Mattis, Jamestown Foundation China Program fellow, 2015

China will retaliate by attacking critical infrastructure-they have the means.

(Joel, “Debating the Chinese Cyber Threat”, International Security, Summer, project muse)

To make matters worse a cyber attack that can take out a civilian power grid, for example could also cripple the U.S. military. The senator notes that is that the same power grids that supply cities and towns, stores and gas stations, cell towers and heart monitors also power "every military base in our country." "Although bases would be prepared to weather a short power outage with backup diesel generators, within hours, not days, fuel supplies would run out", he said. Which means military command and control centers could go dark. Radar systems that detect air threats to our country would shut Down completely. "Communication between commanders and their troops would also go silent. And many weapons systems would be left without either fuel or electric power", said Senator Grassley. "So in a few short hours or days, the mightiest military in the world would be left scrambling to maintain base functions", he said. We contacted the Pentagon and officials confirmed the threat of a cyber attack is something very real. Top national security officials—including the Chairman of the Joint Chiefs, the Director of the National Security Agency, the Secretary of Defense, and the CIA Director— have said, "preventing a cyber attack and improving the nation~’s electric grids is among the most urgent priorities of our country" (source: Congressional Record). So how serious is the Pentagon taking all this? Enough to start, or end a war over it, for sure (see video: Pentagon declares war on cyber attacks http://www.youtube.com/watch?v=_kVQrp_D0kY%26feature=relmfu ). A cyber attack today against the US could very well be seen as an "Act of War" and could be met with a "full scale" US military response. That could include the use of "nuclear weapons", if authorized by the President.

Blackouts cause nuclear reactor meltdowns—guarantees extinction

Hodges 14

Dave, an established award winning psychology, statistics and research professor as he teaches college and university classes at both the undergraduate and graduate level, an established author as his articles are published on many major websites, citing Judy Haar, a recognized expert in nuclear plant failure analyses, "Nuclear Power Plants Will Become America's Extinction Level Event", April 18 2014, www.thelibertybeacon.com/2014/04/18/nuclear-power-plants-will-become-americas-extinction-level-event/

