that U.S. policy has a broad base of support and is not the result of temporary, unilateral presidential actions that divide the country and are likely to be reversed. National security is strengthened when Presidents act in concert with other branches and remain faithful to constitutional principles. In periods of emergency and threats to national security (perceived or real), the rule of law has often taken a backseat to presidential initiatives and abuses. Although this pattern is a conspicuous part of American history, it is not necessary to repeat the same mistakes every time. Faced with genuine emergencies, there are legitimate methods of executive action that are consistent with constitutional values. There are good precedents from the past and a number of bad ones. In response to the 9/11 terrorist attacks, the United States decided to largely adopt the bad ones. The responsibility for this damage to the Constitution lies primarily with the executive branch, but illegal and unconstitutional actions cannot occur and persist without an acquiescent Congress and a compliant judiciary. The Constitution’s design, relying on checks and balances and the system of separation of powers, was repeatedly ignored after 9/11. There are several reasons for these constitutional violations. Understanding them is an essential first step in returning to, and safeguarding, the rule of law and constitutional government.

Security K Links

China

The “China Threat” is a non-falsifiable psychologically intuitive form of securitization that portrays China as “other” making conflict inevitable - the 1ac’s speech act was not an act of securitization, but rather an acceptance of, and a symbol of their complicity in the logic of securitization perpetrated by the mass mediaSong 15(Weiqing Song [associate professor of political science at the University of Macau, received his Ph.D. in political science from the University of Siena, Italy], Spring 2015, “Securitization of the “China Threat” Discourse: A Poststructuralist Account,” The China Review, Volume 15, Number 1, Pages 159-164, MX)In the mythical mode, an agent securitizes the China threat by talking to the general public, trying to reach out to as many people as possible . This determines the nature of the “myth as reality” discourses that usually exist in popular genres and the mass media. The following is a typical “myth as reality” text: I’m travelling from the Atlantic to the Indian Ocean to meet the pioneers of this extraordinary migration. I’ll be finding out from Africans what they think about the influx of Chinese. And I’ll be hearing some tall tales. You’re telling me the Chinese are selling inflatable chickens? I’ll be investigating allegations of human right abuses in one of the world’s most dangerous countries. And asking just how the rise of China is changing Africa. What will it mean for the rest of the world. … I’ll visit the world’s biggest mine, shipping millions of tons of iron ore to China, and see how China’s incredible hunger for resources threatens the world’s largest rainforest. And I’ll be travelling across the Americas to see how China’s expansion is devastating America’s industrial heartlands. So how is the relentless rise of China upsetting the balance of world power? And what it will mean for us all? A consummate storyteller, the BBC news reporter and presenter Justin Rowlatt asks a number of questions at the beginning of his narration of the BBC’s widely watched 2011 documentary The Chinese Are Coming. During the documentary, Rowlatt travels across three continents (Africa, South America, and North America) to investigate the worldwide expansion of China’s influence. The rise of China is shown to have serious consequences, due to the expansion of its economic power, its inexhaustible search for resources, and the exponential growth of its outward migration. The documentary implies that

China’s precipitate development is posing an unprecedented challenge to both mankind and the planet at large. However, many of the developed states in the West showed a similar scale of expansion at earlier stages in their development, through more direct colonial rule. Why is China, then, perceived to pose such a huge threat to much of the world? This question highlights another kind of speech act involved in identity building. It is interesting for analysts to consider the identity or identities that a particular piece of language is being used to enact (i.e., to persuade an audience to recognize an identity or identities as

operative). What identity or identities does a particular use of language attribute to others, and how does this help the speaker or writer to enact his or her own identity?68 It matters little whether the content communicated is factual. The real purpose is to convince an audience of its urgency and consequently persuade them to take action. The mode of securitization here is based on political myth. One cannot falsify political myths because they are not a matter of “scientific hypothesis” but rather the “expression of a determination to act.”69 This mode uses rhetoric, visual spectacle and other kinds of art, rituals, and social practices, among other forms of communication. It relies to a large extent on ascriptive factors such as ethnicity, race, culture, and civilization. In contrast to the scientific and analogical modes, the mythical mode of securitization pursues a logic that is psychologically intuitive rather than logically deductive or inductive. In extreme cases, it can be bluntly discriminatory. In the mode of political myth, the China threat issue is structurally incorporated by a group of securitizers into the “basic discourses” of culture and civilization. The issue does not appear to be a question of security because it is assigned to a broader context wherein a

country as different as China is expanding its reach throughout the world. However, the real purpose of the mythical mode of securitization is again to construct the China threat as such, and ultimately to call for action against it . Securitizers working in this mode

thus promulgate political myths about the issue. A myth is rendered specifically “political” not by its content but by the relationship between a given narrative and the political conditions of a given group.70 In the documentary titled The Chinese Are Coming, the securitizers use a differentiating logic to construct China as a country, nation, and culture/civilization that is quite alien to the West. When Chinese sailors in the harbor of Luanda offer to share their lunch with the narrator, for example, he merely observes that their style of cooking is unfamiliar. A more dramatic scene occurs at Kafue, a large wildlife national park in Zambia. Some chopsticks and a hanko (“seal” in Japanese), both made of ivory, are presented to the audience. Although there is no evidence of the market(s) to which these items are exported, the blame for the killing of elephants in Africa is attributed to China. The conclusion is then drawn that “there are aspects of Chinese culture that represent a threat to the very wildlife the tourists come to see.” Similarly, another study provides evidence that most Western attempts to portray Chinese firms as cruel, unconcerned with human rights, and the “worst employers” in Africa are highly inaccurate, with methodological mistakes and elementary empirical errors.71 It is clear that the essence of a political myth does not lie in its truthfulness, but rather in how it is articulated to compel attention and action. The above are only a few

examples of a series of acts of exclusion and marginalization perpetrated by Western agents seeking to construct China as culturally alien.72 The linking method is also used in this process. For example, in an act of narrativized “reality” wherein Rowlatt takes the same railway route as British colonizers from Angola

into the heartland of Africa to tell the story of the Chinese in Africa today, China is alleged to be following Britain’s footsteps in colonizing the African continent. The reality of Chinese neocolonization is narrated as “real”;73 narrative serves more as the means by which the status of reality is conferred on an event. Through similar narrative activities, securitizers try to construct “a figured world,”74 or a story of a simplified world that equates

typicality with veracity. In this figured world, the Chinese identity is differentiated from the Western model of the “normal” and linked with a threatening “other.” It is conceived as an expanding power, growing at a phenomenal

speed and posing many challenges to the world. As a political myth, the securitization of the China threat operates within a corresponding epistemic terrain. It targets the general public, an audience as wide and as large as possible. Again, effective securitization relies on the use of language appropriate to context and audience . Securitization discourses in this mode are not confined to the linguistic sphere;75 they may include, for example, signs, images, and rituals. The BBC documentary is typical in its deployment of a wide variety of discourses, such as interviews, nonverbal communication, written text, and signs. The documentary provides a clear visual illustration of the allegation that a growing China is encroaching on the globe. In attempting to arouse an emotional response from the general

public, the documentary includes stories told by ordinary people, accompanied by vivid pictures and signs. The securitizers hope that raising consciousness of and inspiring an emotional response to the so-called China threat will elicit action to prevent it. The success of a political myth lies not only in its production, “but rather, and foremost, [in] its reception.”76 Indeed, the “work” of myth can be characterized as a system of “production—reception—reproduction.”77 In other words, this process of securitization “coagulates and reproduces significance”;78 it should then be able to address “the specifically political conditions”79 in which the intended subjects live, and the meanings they share as a community. This process is fully implemented in The Chinese Are Coming. In terms of substantial modality, agents working in the political myth mode aim to securitize the sheer comprehensiveness of the threat posed by China, which is represented as covering a wide range of social spheres.

In addition to its military, strategic, and political threats, China is imagined to endanger economic, environmental, social, and cultural development worldwide. Rowlatt concludes at the end of the BBC documentary that “China’s expansion into the world is transforming not just the global economy but also the balance of world power.” The “price that is being paid” is made clear, including “the environmental damage this rush for resources is wreaking” and the undermining of “local businesses almost everywhere.” He concludes that the 21st century will certainly be China’s century, and that the rise of China will profoundly affect people all over the world. In economic terms,

the world economy as a “supranational referent object” is perceived to be existentially threatened by China, whose own economy undermines the rules, norms and institutions that constitute a Securitization of the “China Threat” Discourse: A Poststructuralist Account 163 liberal market, based on free competition and rule compliance.80 In the documentary, for example, the narrator describes “the legions of construction workers from China building vast new structures across Africa,” who “work 24 running hours, all the time.”

China’s economic rise is also represented as affecting the highly industrialized United States, where “discomfort is turning to despair in America’s industrial heartlands.” The audience witnesses China’s use of “unfair trade” measures to put the traditional steel industry out of business, generating unemployment in the communities that have been tied to these factories for generations. Comparably, China’s thirst for natural resources is depicted as a major threat to the environment . In the environmental sector, there are a wide range of possible referent objects, from concrete outcomes like the survival of individual species or types of habitat to broader issues such as the maintenance of the global climate system and biosphere.81 In the BBC documentary, these referent objects are well documented: the killing of elephants for ivory products in the national park of Zambia, the incredible hunger for resources that threatens the Amazon, the world’s largest

rainforest, and so on. Faced with a panoramic view of an enormous mine carved out of the previously tree-covered rainforest, audiences are inevitably struck by the devastation caused by Chinese companies. It does not matter whether this devastation is truly attributable to China. The manner of the presentation is much more important than the veracity of the content. In the mode of political myth, the China threat is also represented as affecting the social sector, where the referent objects under threat are large-scale collective identities.82 These identities may extend beyond the state to nations, religions, cultures, and civilizations. In The Chinese Are Coming, the identity of China is clearly differentiated from that of the West: it has unfamiliar food, different ways of doing business, human rights abuses, no respect for local culture, and so on. This is most vividly reflected in the report of a protest made by a number of U.S. citizens outside a Confucius Institute sponsored by the Chinese government, which teaches

Chinese language and culture to the children of U.S. citizens. The narrator reports that people believe Beijing to be using these classes to smuggle pro-China propaganda into U.S. classrooms; they are opposed to the Chinese government’s trying to brainwash U.S. youth “by insidious methods of misinformation” in U.S. schools . Here, the so-called China threat is represented as a political myth, in whose construction the method of differentiation plays a dominant role. Securitizers working in the political myth mode make an effort to stimulate intuitive and psychological responses from their audience to heighten the latter’s consciousness of the “China threat.” Disseminated as authoritative knowledge of news reports, a comprehensive set of threats are securitized through the

recounting of political myths derived from the notorious “yellow peril” narrative in Western history. Power in this mode of securitization appears in its most intellectual form in the “clash of civilizations” thesis, according to which future conflicts in the globalizing world will probably

take place along cultural and civilizational lines, as these are constituted by fundamental factors such as history, language, ethnicity, tradition, and religion. This thesis involves the securitized argument that “cultural identities are central” to a world with a “shifting balance of civilisations,” in which “cultural affinities and differences shape the alliances and

antagonisms.”83 If this act of securitization succeeds, a clash of civilizations will in fact be more likely.

The 1ac’s securitization of China within debate creates affective responses that make the Chinese “threat” a self-fulfilling prophecySong 15(Weiqing Song [associate professor of political science at the University of Macau, received his Ph.D. in political science from the University of Siena, Italy], Spring 2015, “Securitization of the “China Threat” Discourse: A Poststructuralist Account,” The China Review, Volume 15, Number 1, Pages 159-164, MX)The so-called China threat has been widely and consistently enacted in the West as comprehensively endangering the West and the whole world. This article

problematizes this issue using a poststructuralist securitization approach. Some people may claim that there is clear evidence of the real “China threat,” such as the ever-increasing Chinese military might, persistent nationalist indoctrination, global hunt for energy, and a market economy. However, a poststructuralist may argue that representation of any political event will always be susceptible to competing interpretations.84 These same events can be represented in a significantly different ways. For example, China has strong reason to increase its national power, for national self-defense and unification and to pursue social and economic development. The inevitable and mutual constitutive nexus of knowledge and power is evident in the various securitization processes. Knowledge of various types is embedded in power relations and the struggle to impose authoritative interpretations of international events, such as the “China threat.” This article identifies the three modes of securitization activity. In all of these

modes, securitizing agents communicate the China threat issue referentially (that is, using the linguistic act of identifying something) to their audiences/subjects in the context of shared knowledge in a particular domain. It can be structurally incorporated into the field of theoretical

research, addressed to elites and focused on the security and strategic sectors. It can also be structurally incorporated into ideological debates and conflicts, addressed to an attentive or well-informed public and focused on the political sector. Alternatively, it can be assigned to a broad context of culture and civilization, addressed to the general public and encompassing a comprehensive range of sectors. In

these processes, the actors are performing acts with communicative force. Although the intended meanings are not directly signaled, they can be inferred from the contexts of the different modes. The so-called China threat can be predicted as inevitable, based on deductive reasoning from scientific theory. Rhetorical power comes from a specialized domain of scholarly expertise. Following an inductive logic, the same conclusion can be drawn from past experiences and current

observations. It can also be inferred from psychological traits and prejudices. In the latter case, the issue of the China threat is securitized by eliciting an intuitive emotional response from the audience that bypasses ordinary justification. In other words, the subject’s perception of the China threat results from immediate a priori knowledge or experiential belief. The agents thereby heighten their audiences’ sense of the seriousness and urgency of the issue. A securitization act succeeds only when it achieves the intended effect. A poststructuralist securitization analysis of the China threat issue in this article reveals the specific ways in which power and knowledge constitute each other through different modes. All types of performative communication, regardless of their domains, attempt to build identities— in this case, that of a

“threatening” China—through means such as linking and differentiating. The real aim of this process of securitization is not to identify the cause of the “China threat,” but rather

to elicit a reaction from an audience. The China threat thesis may become a self fulfilling prophecy. If so, this may have very real policy implications and political consequences.

The US is securitizing China to justify expansion of hegemonyNilsson 13(Fredrik Nilsson [Professor of Political Science at Lund University], 2013, “Securitizing China’s ‘Peaceful Rise’,” Lund University: Graduate School: Department of Political Science, Pages 47-49, MX)

The relationship between the United States and China has been labeled the most important of the 21st century. Not only has China impressed the world with its rapid economic growth. It has also begun to spur concern due to its dramatically increasing military spending. China’s military modernization is becoming increasingly advanced and it is arguably creating a power-shift in the Asia Pacific region. As a result, the states in the region are looking for ways to deal with the decision to either engage China or to hedge their bets and employ external

and/or internal balancing of Chinas looming power. A key worry in the region is largely due to the general lack of transparency in China’s developments. China is not explicit about its intentions, and when it claims that it is pursuing a peaceful rise, there are many surrounding states, as well as academics and reporters across the world that chose to believe otherwise. Some aspects of China’s rise affirm the peaceful rise strategy whereas several other aspects contradict it. Simultaneously, some aspects of China’s economic boom is seen, mainly by the United States, as based around unfair practices in trade and currency. These practices allow China to gain a competitive advantage that furthers its

growth, whilst restraining others. On its current trajectory, China is predicted to surpass the United States in terms of GDP sometime in the late 2020s. China is also getting closer to achieving sea-denial capabilities that can prevent the U.S. from aiding Taiwan in a potential armed confrontation. With these growing capabilities, and with a perception of U.S. weakness in the light of the 2008 financial crisis and the wars in the Middle East, China has also increasingly begun to assert its territorial claims in the South China Sea. These

developments have created a situation in which the United States has taken a wide range of measures to maintain its influence, power, and economic ambitions in the Asia Pacific. Against this background, the primary aim of the study was to shine light on the wider implications of the approach taken by the Obama administration since he took office in 2009. To achieve this objective, the research problem was tackled by conducting three different empirical studies of cases that have been prominent in contemporary affairs. 7.1 Theoretical approach The theoretical framework chosen to guide the study derives from the works of the ‘Copenhagen school’. The securitization theory developed by the Copenhagen school seeks to extend the concept of security beyond the state. By employing their idea of securitization theory, whilst also maintaining a somewhat neorealist approach, the thesis set out to identify the specific instances where certain issues were lifted above ‘normal’ practice into the realm of security. This transformation of an issue into a security matter can take place in economics, politics, military, society and the environment. By approaching the study with slight modifications suggested by Stritzel (2007), the empirical application of the theory was enabled. The approach employs discourse analytical tools to identify when a speech act places something within an order of discourse pertaining to security. It looks at the embeddedness of a certain discourse, the performative force of the speech act, and the way that this speech act shapes social practice. By using this framework in the methodological approach, significant speech acts have been analyzed and the implications of the actions have been analyzed. However, the so-called speech act, which is central to securitization theory, is not sufficient in its own right to account for a complex construction of security. Therefore, a certain emphasis was placed on facilitating conditions. Facilitating conditions are the specific circumstances that enable a successful securitization. They are grounded in historical background as well as in recent developments. In this study, theories of hegemony and power transition were employed to explain

some of the more implicit facilitating conditions, whilst also discussing the significance of regional dynamics in securitization. 7.2 Key findings The thesis is comprised of three main empirical cases that, to a varying degree, illustrate instances of securitization. The cases were selected to cover three of the five sectors outlined by the Copenhagen school: economic, political, military. In the first case, the issues surrounding China’s increasing assertiveness in territorial disputes in the South China Sea were analyzed by looking at recent U.S. involvement. The U.S. has sought to get involved in the disputes because of the wider implications of a potential conflict. The U.S. seeks to protect vital shipping lanes and to uphold the current law and rules based system. In doing so, it has securitized Chinese assertiveness with the international law as the referent object . The U.S. announced that it had a

national interest in the stability of the region and that it would thus attempt to ensure stability with all elements of U.S. power. The statement made by Obama in

Australia 2011, applies to all cases studied in that it announces the wider strategy of the U.S. ‘pivot’ to Asia. The

second case was closely tied to the first one in terms of military presence in the region and its balance against China’s naval capabilities. It investigated the securitization of China’s military modernization mainly in terms of its seadenial/area access denial capabilities. The U.S. is increasingly worried about the fact that China has (or is close to fully develop) the capabilities to prevent the U.S. Navy to access the Taiwan Strait in the case of armed

conflict. The third case studied U.S. securitizations of Chinese trade practices and currency manipulation. The United States has taken an increasingly firm stance on what it perceives as unfair trade practices creating unfair competitiveness of Chinese exports, whilst also, through currency manipulation, making imports increasingly expensive. In the light of this, and because of

pressures in domestic politics, the Obama administration has taken extraordinary measures to tackle its difficulties to recover from the 2008 financial crisis and to protect American jobs and future competitiveness. In sum, the study found that the particular historical circumstances of relative decline, economic struggle, budget deficits, and the emergence of a new significant power, the United States has chosen to securitize, with varying success, certain elements of China’s activities to justify its continuing presence and to keep its role as the upholder of the system it has largely created.

