**Internal Link 2NC/1NR- CISA DISADVANTAGE- Internal Link- ANSWERS TO: No Spillover
Issues do spillover- the plan would have repercussions for CISA
ESHBAUGH-SOHA, 2005 Matthew, T¶ EXAS¶ T¶ ECH¶ U¶ NIVERSITY, “The Politics of Presidential Agendas” June http://www.psci.unt.edu/~EshbaughSoha/jun05prq.pdf
Two scholars have explored the determinants of the president's policy agenda. Light (1099) notes that information, expertise, and political capital are a premium in the presidents agenda decisions, and that presidents have the most potential to shape the legislative agenda early in their tenure. He shows how these factors influence the types of policies on the president's agenda, without confirming his inferences through hypothesis testing (see King 1993). Peterson (1990) also studies the president's agenda. He analyzes the contextual environment and its impact on whether presidents prefer large or small, and new or old policies. Although he finds that the Congressional environment is important in the president's agenda decisions, seemingly relevant variables such as the federal budget deficit are statistically insignificant. ¶ The underlying premise of agenda-setting research is that the president should be able to package policy priorities so as to increase the likelihood of their adoption. Doing so may require presidents to assess the probability that a proposal will be successful depending on contextual circumstances, such as Congressional makeup. Nevertheless. Peterson (1990: 20"-08) finds little impact of the contextual environment on presidential policies, bringing into question the conventional wisdom that presidents can package their agendas strategically to increase their success in Congress (Bond and Fleisher 1990; Edwards 1989). With this in mind, I rely on agenda-setting and anticipative reactions theories to argue that fiscal and political factors should affect the content of the presidents yearly domestic policy agenda from 1949-2000. Lacking any readily available data source to test this argument. I also advance a new policy typology that categorizes domestic policies across both time and importance dimensions. 1 use the number of yearly policies for each policy type (.major, minor, incremental, and meteoric) as dependent variables in four separate analyses. To account for the yearly changes in the political environment. I offer a time-series analysis of several hypotheses. I argue that presidents seek to optimize their domestic policy preferences, and because their success depends on broad legislative cooperation, presidents anticipate the reaction of Congress and support or propose different policies accordingly in their yearly domestic policy agendas.1
**Impact 2NC/1NR- CISA DISADVANTAGE- ANSWERS TO: Economic Decline /= War Extend our 1NC Royal evidence- Royal cites multiple statistical correlations between economic decline and an increase in conflict. First, is the rally around the flag effect, bad economic times result in leaders creating conflict to divert attention away from crises. Second, is resource shortages. Bad economic times create the impetus for conflict over scarce resources 2NC/1NR- CISA DISADVANTAGE- ANSWERS TO: CISA Good CISA is bad- does little to protect against cyber attacks and hinders privacy protections
Laperruque 2015- Jake, fellow on Privacy, Surveillance, and Security. Jake previously served as a law clerk for Senator Al Franken on the Subcommittee on Privacy, Technology, and the Law, and as a policy fellow for Senator Robert Menendez. “How the OPM Hack Demonstrates the Need to Improve CISA” https://cdt.org/blog/how-the-opm-hack-demonstrates-the-need-to-improve-cisa/
The recent mass breach of computers at the Office of Personnel Management (OPM) has increased pressure on Congress to act to enhance cybersecurity. However, the OPM hack demonstrates the importance of strengthening the Cybersecurity Information Sharing Act (CISA, S. 754) in two important ways that would not undermine the goals of the legislation. First, information shared under the bill by the private sector with the government should go to the Department of Homeland Security National Cybersecurity and Communications Integration Center (DHS NCCIC) and not to any government agency, as would be permitted under the current bill. This would direct the flow of cyber threat indicators to an entity that was created to receive and protect them. Second, the requirements to eliminate personal information from cyber threat indicators before they are shared should be strengthened. If less personal information is shared, less personal information is available to the bad guys when they break in.¶ CISA Should Direct the Cyber Threat Indicators that Companies Share to the DHS NCCIC¶ CISA authorizes private entities share cyber threat indicators (CTI’s) with any department or agency within the federal government (Sec. 3(c)(1)). Many agencies do not have the operational ability to receive, store, and process these data, or – as the OPM breach demonstrates – the security protocols and experiences to adequately protect personal information.