Fukushima is often spoken of by many, as a possible extinction level event because of the radiation threat. Fukushima continues to wreak havoc upon the world and in the United States as we are being bathed in deadly radiation from this event. Because of Fukushima, fish are becoming inedible and the ocean currents as well as the prevailing ocean winds are carrying deadly radiation. Undoubtedly, by this time, the radioactivity has made its way into the transpiration cycle which means that crops are being dowsed with deadly radiation. The radiation has undoubtedly made its way into the water table in many areas and impacts every aspect of the food supply. The health costs to human beings is incalculable. However, this article is not about the devastation at Fukushima, instead, this article focuses on the fact that North America could have a total of 124 Fukushima events if the necessary conditions were present. A Festering Problem Long before Fukushima, American regulators knew that a power failure lasting for days involving the power grid connected to a nuclear plant, regardless of the cause, would most likely lead to a dangerous radioactive leak in at least several nuclear power plants. A complete loss of electrical power poses a major problem for nuclear power plants because the reactor core must be kept cool as well as the back-up cooling systems, all of which require massive amounts of power to work. Heretofore, all the NERC drills which test the readiness of a nuclear power plant are predicated on the notion that a blackout will only last 24 hours or less. Amazingly, this is the sum total of a NERC litmus test. Although we have the technology needed to harden and protect our grid from an EMP event, whether natural or man-made, we have failed to do so. The cost for protecting the entire grid is placed at about the cost for one B-1 Stealth Bomber. Yet, as a nation, we have done nothing. This is inexplicable and inexcusable. Our collective inaction against protecting the grid prompted Congressman Franks to write a scathing letter to the top officials of NERC. However, the good Congressman failed to mention the most important aspect of this problem. The problem is entirely fixable and NERC and the US government are leaving the American people and its infrastructure totally unprotected from a total meltdown of nuclear power plants as a result of a prolonged power failure. Critical Analyses According to Judy Haar, a recognized expert in nuclear plant failure analyses, when a nuclear power plant loses access to off-grid electricity, the event is referred to as a “station blackout”. Haar states that all 104 US nuclear power plants are built to withstand electrical outages without experiencing any core damage, through the activation of an automatic start up of emergency generators powered by diesel. Further, when emergency power kicks in, an automatic shutdown of the nuclear power plant commences. The dangerous control rods are dropped into the core, while water is pumped by the diesel power generators into the reactor to reduce the heat and thus, prevent a meltdown. Here is the catch in this process, the spent fuel rods are encased in both a primary and secondary containment structure which is designed to withstand a core meltdown. However, should the pumps stop because either the generators fail or diesel fuel is not available, the fuel rods are subsequently uncovered and a Fukushima type of core meltdown commences immediately. At this point, I took Judy Haar’s comments to a source of mine at the Palo Verde Nuclear power plant. My source informed me that as per NERC policy, nuclear power plants are required to have enough diesel fuel to run for a period of seven days. Some plants have thirty days of diesel. This is the good news, but it is all downhill from here. The Unresolved Power Blackout Problem A long-term loss of outside electrical power will most certainly interrupt the circulation of cooling water to the pools. Another one of my Palo Verde nuclear power plant sources informed me that there is no long term solution to a power blackout and that all bets are off if the blackout is due to an EMP attack. A more detailed analysis reveals that the spent fuel pools carry depleted fuel for the reactor. Normally, this spent fuel has had time to considerably decay and therefore, reducing radioactivity and heat. However, the newer discharged fuel still produces heat and needs cooling. Housed in high density storage racks, contained in buildings that vent directly into the atmosphere, radiation containment is not accounted for with regard to the spent fuel racks. In other words, there is no capture mechanism. In this scenario, accompanied by a lengthy electrical outage, and with the emergency power waning due to either generator failure or a lack of diesel needed to power the generators, the plant could lose the ability to provide cooling. The water will subsequently heat up, boil away and uncover the spent fuel rods which required being covered in at least 25 feet of water to remain benign from any deleterious effects. Ultimately, this would lead to fires as