cyber securityObama securitizes cyberspace to increase the reach of government surveillance- they’ve just fallen into the trapHjalmarsson 13(Ola Hjalmarsson [BA in Political Science from Lund University], 1/6/13, “The Securitization of Cyberspace: How the Web Was Won,” Lund University: Department of Political Science, Pages 8-10, MX)Securitization theory posits that in order for a referent object to be successfully securitized the securitizing actor must be in a position powerful enough within the specific social context that the speech-act uttered has an effect

on the audience (Williams, 2003, p. 514). U.S. President Barack Obama and U.S. Secretary of Defense Leon Panetta, hold two of the arguably most powerful positions in the world. Their words carry heavy weight both within the U.S. and in the international community. Due to the positions they hold

they have the capacity to carry out securitizing speech-acts to an extent that is almost unparalleled. One of the premises behind securitization is the need for the securitizing actor to point to the critical vulnerability of the referent object that is to be securitized

(Balzacq, 2011, loc. 321). In his opinion piece in the Wall Street Journal, Barack Obama begins by describing a meeting where a catastrophe had just occurred, vividly describing a hypothetical scenario wherein “country trains […] carrying industrial chemicals [had] exploded into a toxic cloud” and where “Water treatment plants in several states had shut down, contaminating drinking water and causing Americans to fall ill”, all as a direct result of a cyberattack (Obama, 2012). Reiterating this danger in his

speech to the Business Executives for National Security, Panetta elaborates: “The most destructive scenarios involve cyber actors launching several attacks on our critical infrastructure at one time […] The collective result of these kinds of attacks could be a “cyber Pearl Harbor:” […] it would paralyze and shock the nation and create a new, profound sense of vulnerability” (Panetta, 2012). References to disaster scenarios where a hypothetical attack could potentially cascade and spread throughout a network causing devastation in its wake is a distinct feature of the cyber discourse. Hansen & Nissenbaum uses the term

“hypersecuritization” to describe this phenomenon and points out that even though actors often conjure up images of catastrophes, there are no clear precedents for such events in the cyber domain (Hansen & Nissenbaum, 2009, p. 1164). The cascading almost domino-like effects that are posited during hypersecuritization allows the securitizing agent to link the rather abstract referent object that is “the network” to more defined referent objects such as “businesses” and “infrastructure”, and in extension “society”. In place of actual precedents,

securitizing actors who seek to illustrate the urgent need to take extraordinary measures in order to protect the referent object are left to invoking images of previous catastrophes. Leon Panetta thus likens the potential devastation of a serious cyber attack both to Pearl Harbor and to 9/11, claiming that “A cyber attack perpetrated by nation states are [sic] violent extremists groups could be as destructive as the terrorist attack on 9/11” (Panetta, 2012). By invoking the images of previous disasters, the vulnerability of the referent object is effectively established and the case for the existence of an existential threat capable of perpetrating such an attack can be presented (Buzan & Hansen, 2007, p. xxxv). Obama describes the threat of a cyberattack as almost omnipresent and originating from a range of different actors such as “foreign governments, criminal syndicates and lone individuals” who are attempting to gain access to “financial, energy and public safety systems every day” (Obama, 2012). By further

claiming that there has been an increase in attacks against “nuclear and chemical industries”, the presented image of the threat turns existential (Obama, 2012). Adding to this

understanding the dangers of the cyber domain, Leon Panetta describes the threat posed by cyber attacks as “every bit as real as the more well-known threats like terrorism [and] nuclear weapons proliferation” (Panetta, 2012). The images of nuclear and chemical plants, along with terrorism and nuclear weapons imply the existence of a

threat to the sovereignty of the state on a scale that requires great urgency of action to prevent (Wæver, 2007, p. 70). In order to alleviate the threat against the referent objects, Obama asks his audience to support efforts that would among other things “make it easier for government, if asked, to help […] companies prevent and recover from attacks”. To this end, he also urges “the Senate to pass the Cybersecurity Act of 2012 and Congress to send me comprehensive legislation so I can sign it into law”(Obama, 2012). Leon Panetta notes that the Cybersecurity Act is “is victim to legislative and political gridlock” and calls this “unacceptable not just to me, but to you and to anyone concerned with safeguarding our national security” (Panetta, 2012). An equivalence is drawn between preventing the implementation of measures proposed by the securitizing actor and being unconcerned with the security of the referent object.

Panetta argues that the Department of Defense must have “capabilities” to act in the cyber space – they must be able to employ extraordinary means to defend the people: “If a crippling cyber attack were launched against our nation, the American people must be protected [and] the Defense Department must be ready [...] to act”

(Panetta, 2012). Michael Williams reiterates the point made by Buzan et. al, that “in the security discourse, an issue is dramatized and presented as an issue of supreme priority” (Williams, 2003, p. 514). Panetta illustrates how the threat of a cyberattack is already

treated as having supreme priority by his department: “the department is continuing to increase key investments in cybersecurity even in an era of fiscal restraint”. He emphasizes the need to invest in “skilled cyber warriors”, making the comparison to the development of “the world's finest counterterrorism” in the previous ten years (Panetta, 2012). In the same way that the U.S. used extraordinary means to respond to the threat posed by terrorism after the attacks on 9/11, so too should also a cyber force be developed in anticipation of a

coming cyberattack, is the argument put forth by Panetta. Thierry Balzacq notes that in order for a speech-act to achieve the desired effect, a securitizing actor needs “tune his/her language to the audience's experience” (Balzacq, 2011, loc. 472). This attempt to conjure an emotional response by appealing to the common experience of the audiences is a reoccurring theme throughout both texts. But it is perhaps best illustrated in the final part of Panetta's speech, which also aptly provides a summary of the way a securitizing speech-act is constructed; from describing the vulnerability of the referent object, and characterizing the nature of the existential threat, to invoking a sense of urgency and portraying the need for extraordinary measures in order to protect the referent object (construed here to especially encompass “the children”): “Before September 11, 2001, the warning signs were there. We weren't organized. We weren't ready and we suffered terribly for that lack of attention. We cannot let that happen again. This is a pre-9/11 moment. The attackers are plotting. Our systems will never be impenetrable just like our physical defenses are not perfect, but more can be done to improve them. We need Congress and we need all of you to help in that effort […] [W]e always have been able to defend our interests and our values. That must remain our most important mission on land, at sea, in the air, in space and yes, in cyberspace. This is not just a responsibility, it is a duty that we owe to our children and their children in the future." (Panetta, 2012)

The hypersecuritization of the cyber sector has resulted in everyday securitizations that normalize hyped-up threat scenario discourse Hansen et al. 9(Lene Hansen [international relations scholar who is a full professor at the University of Copenhagen], Helen Nissenbaum [professor of Media, Culture and Communication and Computer Science at New York University, best known for her work on privacy, trust, and security in the online world], 2009, “Digital Disaster, Cyber Security, and the Copenhagen School,” International Studies Quarterly 53, Pages 1163-1166, MX)The first concept, hypersecuritization, has been introduced by Buzan (2004:172) to describe an expansion of securitization beyond a ‘‘normal’’ level of threats and dangers by defining ‘‘a tendency both to exaggerate threats and to resort to excessive countermeasures.’’ This definition has an objectivist ring to it in that to identify ‘‘exaggerated’’ threats implies that there are ‘‘real’’ threats that are not exaggerated. Moreover, the question of whether a securitization is seen as ‘‘exaggerating’’ concerns the degree to which it is successful (unsuccessful securitizations are seen as ‘‘exaggerating’’) and is not part of the grammatical specificities of sectors. Thus we suggest to drop the ‘‘exaggerated’’ from the definition of hypersecuritization and to apply it to the cyber sector to identify the striking manner in which cyber security discourse hinges on multi-dimensional cyber disaster scenarios that pack a long list of severe threats into a monumental cascading sequence and the fact that neither of these scenarios has so far taken place. All securitizations do of course have an element of the hypothetical in that they constitute threats that must be countered, and thus mobilize an ‘‘if-then’’ logic, but what distinguishes hypersecuritizations from

‘‘mere’’ securitization is their instantaneity and inter-locking effects (Denning 1999:xiii).

This combination draws critically from the securitization of the network (Deibert 2002), yet the power of hypersecuritization stems not only from a securitization of the network itself, but from how a damaged network would cause societal, financial, and military break-down hence bringing in all other referent objects and sectors. Securitizations always mobilize the specter of the future to some extent, but most nevertheless articulate the past as a legitimating reference that underscores the gravity of the situation. Looking to the Cold War, the logic of nuclear deterrence relied upon projections of a nuclear exchange that had not taken place, yet there were the devastations of Hiroshima and Nagasaki to be used as a yardstick for what nuclear war would imply. Cyber securitizations on the other hand have no similar history of founding incidents to base themselves on but try to conjure historical analogies such as ‘‘electronic Pearl Harbors’’ (Bendrath 2003:50).7 The

combination of cascading disasters and the absence of a prior incident of that magnitude creates a crucial ambiguity within cyber security discourse. The extreme reliance on the future and the enormity of the threats claimed at stake makes the discourse susceptible to charges of ‘‘exaggeration,’’ yet the scale of the potential catastrophe simultaneously raises the stakes attached to ignoring the warnings.8 Turning the absence of prior incidences in the opposite direction, the difficulty of saying that it could not happen also creates a powerful space for the projection of the (im)possible.

The hypersecuritization of the entire network in cyber security creates an obvious resemblance to environmental security discourse where the fate of the planet is claimed at stake. Both discourses also emphasize irreversibility: once a species is extinct or a digital system gone, they can never be recreated in full. Yet, there are also crucial differences between the two discourses. First, the speed of the threat scenarios differ with cyber security gaining its power

from the instantaneity of the cascading effects whereas environmental security usually allows for a gradual accumulation of threats and dangers until a certain threshold may be reached and events accelerate. This establishes different modalities of urgency and hence different spaces for political intervention.9 Second, there is a crucial difference in terms of the possibility of visualizing threats, and hence for how securitizing actors communicate to their audiences (Williams 2003). The digital, networked character of cyber security—and the absence of prior disasters—is hard to represent through images, whereas environmental security discourse may mobilize for example endangered and extinct species as well as melting ice caps and forests devastated by acid rain or clear-

cutting. Everyday Security Practice The second grammar of cyber security, everyday security practices, points to the way in which securitizing actors, including private organizations and businesses, mobilize ‘‘normal’’ individuals’ experiences in two ways: to secure the individual’s partnership and compliance in protecting network security, and to make hypersecuritization scenarios more plausible by linking elements of the disaster scenario to experiences familiar from everyday life.10 Everyday security practices do not reinstall a de-collectivized concept of individual security, but underscore that the acceptance of public security discourses may be facilitated by a resonance with an audience’s lived, concrete experiences. The concept of audience is only briefly defined by Buzan et al. (1998:41) as ‘‘those the securitizing act attempts to convince’’ and Thierry Balzacq has in a further development of the concept

suggested that ‘‘the success of securitization is highly contingent upon the securitizing actor’s ability to identify with the audience’s feelings, needs, and interests,’’ and that ‘‘the speaker has to tune his ⁄ her language to the audience’s experience’’ (Balzacq 2005:184). Audiences do not exist ‘‘out there’’ but are constituted in discourse, and

security discourses draw boundaries around the ‘‘we’’ on whose behalf they claim to speak, and the ‘‘you’s’’ who are simultaneously addressed by the linking of fears and threats to ‘‘feelings, needs and interests.’’ As Althusser’s concept of interpellation underscores, subject positions are simultaneously constituted and individuals are called upon to identify with these. Yet, although the audience is discursively constituted, securitizing actors are not at liberty to construct

independently of institutionalized subject formations. Although elements of everyday securizations may be found in other sectors as well, they come out particularly strikingly in the case of

cyber security. There is for example a marked difference between Cold War military securitizations of nuclear Holocaust which implied the obliteration of everyday life, and the securitizations of everyday digital life with its dangers of credit card fraud, identity theft, and email scamming. Those few who do not own or have computers at work are nevertheless subjected to the consequences of digitization. For example, on

June 4–5, 2007 20,000 Danes did not receive their medication due to a server breakdown at the Danish Medicines Agency which routes all prescriptions from doctors to pharmacies. Even the sector with closest resemblance, the environmental one, still is unable to conjure and capitalize on a similar sense of immediate individual danger and experience (depleting the ozone layer while accumulating frequent flyer miles as opposed to downloading software that inadvertently provides outsider access to one’s Internet banking)—and thus

responsibilities. These experiences of threats are not, as the Copenhagen School might have it, cases of ‘‘individual security’’ or

‘‘crime,’’ but are constituted as threats to the network and hence to society. Everyday security practices refers to ‘‘normal’’ citizens ⁄ individuals and thus points to a different subject and set of practices than those linked to the ‘‘everyday, ordinary practices’’ of security professionals identified by Bigo (2002:73) and Huysmans (2006:5). We agree with Iver B. Neumann (2002:628)

that practices are discursive ‘‘both in the sense that some practices involve speech acts … and in the sense that practice cannot be thought ‘outside of’ discourse.’’ Cyber securitizations of everyday life are distinct furthermore in their constitution of the individual not only as a responsible partner in fighting insecurity, but also as a liability or indeed a threat. Hence both public and private actors mobilize expert positions and rhetoric constituting ‘‘its’’ audience as one who should be concerned with its security. Adopting a simultaneously educational and securitizing discourse, OnGuard Online, set up by the Federal Trade Commission, warns for instance that through peer-to-peer file sharing ‘‘You may download material that is protected by the copyright laws and find yourself mired in legal issues. You may

download a virus or facilitate a security breach. Or you may unwittingly download pornography labeled as something else’’ (OnGuard 2008). The constitution of the digital as a dangerous space and the ‘‘ordinary’’ individual as an ambiguous partner and a potential threat is supported by medical metaphors like ‘‘viruses’’ and ‘‘infected computers’’ that underscore the need for ‘‘caution’’ and ‘‘protection.’’ As in discourses of epidemics and contagion, cyber insecurities are generated by individuals who behave

irresponsibly thus compromising the health of the whole. The National Strategy (2003:11) proclaims that ‘‘Each American who depends on cyberspace, the network of information networks, must secure the part that they own or for which they are responsible;’’ and FBI officials have suggested driver licenses for computer-owners (The Economist 2007a). A particular concern stems from the fact that computers may be infected with software that allows them to be used by attackers to route emails or launch denial of service attacks with no immediate effect to the owner. Connecting everyday security practices with hyper cascading scenarios, it is this inadvertent or careless behavior within a networked system that move cyber security out of the realm of ‘‘corporate security’’ or ‘‘consumer trust’’ and into the modality of ‘‘proper’’ national ⁄ societal security. Moreover, there is a further link between hypersecuritizations and everyday practices in that the claim about the possibilities of disasters happening may be substantiated by the reference to individuals’ everyday experiences: the looting of Western banks by Russians in RAND’s scenarios described above may seem much more credible if one’s own credit card has been abused online. The challenges generated by the securitization of digital everyday life for governmental authorities as well as private businesses are thus quite significant. Neither wishes the broader public to become so petrified that it evacuates the digital, but they simultaneously install an individual moral responsibility that may easily move the subject from helpless to careless to dangerous. The broad institutional support behind initiatives such as OnGuard Online, which is set up by the Federal Trade Commission and a long series of partners, including the Department of Homeland Security, the National Consumers League, and a series of other nonprofit nongovernmental organizations may furthermore be one that makes resistance difficult. Linking back to the critical argument of securitization theory, namely that ‘‘security’’ provides governments with the discursive and political legitimacy to adopt radical measures, the question becomes at which point and how these strategies, and their harmonious constitution of state-society relations, can become contested.

XT: cyber security That results in technification, where the citizen and policy makers alike cede authority to the “expert” Hansen et al. 9(Lene Hansen [international relations scholar who is a full professor at the University of Copenhagen], Helen Nissenbaum [professor of Media, Culture and Communication and Computer Science at New York University, best known for her work on privacy, trust, and security in the online world], 2009, “Digital Disaster, Cyber Security, and the Copenhagen School,” International Studies Quarterly 53, Pages 1166 -1668, MX)The strong emphasis on the hypothetical in cyber securitizations create a particular space for technical, expert discourse. As Nissenbaum (2005:72) points out, the knowledge required to master the field of computer security is daunting and often not available to the broader public, including Security Studies scholars. The breathtaking pace at which new technologies and hence methods of attacks are introduced (Denning 1999:xvi)

further adds to the legitimacy granted to experts and the epistemic authority which computer and information scientists hold allow them the privileged role as those who have the

authority to speak about the unknown. In the case of cyber security, experts have been capable of defying Huysmans (2006:9) description of the invisible role of most security experts as they have transcended their specific scientific locations to speak to the broader public in a move that is both facilitated by and works to support cyber securitizations claimed by politicians and the media. As in most academic fields, computer scientists have disagreed on the likelihood of different forms of attacks, and since the field is also cloaked in military or business secrecy, the ‘‘normal’’

follower of these debates learns ‘‘that much is withheld or simply not known, and estimates of damage strategically either wildly exaggerated or understated’’ (Nissenbaum 2005:72). These fluctuations also facilitate a coupling of radical threats with techno-utopian solutions.11 The National Strategy (2003:35) for instance couples a series of securitizations with an exuberant faith in the development of ‘‘highly secure, trust-worthy, and resilient computer systems. In the future, working with a computer, the Internet, or any other cyber system may

become as dependable as turning on the lights or the water.’’ Leaving aside that for the majority of the world’s poor, and even for the impoverished American, turning on the light or water may not be entirely dependable, this echoes a technological utopianism that sidesteps the systemic, inherent ontological insecurity that computer scientists consistently emphasize. It also invokes an inherent tension between disaster and utopia as the future of cyber security. The constitution of expert authority in cyber technifications invokes furthermore the tenuous relationship between ‘‘good’’ knowledge and ‘‘bad’’ knowledge, between the computer scientist and the hacker. The hacker, argues Nissenbaum (2004), has undergone a critical shift in Western policy and media discourse, moving from a previous subject position as geeky, apolitical, and driven by the boyish challenge of breaking the codes to one of thieves, vandals, and even terrorists.12 Although ‘‘hackers’’ as well as others speaking on behalf of ‘‘hacktivista’’—the use of hacking for dissident, normatively desirable purposes—have tried to reclaim the term (Deibert 2003), both

official and dissident discourse converge in their underscoring of the general securitization of the cyber sector insofar as past political hacker naivety is no longer possible. The privileged role allocated to computer and information scientists within cyber security discourse is in part a product of the logic of securitization itself: if cyber security is so crucial it

should not be left to amateurs. Computer scientists and engineers are however not only experts, but technical ones and to constitute cyber security as their domain is to technify cyber security. Technifications are, as securitizations, speech acts that ‘‘do something’’ rather than merely describe, and they construct an issue as reliant upon technical, expert knowledge, but they also simultaneously presuppose a politically and normatively neutral agenda that technology serves. The mobilization of technification within a logic of securitization is thus one that allows for a particular constitution of

epistemic authority and political legitimacy (Huysmans 2006:6–9). It constructs the technical as a domain requiring an expertise that the public (and most politicians) do not have and this in turn allows ‘‘experts’’ to become securitizing actors while distinguishing themselves from the ‘‘politicking’’ of politicians and other ‘‘political’’ actors . Cyber security discourse’s simultaneous securitization and technification work to

prevent it from being politicized in that it is precisely through rational, technical discourse that securitization may ‘‘hide’’ its own political roots .13

The technical and the securitized should therefore not be seen as opposed realms or disjunct discursive modalities, but as deployable in complex, interlocking ways; not least by those securitizing actors who seek to depoliticize their discourses’ threat and enemy constructions through linkages to ‘‘neutral’’ technologies. A securitization by contrast inevitably draws public attention to what is done in the name of security and this provides a more direct point of critical engagement for those wishing to challenge these practices than if these were constituted as technical. The Copenhagen School has stated desecuritization, the movement of an issue out of the realm of security and into the realm of the politicized as ‘‘the optimal long-range option, since it means not to have issues phrased as ‘threats against which we have countermeasures’ but to move them out of this threat-defense sequence and into the ordinary public sphere’’ (Buzan et al. 1998:29). Taking the concept of technification to recent debates over whether and when desecuritization is political and normatively desirable (Williams 2003; Elbe 2006; Huysmans 2006:124–44), we can add that one should be careful to distinguish a technification that depoliticizes a securitized issue, thereby taking it out of the realm of the political, from a ‘‘proper’’ desecuritization that allows for contestations and hence political debate. Technifications play a crucial role in legitimating cyber securitizations, on their own as well as in supporting hypersecuritizations and in speaking with authority to the public about the significance of its everyday practices. Expert knowledge is obviously not exclusive to the cyber sector and a significant nodal point in environmental security debates is, for instance, discussions of the scientific reliability of predictions about global warming, resource depletion, and population growth. Military security discourse is

likewise concerned with the technicalities of surveillance, SDI, and remotely controlled bombings. Yet, if technifications are not exclusive to the cyber sector, they have been able to take on a more privileged position than in any other security sector. Comparing it to the public debates over environmental security, in the case of the latter, the audience is expected to know more and the repeated contestation of environmental ‘‘evidence’’ makes for a public view of (some) environmental actors as political ones rather than apolitical, ‘‘objective’’ experts. This is not to say that computer security is

objectively more technical or less political than environmental science, but simply that the socially constituted audience-expert subject positions differ and that these difference—open to historical change themselves—are important for how securitizations are legitimated or challenged.