¶ A far better path would be to follow the model of Rep. McCaul’s National Cybersecurity Protection Advancement Act (H.R. 1731), passed in the House earlier this year. That legislation required that companies sharing cyberthreat indicators share them with the DHS NCCIC. The NCCIC was created to receive, process, and protect sensitive cyber data. Requiring all private-to-government sharing be directed at this entity would enhance data security and operational functionality.¶ CISA Should Require Implementation of Adequate Privacy Protections Before Information Is Shared.¶ CISA requires that all information shared with the federal government be automatically and instantaneously shared with a range of federal entities (Sec. 5(a)(3)(A)(i)).[1] However, this sharing would occur without full application of privacy protections. The bill requires that automated sharing occur in “real-time” without any “delay, modification, or any other action” that would impede instantaneous receipt by all other designated agencies (Sec. 5(a)(3)(A)(i)). This would prohibit any privacy protections – including redaction and removal of unnecessary personal information – that would require any human effort or review.¶ Thus under CISA, personal data could be instantly distributed to over half a dozen federal departments without adequate privacy protections, and would then be vulnerable if computer networks in any of these entities were breached. In contrast, the Protecting Cyber Networks Act (H.R. 1560, passed in the House earlier this year) requires sharing not be subject to “delay, modification, or any other action without good cause that could impede receipt” (emphasis added). This provision would better protect privacy and data security than CISA. Additional language should be added to make it clear that application of the privacy policies to be created by the bill constitute “good cause.”¶ CISA Should Be Amended To Strengthen Requirements To Remove Personal Information Before Cyber Threat Indicators Are Shared.¶ CISA’s requirement to remove personal information (Sec. 4(d)(2)) is riddled with loopholes that can be closed without harming the goals of the legislation. Closing the loopholes in three ways would mean less personal information is available if (and when) computer systems are penetrated again:¶ CISA does not require that companies “take reasonable efforts” to review cyber threat indicators or remove personal information before sharing – any review, even if it were cursory and ineffective, would be sufficient. Both House information sharing bills (H.R. 1731 and H.R. 1560) require a benchmark of “reasonable” efforts be taken, ensuring that attempts to review and remove personal information before sharing are effective.¶ Even if an acceptable review were to occur, CISA only requires companies to remove personal information they “know” is unrelated to a cybersecurity threat. This could lead companies to take a “default share” policy for personal information, and always include it unless there is a rare smoking gun demonstrating irrelevance. Both House information sharing bills address this loophole as well, requiring companies to remove personal information that is that is “reasonably believed” to be irrelevant.¶ CISA only requires removal of information that is “not directly related” to a cyber threat, meaning that victims’ personal information (which is generally related to the threat) will often go unprotected. A better standard would require removal of information not necessary to respond to the threat.¶ Information Sharing Is Not a Cybersecurity Silver Bullet.¶ Passing CISA without addressing operational, security, and privacy issues risks new problems without providing significant benefits. Attacks from “zero-day” vulnerabilities – which were used in major recent breaches such as OPM and Sony – cannot be prevented through information sharing, because the exploit is unknown and unpatchable at the time it is used. The impact of new information authorities may actually be limited – a letter sent to Congress this April from over 65 technologists and network security experts concluded that “We do not need new legal authorities to share information that helps us protect our systems from future attacks,” and categorized information necessary to share as “far more narrow” than what is authorized by CISA. Greater focus should be placed on commonsense security measures that can prevent the infiltrations that lead to and aggravate the impact of major breaches: encrypting data, regularly reviewing and updating systems, and using multi-factor authentication.¶ [1] Specifically, cyber threat indicators shared under the bill must be shared with the Department of Commerce, the Department of Defense, the Department of Energy, the Department of Homeland Security, the Department of Justice, the Department of the Treasury, and the Office of the Director of National Intelligence.
Share with your friends: |