well and the release of radioactivity into the atmosphere. This would be the beginning of another Fukushima event right here on American soil. Both my source and Haar shared exactly the same scenario about how a meltdown would occur. Subsequently, I spoke with Roger Landry who worked for Raytheon in various Department of Defense projects for 28 years, many of them in this arena and Roger also confirmed this information and that the above information is well known in the industry. When I examine Congressman Franks letter to NERC and I read between the lines, it is clear that Franks knows of this risk as well, he just stops short of specifically mentioning it in his letter. Placing Odds On a Failure Is a Fools Errand An analysis of individual plant risks released in 2003 by the Nuclear Regulatory Commission shows that for 39 of the 104 nuclear reactors, the risk of core damage from a blackout was greater than 1 in 100,000. At 45 other plants the risk is greater than 1 in 1 million, the threshold NRC is using to determine which severe accidents should be evaluated in its latest analysis. According to the Nuclear Regulatory Commission, the Beaver Valley Power Station, Unit 1, in Pennsylvania has the greatest risk of experiencing a core meltdown, 6.5 in 100,000, according to the analysis. These odds don’t sound like much until you consider that we have 124 nuclear power generating plants in the US and Canada and when we consider each individual facility, the odds of failure climb. How many meltdowns would it take in this country before our citizens would be condemned to the hellish nightmare, or worse, being experienced by the Japanese? The Question That’s Not Being Asked None of the NERC, or the Nuclear Regulatory tests of handling a prolonged blackout at a nuclear power plant has answered two critical questions, “What happens when these nuclear power plants run out of diesel fuel needed to run the generators”, and “What happens when some of these generators fail”? In the event of an EMP attack, can tanker trucks with diesel fuel get to all of the nuclear power plants in the US in time to re-fuel them before they stop running? Will tanker trucks even be running themselves in the aftermath of an EMP attack? And in the event of an EMP attack, it is not likely that any plant which runs low on fuel, or has a generator malfunctions, will ever get any help to mitigate the crisis prior to a plethora of meltdowns occurring. Thus, every nuclear power plant in the country has the potential to cause a Chernobyl or Fukushima type accident if our country is hit by an EMP attack. CAN YOU EVEN IMAGINE 124 FUKUSHIMA EVENTS IN NORTH AMERICA HAPPENING AT THE SAME TIME? THIS WOULD CONSTITUTE THE ULTIMATE DEPOPULATION EVENT. …And There Is More… The ramifications raised in the previous paragraphs are significant. What if the blackout lasts longer than 24 hours? What if the reason for the blackout is an EMP burst caused by a high altitude nuclear blast and transportation comes to a standstill? In this instance, the cavalry is not coming. Adding fuel to the fire lies in the fact that the power transformers presently take at least one year to replace. Today, there is a three year backlog on ordering because so many have been ordered by China. This makes one wonder what the Chinese are preparing for with these multiple orders for both transformers and generators. In short, our unpreparedness is a prescription for disaster. As a byproduct of my investigation, I have discovered that most, if not all, of the nuclear power plants are on known earthquake fault lines. All of California’s nuclear power plants are located on an earthquake fault line. Can anyone tell me why would anyone in their right mind build a nuclear power plant on a fault line? To see the depth of this threat you can visit an interactive, overlay map at this site. Conclusion I have studied this issue for almost nine months and this is the most elusive topic that I have ever investigated. The more facts I gather about the threat of a mass nuclear meltdown in this country, the more questions I realize that are going unanswered. With regard to the nuclear power industry we have the proverbial tiger by the tail. Last August, Big Sis stated that it is not matter of if we have a mass power grid take down, but it is a matter of when. I would echo her concerns and apply the “not if, but when” admonition to the possibility of a mass meltdown in this country. It is only a matter of time until this scenario for disaster comes to fruition. Our collective negligence and high level of extreme depraved indifference on the part of NERC is criminal because this is indeed an Extinction Level Event. At the end of the day, can anyone tell me why would any country be so negligent as to not provide its nuclear plants a fool proof method to cool the secondary processes of its nuclear materials at all of its plants? Why would ANY nuclear power plant be built on an earthquake fault line? Why are we even using nuclear energy under these circumstances? And why are we allowing the Chinese to park right next door to so many nuclear power plants?