Cyber threats are overblown - esoteric, lumping and un-informed cost benefit analysis - leads to money wasting and NSA controlMalt 10 (Stephen M. Walt [Robert and Renee Belfer professor of international relations at Harvard University], 3/30/10 "Is the cyber threat overblown?," Foreign Policy, foreignpolicy.com/2010/03/30/is-the-cyber-threat-overblown/, MX)I the only person — well, besides Glenn Greenwald and Kevin Poulson — who thinks the "cyber-warfare" business may be overblown? It’s clear the U.S. national security establishment is paying a lot more attention to the issue, and colleagues of mine — including some pretty serious and level-

headed people — are increasingly worried by the danger of some sort of "cyber-Katrina." I don’t dismiss it entirely, but

this sure looks to me like a classic opportunity for threat-inflation. Mind you, I’m not saying that there aren’t a lot of shenanigans going on in cyber-space, or that various forms of cyber-warfare don’t have military potential. So I’m not arguing for complete head-in-the-sand complacency. But here’s what makes me worry that the threat is

being overstated. First, the whole issue is highly esoteric — you really need to know a great deal about computer networks, software, encryption, etc., to know how serious the danger might be. Unfortunately, details about a number of the alleged incidents that are being invoked to demonstrate the risk of a "cyber-Katrina," or a cyber-9/11, remain classified, which makes it hard for us lay-persons to gauge just how serious the problem really was or is. Moreover, even when we hear about computers being penetrated by hackers, or parts of the internet crashing, etc., it’s hard to know how much valuable information was stolen or how much actual damage was done. And as with other specialized areas of

technology and/or military affairs, a lot of the experts have a clear vested interest in hyping the threat, so as to create greater demand for their services . Plus, we already seem to have politicians leaping on the

issue as a way to grab some pork for their states. Second, there are lots of different problems being lumped under a single banner, whether the label is "cyber-terror" or "cyber-war." One issue is the use of

various computer tools to degrade an enemy’s military capabilities (e.g., by disrupting communications nets, spoofing sensors, etc.). A second issue is the alleged threat that bad guys would penetrate computer networks and shut down power grids, air traffic control, traffic lights, and other important elements of infrastructure, the way that internet terrorists (led by a disgruntled computer expert) did in the movie Live Free and Die Hard. A third problem is web-based criminal activity, including identity theft or simple fraud (e.g., those emails we all get from someone in Nigeria announcing that they have millions to give us once we send them some account information). A fourth potential threat is

“cyber-espionage”; i.e., clever foreign hackers penetrate Pentagon or defense contractors’ computers and download valuable classified information. And then there are annoying activities like viruses, denial-of-service attacks, and other things that affect the stability of web-based activities and disrupt commerce (and my ability to send posts into FP). This sounds like a rich menu of potential trouble, and putting the

phrase "cyber" in front of almost any noun makes it sound trendy and a bit more frightening. But notice too that these are all somewhat different problems of quite different importance, and the appropriate response to each is likely to be different too. Some issues — such as the danger of cyber-espionage — may not require elaborate technical fixes but simply more rigorous security procedures to isolate classified material from the web. Other problems may not require big federal programs to address, in part because both individuals and the private sector have incentives to protect themselves (e.g., via firewalls or by backing up critical data).

And as Greenwald warns, there may be real costs to civil liberties if concerns about vague cyber dangers lead us to grant the NSA or some other government agency greater control over the Internet. Third, this is another issue that cries out for some comparative cost-benefit analysis. Is the danger that some malign hacker

crashes a power grid greater than the likelihood that a blizzard would do the same thing? Is the risk of cyber-espionage greater than the potential danger from more traditional forms of spying? Without a comparative assessment of different risks and the costs of mitigating each one, we will allocate resources on the basis of hype rather than analysis. In short,

my fear is not that we won’t take reasonable precautions against a potential set of dangers; my concern is that we will spend tens of billions of dollars protecting ourselves against a set of threats that are not as dangerous as we are currently being told they are.

I-Law & Definitions Counterplan

1nc I-Law & Definitions CPThe United Nations should regulate military cyberspace by:

- ratifying what constitutes as cyber criminal activity and what constitutes an armed attack versus the use of force in Cyberspace, and the definitions’ applicability under the Law of Armed Conflict,

- amend the Budapest Convention to create a global obligation in the assistance of cyber-crime investigations

Solves cyber-crime, miscalc, and circumvention of armed cyber constraintsMueller ’14 (Benjamin; June 2014; On the Need for a Treaty Concerning Cyber Conflict; STRATEGIC UPDATE 14.2; Benjamin Mueller is the International Relations Stonex PhD Scholar at LSE IDEAS. Ben previously attended the University of Oxford, where he read Philosophy, Politics and Economics at Keble College; http://www.lse.ac.uk/IDEAS/publications/reports/pdf/SU14_2_Cyberwarfare.pdf; 7-24-14; mbc)The existing international laws of war, known as the Law of Armed Conflict (LOAC), apply to all operational theatres, including cyberspace. International law distinguishes between two forms of aggression, both of which are impermissible under LOAC: the use of force, and armed attack. Absent an authorisation of force by the UN Security Council, only states under armed attack are legally allowed to deploy military force against another state. Cyberspace is functionally distinct from land, air, sea and space. This distinction has a number of sources. First, cyberspace is the only man-made domain of warfare: the character of the domain space has been defined, and will continue to be defined, solely by human activity. Second, cyberspace is an intrinsically informational domain: it is used to create, organise, transfer, manipulate, assimilate and disseminate data. Cyberspace, in other words, consists of information and has an intrinsic

informational raison d’être. It is a categorical mistake to treat the physical computing assets that sustain cyberspace as the domain of cyberspace itself . This gives rise to confusions surrounding the role and applicability of the Law of Armed Conflict in cyberspace: 1. The gap between use of force and armed attack is already a contentious one, creating disputes about what level and kind of violence meets the ‘armed attack’ threshold. Cyberspace’s unique properties dilute the meaning of these terms further: they enable non-violent electronic incursions – such as data theft, or systems sabotage – on a scale so vast that states’ core security interests can be threatened, without any of the immediate kinetic damage traditional attacks produce. 2

LSE IDEAS Strategic Update 14.2 2. Absent clear definitions of what constitutes an armed attack in cyberspace, states are likely to turn away from treaty-based conflict regulation and instead rely on more nebulous formulations based on national security instincts at best, and downright case-by-case evaluations at worst. This increases the chances of errors and miscalculations by state actors in cyberspace. 3. Conceptual confusions surrounding legal terms, in addition to low barriers to entry and attribution difficulties, give grounds to

expect a marked increase in low-intensity cyber hostilities, at great cost to states and businesses, and with the potential to undermine trust in the Internet as a whole. In response to these problems, this report calls on the international

community of states to negotiate a body of law to regulate armed conflict in cyberspace. Internationally agreed upon definitions on cyber use of force, cyber attack, and cyber espionage will provide the clarity needed to anchor states’ expectations of military behaviour in cyberspace. Otherwise, states’ cyber operations will increasingly push boundaries of the acceptable in order to tease out the

limits of what can be gotten away with: states will resort to proxy combatants, digital camouflage and other acts of perfidy in order to circumvent constraints on armed conflict that were developed in a non-digital era. Cyber hostilities are not the only source of security threats on the Internet: cyber crime is an equally destabilising force. Because attribution is difficult in a digital context, identifying and holding accountable actors in cyberspace is

challenging. The most difficult hurdle, however, is not technical: the central problem is insufficient law enforcement cooperation between states. An

intergovernmental body that institutionalises such collaboration will strengthen states’ efforts to tackle the scourge of Internet crime. Cyber criminals hide behind the international legal barriers erected by sovereignty which their arena of crime – the Internet – does not heed. Placing a positive duty on states to help each other prosecute cyber crime has the added benefit of reducing the incentive for states to outsource illegal cyber war operations to ‘cyber militias’ that operate at arm’s length: non-cooperation by a government during the prosecution of cyber

perpetrators can be taken as evidence for joint culpability. Cyberspace is a shared military and civilian domain. If the military dimension gradually evolves into a zone of perpetual low-intensity combat, the integrity of civilian cyberspace will steadily erode away. This report makes two recommendations to avert that scenario: 1. The community of states needs commonly agreed-upon legal standards to define what constitutes an illegal armed attack in cyberspace. 2. The community of states needs to establish an obligation for mutual assistance in cross-border cyber crime investigations. 3 These two steps, if implemented, ought to introduce a degree of order and certainty to cyberspace and, as a corollary, enable the serious prosecution of cyber criminals who currently take advantage of limited intergovernmental legal cooperation in cyberspace.

solves circumventionSetting international law is a necessary prerequisite – solves the definitional brightline that could result in circumventionMueller ’14 (Benjamin; June 2014; On the Need for a Treaty Concerning Cyber Conflict; STRATEGIC UPDATE 14.2; Benjamin Mueller is the International Relations Stonex PhD Scholar at LSE IDEAS. Ben previously attended the University of Oxford, where he read Philosophy, Politics and Economics at Keble College; http://www.lse.ac.uk/IDEAS/publications/reports/pdf/SU14_2_Cyberwarfare.pdf; 7-24-14; mbc)Cyberspace arises out of the Internet, the global set of interlinked computer data networks that are used for both physical and ideational purposes.5 The name ‘cyberspace’ is given to the digital data trail generated by interconnected computers. While cyberspace cannot be spatially located, it gives rise to ‘real’ effects. The contrast to other operational theatres is simple: cyberspace cannot be reduced to physical attributes only. It is partially a material domain, used for commercial activities (e.g. e-banking) and infrastructure management (e.g. industrial control systems), and partially an ideational domain – a platform for information exchange and communication. In 1984, William Gibson published Neuromancer, one of the formative works of the cyberpunk genre that anticipated many features of the computer age we now take for granted. Gibson metaphorically styled cyberspace as ‘a consensual hallucination experienced daily by billions … Unthinkable complexity. Lines of light ranged in the nonspace of the mind, clusters and constellations of data.’6 More prosaically, the Congressional Research Service defines cyberspace as ‘non-physical terrain created by computer systems’.7 Cyberspace expresses human thought in data and allows it to manipulate – through computers and

other humans – the physical world. This nebulous complexity is the root reason why we struggle to answer basic questions of military doctrine such as, ‘When does a cyber operation amount to the use of force?’ After all, such operations need not result in immediate physical destruction. This legal haze surrounding cyber operations confuses the categorisation of incidents, and, by extension, the determination of legitimate responses. The Agent.btz malware discovered by the NSA in 2008 provides a good example of the problem.8 Agent.btz, a spying programme, infected the Secret Internet Protocol Router Network used by the State and Defense departments to transmit classified material, and the Joint Worldwide Intelligence Communication System through which Top Secret information is sent to US officials across the globe. To remove Agent.Btz the military launched Operation Buckshot Yankee, which ended up lasting 14 months. This entailed the escalation of US Strategic Command’s information security threat level, since programmes

used by battlefield commanders for intelligence and communications were implicated in the clean-up. Agent.btz was a purely data-related cyber incursion, but one of such a vast scale that it destabilised military command and control systems and threatened to cross the boundary between espionage mission and outright attack. An intense conceptual debate began among the various affected US government agencies concerning the nature of what they were dealing with: did the US experience a military attack, requiring a response in kind by the military’s offensive cyber unit at the time, Joint Functional Component Command? Or should the incident be treated as

an act of espionage, albeit on an enormous scale? In the event, policy officials opted for the latter interpretation. Agent.btz demonstrated the difficulty of treating cyberspace like any other operational domain: cyber security and intelligence operations overlap. Unlike non-cyber espionage, cyber incursions can be mounted against

other states remotely and scaled up to such a degree that they implicate core national security concerns. Such incidents can be likened to covert military operations. Interpreting international law in this novel context is enormously difficult. The official policy of the United States is that the Law of Armed Conflict (LOAC) applies to

cyberspace, since all new technologies are subject to existing laws of war.9 Conceptually, however, there are strong reasons to suspect that cyberspace should be subject to a discrete body of law. The clarity of the concepts relied on by the Law of Armed Conflict is diluted in cyberspace The LOAC restricts the use of military force between states: Article 2(4) of the United Nations Charter outlaws the use of force against the territorial integrity of another state, and Article 51 of the Charter entitles a targeted state to respond against an armed attack with its own, proportionate use of a force. US doctrine in the event of 8 For an in-depth report, see Nakashima, Ellen. “Cyber-Intruder Sparks Massive Federal Response — and Debate Over Dealing with Threats.” The Washington Post. 09 Dec. 2011. Web. 22 Mar. 2014. 9 See Koh, Harold H. ‘International Law in

Cyberspace.’ Harvard International Law Journal (2012) Vol. 54 6 LSE IDEAS Strategic Update 14.2 a cyber intrusion is to assess its physical effects.10 A cyber operation is a use of force, the US government maintains, if its scale and effects are comparable to non-cyber uses of force. Specific criteria are used to determine whether the use of force threshold is breached by a cyber

operation: the context of the event, the actor perpetrating the action, the target and location, effects and intent.11 Such an effects-based analysis of cyber attacks considers serious death, injury, damage or destruction as the threshold for an armed attack. US government policy further states that any cyber use of force can be deemed an armed attack, triggering the self-defence provisions of LOAC.12

solves i-freedomInternational cooperation over the prosecution of cyber criminals facilitates trust between states, makes the Internet more secure, and creates the basis for a meaningful legal framework for state conduct in cyberspace Mueller ’14

(Benjamin; June 2014; On the Need for a Treaty Concerning Cyber Conflict; STRATEGIC UPDATE 14.2; Benjamin Mueller is the International Relations Stonex PhD Scholar at LSE IDEAS. Ben previously attended the University of Oxford, where he read Philosophy, Politics and Economics at Keble College; http://www.lse.ac.uk/IDEAS/publications/reports/pdf/SU14_2_Cyberwarfare.pdf; 7-24-14; mbc)Countries such as Russia and China, suspected of orchestrating state-sponsored or state-tolerated cyber incursions, are not party to the Convention. Russia, however,

has on multiple occasions called for an international cyber arms control treaty. Specifically, it has called for the prohibition of inserting malicious code in another country’s computers for use in the event of war, the prohibition of attacks on noncombatant networks and other restrictions on the military use of cyber weapons.43 In 2010, NSA Director Keith Alexander responded to Russian prompts on the matter, agreeing on

the need to ‘establish the rules [for cyber warfare] and I think what Russia’s put forward is, perhaps, the starting point for international debate’.44 The overall aim is to move the international community of states into a position where cyber-related cross-border cooperation of law enforcement is a matter of routine, regulated by treaty. An accord on cyber war is needed to clarify the definitions of LOAC in cyberspace, helping to bring clarity into what is currently an underregulated domain of warfare. By creating a degree of certainty as regards permissible state behaviour in cyberspace, governments can step away from the risky game of maximising cyber operations without breaching the armed attack threshold, and focus on the scourge of cyber criminality, which is undermining confidence in the Internet as a whole. An institutionalised basis for international cooperation on cyber crime would make life harder for cyber criminals. As an added benefit, a treaty on cyber crime would lessen the attribution dilemma, since non-cooperation by a state can then be seen an indication of a degree of state responsibility for a cyber incident.45 In practical terms, it is up to states to initiate the treaty process. The Budapest Convention provides a solid basis for combating cyber crime; it could be amended as per the points above and an effort launched to bring on board more signatories. The UN Disarmament & International Security Committee appears to be the most appropriate forum for talks to commence on a cyber war

treaty. The incentive structure for states to engage in such a process is easily framed in the game theory terms that are familiar to students of bargaining and cooperation under anarchy.46 The simplest explanatory analogy is the Prisoner’s Dilemma: it is in the interest of all states if cyberspace becomes a more ordered military domain, by anchoring expectations and introducing a degree of certainty for governments. It is in the private interest of each state to defect from this regime and secure the benefits of unrestrained cyber warfare on its own. To avoid all states from following their private interest and defecting, it is necessary to monitor compliance, ideally through an institution charged with this task (which generates what Axelrod and Keohane call the ‘shadow of the future’). Curiously, although international law has no formal enforcement mechanism, states’ adherence to it, as has been noted, is widespread and consistent. The reasons are

likely to be a mixture of enlightened self-interest in an ordered international community, legitimacy (both of international law and of the compliant state in the eyes of its population as well as

the international community) and the norms of socialisation that have built up over the past century as international law grew in depth and breadth.47 The main hurdle facing this scheme is that states fear giving up a military advantage – a fear that is nullified if all states sign up to the treaty – and the worry that regulating a decentralised, non-hierarchical network like cyberspace is antithetical to its fundamental purpose. Specifically, concerns have been voiced that regulating cyberspace will generate momentum for those states that seek to exert censorship and state control over the Internet.48 The idea that information is free, with the Internet as the medium to decentralise the global flow of knowledge and empower citizens across the globe, is indeed appealing to those who believe in freedom of speech as a fundamental force for good in the world. At the same time, it is easy to romanticise this point. Whether or not citizens enjoy a ‘free web’ still depends first and foremost on the domestic legal situation in which they find themselves. A state intent on censoring the Internet can do so easily, with or without a treaty on cyber war. What advocates for an open Internet seem to miss is that a key ingredient of the web is trust between the disparate nodes and actors in the network. A gradual militarisation of cyberspace will hamper cyberspace’s effectiveness as a tool for commercial and social exchange. Moreover, the arms race dynamic that can develop absent a treaty on cyber war is a boon to cybercriminals, who, if left unchecked, will make e-commerce an increasingly slow, costly and cumbersome affair. That is in nobody’s interest.

