Cyber attacks on the horizon- threaten international escalation

cyber impact = probable

Cyber threats are the biggest threat to national security – outweighs terrorism

The nation's highest intelligence official told the Senate Armed Services Committee hearing on worldwide threats that although America is not currently at risk for a catastrophic, Armageddon-style scenario that will cause the meltdown of major infrastructures, such as financial institutions or power grids, Clapper said government agencies and private companies in the U.S. are already being subjected to an increasing occurrence of low and moderate-level cyberattacks whose destructive effects accumulate over time to negatively impact the nation's economy and national security.

"Cyber threats to U.S. national and economic security are increasing in frequency, scale, sophistication, and severity of impact; [and] the ranges of cyber threat actors, methods of attack, targeted systems, and victims are also expanding," Clapper said.

Particularly of concern to Clapper is the growing role of politically motivated attacks aimed at infiltrating U.S. government and military networks. He said the cyberattacks, which come in large part from Russia, are "more severe than we have previously assessed," but Clapper did not provide more details. Aside from Russia, hackers backed by the governments of China, North Korea, and Iran have been found to target government and commercial networks "on a daily basis."

"Politically motivated cyberattacks are now a growing reality, and foreign actors are reconnoitering and developing access to U.S. critical infrastructure systems, which might be quickly exploited for disruption if an adversary's intent became hostile," Clapper said.

2ac – xt: china cyber impact

China has surpassed the US in cyber warfare – any large scale attack will be catastrophic

The committee also discussed the ongoing threats presented by the Islamic State of Iraq and Syria, instability and developing U.S. operations in Syria, potential continued aggression by Russia and the new resurgence of violence in Yemen.

"President Obama told the nation last night that the 'shadow of crisis has passed.' That news came as quite a surprise to anyone who's been paying attention to what's been happening around the world," McCain said.

Brzezinski and retired Air Force Gen. Brent Scowcroft, who served as national security adviser under Presidents Gerald Ford and George H. W. Bush, suggested that the U.S. should pursue both pre-emptive and reactive cyber capabilities that would form a mutually assured deterrent to hostile cyber activity.

The nation needs to develop "pre-emptive capability that matches the actions against us ... to change the balance of power."

Sen. Joe Donnelly, D-Ind., asked the panel what the U.S. would have done if the recent cyberattack on Sony Pictures had targeted U.S. stock exchanges instead, saying it's only a matter of time.

The lack of response is similar to "England before World War II, ignoring a threat that is right before us," Donnelly said. The U.S. has "never had more warnings and done less."

Scowcroft cautioned that U.S. efforts to develop a cyber defense strategy are "still at step one. We need serious analysis" of the extent of the gaps in capabilities.

cyber impact = magnitude framing

Cybersecurity is a matter of national security – can cripple our defense systems

The first is, most significantly, the United States today is under attack. We are under cyber-attack. The question is how we respond. It is our national interests that are at stake. And every day this nation suffers attempted intrusions, attempted interference, attempted theft of our intellectual property as a result of the ongoing attack that we need to stop and deter and answer.

The number and sophistication of cyber-attacks has increased dramatically over the past five years and all of the warnings - they are bipartisan warnings - say those attacks will continue and will be mounting with increasing intensity. In fact, experts say that with enough time, enough motivation, enough funding, a determined adversary can penetrate nearly any system that is accessible directly from the internet. The United States today is vulnerable. And to take the Pearl Harbor analogy that our Secretary of Defense has drawn so well, we have our ships sitting unprotected today as they were at the time of Pearl Harbor. Our ships today are not just our vessels in the seas, but our institutions sitting in this country and around the world. Our critical infrastructure that is equally vulnerable to sophisticated and unsophisticated hackers. In fact, the threat ranges from the hackers in developing countries, unsophisticated hackers, to foreign agents who want to steal our nation's secrets through terrorists who seek ways to disrupt that critical infrastructure.

And it is not a matter simply of convenience. We're not talking here about temporary dislocations like the loss of electricity that the Capitol area suffered recently or that our states of New England suffered as a result of the recent storms last fall. We're talking about permanent, severe, lasting disruptions and dislocation of our financial and our power systems that may be caused by this interference. One international group, for example, accessed a financial company's internal computer network and stole millions of dollars in just 24 hours. Another such criminal group accessed online commercial banking accounts and spread malicious computer viruses that cost our financial institutions nearly $70 million. One company that was recently the victim of an intrusion determined that it lost ten years' worth of research and development valued at $1 billion. That is billion with a "b," virtually overnight.

These losses are not just to the shareholders of these companies. They are to all of us who live in the United States, because the losses in many instances are losses of information to defense companies that produce our weapons systems, losses of property that has been developed at great cost to them and to our taxpayers. So we should all be concerned about such losses, as Sean Henry, the executive director of the F.B.I., has said - and I'm quoting - "the cyber threat is an existential one" meaning that a major cyber-attack could potentially wipe out whole companies. End of quote.

Those threats to our critical infrastructure, as you have heard so powerfully from my colleague from Rhode Island, are widespread and spreading. Industrial control systems that help control our pipelines, railroads, water treatment facilities, power plants are at an elevated risk today. Not at some point in the future. Today. The F.B.I. warns that successful cyber-attack against an electrical grid could cause serious damage to parts of our cities and ultimately even kill people. The Department of Homeland Security said last year that it has received nearly 200 reports of suspected cyber incidents, more than four times the number of incidence reported in 2010. In one incident more than 100 computers at a nuclear energy firm were infected with a virus that could have been used to take complete control of that company's system. These reports, these warnings go on. But in summary, the director of the F.B.I. said it best - quote - "we are losing data. We are losing money. We are losing ideas and we are losing innovation." Those threats are existential to our nation, and we must address them now. Not simply as a luxury, not as a possibility, but as a need now.

Cyber conflict causes escalation – loss of defensive capabilities and destabilization of international relations

During the development of this report, the ISAB Cyber Study Group met with a number of private sector companies. Based on the compilation of cyber, corporate, and economic data, one such company has determined that nation-state threat actors are conducting anti-trust and economic schemes using cyber intrusion and exploitation as a catalyst for market entry and growth, leading to accumulation of market share. Furthermore, their research revealed that these adversaries have a broad understanding of U.S. industries, processes and systems, internal control weaknesses and the cultural and psychological nuances of the broader markets better than most operational, financial and IT executives within the affected industries. At least 25 industries and 48 companies have had indications of offensive nation-state cyber-economic activity against them within the last five years.

“The complexity of these scenarios, which results in part from massive interconnectivity and dependencies between systems that are not always well understood, has made it difficult to develop a consensus regarding the probable consequences of an attack.”4

The potential for international relations being destabilized due to cyber activities creates a special concern for the Department of State. The National Academies of Science pointed out that “the world is organized around nation-states and national governments, and every physical artifact of information technology is located somewhere. Consequently, one might expect cyberspace-related tensions to arise between nations exercising sovereignty over their national affairs and interacting with other nations.”5 Many scenarios are possible, among them the actions of a third party (nation-state or not) undermining the relations between two countries. For example, in a cyber attack by country A on country C using means in country B, country C might likely mistakenly blame country B, an innocent bystander. To avoid escalation, means must be found to contain the damage and identify the true nature and perpetrator of the attack.

Cyberattacks are increasingly targeting US defense secrets - this will undermine military superiority

Forget the shady middlemen; never mind the students just a little too eager to find out the particulars of engines and warheads. Today, when foreign spies want to acquire America’s latest weapons technology, they just hack into networks and steal the digital designs. 2012 marked the first time, overseas intelligence agencies used cyber espionage – rather than the old-fashioned kind — as their number one way to pilfer information on U.S. weapons.

That’s according to a new report by one of Pentagon branches responsible for preventing such spying. Not coincidentally, perhaps, half of all successful incidents in 2012 of espionage against American defense contractors originated in Asia, up from 43 percent the previous year. This report highlights what plenty of us have come to grasp intuitively, cyberattacks are steadily replacing — or at least complementing — attempts to flat-out purchase U.S. defense technology or simply ask for more information about it as the top MO of industrial intelligence operators.

This shift from overt attempts at collecting information on U.S. weapons to cyber theft means that it may become more difficult to detect when a rival is trying to gain access to America’s defense secrets. It also shows why the Obama administration has been in such a tizzy of China’s alleged industrial espionage.

According to the report from the Defense Security Service, these spies were particularly interested in gathering information on U.S. electronics; worldwide collection attempts in this sector spiked 94 percent from the year before.

A "substantial" number of those electronics were radiation-resistant electronics that can be used in nuclear weapons, ballistic missiles, aerospace and space programs, according to the report.

"Foreign entities, especially those linked to countries with mature missile programs, increasingly focuses collection efforts on U.S. missile technology, usually aimed at particular missile subsystems," reads the report.

"After a country masters the chemistry and physics required to launch a missiles, scientists and engineers can focus on accuracy and lethality, the desired characteristics of modern missiles," the report notes.

"Reverse-engineering would probably give East Asia and the Pacific scientists and engineers a better understanding of the capabilities of the targeted and acquired technology to develop countermeasures to U.S. weapons systems," reads the document.