Plan – 1AC

The United States federal government should propose to the People’s Republic of China a ban on cyberattacks on one another’s critical infrastructure and offer to improve their capabilities to attribute cyber-attacks.

Solvency – 1AC

The plan creates a mutual ban on critical infrastructure attacks and improves China’s attribution capabilities. This reduces the frequency of spying, enhances stability and solves issues of trust and verification by putting China and the US on the same technological level.

Harold, RAND Center for Asia Pacific Policy associate director, 2016

(Scott, “Getting to Yes with China in Cyberspace”, http://www.rand.org/pubs/research_reports/RR1335.html)

Given that the United States and China would like to reduce mutual suspicion in cyberspace, one option might be the negotiation of agreement on a set of norms. Since both sides express concern over the possibility of the other side targeting its critical infrastructure, the core of the deal would be for the United States and China to abjure cyberattacks on each other’s critical infrastructure.30 This proposal was well received by the respondents, with interviewees from across academic, think tank, military, and state organizations all responding positively to this proposal.31 Respondents appeared to hold relatively similar views of the definition of critical infrastructure to those of their U.S. counterparts—such things as the electrical power grid and the banking system. One respondent noted that there is precedent for such a deal; in early May 2015, just days before we conducted our field interviews, Russia and China announced a general agreement to cooperate with and not attack each other in cyberspace.32 The first component of any mutual forbearance proposal is that progress has been made on not attacking critical infrastructure since our interviews in Beijing. In July 2015, the Chinese signed a UN report that called for such attacks to be abjured.33 There are also indications that the United States and China mutually agree not to attack each other’s critical infrastructure—or at least not be the first to do so.34 As of this writing, however, there is little indication that these agreements have evolved from the trust-us-not-to stage to something that is verifiable. This is why two more components to such an agreement are crucial to fulfill the purposes of the first component. As a second, and logically entailed, component of any mutual forbearance proposal, the United States and China could also agree not to carry out cyber espionage on each other’s critical infrastructure. The rationale for this step is that cyber espionage is almost always a prerequisite for a cyberattack and that it is impossible to distinguish intrusions for the purposes of cyber espionage from an imminent attack if detected by the target. If the two sides have no intent to attack each other’s critical infrastructure, they have no need to compromise each other’s critical infrastructure systems either, particularly if carried out by inserting malicious code into the target infrastructure. Indeed, both cyber espionage and cyberattack typically entail the prior implantation of computer code in target systems, which then periodically calls back (beacons) to the attacker for further instruction. Implants make subsequent penetrations much easier because the attackers are already inside the target’s systems. Banning cyber espionage against critical infrastructure would make it much more difficult to quickly carry out cyberattacks on such infrastructure. Without preplanning and cyber espionage, it could take weeks, months, or even years to carry out such attacks, but if potential adversaries are already inside each other’s critical infrastructure, attacks can be carried out almost instantaneously. Such a ban, if enacted by the two sides, would have several advantages. First, if successfully executed, a ban would enhance stability, since it would remove critically important systems from being targeted. Second, a ban would raise the costs of targeting such systems (since, if China were discovered doing so, it would violate the country’s given word, potentially affecting its ability to credibly negotiate on other issues in the future), while simultaneously addressing the problem of time that cyberattacks prepared in advance can pose. Third, such an agreement, if fully realized, would reduce the prospect of accidental conflict by committing the two sides not just to not attacking each other’s critical infrastructure but to staying away from it completely, thereby eliminating the possibility of misunderstanding a cyber espionage effort as an imminent attack. While our respondents generally declined to explicitly agree with this second aspect of our proposal, they did not explicitly push back either. They understood the logic that linked attacks to espionage and that, if one foreswears attacking a system, the rationale for spying on it is that much weaker. Yet, the respondents did not feel quite so comfortable with the notion of foreswearing all espionage against U.S. critical infrastructure. The third component of a mutual forbearance pact would focus on attribution and an agreement to impose consequences.35 Yet, in some ways, the problem is not merely or even mostly technical,36 but political: What arrangements would persuade China to accept evidence (without, at the same time, making it difficult to draw reasonable conclusions from such evidence)?37 If there were a mutually agreed process for attribution and if China could be counted on to respond appropriately when the process indicates that an attack on the critical infrastructure were traced to China, the threat from China to U.S. critical infrastructure (and vice versa) would be correspondingly reduced. Part of the political problem is that the United States catches China spying far more often than the other way around. China claims that it experiences frequent attacks from the United States (which remains, for instance, the leading source of bots and botnet command-and-control servers), but has forwarded no evidence that the U.S. government protects hackers (or at least private hackers) or carries out specific intrusions.38 China’s reluctance to