Counterplan solves legal brightlines that result in circumvention //or// Counterplan sets brightlines that standardize the belligerence of critical infrastructure related attacksMueller ’14 (Benjamin; June 2014; On the Need for a Treaty Concerning Cyber Conflict; STRATEGIC UPDATE 14.2; Benjamin Mueller is the International Relations Stonex PhD Scholar at LSE IDEAS. Ben previously attended the University of Oxford, where he read Philosophy, Politics and Economics at Keble College; http://www.lse.ac.uk/IDEAS/publications/reports/pdf/SU14_2_Cyberwarfare.pdf; 7-24-14; mbc)

There are two main conceptual categories of cyber operation.19 The first is cyber exploitation, which is a non-destructive action, typically clandestine, that seeks to obtain information that would otherwise remain confidential. The second is cyber attack, which is a deliberately destructive action that aims to alter, disrupt, deceive, degrade or destroy adversary computer systems or networks or the information resident in these systems or networks, whether clandestinely or not. In cyberspace, exploitation is a pure data acquisition mission, while an attack seeks to

destabilise the adversary’s computer systems and networks, causing it to be unavailable or untrustworthy and therefore less useful to the adversary.20 Espionage in a cyber context is a vexing issue. All states engage in the clandestine acquisition of confidential intelligence from other actors. The digital age has neither created nor

changed this goal. What has changed, however, is the means available to states by which to achieve it. Whereas traditional espionage necessitated some kind of direct physical interaction with the target state, cyber espionage can be conducted without the perpetrator ever leaving their home state. This renders such intelligence work immune to the method used to tackle traditional espionage, namely, through target states’ domestic legal systems. Moreover, it has given spies the ability to scale up the rate and volume of data theft in a way that was hitherto unimaginable. In 2010, the director of the NSA called the loss of information and intellectual property through cyber espionage ‘the greatest transfer of wealth in history’, suggesting that states are beginning to see their core

national security concerns affected by this dynamic. The line between espionage and covert operations is blurry in cyberspace, which is one of the reasons that it needs to be firmly drawn. States have historically been reluctant to treat espionage as anything other than a domestic law enforcement concern.21 This is because it is a useful practice

employed by all states.22 In fact, insofar as it reduces information asymmetries between states, espionage can have a calming effect on international relations. Clarifying the meaning of armed attack and use of force in cyberspace has the added benefit of implicitly charting out the legitimate scope of other, national security-related clandestine cyber activity. It is not immediately clear what the implications of cyber espionage are for the LOAC. Cyber espionage is not inhibited by the costs, consequences and limitations of traditional espionage.23 At the same time, espionage is not typically

considered a hostile act. Opinions differ as to what the best strategy is to cope with digital espionage. Entities like the CIA argue that cyber espionage does not fall under the umbrella of cyber war, since the US government, like all governments, conducts network surveillance and has done so since the advent of electronic communications. One solution is to develop norms that accept the necessity of espionage, but recognise the potential for boundless digital espionage to do severe damage to trust between states, and limit the extent to which states engage in it.24 Another is to distinguish strictly between cyber operations that capture data, and those that alter the intruded network in a way that affects their functionality now or in the future.25 A further option is to tackle industrial espionage by expanding

the provisions of the WTO’s Agreement on Trade-Related Aspects of Intellectual Property Rights. Currently, member states are

obliged to protect certain intellectual property rights and trade secrets within their territories, but not in their operations abroad.26 In 2009 the Wall Street Journal reported that Russia and China had breached the US electric grid and introduced malware with the potential to disable it, and that US intelligence agencies had detected successful cyber attacks against other states’ critical infrastructures.27 It is unclear whether the article is accurate or not, and it is also not

reported whether the US has undertaken similar such operations. But in any case, even if it is not immediately destructive, the pre-emptive penetration of an adversary’s critical infrastructure is dangerous, destabilising and undermines trust between states. This situation – where cyberspace is used to launch attacks against other states’ civilian infrastructure, including the introduction of cyber vulnerabilities in critical infrastructure by stealth – is an example of the kind of cyber operation that sits uneasily with existing concepts and needs to be clearly defined as an illegal act of aggression. It is for states to negotiate the specifics of any supplementary international laws of war that pertain to cyberspace. The overriding aim must be to address the definitional deficiencies of existing LOAC addressed above. The zone of ambiguity as regards cyber exploitation vs. attack vs. espionage, and use of force vs. armed attack, must be shrunk as much as possible.

solves –global Comprehensive frameworks are abided by nation-states – empiricsMueller ’14 (Benjamin; June 2014; On the Need for a Treaty Concerning Cyber Conflict; STRATEGIC UPDATE 14.2; Benjamin Mueller is the International Relations Stonex PhD Scholar at LSE IDEAS. Ben previously attended the University of Oxford, where he read Philosophy, Politics and Economics at Keble College; http://www.lse.ac.uk/IDEAS/publications/reports/pdf/SU14_2_Cyberwarfare.pdf; 7-24-14; mbc)There exists a relatively comprehensive framework of norms that governs both the process of going to war and conduct in war. States generally adhere by these rules. Certain categories of weapons are banned outright and others are strictly controlled; the use of force by one state against another is outlawed unless it is for self-defence; rules differentiate between legal and illegal operations and strategies in war. New technologies put a strain on these legal understandings as states establish the compatibility of a novel weapon with existing laws of war. Air power provides a good example of this. As with the Internet, airplanes were first used for intelligence gathering before the military potential –

inflicting massive damage to enemy territory through aerial bombardments – was recognised, including the threats it posed to civilians. The day the Second World War broke out in Europe, Franklin D. Roosevelt cabled all warring parties asking for a public pledge that their air forces would not intentionally target civilian populations. England, Germany, France and Poland all agreed, and, as one opponent of international cyber law states, ‘they tried to honour their pledges’.1 This informal agreement lasted almost a full year, despite it not being codified in treaty law. It collapsed because of the ruthlessness of German military strategy: after the Luftwaffe destroyed the entire old city of Rotterdam in May 1940, Britain retaliated in kind over the

Rhineland, and the war in the skies quickly became unlimited. The attempt to define the permissible scope of aerial combat in the Second World War shows that states are willing to establish communal norms of warfare and try to follow them. Two powerful dynamics act against the rationale of complying with the laws of war: the military logic of the technology in question, and the absence of enforcement mechanisms. Circumscribing a technology’s military utility creates incentives for cheating, giving a unique strategic advantage to defector states, especially if there is no way to punish cheaters . Nonetheless, nations were and are willing to work out rules of war that benefit all parties, to sign up to them, and to try to comply. The key is to frame pragmatic rules that work, and to monitor compliance

through a permanent institutional mechanism, the absence of which undermined the airpower agreement in the Second World War. The Nuclear Non-Proliferation Treaty, for example, has proved a successful legal instrument to curtail the spread of nuclear arms, preventing this class of weapons from becoming a commonplace tool in the arsenal of states. 1 Baker, Stewart A. and Charles J.

Dunlap. ‘What is the Role of Laywers in Cyberwarfare?’ American Bar Association Journal, May 2012 4 LSE IDEAS Strategic Update 14.2 International legal norms surrounding war have meaning: most states try to abide by them, and they also exert significant efforts to signal to the international community that they do so.2 All the evidence suggests that states, by and large, observe the international treaties they subscribe to, a principle known as pacta sunt servanda. As American legal scholar Louis Henken put it in 1968, ‘almost all nations observe almost all principles of international law and almost all of their obligations almost all the time’.3 Henken made this observation at a time when international law, after the terrible events of the Second World War, became an increasingly influential component of the thickening web of international relations in a globalising age, spearheaded by political institutions such as the UN and technocratic multilateral organisations such

as GATT. Whether coincidentally or not, inter-state warfare became less and less common in this era of a growing, solidifying international legal order.4 At best, international law facilitated this laudable trend, at worst it didn’t preclude it. In any event, LOAC has provided a degree of clarity and a global normative convergence regarding impermissible state behaviour.

AT squo solvesStatus quo cyber-crime policies don’t solve – regulation of military cyberspace solvesMueller ’14

(Benjamin; June 2014; On the Need for a Treaty Concerning Cyber Conflict; STRATEGIC UPDATE 14.2; Benjamin Mueller is the International Relations Stonex PhD Scholar at LSE IDEAS. Ben previously attended the University of Oxford, where he read Philosophy, Politics and Economics at Keble College; http://www.lse.ac.uk/IDEAS/publications/reports/pdf/SU14_2_Cyberwarfare.pdf; 7-24-14; mbc)Even the most mysterious of cyber incidents carry traces of authorship. The main obstacle to successful attribution is that states don’t cooperate with each other’s inquiries as a matter of routine. If an organisation is set up by treaty to facilitate cross-border law enforcement in cyberspace – an Internetpol, so to speak – and signatories accept a positive duty to assist other signatories’ law enforcement inquiries for specified crimes, the incentive for states to conduct offensive cyber operations at arm’s length through proxy actors is reduced. Following the aforementioned cyber incursion against Estonia, for example, the investigating agencies were able to trace the origin of the attack to Russia. The Russian government, however, simply refused to co-operate with the investigation, and no effort was made to track down the

culprits.37 Attribution by non-cooperation ought to therefore be included in the body of international cyber law that this report suggests should be drafted. If uncooperative states are assumed to share culpability in an attack that can clearly be traced to their borders, states will have a strong incentive not to engage in such behaviour. Lower standards of attribution make sense in cyberspace by putting states on the line and encouraging them to rein in unauthorised operations by cyber militias.38 The result of all this will be a degree of regulation in military cyberspace, which then allows states to devote more energy to a task that concerns them all equally: cyber crime. Far

too little effort is spent prosecuting cyber criminals, who cleverly take advantage of the barriers of sovereignty. Conducting operations in other jurisdictions, they are currently safe in the knowledge that cross-border prosecution is such a complex endeavour that it is unlikely they will ever face justice.39 The global cost of cyber criminality may be as high as $1 trillion per year.40 50 states have so far signed the Council of Europe’s Convention on Cybercrime, also known as the Budapest Convention. This is the only binding international instrument that seeks to tackle Internet criminality. Its signatories include all of the members of the Council of Europe bar Russia, as

well as the US, Japan and Australia. The Budapest Convention synchronises national laws on cyber criminality, which facilitates crossborder cooperation. It has done much to improve the prosecution of borderless cyber crimes, especially through provisions such as a 24/7 points of contact network between parties to expedite assistance requests; the requirement to preserve evidence at the request of another party which can then follow up with a request to search, seize, or disclose that data; and the positive duties on parties to harmonise investigative procedures and legal frameworks of cyber crime. Most categories of cyber crimes are covered by the Convention.41 However, parties can refuse cooperation if they deem that providing assistance would prejudice their sovereignty, public order or other ‘essential interests’. Moreover, there is no enforcement mechanism to oblige states to fulfil their cooperative duties. Straightforward improvements of the Convention would include circumscribing the grounds for refusing assistance to other parties, and reforming the Convention’s current dispute resolution mechanism to provide for mandatory reviews by a neutral arbiter whenever a party whose assistance request has been denied asks for one.42

AT: Countries will violateEven if the treaties will get broken, the world still gets saferSchneier 12 (Bruce Schneier [internationally renowned security technologist; has testified before Congress; has served on several government committees; is regularly quoted in the press; fellow at the Berkman Center for Internet and Society at Harvard Law School; program fellow at the New America Foundation's Open Technology Institute; board member of the Electronic Frontier Foundation; an Advisory Board Member of the Electronic Privacy Information Center; Chief Technology Officer at Resilient Systems, Inc.], 6/8/12, "An International Cyberwar Treaty Is the Only Way to Stem the Threat," US News Debate Club, www.usnews.com/debate-club/should-there-be-an-international-treaty-on-cyberwarfare/an-international-cyberwar-treaty-is-the-only-way-to-stem-the-threat, MX)We're in the early years of a cyberwar arms race. It's expensive, it's destabilizing, and it threatens the very fabric of the Internet we use every day. Cyberwar treaties, as imperfect as they might be, are the only way to contain the threat. If you read the press and listen to government leaders, we're already in the middle of a cyberwar. By any normal definition of the

word "war," this is ridiculous. But the definition of cyberwar has been expanded to include government-sponsored espionage, potential terrorist attacks in cyberspace, large-scale criminal fraud, and even hacker kids attacking government networks and critical infrastructure. This definition is being pushed both by the military and by government contractors, who are gaining power and making money on cyberwar fear. The danger is that military problems beg for military solutions. We're starting to see a power grab in cyberspace by the world's militaries: large-scale monitoring of networks, military control of Internet standards, even military takeover of cyberspace. Last year's debate over an "Internet kill switch" is an example of this; it's the sort of measure that might be deployed in wartime but makes no sense in peacetime. At the same time,

countries are engaging in offensive actions in cyberspace, with tools like Stuxnet and Flame. Arms races stem from ignorance and fear: ignorance of the other side's capabilities, and fear that their capabilities are greater than yours. Once cyberweapons exist, there will be an impetus to use them. Both Stuxnet and Flame damaged networks other than their intended targets. Any military-inserted back doors in Internet systems make us more vulnerable to criminals and hackers. And it is only a matter of time before something big happens, perhaps by the rash actions of a low-level military officer,

perhaps by a non-state actor, perhaps by accident. And if the target nation retaliates, we could find ourselves in a real cyberwar. The cyberwar arms race is destabilizing. International cooperation and treaties are the only way to reverse this. Banning

cyberweapons entirely is a good goal, but almost certainly unachievable. More likely are treaties that stipulate a no-first-use policy, outlaw unaimed or broadly targeted weapons, and mandate weapons that self-destruct at the end of hostilities. Treaties that restrict tactics and limit stockpiles could be a next step. We could prohibit cyberattacks against civilian infrastructure; international banking, for example,

could be declared off-limits. Yes, enforcement will be difficult. Remember how easy it was to hide a chemical weapons facility? Hiding a cyberweapons facility will be even easier. But we've learned a lot from our Cold War experience in negotiating nuclear, chemical, and biological treaties. The very act of negotiating limits the arms race and paves the way to peace. And even if they're breached, the world is safer because the treaties exist. There's a common belief within the U.S. military that cyberweapons treaties are not in our best interest: that we currently have a military advantage in cyberspace that we should not squander. That's not true. We might have an offensive advantage—although that's debatable—but we certainly don't have a defensive advantage. More importantly, as a heavily networked country, we are inherently vulnerable in cyberspace.

Cyberspace threats are real. Military threats might get the publicity, but the criminal threats are both more dangerous and more damaging.

Militarizing cyberspace will do more harm than good. The value of a free and open Internet is enormous. Stop cyberwar fear mongering.

Ratchet down cyberspace saber rattling. Start negotiations on limiting the militarization of cyberspace and increasing international police cooperation. This won't magically make us safe, but it will make us safer.

AT: Other countries would say noRussia and China have shared interests with the US about cyberspace - cyber crime, DoS and viruses Deilbert 11(Ronald Deilbert [directs the Canada Center for Global Security Studies and the Citizen Lab at the University of Toronto’s Munk School of Global Affairs;co-founder of the Information Warfare Monitor project, which, together with the Ottawa-based think tank SecDev Group, tracks the militarization of cyberspace], 2011, “Ronald Deibert: Tracking the emerging arms race in cyberspace,” Bulletin of the Atomic Scientists, DOI: 10.1177/0096340210393703, Pages 6-7, MX)DEIBERT: Russia has been pushing for arms control in cyberspace, or information-weapons control. Most people dismiss this as disingenuous, and I

tend to agree. Most observers see it as Russia’s attempt to constrain US superiority in the cyber domain. Russia is more concerned about color revolutions and mobilization on the Internet by dissident and human rights groups -and trying to eliminate the United States’ ability to support that type of social mobilization -than it is about protecting the Internet. In spite of that, I think it’s worthwhile to push them on it. If I were working for a foreign affairs

ministry, I’d use this as an opening to talk about mutual restraint, cooperation, and push them back on what should be the rules of cyberspace. Some people dismiss cyber arms control, and they are right on one level: We cannot control information weapons -something like Stuxnet -in the way we talk about eliminating certain classes of weapons like ballistic missiles.

Information is too difficult to control, and verification would be impossible. So what’s left? There is some merit in controlling behavior and enforcing rules in cyberspace. Language similar to something like that found in arms control agreements could begin to make sense. BAS: What would such an agreement or set of rules look like? DEIBERT: If you look at the Outer Space Treaty, the Moon Treaty, the Antarctic Treaty -they might be useful models for a Cyberspace Treaty. With those agreements, the aim is less about controlling certain classes of weapons, than it is about controlling expectations and developing a set of principles, rules and procedures, and norms about how states behave with respect to an entire domain. Of course there is a lot that will be difficult to accomplish,

especially when it comes to controlling cyber-espionage. But there are mutual interests that relate more to controlling cybercrime, viruses, and denial of service attacks that could form the basis for practical, positive outcomes. For example, one area that could be improved is the networking and integrating of national computer emergency response teams (CERTs) in a more robust, global manner. That is something all countries should probably agree on and can be accomplished in a way that creates a globally distributed sensor net to monitor “bad behavior” in cyberspace. If you look

at some outcomes of our own research as an example -we said we had no evidence linking either of the espionage networks we uncovered to China’s government itself. Quietly, and without much

public fuss, we sent the information we had on the command and control servers that were being used by the attackers to the Chinese CERT, and to our surprise they thanked us and took measures to shut them down. I thought that was very

interesting. If we are looking at trying to control this activity, we are going to need to facili tate and support that type of information sharing. A global network of nationally based sensor teams monitoring the Internet and sharing information about its health with each other reminds me of the type of organization envisioned for verification of the Comprehensive Nuclear Test Ban Treaty, if it ever comes into force.

Aff AnswersStatus quo solvesJackson ’12 (William; May 2, 2012; Cyber crime-fighters: A model for international cooperation?; a senior writer for GCN, covers security issues; http://gcn.com/Articles/2012/05/02/Transatlantic-cybersecurity-international-cooperation.aspx; 7-24-15; mbc)The United States and the European Union have developed strong operational partnerships for fighting cyber crime despite the lack of formal frameworks for the cooperation, according to a panel of officials from both sides of the Atlantic. “It’s amazing in law enforcement channels how well we are able to share information,” said Thomas Dukes, a former cyber crime

prosecutor in the Justice Department and now a policy adviser to the State Department. The United States has collaborated with agencies in other countries on a number of successful takedowns of criminal organizations and networks, and this could serve as a model for broader cooperation on cybersecurity, participants said May 2 during a conference on trans-Atlantic cooperation. But serious

challenges remain to creating formal alliances. Although U.S. cyber strategy is more secure than Europe’s, the United States still is struggling to define government’s role in its own cybersecurity, said Jane Holl Lute, deputy secretary of the Homeland Security Department. The two sides also have differing views on privacy, and there is disagreement on Internet governance. Dukes said the broader policy debate on cybersecurity is only now beginning, but given the international nature of the Internet and the growing importance of cyberspace to national security economies, all sides agree that cooperation is needed. “Our cooperation is not a choice; it is an obligation and a necessity ,” said Cecilia Malmstrom, EU commissioner for home affairs. The conference, held in Washington, was hosted by the Center for Strategic and International Studies and the European Security

Round Table. Dukes said there is “an almost exponential growth in interest in talking about cyber,” by governments, and that a growing number of nations are creating cyber strategies and appointing senior officials in their foreign ministries. Currently, the best model for international cyber collaboration is the Budapest Convention on Cybercrime, a treaty drawn up by the Council of Europe in 2001 and ratified by the United States and some 30 other nations. It provides a legal framework for information between member countries and focuses on crimes committed online or via the Internet, such as copyright infringement, child pornography and network or computer breaches.

UN’s sidestepping of Congress on Iran deal has made the council unpopularRonen 7/21/15 (Gil; 7/21/15; Bipartisan Anger in Congress over Obama's UN Move; Veteran journalist, Gil Ronen, is an INN newswriter, who previously served on IDF radio; www.israelnationalnews.com/News/News.aspx/198408#.VbKjsPlVhBc; 7-24-15; mbc)Republican lawmakers – but some influential Democrats as well – were angry Monday about the Obama administration's decision to have the United Nations Security Council (UNSC) vote on the Iran nuclear deal before Congress has had a chance to accept or reject it. The unanimous UNSC vote in favor of the Iran Monday deal came just hours after the State

Department formally sent the agreement to Congress to be reviewed. Rep. Eliot Engel

(NY), the top Democrat on the Foreign Affairs Committee, joined panel Chairman Ed Royce (R-Calif) in a statement that said they were “disappointed” that the UNSC voted “before Congress was able to fully review and act on this agreement.” “Regardless of this morning’s outcome, Congress will continue to play its role,” they added. Senate Foreign Relations Committee Chairman Bob Corker (R-Tenn.) — who last week sent a letter along with the committee’s top Democrat, Sen. Ben Cardin (Md.), asking President Obama

to postpone the UN vote — also criticized Monday’s move. “It is inappropriate to commit the United States to meet certain international obligations without even knowing if Congress and the American people approve or disapprove of the Iran agreement,” Corker

said. “During the review period, members on both sides of the aisle will evaluate the agreement carefully, press the administration for answers and then vote their conscience.” Cardin, for his part, stated before the UN vote: “I think the administration should wait until after Congress has had its review period. I don’t know what is lost by delaying that until after the review period.” He did not criticize the vote after it was held, however. House Minority Whip Steny Hoyer (Md.), the second-ranking House Democrat, has also said that the UNSC vote should not have been held before Congress reviewed the deal. Texas Sen. John Cornyn, the second-ranking Republican in the chamber, called the vote “an affront to the American people,” a phrase that several other Republican senators

echoed. “The administration is more concerned about jamming this deal through than allowing the scrutiny it deserves,” Cornyn said. “Congress will carefully examine this agreement and, regardless of what the U.N. believes, vote it down if it jeopardizes American security and paves the way for a nuclear-armed Iran.” Sen. Marco Rubio (R-Fla.) used the phrase “capitulation Monday,” pointing to both the Iran vote and Cuba’s opening of an embassy in

Washington. “This is a bad start for a bad deal,” said House Speaker John Boehner (R-Ohio). “Enabling such a consequential vote just 24 hours after submitting the agreement documents to Congress undermines our national security and violates the spirit of the Iran Nuclear Agreement Review Act,” Boehner said, referring to the recent law giving Congress 60 days to review the deal. “The Iranian deal may be good enough for the United Nations but it's a terrible deal for the United States,” Lindsey Graham (R-SC) said in

a statement. “Taking it to the UN before Congress reviews it is an affront to the American people and further evidence of a weak president trying to sell a bad deal. Congress is not bound by today’s UN decision. I look forward to a full and complete debate in the coming weeks.” Obama administration officials insisted that the UN vote did not sidestep Congress. “No ability of the Congress has been impinged on,” Secretary of State John Kerry stressed Monday. He claimed that the US was under pressure from its allies, who did not like the idea that the US legislature to could make or break the deal. “Frankly, some of these other countries were quite resistant to the idea, as sovereign nations, that they were subject to the United States Congress,” he said. “When you’re negotiating with six other countries, it does require, obviously, a measure of sensitivity and multilateral cooperation that has to take into account other nations’ desires.” “It’s presumptuous of some people to suspect that France, Russia, China, Germany and Britain ought to do what the Congress tells them to do.” Republican opponents of the deal

would have to win over at least 13 Democrats in the Senate — and dozens in the House — to override a presidential veto. President Barack Obama appeared to hope that the UN vote would convince Congress that resisting the deal would be futile. The vote “will send a clear message that the overwhelming number of countries who not only participated in the deal ... but who have observed what’s happened, recognize that this is by far our strongest approach to ensuring that Iran does not get a nuclear weapon ,” he said in a brief statement. “My working assumption is that Congress will pay attention to the broad-based consensus.”

Russia Sanctions CP

1ncThe United State Federal Government should lift all trade sanctions with Russia

Recent Russian Anger is only present because of Us-Russia Sanctions.Mikhail Klikushin, 12-29-2014,(Went to school in Russia and got a degree I Russia Historythen emigrated to the US) Mikhail "Russians Rage Against America," Observer, http://observer.com/2014/12/russians-rage-against-america/Anti-American sentiment has been growing slowly in Russia since the war in former Yugoslavia. But the sharp recent increase happened as a result of the US- led sanctions that were imposed on Russia after the ‘Russian annexation of Crimea.’ For example, just last week Visa and MasterCard completely stopped their operations in Crimea, leaving more than 2 million people there without access to their money. 75% of Russians do not believe that their country is responsible for the events in Ukraine. On the contrary, they blame the US. When the sanctions began, many Russian businesses responded by putting up ‘Obama Is Sanctioned Here’ signs on their doors and windows. However today they went much farther. The owners of the Moscow supermarket “Electronics on Presnya” are using American flag doormats so the customers could wipe their dirty feet off, according to the British tabloid Daily Mail. “Customers have been filmed wiping their feet on the fabled stars and stripes as they enter and exit stores across Moscow, as struggling retailers take a hopeless swipe at their Cold War adversaries,” reports the newspaper. According to the Moskovky Komsomolets Moscow newspaper, the nation’s business owners decided to put the US flag under the Russians’ feet because of the strained relations between the two countries. “New doormats with the American flag were put at every exit so that America would not think that she is allowed to everything,” they say. “From one perspective, of course it is a flag, but from the other, because of this entire situation in the world, regular folks are suffering. All the electronics we import, mostly from China and buy for dollars. We have to work directly so the US would have no chance to manipulate the prices.” (The Russian ruble lost about 50% of its value because of the economic sanctions by the western countries and a fall in the oil price.) By the words of the shopping center’s attorney Konstantin Trapaidze, the doormats with the American flag do not break any Russian law. “It is very probable that the doormats have a decorative character. Yes, people are walking on them but nobody prohibited this. They produce not only doormats with the flag on them but also furniture upholstery. The breaking of the law would be when someone would start burning such a doormat or real flag demonstratively, or tear it up.” Major Russian TV channel Vesti eagerly reported that fact. They also added that some Moscow stores were selling the toilet paper with American flag imprinted on it. The pricetag was $1 per roll. Former US ambassador to Russia Michael McFaul was considered a lightweight who spent more time on Twitter than on actual diplomacy. (YURI KADOBNOV/AFP/Getty Images) A number of Russian politicians have been working very hard to keep the flames of rage burning. Last week, the Speaker of the Russian Parliament, Sergei Naryshkin, raised the issue of starting an international investigation of the Hiroshima and Nagasaki bombings by the US in 1945, as a ‘crime against humanity’ has no time limit. He wanted nothing less than a new Nuremberg trial with the US at the criminal’s bench. Vladimir Putin, from his side, during his most recent press conference, used the occasion to show

his negative attitude toward one of America ’s most popular products. Answering a question about Russian drink Kvass, he said, “I don’t know how harmful Coca-Cola is, but a lot of specialists say that it is, especially for children. I don’t want to offend Coca-Cola, but we have our own national non-alcoholic beverages, and we shall help them to win our stores’ shelves.” He could have chosen another brand as an example of an unhealthy soda, since there is no shortage of different drinks in Russia’s stores. But to no one’s surprise, the Russian President chose for his attack the very symbol of Pindostan.

Lifting trade sanctions with countries results in peace- 40 year study provesJulian Adorney, 10-15-2013, "Want Peace? Promote Free Trade," No Publication, http://fee.org/freeman/detail/want-peace-promote-free-trade (Julian Adorney is an economic historian) Frédéric Bastiat famously claimed that “if goods don’t cross borders, soldiers will." Bastiat argued that free trade between countries could reduce international conflict because trade forges connections between nations and gives each country an incentive to avoid war with its trading partners. If every nation were an economic island, the lack of positive interaction created by trade could leave more room for conflict. Two hundred years after Bastiat, libertarians take this idea as gospel. Unfortunately, not everyone does. But as recent research shows, the historical evidence confirms Bastiat’s famous claim. To Trade or to Raid In “Peace through Trade or Free Trade?” professor Patrick J. McDonald, from the University of Texas at Austin, empirically tested whether greater levels of protectionism in a country (tariffs, quotas, etc.) would increase the probability of international conflict in that nation. He used a tool called dyads to analyze every country’s international relations from 1960 until 2000. A dyad is the interaction between one country and another country: German and French relations would be one dyad, German and Russian relations would be a second, French and Australian relations would be a third. He further broke this down into dyad-years; the relations between Germany and France in 1965 would be one dyad-year, the relations between France and Australia in 1973 would be a second, and so on. Using these dyad-years, McDonald analyzed the behavior of every country in the world for the past 40 years. His analysis showed a negative correlation between free trade and conflict: The more freely a country trades, the fewer wars it engages in. Countries that engage in free trade are less likely to invade and less likely to be invaded. The Causal Arrow Of course, this finding might be a matter of confusing correlation for causation. Maybe countries engaging in free trade fight less often for some other reason, like the fact that they tend also to be more democratic. Democratic countries make war less often than empires do. But McDonald controls for these variables. Controlling for a state’s political structure is important, because democracies and republics tend to fight less than authoritarian regimes. McDonald also controlled for a country’s economic growth, because countries in a recession are more likely to go to war than those in a boom, often in order to distract their people from their economic woes. McDonald even controlled for factors like geographic proximity: It’s easier for Germany and France to fight each other than it is for the United States and China, because troops in the former group only have to cross a shared border. The takeaway from McDonald’s analysis is that protectionism can actually lead to conflict. McDonald found that a country in the bottom 10 percent for protectionism (meaning it is less protectionist than 90

percent of other countries) is 70 percent less likely to engage in a new conflict (either as invader or as target) than one in the top 10 percent for protectionism. Protectionism and War Why does protectionism lead to conflict, and why does free trade help to prevent it? The answers, though well-known to classical liberals, are worth mentioning. First, trade creates international goodwill . If Chinese and American businessmen trade on a regular basis, both sides benefit. And mutual benefit disposes people to look for the good in each other . Exchange of goods also promotes an exchange of cultures. For decades, Americans saw China as a mysterious country with strange, even hostile values. But in the 21st century, trade between our nations has increased markedly, and both countries know each other a little better now. iPod-wielding Chinese teenagers are like American teenagers, for example. They’re not terribly mysterious. Likewise, the Chinese understand democracy and American consumerism more than they once did. The countries may not find overlap in all of each other’s values, but trade has helped us to at least understand each other. Trade helps to humanize the people that you trade with. And it’s tougher to want to go to war with your human trading partners than with a country you see only as lines on a map . Second, trade gives nations an economic incentive to avoid war. If Nation X sells its best steel to Nation Y, and its businessmen reap plenty of profits in exchange, then businessmen on both sides are going to oppose war. This was actually the case with Germany and France right before World War I.

2nc Solvency

US Russia Econ relations are key to overall relationsBPC, January 2012, (The Bipartisan Policy Project is a Washington Think Tank made by senate members that promotes bipartisanship. The BPC looks for policy answers to problems by consulting experts and former elected officials on both ends of the political spectrum. ) http://bipartisanpolicy.org/wp-content/uploads/sites/default/files/Russia%20Staff%20Paper.pdfBy embedding Russia’s economic self-interest in broader rule-based international institutions , accession could help limit Moscow’s ability or willingness to engage in some of the destructive trade and other disputes that have damaged its relations with the U nited S tates and much of the E.U. and FSU in recent memory. Moreover, U.S. support for Russia’s accession, which has been full -throated for years, could make it much more difficult for Russia to blame its own political and economic problems on foreign obstructionism and exclusion. This is related to the fact that Moscow’s leaders’ conduct toward their neighbors and the United States is intricately connected to their sense of receiving the respect they feel the country deserves as a leading global power. Thus, it was in the U.S. interest as much as Russia’s that Washington facilitated accession while avoiding the appearance of wanting WTO membership for Russia more than Russia’s leaders do. Finally, there is the general hope that economic liberalization stemming from Russia’s WTO commitments could possibly promote political liberalization in the country, especially considering much of the ruling class relies on state ownership of the economy and corruption to maintain political power. President Medvedev has even hinted at the potential for this to occur gradually, stating in September 2010 that “only a free person is capable of modernizing. Not someone who is afraid of the state, afraid for his life or his business.”66

Russia and US fight because there is no economic incentive to stay friendlyFortune, 3-18-2014,(Fortune is a news site.) "U.S.-Russian trade relationship? There really isn’t one," http://fortune.com/2014/03/18/u-s-russian-trade-relationship-there-really-isnt-one/Russian President Vladimir Putin signed legislation officially annexing Crimea on Tuesday, in blatant disregard of threats of economic sanctions that President Barack Obama announced over the weekend. And while some have considered the events in Ukraine the result of geopolitical posturing (Arizona Senator John McCain, for instance, has blamed Russia’s actions on the Obama administration’s “disturbing lack of realism” on foreign policy.), economics and trade offer a much clearer view of the situatio n. Put simply, Russia and the U.S. are free to antagonize each other because they have very little to lose economically from deteriorated relations . According to analysis from Carl Weinberg of High Frequency Economics, trade ties between the U.S. and Russia are minuscule: U.S. goods exports to Russia totaled just $11 billion in 2013, equivalent to less than 0.1% of U.S. GDP. U.S. goods imports from Russia totaled $27 billion, just under 0.2% of U.S. GDP. The direct financial linkages between the United States and Russia are also small. According to [the Treasury Department] Russians hold $139 billion in U.S.

Treasury securities and virtually no U.S. corporate bonds or equities — at least directly. Russian direct investment in the United States also appears minimal. In the other direction, U.S. residents hold $70 billion in long-term securities and $14 billion in direct investment in Russia. Meanwhile, the European Union is far more reliant on Russia for its economic health, as much of the E.U.’s supply of natural gas comes from Russian gas fields. This may explain why the E.U. has been less forceful than the U.S. in its sanctions announced this weekend. By contrast, take a look at the United States’ economic relationship with China. Unlike Russia, China is a very lucrative source for U.S. exports — it constitutes a $300 billion market for U.S. firms if you combine both exports and sales in China by firms with U.S. investment, according to the Congressional Research Service. Total trade between China and the U.S. reached more than half a trillion dollars in 2013, a significant chunk of both countries’ total economic output. These statistics also help explain why China — which often sides with Russia on questions brought to the United Nations Security Council — abstained from a vote to condemn Russia’s actions in Eastern Europe

US Russia sanctions are hurting relations right nowSputnik, 19.12.2012, "Lavrov: Ukraine Freedom Act to Undermine US-Russia Relations for Long Time / Sputnik International," No Publication, http://sputniknews.com/politics/20141219/1016019724.htmlMOSCOW, December 19 (Sputnik) – Relations between the United States and Russia will be undermined for a long time following US President Barack Obama’s signing of the Ukraine Freedom Act containing stipulations for the possibility of additional anti-Russian sanctions, the Russian Foreign Ministry said Friday. “[Russian Foreign Minister] Sergei Lavrov said that after the US president signed the Ukraine Freedom Act that threatens new sanctions against Russia, normal joint activities between [the two] countries would be undermined for a long time,” the ministry said in a statement published on its website. Lavrov voiced his concerns in a telephone conversation with US Secretary of State John Kerry. According to the Russian Foreign Ministry, the talk was initiated by the United States. The Ukraine Freedom Support Act, authorizing a provision of lethal assistance to Ukraine and the introduction of new sanctions against Russia, was passed by the US Congress last week and signed by President Barack Obama on Thursday. The United States does not intend to impose more sanctions against Russia under the new legislation at this time, Obama stated after the signing.

(NOTE this card is in the context of EU increasing relations but it talks about how EU Russia sanctions are an example of how sanctions hurt relations and it also talks about how EU is following in the US’s footsteps.)