accept U.S. accusations of Chinese hacking may reflect the fact that China cannot detect and attribute U.S. cyber espionage as well as the United States can detect and attribute China’s cyber espionage. This fact is based on three differences: China’s operational security lags U.S. capabilities; China’s ability to detect intrusions lags U.S. capabilities; China’s ability to attribute detected intrusions lags U.S. capabilities.39 As long as China’s attribution capabilities substantially lag U.S. capabilities, it may be hard to convince China that such a deal would be fair. Worse, until China gains confidence in its own attribution capabilities, it may not believe that U.S. attribution capabilities are particularly good either.40 Several respondents indicated that it would be difficult to have a meaningful agreement without improvements in China’s attribution capabilities. There are several potential approaches to developing a trustworthy attribution mechanism. However, none of them uncontestably solves the problem, and many would be politically difficult for one or both sides to adopt. One option would be to develop a standing, bilateral fact-finding body to investigate claims of cyberattack. The advantages to this approach would be that both sides, having participated in the deliberations, would be more likely to accept the outcome of any joint investigation. Such an approach would encounter some risk. A concern for the United States would be that China’s participation in any such body would be beholden to its government and would there- fore be unlikely to be free to conclude that an attack had indeed been carried out by the Chinese government or PLA. China, for its part, may fear that U.S. capabilities are so superior that such a standing body would turn into a U.S.-dominated forum in which China would be reduced to spectator status. Alternately, if China’s cyber espionage is indeed sloppier and more broad gauge than U.S. cyber espionage, the cases that are brought to such a body may overwhelmingly or even exclusively be Chinese in origin, which could be both humiliating and disadvantageous for China. Shifting such a body from a bilateral to a multilateral forum might assuage some of these concerns (since both U.S. and China representation would be diluted). One respondent proposed the International Atomic Energy Agency as a model, but another said it was inappropriate because far more people touch the Internet than interact with their respective country’s nuclear establishment. Additionally, it is unclear whether China would perceive a difference if U.S. experts were replaced by experts (many of whom have ties to the United States) from countries seen by China as friends of the United States. Might these obstacles be lowered if the United States offered to share its insights into attribution techniques with China in return for China’s willingness to credit such techniques as evidence of verification and then move to prosecute those who carried out such intrusions? At first glance, such a proposal appears implausible: Under most circumstances, countries do not share strategic technology or operating concepts with potential adversaries. Yet, there have been exceptions to this general pattern. For example, the United States, in pursuit of nuclear stability, encouraged other countries to adopt permissive action links for their nuclear weapons (a technology that prevents such weapons from being used accidentally or at the instigation of unauthorized users). An added benefit is that stronger Chinese attribution capabilities could reduce the chances of a catalytic conflict if China is attacked by someone masquerading as a U.S. source. As a practical matter, the United States need not share what normally would be classified intelligence sources and methods; it can leverage recent improvements in private attribution capabilities (most, but not all, of which are associ- ated with U.S.-based companies) to give China more confidence in its own attribution capabilities. It is worth clarifying that an offer to help bring Chinese attribution capabilities closer to those available in the United States does not mean that the United States would be teaching China how to detect cyber espionage intrusions, how to improve its defenses, or how to keep its own penetrations from being detected by the United States, to say nothing of it having no relationship to improving the efficiency of PRC cyberintrusion or attack capabilities. Granted, an offer to help bring China’s attribution capabilities up to the level of the United States would probably help China mask its attacks. Inasmuch as the United States has yet to use such attribution to curb Chinese cyber espionage (and cyberattacks), it is unclear exactly how great a loss that would be.41 Even if it becomes harder to attribute attacks to China, it would only make a modest difference because China does not admit complicity in the face of considerable evidence today as is. Our Chinese respondents reacted favorably to this proposition, even when coupled with the implication that the United States would therefore expect China to give more credence to evidence that a particular intrusion set originated in China. Given the sensitivities associated with how attribution is done in the United States, a deal to get China to sign up to an attribution regime in possible return for the United States showing China how it does attribution would likely require substantial additional research and caveating prior to any possible adoption as policy. For China, an agreement to foreswear attacking critical infrastructure would need to be introduced clearly and officially, probably incrementally, and with clear consequences for cheating. Still, this proposal carries some prospect of raising the costs of cyber espionage to the point that lower-grade, nonstrategic (i.e., economic) actions are reduced or eliminated. It also reduces the risk of misattribution due to malicious third-party actors seeking to route their attacks on one or another side through U.S. or Chinese servers. And it appears to be one area where it might be possible to gain meaningful buy-in and payoffs from the two sides. For such reasons, it may be worth further exploration.