US Russia Sanctions prevent good relations Karoun Demirjian, 6-22-2015, (reporter from the Washington post who specializes on writing about foreign policy.)"Russia warns of deeper rifts with West as Europe extends sanctions," Washington Post, https://www.washingtonpost.com/world/europe/russia-warns-of-deeper-rifts-with-west-as-europe-extends-sanctions/2015/06/22/22349101-1a8b-4cc8-92a9-d5b4f84b5191_story.htmlBut in Moscow , leaders complained that keeping the sanctions in place would undermine progress toward normalization of relations between Russia and the

West . “ Even partial softening of the sanctions would have created a positive dynamic,” Alexei Pushkov, the head of the Russian Duma’s international relations committee, told Interfax. “Even though the prolongation of the sanctions does not immediately sharply worsen the situation — it remains as it was — it creates a negative tone for at least another half a year in the relations between Russia and the European Union.” Russia’s Foreign Ministry said in a statement that it was “very disappointed ” that the E.U. had sided with the “Russophobic lobby, which pushed the decision to extend the illegal restrictions.” Until several weeks ago, it was unclear whether the E.U. would be able to muster the necessary unanimous support to keep the sanctions regime going. In recent months, Russia has made concerted efforts to court sympathetic governments and foster pro-Russian political support in Europe — especially in debt-saddled Greece, whose leaders have suggested they might look to Moscow for financial aid. Russia has stopped short of offering Greece anything more than promises and plans to develop various sectors of its economy. Greece did not stand in the way of the sanctions extension, which came just hours before an emergency summit in Brussels seeking to reach a deal to keep Greece from a default that could push it from the euro zone. Even with Europe taking the lead on sanctions, some in Russia turned their dismay toward Washington. “The Americans declare their interest in the provision of sovereignty and territorial integrity of Ukraine. But they have absolutely no interest in Ukraine. They are interested in Russia,” Nikolai Patrushev, chair of the Russian Security Council and a close ally of Russian President Vladimir Putin, said in an interview with the Russian newspaper Kommersant published Monday. “The United States wants Russia to cease to exist as a country,” Patrushev said. In Berlin, U.S. Defense Secretary Ashton Carter said the United States will contribute Special Operations forces, surveillance aircraft and weaponry to a new NATO task force designed to respond to crises in Eastern Europe and northern Africa. “We do not seek a cold let alone a hot war with Russia,” Carter said in a speech earlier Monday. “But make no mistake: We will defend our allies. . . . We will stand up to Russia’s actions and their attempts to reestablish a Soviet-era sphere of influence.”

Case

Cyber Attacks An impacting attack would never happen, while common everyday attacks don’t place anyone at risk Liang ‘15 (CPT Lim Ming Liang, an Armour Infantry Officer by vocation and is currently a Staff Officer in HQ Armour. He received the SAF Academic Scholarship and graduated from the National University of Singapore with a Bachelors of Social Sciences (Honours) in Political Science, “Hype or Reality: Putting the Threat of Cyber Attacks in Perspective”, 02/14/15, http://www.mindef.gov.sg/content/dam/imindef_media_library/graphics/pointer/PDF/2015/Vol.41%20No.1/5)%20V41N1_Hype%20or%20Reality%20Putting%20the%20Threat%20of%20Cyber%20Attacks%20in%20Perspective.pdf, p. 38)//clThe final chart is set out in Figure 1 with the frequency listed numerically beside each bubble for convenient reference. By mapping the bubble chart over the risk assessment matrix, several conclusions are clear. Firstly, a majority of the cyber-attacks are low risk incidents, while the rest are in the region of moderate risk. Additionally, there have been no incidents of real cyber war yet. Secondly, skilled and organised non-state or state-sponsored actors mostly conduct espionage and disruption activities which are the most prevalent attacks against states. Thirdly, as attacks become more threatening, they are also less likely to happen as evidenced by the sparse frequency in the top left area of the chart. Finally, and most importantly, current cyber-attacks have not reached the region of high risk where perpetration of attacks is easy and effects are catastrophic at the same time.

Even the Georgia-Russia war wasn’t affected by the multiple cyberattacks that pre-empted it Liang ‘15 (CPT Lim Ming Liang, an Armour Infantry Officer by vocation and is currently a Staff Officer in HQ Armour. He received the SAF Academic Scholarship and graduated from the National University of Singapore with a Bachelors of Social Sciences (Honours) in Political Science, “Hype or Reality: Putting the Threat of Cyber Attacks in Perspective”, 02/14/15, http://www.mindef.gov.sg/content/dam/imindef_media_library/graphics/pointer/PDF/2015/Vol.41%20No.1/5)%20V41N1_Hype%20or%20Reality%20Putting%20the%20Threat%20of%20Cyber%20Attacks%20in%20Perspective.pdf, p. 38-39)//clCASE STUDIES: THE GEORGIA-RUSSIA WAR AND STUXNET: This section complements the previous section in assessing the hype of cyber-attacks with analyses from two cases of cyber incidents—the cyber-attacks during the Georgia-Russia War and Stuxnet. These cases were chosen as they each lie on the extreme end of the ‘threat’ and ‘likelihood’ spectrum separately. A summary of the significant tenets of these cases will precede an analysis of their lessons. The Georgia-Russia War: The Georgia-Russia War, against the backdrop of historical geopolitical tensions and other complexities, broke out as a result of Georgia’s attack on the Russian-aligned South Ossetian militia. Russia retaliated with an armoured advance, amphibious assault and an intensive artillery bombardment on a Georgian town. In addition, the kinetic assaults were accompanied with a series of cyber operations which in fact, preceded the conventional assaults.14 The cyber

incidents during the Georgia-Russia War comprised three main types of attacks.15 The first was a subversion campaign which defaced Georgian government websites—the most prominent vandalism involved collages of the photographs of Adolf Hitler with the Georgian President for Russian propaganda purposes. The second was a series of distributed denial-of-service attacks that brought down several government, media and corporate websites. The third, and most significant operation involved the setting up of an ‘Attack Georgia’ website which encouraged the Russian public to download tools as rudimentary as PING utility, which are normally used to test the accessibility of IP addresses, to flood the Georgian cyberspace.16 A cyber campaign of this scale necessitated preparation, reconnaissance and even war-games. Russian intelligence infiltrated Georgian military and government networks three weeks before the ground campaign to scour for information while cyber militia conducted ‘probing attacks’ against specified targets in preparation for the actual campaign.17 Interestingly, Russian cyber militias also attacked a Georgian hacker forum—seemingly as a pre-emptive strike to stem the possibility of a Georgian hackers’ retaliation.18 Furthermore, the cyberspace operations appeared coordinated with Russian conventional ground campaign as hackers attacked local Georgian websites in areas where the military planned on shelling.19 The Georgia-Russia War is significant as it is a first of its kind where a conventional war was ‘integrated’ with a cyber-campaign with mass participation.

Stuxnet proves—too costly and won’t do any lasting damage Liang ‘15 (CPT Lim Ming Liang, an Armour Infantry Officer by vocation and is currently a Staff Officer in HQ Armour. He received the SAF Academic Scholarship and graduated from the National University of Singapore with a Bachelors of Social Sciences (Honours) in Political Science, “Hype or Reality: Putting the Threat of Cyber Attacks in Perspective”, 02/14/15, http://www.mindef.gov.sg/content/dam/imindef_media_library/graphics/pointer/PDF/2015/Vol.41%20No.1/5)%20V41N1_Hype%20or%20Reality%20Putting%20the%20Threat%20of%20Cyber%20Attacks%20in%20Perspective.pdf, p. 39-40)//clThe second case study was another game changer as it was the first instance where a cyber-attack resulted in physical destruction.20 Stuxnet was a highly sophisticated malicious software that was planted in the network of an Iranian nuclear facility in Natanz and designed to gradually deteriorate centrifuges used for uranium enrichment. Natanz functioned on a Microsoft Windows operating system and a Siemens Industrial Control System, but had an ‘air gap’ which meant that its computers were not connected to the internet.21 Most likely, Stuxnet had to be inserted into the networks by an unsuspecting staff with an infected thumb drive. Once inserted, Stuxnet was like a living worm. It can propagate and adapt itself in the network; changing its characteristics to avoid detection by antivirus software and firewalls; replicating itself till it identifies the Programmable Logic Controller (PLC) that controls the centrifuges; as well as sending situation reports to its control servers.22 Stuxnet was to lie dormant until it identifies a PLC connected to a frequency converter that runs the motors of the centrifuges. Thereafter, Stuxnet will begin a sequence to inject a payload designed to disrupt the frequencies of the motors to damage the centrifuges slowly.23 Meanwhile, the malware is capable of sending deceptive feedback to the human operators to give the impression that the centrifuges were still functioning normally. Nevertheless, the Iranians eventually reached out to open-source security researchers and neutralised Stuxnet. The software vulnerabilities that Stuxnet exploited were quickly patched by Microsoft and Siemens.24 In the end , Stuxnet only managed to delay Iranian centrifuge programme by a year . 2 Engineering

such a sophisticated and specific weapon like Stuxnet is no mean feat. Reconnaissance is necessary to map out the target facility’s networks and configuration. Intensive technological, programming and engineering prowess are required to design the malware’s propagating ability and adaptability . Extensive financing is necessary to obtain testing equipment, similar centrifuges and a mock facility for trials and rehearsals. Finally, intelligence networks are required to plant the malware into the target network . These resources indicate a strong state’s involvement. Allegedly, the US National Security Agency and an Israeli intelligence group known as 8200 collaborated to design Stuxnet since the Bush administration.26 Together, Stuxnet and the cyber incidents in the Georgia-Russia War provide new perspectives on the threat of cyber-attacks against states.

Cyberattacks don’t achieve much—even a complicated operation like Stuxnet achieved little more damage than is typical of technology depreciating Liang ‘15 (CPT Lim Ming Liang, an Armour Infantry Officer by vocation and is currently a Staff Officer in HQ Armour. He received the SAF Academic Scholarship and graduated from the National University of Singapore with a Bachelors of Social Sciences (Honours) in Political Science, “Hype or Reality: Putting the Threat of Cyber Attacks in Perspective”, 02/14/15, http://www.mindef.gov.sg/content/dam/imindef_media_library/graphics/pointer/PDF/2015/Vol.41%20No.1/5)%20V41N1_Hype%20or%20Reality%20Putting%20the%20Threat%20of%20Cyber%20Attacks%20in%20Perspective.pdf, p. 40)//clContesting the Half-Truths of Cyber Attacks The cyber revolution thesis and political discourse seems to purport that cyber threats can severely threaten nations’ security. While there are merits to and advantages of that perspective, it is necessary to balance its half-truths with objective and evidencebased analyses to avoid spiralling threat conflation. The research in this essay suggests that as yet, the threat of cyber-attacks to states is overrated. One of the tenets of the cyber revolution thesis asserts that cyber-attacks can take place independently of traditional military systems. While this is possible, my findings suggest that attacks that take place solely in the cyber domain may only marginally compromise a state’s monopoly of legitimate force at best, but are unable to infringe upon a state’s territorial integrity . The case of the Russia-Georgia War demonstrates the importance of ‘boots-on-the-ground’ to overpower the opponents’ militaries and occupy territories. While the accompanying cyber campaign was impressive, they were nothing but cyber vandalism and a nuisance . Stuxnet demonstrates the case of a standalone cyberattack which damaged physical infrastructure—a case of an arguably significant threat to a state. Yet, for a highly invested and sophisticated cyber weapon to only achieve a limited effect of destroying 11.5% of the 8,500 Iranian centrifuges, barely above the centrifuges’ typical breakdown rate , this more than adequately proved that cyber- attacks independent of traditional military systems can only marginally compromise a state’s monopoly of violence.27 Perhaps the most accepted claim of the cyber revolution thesis is the difficulty of attribution and the

anonymity of cyber-attacks. While I concur with the claim , attribution is not entirely impossible . In fact, most cyber-attacks remain anonymous because they are ‘an inconsequential nuisance’ that do not warrant a full-scale investigation.28 On the other hand, most incidents with a ‘threat’ score of four on the bubble chart can be attributed . The circumstantial evidence of Stuxnet for example, inadvertently points to possible US and Israeli collaboration. Additionally, anonymity can be a burden for its perpetrators. Actors intending to initiate cyber-attacks must undertake considerable measures to maintain anonymity. As the complexity and intended threat of an attack increases, the risk of attribution increases consequently as states are also more likely to investigate incidents of greater significance.

Cyberweapons are too “hit or miss” to be extensively deployed by countries; cybersecurity will never threaten a state’s physical capabilities—turns IP theft Liang ‘15 (CPT Lim Ming Liang, an Armour Infantry Officer by vocation and is currently a Staff Officer in HQ Armour. He received the SAF Academic Scholarship and graduated from the National University of Singapore with a Bachelors of Social Sciences (Honours) in Political Science, “Hype or Reality: Putting the Threat of Cyber Attacks in Perspective”, 02/14/15, http://www.mindef.gov.sg/content/dam/imindef_media_library/graphics/pointer/PDF/2015/Vol.41%20No.1/5)%20V41N1_Hype%20or%20Reality%20Putting%20the%20Threat%20of%20Cyber%20Attacks%20in%20Perspective.pdf, p. 40-41)/clAnother claim advances the asymmetric nature of cyber-attacks and its low entry barriers which facilitate its exploitation by non-state actors or weak states. As the Stuxnet case study demonstrates, cyber-attacks on the higher end of the ‘threat’ spectrum are contrary to the asymmetric claim. Effective cyber weapons are costly and impose high technology barriers beyond the reach of non-state actors such as terrorist groups . Furthermore, they often do not guarantee success and are surgical and ‘one-shot’ in nature. Hence, it is more rational for non-state actors to resort to conventional tactics with higher rates of success at much lower costs . Cyber-attacks are also cited as inherent with a zerosum paradox where technologically advanced states are empowered and vulnerable at the same time. The findings in this essay however, demonstrate that the paradox is exaggerated. As the bubble chart shows, disruption and espionage are the most prevalent cyber-attacks to plague the most technologically advanced states; but they do not threaten the state’s territorial integrity and monopoly of legitimate force. Furthermore, vulnerability in cyberspace is less severe than in the physical domain. Stuxnet shows that disruption or damages as a result of cyber-attacks can be quickly recovered or replaced, unlike the irreversible destruction that kinetic force inflicts.

Offense is inevitable—a balance of the two strategies are better for protecting the U.S.Farrell ’12 (Henry Farrell, “What’s new in the U.S. cyber strategy”, 04/24/14, http://www.washingtonpost.com/blogs/monkey-cage/wp/2015/04/24/whats-new-in-the-u-s-cyber-strategy/)//clThe Department of Defense has just issued a new cyber strategy, which perhaps provides the best public presentation of how the United States thinks about cybersecurity. As always with these documents, what is left out is as important as what is put in. So how has U.S. strategic thinking about cybersecurity changed in the post-Snowden era? The United States isn’t worried about a ‘cyber Pearl Harbor’ any more. When people started to worry about cybersecurity, many, including then-defense secretary Leon Panetta claimed that the United States was in danger of a ‘Pearl Harbor’ type attack that could devastate the country. There is no ‘Pearl Harbor’ alarmism in the current document. Instead, it suggests that the United States faces the threat of persistent low level attacks that could damage individuals or firms, as well as targeting some industrial systems. The document also singles out efforts to “steal U.S. intellectual property to undercut our technological and military advantage” and specifically identifies China as a major culprit. Thursday’s revelation that the United States apparently targeted EADS, a major European military contractor, for NSA spying, was especially poorly timed from the United States’s perspective, although the United States can still maintain that it does not spy so as to pass on stolen intellectual property to U.S. firms (and may conceivably have been targeting EADS for purposes that had nothing to do with snooping through its weapons systems). The United States is now acknowledging that it has developed offensive as well as defensive capabilities. In the past, the United States has been very cagey about its ability to conduct offensive actions in cyberspace . Over the last few years though, U.S. officials and former officials have gradually started to open up a little bit and discuss how the United States is able to mount cyber attacks on other countries. The new document goes much further in specifically acknowledging that the United States is capable of attacking other countries’ information systems, and willing to do so under some circumstances. It says that there “may be times when the President or the Secretary of Defense may determine that it would be appropriate for the U.S. military to conduct cyber operations to disrupt an adversary’s military related networks or infrastructure so that the U.S. military can protect U.S. interests in an area of operations.” Unsurprisingly, the strategy document does not refer to other aspects of United States’s offensive capabilities. For example, it doesn’t discuss how the US spies in cyberspace, which occupies a gray area in international law. Nor does it discuss the U.S. role in covert operations such as Stuxnet, where the United States and Israel reportedly succeeded in damaging the Iranian nuclear program through a clever attack on the computerized equipment that was refining uranium. Both are crucial aspects of United States’s offensive capability; neither are likely to be officially acknowledged in any specific way.

No attacks—deterrence checks Farrell ’12 (Henry Farrell, “What’s new in the U.S. cyber strategy”, 04/24/14, http://www.washingtonpost.com/blogs/monkey-cage/wp/2015/04/24/whats-new-in-the-u-s-cyber-strategy/)//clThe United States now believes that deterrence is possible in cyberspace . During the Cold War, a lot of U.S. strategic doctrine rested on the idea of deterrence – that one could prevent attacks on the United States and its allies, by e.g. threatening painful retaliation. Deterrence is a lot harder in cyberspace. It is often hard to be sure exactly who attacked you (the so-called ‘attribution problem’) making punishment problematic. As the then-Deputy Secretary of Defense William Lynn described the problem in a 2010 article in Foreign Affairs: traditional Cold War deterrence models of assured retaliation do not apply to cyberspace, where it is difficult and time consuming to identify an attack’s

perpetrator. Whereas a missile comes with a return address, a computer virus generally does not . The United States has gradually been shifting position and now argues that deterrence is both possible and necessary. The new strategy document says that the United States: must be able to declare or display effective response capabilities to deter an adversary from initiating an attack; develop effective defensive capabilities to deny a potential attack from succeeding; and strengthen the overall resilience of U.S. systems to withstand a potential attack if it penetrates the United States’ defenses. The United States clearly believes that it now has the forensic ability to successfully identify attackers and to punish them. It also believes that it is possible to practice ‘deterrence by denial ’ – making defense systems so effective that attackers will give up in frustration. Finally, the document talks about the need for ‘resilience’ – that is for building systems that are robust enough to survive cyber-attacks. This is a frequent theme in recent discussions of cybersecurity, and appears to now be a substantial plank of U.S. strategy. However, much of the U.S. technology infrastructure is in private hands – it is not at all clear that these capabilities will stretch to cover private as well as military systems.

The U.S. is already working to close up the grey market The United States is starting to stigmatize markets for ‘zero day exploits’. One of the most interesting suggestions in the strategy document is that: A nation-state, non-state group, or individual actor can purchase destructive malware and other capabilities on the black market. State and non-state actors also pay experts to search for vulnerabilities and develop exploits. This practice has created a dangerous and uncontrolled market that serves multiple actors within the international system, often for competing purposes. Here, the United States is referring both to malware and so-called ‘zero day exploits’ — fundamental vulnerabilities in software that allow attackers e.g. to take complete control of a system (the Stuxnet attack used multiple zero day exploits). Clever hackers and specialized firms sell these exploits to the highest bidders in a semi-clandestine market. The United States has reportedly itself bought vulnerabilities on this market in the past, either to use to shore up U.S. defenses, or to exploit against U.S. adversaries. Even so, it makes excellent sense for the United States to try to crack down on these markets . Not only are they hard to control, but they potentially undermine U.S. strategic advantage. Since the United States has far better internal resources than other states, it is better able to develop zero day exploits itself without having to buy them on the open market. Most other states and non-state actors aren’t so lucky. It will be interesting to see if the United States now starts to take action against businesses and individuals who operate in the gray zone buying and selling these exploits.

InherencyThe government already discloses all vulnerabilities—not doing so hurts their own systems Zetter ’15 (Kim Zetter, award-winning, senior staff reporter at Wired covering cybercrime, privacy, and security. She is writing a book about Stuxnet, a digital weapon that was designed to sabotage Iran's nuclear program., “US Used Zero-Day Exploits Before It Had Policies for Them”, 03/30/15, http://www.wired.com/2015/03/us-used-zero-day-exploits-policies/)//clTitled “Vulnerability Equities Process Highlights,” (.pdf) the document appears to have been created July 8, 2010, based on a date in its file name. Vulnerability equities process in the title refers to the process whereby the government assesses zero-day software security holes that it either finds or buys from contractors in order to determine whether they should be disclosed to the software vendor to be patched or kept secret so intelligence agencies can use them to hack into systems as they please. The government’s use of zero-day vulnerabilities is controversial, not least because when it withholds information about software vulnerabilities to exploit them in targeted systems, it leaves every other system that use the same software also vulnerable to being hacked, including U.S. government computers and critical infrastructure systems . According to the document, the equities process grew out of a task force the government formed in 2008 to develop a plan for improving its ability “to use the full spectrum of offensive capabilities to better defend U.S. information systems.” Making use of offensive capabilities likely refers to one of two things: either encouraging the intelligence community to share information about its stockpile of zero-day vulnerabilities so the holes can be patched on government and critical infrastructure systems; or using the NSA’s cyber espionage capabilities to spot and stop digital threats before they reach U.S. systems . This interpretation seems to be supported by a second document (.pdf) released to EFF, which describes how, in 2007, the government realized it could strengthen its cyber defenses “by providing insight from our own offensive capabilities” and “marshal our intelligence collection to prevent intrusions before they happen.”

Withholding information damages government computers and infrastructure systems, making themselves vulnerable to attack—disclosure by default has been happening since 2010 Zetter ’15 (Kim Zetter, award-winning, senior staff reporter at Wired covering cybercrime, privacy, and security. She is writing a book about Stuxnet, a digital weapon that was designed to sabotage Iran's nuclear program., “U.S. Gov Insists It Doesn’t Stockpile Zero-Day Exploits to Hack Enemies”, 07/10/15, http://www.wired.com/2014/11/michael-daniel-no-zero-day-stockpile/clFOR YEARS THE government has refused to talk about or even acknowledge its secret use of zero-day software vulnerabilities to hack into the computers of adversaries and criminal suspects. This year, however, the Obama administration finally acknowledged in a roundabout way what everyone already knew—that the National Security Agency and law enforcement agencies sometimes keep information about software vulnerabilities secret so the government can exploit them for purposes of surveillance and sabotage. Government sources told the New York Times last spring that any time the NSA discovers a major flaw in software it has to disclose the vulnerability to the vendor and others so that the security hole can be patched. But they also said that if the hole has “a clear national security or law enforcement” use, the government can choose to keep information about the vulnerability secret in order to exploit it. This begged the question about just how many vulnerabilities the government has withheld over the

years to exploit. In a new interview about the government’s zero-day policy, Michael Daniel, National Security Council cybersecurity coordinator and special adviser to the president on cybersecurity issues, insists to WIRED that the government doesn’t stockpile large numbers of zero days for use. “[T]here’s often this image that the government has spent a lot of time and effort to discover vulnerabilities that we’ve stockpiled in huge numbers … The reality is just not nearly as stark or as interesting as that,” he says. Zero-day vulnerabilities are software security holes that are not known to the software vendor and are therefore unpatched and open to attack by hackers and others. A zero-day exploit is the malicious code crafted to attack such a hole to gain entry to a computer. When security researchers uncover zero-day vulnerabilities, they generally disclose them to the vendor so they can be patched. But when the government wants to exploit a hole, it withholds the information, leaving all computers that contain the flaw open to attack—including U.S. government computers, critical infrastructure systems and the computers of average users. Daniel says the government’s retention of zero-days for exploitation is the exception, not the rule, and that the policy for disclosing zero-day vulnerabilities by default —aside from special-use cases— is not new but has been in place since 2010. He won’t say how many zero-days the government has disclosed in the four years since the policy went into effect or how many it may have been withholding and exploiting before the policy was established. But during an appearance at Stanford University earlier this month, Admiral Mike Rogers, who replaced retiring Gen. Keith Alexander as the NSA’s new director last spring, said that “by orders of magnitude, the greatest numbers of vulnerabilities we find, we share.” That statement, however, appears to contradict what a government-appointed review board said last year. So WIRED spoke with Daniel in an effort to get some clarity on this and other questions about the government’s zero-day policy. Timeline of Policy in Question. Last December, the President’s Review Group on Intelligence and Communications Technologies seemed to suggest the government had no policy in place for disclosing zero days when it recommended in a public report that only in rare instances should the U.S. government authorize the use of zero-day exploits, and then only for “high priority intelligence collection.” The review board, convened by President Obama in the wake of Edward Snowden’s revelations about the NSA’s surveillance activities, produced its lengthy report (.pdf) to provide recommendations for reforming the intelligence community’s activities. The report made a number of recommendations on various topics, but the one addressing zero-days was notable because it was the first time the government’s use of exploits was acknowledged in such a forum. The review board asserted that “in almost all instances, for widely used code, it is in the national interest to eliminate software vulnerabilities rather than to use them for US intelligence collection.” The board also said that decisions about withholding a vulnerability for purposes of exploitation should only be made “following senior, interagency review involving all appropriate departments.” And when the government does decide to withhold information about a zero-day hole to exploit it, that decision should have an expiration date.

Disclosure is in the NSA’s interest—it’s more important that their systems are secure Daniel ’14 (Michael Daniel, Special Assistant to the President and the Cybersecurity Coordinator, “Heartbleed: Understanding When We Disclose Cyber Vulnerabilities”, 04/28/14, https://www.whitehouse.gov/blog/2014/04/28/heartbleed-understanding-when-we-disclose-cyber-vulnerabilities)//clWhen President Truman created the National Security Agency in 1952, its very existence was not publicly disclosed. Earlier this month, the NSA sent out a Tweet making clear that it did not know

about the recently discovered vulnerability in OpenSSL known as Heartbleed. For an agency whose acronym was once said to stand for “No Such Agency,” this step was unusual but consistent with NSA’s efforts to appropriately inform the ongoing discussion related to how it conducts its missions. While we had no prior knowledge of the existence of Heartbleed, this case has re-ignited debate about whether the federal government should ever withhold knowledge of a computer vulnerability from the public. As with so many national security issues, the answer may seem clear to some, but the reality is much more complicated. One thing is clear: This administration takes seriously its commitment to an open and interoperable, secure and reliable Internet, and in the majority of cases, responsibly disclosing a newly discovered vulnerability is clearly in the national interest. This has been and continues to be the case. This spring, we re-invigorated our efforts to implement existing policy with respect to disclosing vulnerabilities – so that everyone can have confidence in the integrity of the process we use to make these decisions. We rely on the Internet and connected systems for much of our daily lives. Our economy would not function without them. Our ability to project power abroad would be crippled if we could not depend on them. For these reasons, disclosing vulnerabilities usually makes sense. We need these systems to be secure as much as, if not more so, than everyone else. But there are legitimate pros and cons to the decision to disclose, and the trade-offs between prompt disclosure and withholding knowledge of some vulnerabilities for a limited time can have significant consequences. Disclosing a vulnerability can mean that we forego an opportunity to collect crucial intelligence that could thwart a terrorist attack stop the theft of our nation’s intellectual property, or even discover more dangerous vulnerabilities that are being used by hackers or other adversaries to exploit our networks.

SQ solves—NTIA’s new launch of the multistakeholder process and ramp up of cybercrime enforcement ensures more disclosure Carman ’15 (Ashley Carman, editorial assistant, “Government agency initiates vulnerability disclosure discussions”, 07/10/15, http://www.scmagazine.com/ntia-launches-new-process-to-discuss-cybersecurity/article/425879/)//clThe National Telecommunications and Information Administration (NTIA) announced on Thursday plans to launch its first cybersecurity "multistakeholder process" with a focus on vulnerability disclosure. “The goal of this process will be to bring together security researchers, software vendors, and those interested in a more secure digital ecosystem to create common principles and best practices around the disclosure of and response to new security vulnerability information,” Angela Simpson, deputy assistant secretary for communications and information, wrote in an agency blog post. The agency will host a kickoff meeting in September, which it will likely host in San Francisco, and all meetings will be virtually broadcasted, as well. NTIA requested comments in March for input on what the focus of its cybersecurity process should be. Companies , including Rapid7 and Cloudflare, as well as independent organizations, including the American Civil Liberties Union and the Center for Internet Security, submitted thoughts. Many respondents mentioned vulnerability disclosure in their comments. Rapid7, for instance, wrote: “Identifying, investigating, and disclosing vulnerabilities in technical systems is a key step towards reducing these [threats] and mitigating attacks.” Along with the announcement of NTIA's program came an

updated fact sheet from the White House on President Obama's cybersecurity initiative. The sheet details work with other countries, such as with Japan, to coordinate on cyber issues, and also mentions how the government upped its cybercrime enforcement since the beginning of this year.

IP theft

No risk of global nuclear war. Large countries are economically tied to each other—war would be devastating to their economy.Aziz 14- economics and business correspondent (John Aziz “Don't worry: World War III will almost certainly never happen” http://theweek.com/articles/449783/dont-worry-world-war-iii-almost-certainly-never-happen , TS)

This is certainly a view that current data supports. Steven Pinker's studies into the decline of violence reveal that deaths from war have fallen and fallen since World War II . But we should not just assume that the past is an accurate guide to

the future. Instead, we must look at the factors which have led to the reduction in war and try to conclude whether the decrease in war

is sustainable. So what's changed? Well, the first big change after the last world war was the arrival of mutually assured destruction. It's no coincidence that the end of the last global war coincided with the invention of atomic weapons. The possibility of complete annihilation provided a huge disincentive to launching and expanding total wars. Instead, the great powers now fight proxy wars like Vietnam and Afghanistan (the 1980 version, that is), rather than letting their rivalries expand into full-on, globe-spanning struggles against each other. Sure, accidents could happen, but the possibility is incredibly remote. More importantly, nobody in power wants to be the cause of Armageddon. But what about a non-nuclear global war? Other changes — economic and social in nature — have made that highly unlikely too. The world has become much more economically interconnected since the last global war. Economic cooperation treaties and free trade agreements have intertwined the economies of countries around the world. This has meant there has been a huge rise in the volume of global trade since World War II, and especially since the 1980s. Today consumer goods like smartphones, laptops, cars, jewelery, food, cosmetics, and medicine are produced on a global level, with supply-chains criss-crossing the planet. An example: The laptop I am typing this on is the cumulative culmination of thousands of hours of work, as well as resources and manufacturing

processes across the globe. It incorporates metals like tellurium, indium, cobalt, gallium, and manganese mined in Africa. Neodymium mined in China. Plastics forged out of oil, perhaps from Saudi Arabia, or Russia, or Venezuela. Aluminum from bauxite, perhaps mined in Brazil. Iron, perhaps mined in Australia. These raw materials are turned into components — memory manufactured in Korea, semiconductors forged in Germany, glass made in the United States. And it takes gallons and gallons of oil to ship all the resources and components back and forth around the world, until they are finally assembled in China, and shipped once again around the world to the consumer. In a global war, global trade becomes a nightmare. Shipping becomes more expensive due to higher insurance costs, and riskier because it's subject to seizures, blockades, ship sinkings. Many goods, intermediate components or resources — including energy supplies like coal and oil, components for military hardware, etc, may become temporarily unavailable in certain areas. Sometimes — such as occurred in the Siege of Leningrad during World War II — the supply of food can be cut off. This is why countries hold strategic reserves of things like helium, pork, rare earth metals and oil, coal, and gas. These kinds of breakdowns were troublesome enough in the economic landscape of the early and mid-20th century, when the last global wars occurred. But in today's ultra-globalized and ultra-specialized economy? The level of economic adaptation — even for large countries like Russia and the United States with lots of land and natural resources — required to adapt to a world war would be crushing, and huge numbers of business and livelihoods would be wiped out.

Advancement of technology allows for citizens to be more aware of the “enemy” with less government bias. This new empathetic awareness makes it difficult to go to war.Aziz 14- economics and business correspondent (John Aziz “Don't worry: World War III will almost certainly never happen” http://theweek.com/articles/449783/dont-worry-world-war-iii-almost-certainly-never-happen , TS)Other changes have been social in nature. Obviously, democratic countries do not tend to go to war with each other , and the spread of liberal democracy is correlated

against the decrease in war around the world. But the spread of internet technology and social media has brought the world much closer together , too. As late as the last world war, populations were separated from each other by physical distance, by language barriers, and by lack of mass communication tools. This means that it was easy for war-mongering politicians to sell a population on the idea that the enemy is evil . It's hard to empathize with people who you only see in slanted government propaganda reels. Today, people from enemy countries can come together in cyberspace and find out that the "enemy" is not so different, as occurred in the Iran-Israel solidarity movement of 2012. More importantly, violent incidents and deaths can be broadcast to the world much more easily. Public shock and disgust at the brutal reality of war broadcast over YouTube and Facebook makes it much more difficult for governments to carry out large scale military aggressions . For example, the Kremlin's own pollster today released a survey showing that 73 percent of Russians disapprove of Putin's handling of the Ukraine crisis, with only 15 percent of the nation supporting a response to the overthrow of the government in Kiev. There are, of course, a few countries like North Korea that deny their citizens access to information that might contradict the government's propaganda line. And sometimes countries ignore mass anti-war protests — as occurred prior to the Iraq invasion of 2003 — but generally a more connected, open, empathetic and democratic world has made it much harder for war-mongers to go to war.

No war impact. Incentives for war are diminishing as the world develops.Aziz 14- economics and business correspondent (John Aziz “Don't worry: World War III will almost certainly never happen” http://theweek.com/articles/449783/dont-worry-world-war-iii-almost-certainly-never-happen , TS)The greatest trend, though, may be that the world as a whole is getting richer. Fundamentally, wars arise out of one

group of people deciding that they want whatever another group has — land, tools, resources, money, friends, sexual partners, empire, prestige — and deciding to take it by force . Or they arise as a result of grudges or hatreds from previous wars of the first kind . We don't quite live in a superabundant world yet, but the long march of human ingenuity is making basic human wants like clothing, water, food, shelter, warmth, entertainment, recreation, and medicine more ubiquitous throughout the world . This means that countries are less desperate to go to war to seize other people's stuff . Now, the future is infinite and today's trends don't last forever. Declarations of the " end of history " often come back to haunt those who make them, and I am well aware that a world war is still possible . Trying to predict the actions of nations in the present is hard enough, and further into the future becomes exponentially more difficult. (Then again, my take is like Pascal's Wager: If I'm wrong, who's going to be around to tell me so?) Further into the future, severe climate change, and resource depletion, for example, could lead to new pressures to go to war (although climate mitigation and adaptation as well as recycling technologies mean both of these possibilities are avoidable). The development of robotic soldiers and drones may make it easier for countries (or even corporations) to go to war. Technical errors, computer glitches, or diplomatic misunderstandings can lead to war. Terrorism, inequality, and internal political or civil strife can all create the pressure for war. But the tendency toward inertia is strong . It is clear at least that the incentives for world war are far lower than they were in previous decades, and the disincentives are growing. The apocalyptic visions of a new world war between nations or empires that three generations of children have been raised into continue to diminish.

Russian Aggression/ModernizationNo modernization now, especially with recent sanctionsKoshkin ’15 (Pavel Koshkin, Deputy Editor-in-Chief of Russia Direct and a contributing writer to Russia Beyond The Headlines, “To innovate, Russia needs to unchain itself from state control”, 07/14/15, http://www.russia-direct.org/qa/innovate-russia-needs-unchain-itself-state-control)/cl RD: What are the chances of Russia to innovate its economy during a period of economic isolation from the West’s leading countries, the extended sanctions and the plight of its sciences (underfunding, little global exposure, brain drain)? D.F.: Basically, if you remember what Albert Einstein said, innovation is invented by getting out of the usual world: “We cannot solve a problem by using the same kind of thinking we used when we created them.” So, usually people, who are inventing, they are people who have different approaches to the existing society. And it is very difficult for Russian society, which is based on vertical and very strong power to go for innovation, because innovation needs what Russia’s former President Dmitry Medvedev described as raskreposchenie [“emancipation” in English]. There is no modernization, no innovation without raskreposchenie . And this is not really present in Russian society. The Russian economy is based on big companies, which are really not ready for innovation, because innovation is appearing in the world, where the rules of the game are different. If you take the Red October center, it is a good example: It is not innovation coming from the government. That’s the reason why the Skolkovo project is not very effective.

Putin cares more about his developing economy than expansion Stewart ’14 (James B. Stewart, American lawyer, journalist, and author and member of the Bar of New York and Bloomberg Professor of Business and Economic Journalism at the Columbia University Graduate School of Journalism, “Why Russia Can’t Afford Another Cold War”, http://www.nytimes.com/2014/03/08/business/why-russia-cant-afford-another-cold-war.html?_r=0)//clRussian troops pour over a border. An autocratic Russian leader blames the United States and unspecified “radicals and nationalists” for meddling. A puppet leader pledges fealty to Moscow. It’s no wonder the crisis in Ukraine this week drew comparisons to Hungary in 1956 and Czechoslovakia in 1968 o r that a chorus of pundits proclaimed the re-emergence of the Cold War. But there’s at least one major difference between then and now: Moscow has a stock market. Under the autocratic grip of President Vladimir Putin, Russia may be a democracy in name only, but the gyrations of the Moscow stock exchange provided a minute-by-minute referendum on his military and diplomatic actions. On Monday, the Russian stock market index, the RTSI, fell more than 12 percent, in what a Russian official called panic selling. The plunge wiped out nearly $60 billion in asset value — more than the exorbitant cost of the Sochi Olympics. The ruble plunged on currency markets, forcing the Russian central bank to raise interest rates by one and a half percentage points to defend the currency. Mr. Putin “seems to have stopped a potential invasion of Eastern Ukraine because the RTS index slumped by 12 percent” on Monday, said Anders Aslund, a senior fellow at the Peterson Institute for International

Economics in Washington. On Tuesday, as soon as Mr. Putin said he saw no need for further Russian military intervention, the Russian market rebounded by 6 percent . With tensions on the rise once more on Friday, the Russian market may again gyrate when it opens on Monday. Mr. Putin seems to be “following the old Soviet playbook,” in Ukraine, Strobe Talbott, an expert on the history of the Cold War, told me this week. “But back then, there was no concern about what would happen to the Soviet stock market. If, in fact, Putin is cooling his jets and might even blink, it’s probably because of rising concern about the price Russia would have to pay.” Mr. Talbott is the president of the Brookings Institution, a former ambassador at large who oversaw the breakup of the former Soviet Union during the Clinton administration and the author of “The Russia Hand.” Russia is far more exposed to market fluctuations than many countries, since it owns a majority stake in a number of the country’s largest companies. Gazprom, the energy concern that is Russia’s largest company by market capitalization, is majority-owned by the Russian Federation. At the same time, Gazprom’s shares are listed on the London stock exchange and are traded over the counter as American depositary receipts in the United States as well as on the Berlin and Paris exchanges. Over half of its shareholders are American, according to J. P. Morgan Securities. And the custodian bank for its depository receipts is the Bank of New York Mellon. Many Russian companies and banks are fully integrated into the global financial system. This week, Glencore Xstrata, the mining giant based in Switzerland, was in the middle of a roughly $1 billion debt-to-equity refinancing deal with the Russian oil company Russneft. Glencore said it expected to complete the deal despite the crisis. Glencore’s revenue last year was substantially larger than the entire gross domestic product of Ukraine, which was $176 billion, according to the World Bank.

It’s all fear mongering—despite Ukraine, Russia won’t invade any further because it’s too economically unstable Stewart ’14 (James B. Stewart, American lawyer, journalist, and author and member of the Bar of New York and Bloomberg Professor of Business and Economic Journalism at the Columbia University Graduate School of Journalism, “Why Russia Can’t Afford Another Cold War”, http://www.nytimes.com/2014/03/08/business/why-russia-cant-afford-another-cold-war.html?_r=0)//clEven before this week’s gyrations, the Russian stock market index had dropped near 8 percent last year, and it and the Russian economy have been suffering from low commodity prices and investor concerns about the Federal Reserve’s tapering of bond purchases — factors of little significance during the Cold War. By contrast, today “ Russia is too weak and vulnerable economically to go to war, ” Mr. Aslund said. “ The Kremlin’s fundamental mistake has been to ignore its economic weakness and dependence on Europe. Almost half of Russia’s exports go to Europe, and three-quarters of its total exports consist of oil and gas. The energy boom is over, and Europe can turn the tables on Russia after its prior gas supply cuts in 2006 and 2009. Europe can replace this gas with liquefied natural gas, gas from Norway and shale gas. If the European Union sanctioned Russia’s gas supply to Europe, Russia would lose $100 billion or one-fifth of its export revenues, and the Russian economy would be in rampant crisis.” Mr. Putin may be “living in another world,” as the German chancellor, Angela Merkel, put it this week, but surely even he recognizes that the world has changed drastically since 1956 or 1968. He has no doubt been getting an earful from his wealthy oligarch friends, many of whom run Russia’s largest companies and have stashed their personal assets in places like London and New York. The oligarchs “would not dare to challenge him,” a prominent Russian economist told me. (He asked not to be

named for fear of retribution.) “But they would say something like they would have to lay off workers and reduce tax payments.” During the Cold War, there were few, if any, Russian billionaires. Today, there are 111, according to Forbes magazine’s latest rankings, and Russia ranks third in the number of billionaires, behind the United States and China. The economist noted that the billionaire Russian elite — who are pretty much synonymous with Mr. Putin’s friends and allies — are the ones who would be severely affected by visa bans, which were imposed by President Obama on Thursday. Other penalties might include asset freezes. Many Russian oligarchs have real estate and other assets in Europe and the United States, like the Central Park West penthouse a trust set up by the Russian tycoon Dmitry Rybolovlev bought for $88 million. “This is what may have already forced Putin to retreat,” the Russian economist said. And while the Cold War was a global contest between Marxism and capitalism, there is today “no real ideological component to the conflict except that Putin has become the personification of rejecting the West as a model,” Mr. Talbott said. “He wants to promote a Eurasian community dominated by Moscow, but that’s not an ideology. Russia’s economy may be an example of crony capitalism, but it is capitalism. There’s not even a shadow of Marxism-Leninism now.”What brought down the old Soviet Union and ended the Cold War “was the economic imperative to make Russia into a modern, efficient, normal state, a player in the international economy , not because of military power but because of a strong economy ,” Mr. Talbott continued. But “to have a modern economy, you need the rule of law and a free press.” Mr. Putin, he said, “isn’t advancing Russia’s progress.” The Russian economist agreed. “The pre-2008 social compact was that Putin would rule Russia while Russians would see growing incomes,” he said. “Now, the growth has stalled, and he needs ideology, coupled with propaganda and repressions. Apparently, the Soviet restoration is the only ideology he can come up with.” Russia does have uniquely strong ties to Ukraine. “Of all the former provinces of the old Soviet Union, it’s the most painful to have lost and the one many Russians would most want to have back,” Mr. Talbott said. “The ties between Kiev and Moscow go back over 300 years. Ukraine is the heart of Russian culture.” With Russian troops entrenched in the Crimean peninsula and some Russian Ukrainians clamoring for annexation, there may be little the United States or its allies can do to restore the status quo. “Containment, in a muted and modified way, will once again be the strategy of the West and the mission of NATO,” Mr. Talbott predicted. But not another Cold War, which is surely a good thing. “A propaganda war is completely feasible,” the Russian economist said. “The recent events were completely irrational, angering the West for no reason. This is what is most scary, especially for businesses. Instead of reforming the stagnating economy, Putin scared everybody for no reason and with no gain in sight. So it is hard to predict his next actions. But I think a real Cold War is unlikely.”

Solvency

Obama allows for NSA circumvention of zero days policies Sanger 14- specializes in the confluence of economic and foreign policy (David E. Sanger, “Obama Lets N.S.A. Exploit Some Internet Flaws, Officials Say” APRIL 12, 2014 http://www.nytimes.com/2014/04/13/us/politics/obama-lets-nsa-exploit-some-internet-flaws-officials-say.html?_r=0 , TS)

Stepping into a heated debate within the nation’s intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security , it should — in most circumstances — reveal them to assure that they

will be fixed, rather than keep mum so that the flaws can be used in espionage or cyberattacks, senior administration officials said Saturday. But Mr. Obama carved a broad exception for “a clear national security or law enforcement need,” the officials said, a loophole that is likely to allow the N.S.A. to continue to exploit security flaws both to crack encryption on the Internet and to design cyberweapons. The White House has never publicly detailed Mr. Obama’s decision, which he made in January as he began a three-month review of recommendations by a presidential advisory committee on what to do in response to recent disclosures about the National Security Agency.

US policies won’t spill over. Obama has tainted America’s influence.Hoskinson 15- covered congressional affairs, defense and foreign policy. He is a former Army officer and a graduate of George Washington University and the University of South Florida. (Charles Hoskinson “Whatever happened to U.S. influence?” March 9th 2015 http://www.washingtonexaminer.com/what-happened-to-us-influence/article/2561119 , TS)Around the world, Obama's presidency has damaged the image and interests of the United States among governments and populations, even those traditionally considered allies. Some of those who criticized Bush's policies now look back with relative respect to his tenure. Obama insists his

policies have made the nation safer, but even some of those who once supported him strongly disagree. Policies he touted as successes have contributed to new headaches in a world that has become more chaotic as the old international order crumbled and Washington retreated from its traditional leadership. Amid calls for an urgent change in direction, the administration in February released a new national security strategy that was immediately slammed as passive and unfocused, relying on "strategic patience" toward an international landscape that is more chaotic than administration officials and other experts have ever seen. "We need to bring clarity to our efforts before we lose the confidence of the American people and the support of our potential allies," wrote retired Marine Gen. James Mattis, former U.S. commander in the Middle East, in February, repeating what he had told the Senate Armed Services Committee a month earlier. Criticism of the president's foreign policy comes, too, from the heart of the establishment, many of whose members initially backed and advised him. "In the end, making the national security system work comes down to one factor, one man: Barack Obama. He's the key problem, and he's the only one who can bring about a solution," Council on Foreign Relations Chairman Leslie H. Gelb wrote Jan. 14 in the Daily Beast, calling for a top-to-bottom shake-up of the president's foreign policy team. The public has taken notice, with larger percentages preferring Republicans on foreign policy over the Obama-led Democrats. A Feb. 18-22 Pew Research Center survey showed a 13-point edge for GOP over Democrats when participants were asked which party would do a better job on foreign policy. This is the most significant lead for Republicans since 2002, before the Iraq War eroded their standing on that issue. People around the world are noticing, too. In just about every crisis zone, the administration's actions and inactions have frustrated allies and partners and hurt American interests .

U.S PrimacyU.S. primacy is useless; military power is ineffective in solving for international problems, especially Russia Everts ‘02 (Steven Everts, the Personal Representative of the SG/HR for Energy and Foreign Policy at the Council of the European Union in Brussels and a senior research fellow with the London-based Centre for European Reform and director of its transatlantic programme, “Is military power still the key to international security?”, http://www.nato.int/docu/review/2002/Managing-Crisis/military-power-key-international-security/EN/index.htm)//clThe question of the relative importance of military power in achieving foreign policy goals in today's world is crucial. Achieving transatlantic consensus on this strategic, overarching issue is perhaps even more important than getting agreement on policy towards Iraq, Israel-Palestine or the International Criminal Court. It is clear that tackling the vast majority of today's global problems requires a careful mix of hard and soft security instruments. We can probably agree that the international security environment has moved on decisively from the bad old days of the Cold War, with its familiar lexicon of détente and deterrence. In this post-post Cold War era, we have moved from risks to threats: from the single risk of a thermo-nuclear exchange to the multiple threats of globalised insecurity. As a result, we have a much more diffuse security environment to contend with. Between black and white, there are now a thousands shades of grey. One of the consequences of this transition is that military power has become less important, because it is often ill-suited to solve the complex political and security problems we face. Whether the issue is messianic terrorism, weapons proliferation, failed states, managing regional conflicts or whatever other international problem one may care to name, the conclusion is always the same. Solving these problems is hard. But states that can draw on the full spectrum of available instruments and which have a demonstrable desire to work with like-minded partners, stand a much greater chance of success. It is for this pragmatic reason that I am concerned with the current trend towards over-militarisation in the United States . Unlike some on the European left, I have no problem with US power. Constructive and multi-faceted US international engagement is clearly needed in a world beset by rising levels of international tension. But I do believe that the trend towards spending ever more on defence - now comfortably over $1 billion a day - while allocating pitiful sums of money to non-military forms of international engagement is unhelpful, because it means that fewer resources are directed at actually resolving international problems . To illustrate: the percentage of the federal budget devoted to international affairs excluding defence spending - such as the excellent Nunn-Lugar programmes aimed at preventing Russian nuclear weapons and materials getting into the wrong hands - has fallen from four per cent in the 1960s, via two per cent in the 1970s, to just over one per cent today. Of course, overwhelming military force can be necessary and effective in certain circumstances, as in the campaign against the Taliban in Afghanistan. But military force alone rarely works, even in the medium-term. Just consider Afghanistan today. More broadly, I don't think that "full-spectrum dominance" alone will help the United States win its war on terror. Defeating terrorism is essentially a job for intelligence and police authorities and of winning hearts and minds, as Europeans have learned - usually the hard way. Nor will it help anchor Russia in a West-leaning direction, manage the integration of China into the global system, or promote a peace settlement in the Middle East. The instruments states have at their disposal inevitably have a knock-on effect on their "world view". Increasingly, US behaviour reminds me of the saying: "If the only instrument you have is a hammer all your problems start looking like a nail." The rather Hobbesian worldview of the new National Security Strategy, with a doctrine of pre-emptive strike as its centre piece, has added ammunition to European fears that on the all-important question of global strategy Europe and the United States are drifting apart. In response to European gripes about US unilateralism, Americans often point to Europe's pathetic levels of defence spending.

Clearly, there is a strong case for Europe to improve its hard security capabilities. Thankfully, some countries - like France and the United Kingdom - are now increasing their defence spending. Like many analysts I subscribe to the mantra that without more, and smarter defence spending Europe will fail to realise its foreign policy ambitions. In debates among Europeans, I argue for boosting European military capabilities, not to "please" Americans but so that Europe can fulfil the tasks that it has set for itself - both in NATO and the European Union. Military power is often ill-suited to solve the complex political and security problems we face. But there are three perfectly sensible reasons for Europe's reluctance to prioritise defence spending. First, US choices in these matters are leaving a security vacuum that Europe must fill. Put simply, if the United States is not doing conflict prevention or post-conflict reconstruction, who will? Second, many Europeans are sceptical whether more defence capabilities will, as some analysts argue, get them more influence in Washington. The tendency in the United States, particularly with this administration, is first to decide strategy and then to push and cajole allies to support it. The phrase used in Europe - only partly tongue-in-cheek - is that the United States is not looking for coalitions of the willing and able but of the willing and compliant. Third, we come back to the question of effectiveness. If military force is only useful for a small and perhaps shrinking set of international problems - and often only for a short period of time - then what is the point , many Europeans wonder, in spending much more on defence ? Clearly we need a frank transatlantic debate over what counts as the most important global problems (the "mad men and loose nukes" agenda versus the dark side of globalisation), and over which strategies work best (unilateral military force and pre-emptive strikes or broad-based coalitions and a mix of hard and soft security). These days it is almost mandatory in Washington to lambast Europeans for their failure to spend adequately on defence. But upon reflection it should be clear that the imbalance on the US side is greater and more troubling. I look forward to the day when the United States realises that it has got its spending priorities wrong. US-style military supremacy may make the country feel important - but it does little for solving the growing problems of a troubled world.

Can’t solve power conflict—only a waste of resourcesWalt ’11 (Stephen M. Walt, the Robert and Renée Belfer professor of international relations at Harvard University, “Is America Addicted to War? The top 5 reasons why we keep getting into foolish fights.”, 04/04/11, http://foreignpolicy.com/2011/04/04/is-america-addicted-to-war/)//clThe United States started out as 13 small and vulnerable colonies clinging to the east coast of North America. Over the next century, those original 13 states expanded all the way across the continent , subjugating or exterminating the native population and wresting Texas, New Mexico, Arizona and California from Mexico. It fought a bitter civil war, acquired a modest set of overseas colonies, and came late to both world wars. But since becoming a great power around 1900, it has fought nearly a dozen genuine wars and engaged in countless military interventions. Yet Americans think of themselves as a peace-loving people, and we certainly don’t regard our country as a “warrior nation” or “garrison state.” Teddy Roosevelt was probably the last U.S. president who seemed to view war as an activity to be welcomed (he once remarked that “A just war is in the long run far better for a man’s soul than the most prosperous peace”), and subsequent presidents always portray themselves as going to war with great reluctance, and only as a last resort. In 2008, Americans elected Barack Obama in part because they thought he would be different from his predecessor on a host of issues, but especially in his approach to the use of armed force. It was clear to nearly everyone that George W. Bush had launched a

foolish and unnecessary war in Iraq, and then compounded the error by mismanaging it (and the war in Afghanistan too). So Americans chose a candidate who had opposed Bush’s war in Iraq and could bring U.S. commitments back in line with our resources. Above all, Americans thought Obama would be a lot more thoughtful about where and how to use force, and that he understood the limits of this crudest of policy tools. The Norwegian Nobel Committee seems to have thought so too, when they awarded him the Nobel Peace Prize not for anything he had done, but for what it hoped he might do henceforth. Yet a mere two years later, we find ourselves back in the fray once again. Since taking office, Obama has escalated U.S. involvement in Afghanistan and launched a new war against Libya. As in Iraq, the real purpose of our intervention is regime change at the point of a gun. At first we hoped that most of the guns would be in the hands of the Europeans, or the hands of the rebel forces arrayed against Muammar al-Qaddafi, but it’s increasingly clear that U.S. military forces, CIA operatives and foreign weapons supplies are going to be necessary to finish the job. Moreover, as Alan Kuperman of the University of Texas and Steve Chapman of the Chicago Tribune have now shown, the claim that the United States had to act to prevent Libyan tyrant Muammar al-Qaddafi from slaughtering tens of thousands of innocent civilians in Benghazi does not stand up to even casual scrutiny. Although everyone recognizes that Qaddafi is a brutal ruler, his forces did not conduct deliberate, large-scale massacres in any of the cities he has recaptured, and his violent threats to wreak vengeance on Benghazi were directed at those who continued to resist his rule, not at innocent bystanders. There is no question that Qaddafi is a tyrant with few (if any) redemptive qualities, but the threat of a bloodbath that would “[stain] the conscience of the world” (as Obama put it) was slight. It remains to be seen whether this latest lurch into war will pay off or not, and whether the United States and its allies will have saved lives or squandered them. But the real question we should be asking is: Why does this keep happening? Why do such different presidents keep doing such similar things? How can an electorate that seemed sick of war in 2008 watch passively while one war escalates in 2009 and another one gets launched in 2011? How can two political parties that are locked in a nasty partisan fight over every nickel in the government budget sit blithely by and watch a president start running up a $100 million per day tab in this latest adventure? What is going on here?

No one is strong enough to counter U.S. hegemony—continuing overstretch only makes us weaker Walt ’11 (Stephen M. Walt, the Robert and Renée Belfer professor of international relations at Harvard University, “Is America Addicted to War? The top 5 reasons why we keep getting into foolish fights.”, 04/04/11, http://foreignpolicy.com/2011/04/04/is-america-addicted-to-war/)//clA second factor that permits the United States to keep waging these optional wars is the fact that the end of the Cold War left the United States in a remarkably safe position. There are no great powers in the Western hemisphere ; we have no “peer competitors” anywhere (though China may become one sooner if we keep squandering our power foolishly); and there is no country anywhere that could entertain the idea of attacking America without inviting its own destruction. We do face a vexing terrorism problem, but that danger is probably exaggerated, is partly a reaction to our tendency to meddle in other countries , and is best managed in other ways. It’s really quite ironic: Because the American homeland is safe from serious external dangers (which is a good thing), Americans have the luxury of going abroad “in

search of monsters to destro y” (which is not). If Americans were really worried about having to defend our own soil against a powerful adversary, we wouldn’t be wasting time and money on feel-good projects like the Libyan crusade. But our exceptionally favorable geopolitical position allows us to do these things, even when they don’t make a lot of strategic sense.