Solving attribution issues is critical to strategic trust-otherwise any deal is met with suspicion.

Mussington, Institute for Defense Analyses Information Technology and Systems Division assistant director and PhD, 2015

(B. David A., “The Missing Compliance Framework in the 2015 U.S.-China Cybersecurity Agreement”, https://www.ida.org/~/media/Corporate/Files/Publications/IDA_Documents/ITSD/2015/D-5648.ashx)

A concrete compliance framework would be a significant diplomatic and political breakthrough – indicating that both sides had considered the costs of continuing the status quo – selecting instead an alternate course with agreed facts, definitions, and dispute discussion (if not resolution) procedures. Further, such a bilateral framework might partially insulate the relationship from temporary hiccups – caused by the discovery of ongoing activities (legacy) that had yet to be reined in consistent with the new rules of the game. CERT1 -to-CERT-type contacts would further deepen the linkage between bilateral agreements to refrain from proscribed actions in cyber and operational exchanges on data that support non-controversial investigations of cyber-crime. Lastly, such a framework could provide a mechanism for discussion of IP rights holder injury and remediation options. In this way the compliance framework would provide added support to law enforcement cooperation on cyber-crime already established, as well as aligning well with norms emerging from the United Nations Group of Governmental Experts (GGE) process. Summing Up – Compliance as a Metaphor for Muddling Through In recent days the United Kingdom (UK) reached an agreement with China on cyber norms closely paralleling that reached by the United States. In this case the UK Government seems to be seeking a deeper relationship with China for economic purposes, and as a political engagement driven by the practicalities of global politics – emphasizing pragmatism. Narrow compliance judgments or mechanisms for minimizing cyber-enabled IP theft are absent from public pronouncements. The economic stakes in play are significant and suggest a hedging strategy where – unsure that the United States will persist in a disciplined and nuanced approach to cyber differences – the UK may be seeking its own way with a rising power – achieving concrete benefits in the near term, taking advantage of the aversion to escalated cyber conflict that China and the United States ostensibly share. UK success in this approach might make this route attractive to other Western nations, further diminishing the likelihood of collective action against what some perceive as a long-standing strategic technology and scientific data exfiltration campaign supporting China’s macroeconomic development. Absent a specific compliance management approach, cyber risk mitigation actions in national policy may appear to be de-linked from actual threat actor behavior proscribed in the agreement. This weakens potential deterrence, reducing incentives to avoid restricted activities due to the continuing small likelihood of successful and “objective” attacker attribution. In turn, basic data on risks, losses, and attacker identity will be less available (from government sources) and arguably of lower quality. Private Cyber threat information providers may, however, be able to document a baseline on risks, costs, and behavior. Note that definitions of “attack,” “vulnerability,” and cyber norms remain uncertain in this situation – again preventing clearer understanding of whether violations of nascent norms are actually occurring. Also clear in such a situation is a growing dissonance between public reporting of cyber intrusions and risk activity and the risks posed by state or state sponsored cyber-attacks on critical infrastructures and sensitive data. Accurate data on attacker behavior, cyber campaign plans, and targeting of vital services and critical infrastructures should enable better cyber risk decisions and investments. Absent a compliance framework such data will be less rich, less easily shareable, and less useful for shaping cyber protections and resilience responses. Cyber risk disputes between the United States and China will continue. An explicit compliance framework offers benefits in terms of transparency, data availability and improved attacker attribution. This information might assist in bilateral risk management between the two countries. More generally, enhanced information availability will enable improved alignment of incentives for commercial IP owners to invest in protections capable of matching changes in cyber risk conditions. Better information quality might lead to more effective asset, critical infrastructure, and sensitive data cyber protection options in the market place. A compliance framework might produce a novel and useful extra benefit: a bootstrap for improved cyber risk data availability and quality – leading to more accurate calculation of cyber risk exposures and mitigation effectiveness. In turn, such a development might accelerate broader and deeper improvements in planning – facilitating better management of legacy and emerging cyber risks. Elaborating on a cyber-risk compliance framework in the U.S.–China bilateral agreement may seem like expecting too much. Far from it. China is a leading source of cyber intrusion activity targeting U.S. Government and private sector institutions. Narrowing differences through discussion and diplomatic interchange can facilitate risk management and transparency. By leaving compliance unaddressed, the agreement fails to clarify not only the risks posed to U.S. interests by China-directed or -sponsored cyber activity, but it also misses an opportunity to enrich the data upon which cross-infrastructure cyber risk management decisions might be made.

Directory: wp-content -> uploads -> sites
sites -> 587 Return function, r i(X) r i(0) r i(1) r i(2) r i(3) 1 0 2 4 6 Thermal Station, I 2 0 1 5 6 3 0 3 5 6 10
sites -> Medical Radiography Program
sites -> Background on the Haitian Earthquake
sites -> Desk review yemen
sites -> Safe Transitions for the Elderly Patient (step)
sites -> District profile Haripur Introduction
sites -> Germanie VanTrease and Tyler Tetzloff
sites -> For more information
sites -> To be completed by the cerf secretariat. Type of submission
sites -> Sponsor Content Above the Clutter with Pete Krainik

Download 0.59 Mb.

Share with your friends: