Mattis, Jamestown Foundation China Program fellow, 2015



Download 0.59 Mb.
Page2/19
Date18.10.2016
Size0.59 Mb.
#2954
1   2   3   4   5   6   7   8   9   ...   19

Cyber Advantage



Despite recent agreements Chinese hacking will not decrease.


Cyberwar News 2016

(“China’s Cyberattacks And Hacking Will Continue And Increase: Security Firm”, 2-11, http://www.cyberwar.news/2016-02-11-chinas-cyberattacks-and-hacking-will-continue-and-increase-security-firm.html)



Despite a recent agreement between the U.S. and China to limit cyber espionage, hacking and other digital attacks, a security firm is warning that Beijing-based attacks are going to continue and perhaps even increase in the coming years. As reported by the Washington Free Beacon, the cyberattacks against U.S. government and private sector information systems is part of a larger intelligence-gathering mission, the firm, CrowdStrike, a cybersecurity and intelligence company, warned in an annual threat report made public last week. CrowdStrike is regularly consulted by private industry and government, The WFB reported. Some of the larger cyberattacks last year by Chinese hackers include theft of healthcare data on 80 million Americans, as well as the records of 22 million current and former federal government employees from a hack of the Office of Personnel Management. Gathering Americans’ personal data is part of a new trend in Chinese hacking. “This targeting underscores that intrusion operations associated with nation-states pose a significant risk to all data, no matter how uninteresting it may seem,” the report said. More: S. and China reach first-ever hacking agreement, but only after Beijing got nearly everything it wanted In addition the “2015 Global Threat Report” says that the U.S.-China agreement to not conduct cybertheft of commercial data has not had much of an impact on Beijing’s cyber activities. “Beneath the surface, however, China has not appeared to change its intentions where cyber is concerned,” the report noted. If there is any reduction at all in Chinese hacking this coming year it is probably only going to be temporary, the firm warned. Also, any reduction may only be the result of using more hard-to-trace methods of conducting cyber espionage after a major military reorganization of Beijing’s cyberwar capabilities. The military changes “will likely increase [China’s] reliance on its civilian intelligence agencies and associated contractors, all of which generally employ better tradecraft,” said the report. “If observed campaigns in late 2015 were any indication, it is unlikely China will completely cease its cyber operations, and 2016 will show the new direction it is headed,” it added. As Cyberwar.news reported, the U.S. government is set to hand off cybersecurity to the U.S. military in the coming year, mostly because the Pentagon is much more adept at providing security to information systems than disparate government agencies.

Chinese hacking doesn’t pose a large actual threat but the backlash will spill over into physical conflict


Lindsay, Toronto digital media and global affairs professor, 2015

(Jon, “Inflated Cybersecurity Threat Escalates US-China Mistrust”, New Perspectives Quarterly, July, Wiley)



The rhetorical spiral of mistrust in the Sino-American relationship threatens to undermine the mutual benefits of the information revolution. Fears about the paralysis of the United States’ digital infrastructure or the hemorrhage of its competitive advantage are exaggerated. Policymakers in the United States often portray China as posing a serious cybersecurity threat. In 2013 US National Security Adviser Tom Donilon stated that Chinese cyber intrusions not only endanger national security but also threaten US firms with the loss of competitive advantage. One US member of Congress has asserted that China has “laced the US infrastructure with logic bombs.” Chinese critics, meanwhile, denounce Western allegations of Chinese espionage and decry National Security Agency (NSA) activities revealed by Edward Snowden. The People’s Daily newspaper has described the US as “a thief crying ‘stop thief.’” Chinese commentators increasingly call for the exclusion of US internet firms from the Chinese market, citing concerns about collusion with the NSA, and argue that the institutions of internet governance give the United States an unfair advantage. Chinese cyber operators face underappreciated organizational challenges, including information overload and bureaucratic compartmentalization, which hinder the weaponization of cyberspace or absorption of stolen intellectual property. More important, both the US and China have strong incentives to moderate the intensity of their cyber exploitation to preserve profitable interconnections and avoid costly punishment. The policy backlash against US firms and liberal internet governance by China and others is ultimately more worrisome for US competitiveness than espionage; ironically, it is also counterproductive for Chinese growth. The US is unlikely to experience either a so-called digital Pearl Harbor through cyber warfare or death by a thousand cuts through industrial espionage. There is, however, some danger of crisis miscalculation when states field cyberweapons. The secrecy of cyberweapons’ capabilities and the uncertainties about their effects and collateral damage are as likely to confuse friendly militaries as they are to muddy signals to an adversary. Unsuccessful preemptive cyberattacks could reveal hostile intent and thereby encourage retaliation with more traditional (and reliable) weapons. Conversely, preemptive escalation spurred by fears of cyberattack could encourage the target to use its cyberweapons before it loses the opportunity to do so. Bilateral dialogue is essential for reducing the risks of misperception between the US and China in the event of a crisis.

Specifically in the South China Sea


van der Meer, Clingendael research fellow, 2015

(Sico, “US Deterrence against Chinese Cyber Espionage”, September, http://www.clingendael.nl/sites/default/files/Deterrence%20against%20Chinese%20Cyber%20Espionage%20policy%20brief%20-%20Clingendael%20September%202015.pdf)



A major US cyber operation aimed at threatening key interests of the Chinese government, even if covert and well calibrated, could have serious consequences. In the short term, it would carry the risk of provoking Chinese counter-attacks that would destabilize the already complex Sino–US relationship. In addition to the existing risk of an (inadvertent) military incident in the South or East China Sea, further insecurity and volatility would result from even a limited and covert cyber conflict. Moreover, if other countries observe that the United States is likely to be conducting covert cyber operations against China as a retaliatory measure, in the longer run the use of covert cyber attacks by states against other states may become a de facto accepted norm. Both developments are dangerous and would contribute to less stability and more insecurity in the international system. While it is questionable whether cyber deterrence can actually be achieved in this instance, except perhaps at a very high cost, it seems clear that retaliation carries major risks. This makes it more difficult for the United States to act, thereby undermining the credibility and effectiveness of its cyber security strategyx

South China Sea conflicts with China go nuclear


Christensen, Princeton world politics professor, 2015

(Thomas, “China's Rising Military: Now for the Hard Part”, 6-5, http://www.bloombergview.com/articles/2015-06-05/china-s-rising-military-now-for-the-hard-part



One reason for this is that no consensus exists in East Asia on the territorial status quo, as there did between the two Cold War camps in most regions of the world. The People’s Republic of China, in the center of a region of great importance, has maritime sovereignty disputes with several of its neighbors, including two formal U.S. allies (Japan and the Philippines) and one security partner (Taiwan). Laboratory research on prospect theory, a psychological exploration of risk-based decision-making, demonstrates that most actors accept much bigger risks and are willing to pay larger costs to defend what they believe is rightfully theirs than to obtain new gains at others’ expense. In a world in which conventional conflict could conceivably escalate to nuclear war, this human tendency is a force for stability; attacks across recognized boundaries by either side would be risky, and deterrence against such attacks is relatively credible. But in East Asia today, governments draw competing maps about the maritime domain. There are significant differences between mainland China and Taiwan about the sovereign status of the government on the island, and between China and Japan over who owns the islands known as Senkaku in Japan and Diaoyu in China. There is also disagreement among China, Taiwan, the Philippines, Vietnam, Brunei and Malaysia over ownership of islands, rocks and reefs in the South China Sea. We should take no comfort in the apparent sincerity of all the claimants. If all actors truly feel they are defending rightful claims against the revisionism of others, the chicken game of international security politics is more likely to lead to a deadly collision. These disputes are fueled by historical victimhood narratives and postcolonial nationalism. For the countries involved, defending sovereignty claims and recovering allegedly stolen territories are core missions. China is no exception. Since the 2008 financial crisis, China has been more confident abroad and more afraid at home. The country's elite and its citizens feel that its power position on the international stage has improved drastically. But the foundations of its export-led and investment-fueled growth model were shaken at the same time. Top leaders worry about rising social discontent. It isn't a good time for Chinese leaders to look weak on defense. And China doesn't have to be the actor that sparks a dispute for tensions to escalate. In 2010, for example, China often reacted sharply to events initiated by others, such as Japan’s arrest of a Chinese fishing boat captain and crew near the Senkaku Islands. Since then we have seen a mix of Chinese assertiveness -- such as its placement and then removal last year of an oil rig in waters disputed with Vietnam and its continuing land reclamation projects on South China Sea reefs -- and its abrasive reactions to others’ actions, such as an upgraded Chinese maritime presence near the Senkakus since the Japanese central government purchased some of the islands from a private Japanese family in 2012. The Chinese leadership could use its conventional military power to threaten U.S. partners and to impose high costs on U.S. forces if they intervened to assist their allies. The ability to conduct such asymmetric warfare against the U.S. can potentially affect how disputes are managed in peacetime and who might prevail politically if a fight were to occur. The U.S. has ways to reduce a threat posed by China’s ability to wage asymmetric warfare. But a future U.S. president might be reluctant to use some of the more effective methods the American military has at its disposal -- such as destroying or disabling military targets on the Chinese mainland -- especially early in a conflict when such measures would be most effective. For example, attacking China's potent ballistic missiles, their launchers and their command-and-control systems before the missiles strike U.S. bases and surface ships would be an efficient way to reduce the threat. Chinese submarines, which can fire torpedoes and cruise missiles or lay sea mines, pose another potential threat. The U.S., all things being equal, might be tempted to attack submarine ports and naval command-and-control systems on Chinese soil. But all things are not equal. No U.S. president has ever launched robust conventional attacks against the homeland of a nation with nuclear retaliatory capability. Moreover, the conventional mobile ballistic missiles and submarines China has developed to counter superior U.S. forces overlap dangerously with the land-based missiles and submarines that China is developing to provide a secure nuclear retaliatory capability. If the U.S. were to attack missile systems and submarines for the purpose of protecting against conventional attack early in a conflict, Washington could unintentionally compromise portions of China’s nuclear arsenal as well. Chinese leaders could mistakenly view this as an attempt to eliminate China’s nuclear deterrent, risking escalation. China adheres publicly to a no-first-use doctrine on nuclear weapons, a position that would seem to mean that no amount of conventional firepower leveled against it would cause it to resort to a nuclear response. But internal Chinese military writings suggest that no-first-use is more of a guideline than a rule and doesn't necessarily apply under conditions in which a technologically superior foe attacks crucial targets with conventional weapons.

US retaliation to Chinese cyber hacking will escalate because China views information control as an existential issue .


Adam, Digital Shadows analyst, 2015

(“Raising The Stakes - U.S. Retaliation For Chinese Cyber Espionage Has The Potential For Escalation”, 8-18, https://www.digitalshadows.com/blog-and-research/raising-the-stakes/)



Studies of Chinese military and geopolitical activity and Chinese strategic publications such as The Science of Military Strategy (SOMS), a PLA strategy document, indicate that challenging the balance of power by adopting a more assertive strategic posture is currently a key Chinese strategy. This has brought it into conflict with the U.S., which has frequently voiced objections to China’s behaviour but is yet to mount any serious public opposition. Despite this, China perceives the U.S. as a significant threat and is deeply concerned that the U.S., which China knows is militarily superior, will act to contain China. China also perceives the U.S. as a significant espionage threat and prioritises improving its defensive and counterintelligence capabilities very highly. These concerns receive significant attention in SOMS, indicating that they are likely to be relatively high priorities for the Chinese Government. According to SOMS, cyber espionage operations are an important part of this strategy and because the Chinese state sees the U.S. as a significant threat, it is therefore likely that the U.S. is a major target for such operations. Although China’s current line is that it never engages in any form of offensive network operation or cyber espionage, these claims are contradicted by the extensive discussion of the importance of such operations in SOMS. In addition to operations conducted by the PLA, which are likely to primarily focus on military, government and industrial targets, the Ministry of State Security (MSS) is also strongly suspected of conducting cyber espionage operations against foreign targets. These operations are likely to focus on gathering intelligence on potential threats to China’s internal security. Additionally, there are strong indications that multiple Chinese state organisations, including PLA units, conduct extensive operations against a wide range of commercial organisation for the purposes of economic espionage and intellectual property theft. While these actors’ operations likely service a wide range of objectives, intelligence which might provide China with a strategic advantage over the U.S. is likely to be considered particularly valuable. The OPM breach is therefore consistent with current assessments of China’s intelligence gathering objectives and broader strategic goals. THE RISK OF ESCALATION The core significance of this development lies in the potential for escalation. The U.S. Government has publicly stated that it intends to pursue a range of options in retaliating against China and, in response, China firmly asserted that it would match any U.S. measures taken against it. If the Obama administration merely intends to make symbolic gestures in order to appease those in Congress who want to see the U.S. take a harder line on China, then this confrontation is unlikely to escalate significantly. However, if the intention is to take more drastic measures, such as the reported suggestion of compromising the Great Firewall and thereby compromising the Chinese Government’s ability to censor the Internet, then escalation is highly likely, particularly if the U.S. does so publicly. The Chinese population tends to be relatively nationalistic and a hugely important aspect of modern Chinese nationalism is based around never allowing past “national humiliations”, such as the Opium Wars, the western intervention following the Boxer Rebellion, and the Japanese occupation, to be repeated. Furthermore, the current Chinese Communist Party (CPC) line is that the CPC “rescued” China from a “century of humiliation” when it took power in 1949 and the party derives much of its legitimacy from its self-ascribed role as the protector of China’s sovereignty from outside threats. In the minds’ of the CPC’s leaders any failure by the state to protect this sovereignty, real or perceived, constitutes a direct threat to the party’s legitimacy. Any U.S. retaliation, which could be perceived as an infringement of Chinese sovereignty, is therefore likely to face a robust response from the Chinese Government, which could potentially impact the two countries’ economic interactions and the delicate military situation in the South China Sea. CONCLUSIONS Although the U.S. has frequently accused China of espionage in the past without causing a serious escalation of tensions, the intention to retaliate has never before been publicly stated. If the U.S. conducts a major operation against China, such as compromising the Great Firewall, then escalation and Chinese retaliation is highly likely. In such a scenario there is a realistic possibility that Chinese actors would conduct attacks against U.S. organisations such as central and local government, military organisations and financial institutions. Furthermore, there is a realistic possibility that an escalation of tensions may lead Chinese hacktivists to independently target the U.S. Such actors are likely to be relatively indiscriminate in their targeting and could potentially direct attacks against a wide range of U.S. organisations. Therefore, if the U.S. intends to engage in a public show of dominance, as multiple prominent U.S. politicians have recommended, there is the potential for the number of attacks against the U.S. by both state and non-state Chinese actors to increase, along with the likelihood of unintended consequences.

China will retaliate by attacking critical infrastructure-they have the means.


Brenner, MIT Center for International Studies fellow, 2015

(Joel, “Debating the Chinese Cyber Threat”, International Security, Summer, project muse)



In “The Impact of China on Cybersecurity: Fiction and Friction,” Jon Lindsay asserts that the threat of Chinese cyber operations, though “relentlessly irritating,” is greatly exaggerated; that China has more to fear from U.S. cyber operations than the United States does from China; and that U.S.-China relations are reasonably stable.1 He claims that “[o]verlap across political, intelligence, military, and institutional threat narratives . . . can lead to theoretical confusion” (p. 44). In focusing almost exclusively on military-to-military operations, however, where he persuasively argues that the United States retains a significant qualitative advantage, Lindsay underemphasizes the significance of vulnerabilities in U.S. civilian networks to the exercise of national power, and he draws broad conclusions that have doubtful application in circumstances short of a full-out armed conflict with China. In addition, he does not discuss subthreshold conflicts that characterize, and are likely to continue to characterize, this symbiotic but strife-ridden relationship. To begin, Lindsay argues that American infrastructure is safe from nation-state cyberattack. For support, he cites a similar conclusion by Desmond Ball, who touts the supposed “sophistication of the anti-virus and network security programs available” in advanced Western countries.2 The notion that Western-made anti-virus and network security programs are effective against sophisticated cyberattacks would astonish any group of corporate security officers. Anti-virus programs are flimsy filters designed to catch only some of the malware that their designers know about. They miss a great deal. New malware enters the market at the rate of about 160,000 per day.3 Filters, whether employed by the military or not, are unable to keep up. “Network security programs” vary in quality, are insufficiently staffed, and are often not implemented at all across the economy. The Pentagon is expending huge sums to build its own power grids, even as its budget shrinks, precisely because the civilian grid cannot be relied [End Page 191] upon in a crisis. On this subject, Lindsay says only that China’s ability to attack the U.S. grid “cannot be discounted.” In contrast, Adm. Michael Rogers, director of the National Security Agency (NSA) and commander of U.S. Cyber Command, testified in 2014 that China and “one or two” other countries could shut down the power grid and other critical systems in the United States.4 Lindsay’s article also fails to address the relationship between nonmilitary vulnerabilities and the exercise of national power. For example, when Russian intruders penetrated JPMorgan Chase Bank’s computer system in 2014 during tensions over Ukraine, no one could tell President Barack Obama whether Russian President Vladimir Putin was sending him an implied threat.5 Taking down a major bank would have enormous economic repercussions, and Chase’s vulnerability was there for all to see. When evaluating his options, could the president ignore the possibility that exercising one of them carried the palpable risk that a major U.S. bank could be taken down? Whatever the source and objective of the intrusion in the Chase case, the incident demonstrates the way in which a critical vulnerability in the civilian economy could constrain the exercise of national power, including military power, in a crisis. Lindsay speculates skeptically about the increase in the reporting of commercial network exploitation since 2010 and wonders whether it may be spurred by self-interested disclosures by network defense firms seeking to scare up demand for their services. He does not mention that the Securities and Exchange Commission issued guidance in 2011 stating that public companies “should review, on an ongoing basis, the adequacy of their disclosure relating to cybersecurity risks and cyber incidents.”6 And despite Lindsay’s claim that commercial network exploitation is overreported, virtually every private-sector lawyer and consultant I know in this field believes that publicly disclosed information understates the severity and frequency of attacks on corporate networks. The reasons are well known: companies resist disclosure for fear of harm to their brands and stock prices and to avoid shareholder derivative class-action lawsuits and regulatory action by the Federal Trade Commission. Lindsay is on better footing when he denies that a network penetration, even when it results in the theft of intellectual property (IP), necessarily results in lost profit or market share. The absorption and application of stolen intellectual property are complicated processes; they require know-how as well as a recipe. This is one reason why IP theft and reverse engineering do not necessarily produce market share for the thief and the copy-cat. Thus China still cannot produce a jet engine, even though it has plenty of American and Russian engines to study, because it cannot master the fabrication process. These are not contested propositions, however. Insurance carriers certainly understand them, which is largely why IP cannot be insured against theft. It is incorrect, however, to imply from this, as Lindsay does, that IP theft is not a significant issue for many of its victims. China has no difficulty using stolen IP about, say, oil and gas exploration data and materials testing research. Both are prime targets. [End Page 192] Chinese intruders have also stolen negotiation strategies to good effect, as more than a few companies could testify (but will not). And in the case of solar-power technology, Chinese IP thieves had no trouble absorbing stolen secrets and penetrating Western markets.7 Some descriptions of the economic losses have been hyperbolic, no doubt; and the losses have eluded persuasive quantification. Nevertheless, the problem is real and substantial. The overall state of American networks and of private-sector capabilities simply is drastically different from the picture Lindsay paints. Take attribution. Public reports that the NSA can often—though not always—do very good attribution does not mean that private companies can do it. Attribution has three levels: (1) identifying the device from which an intrusion was both launched and commanded; (2) identifying the actor at the keyboard; and (3) identifying the actor’s affiliation. Even the NSA cannot always get to the second and third levels, as the Chase Bank incident demonstrated. The most basic difference between the military-to-military situation and the corporate reality, however, is that militaries and intelligence agencies fight back. In contrast, companies are exposed to attack without the legal right to retaliate (for mostly good reasons) even when they have, or could buy, the ability to do so. In this environment, offense is unquestionably dominant. According to Lindsay, since 2010 “Western cyber-security defenses, technical expertise, and government assistance to firms have improved” (p. 23). In fact, very few companies receive government help with intrusions. If he means that private-sector defenses have improved when measured against themselves, then that is true but irrelevant. Attacks have also increased in sophistication, and when measured against the offense, defenses have not improved. All defenses are versions of Whac-A-Mole, and there are too many moles to whack them all.8 In sum, Lindsay and I agree that the current and foreseeable state of cyber technology “enables numerous instances of friction to emerge below the threshold of violence” (p. 9). This is what I have called “the gray space between war and peace.” If this environment is showing signs of strategic stability, it is partly, as Lindsay argues, because mutual vulnerability is creating mutual restraint among nation-states. But the vulnerabilities remain, and they could be exploited by China or Russia in a crisis and by a growing number of second-tier cyber players that are not so constrained.

Nuclear war

Tilford 12 Robert, Graduate US Army Airborne School, Ft. Benning, Georgia, "Cyber attackers could shut down the electric grid for the entire east coast" 2012, http://www.examiner.com/article/cyber-attackers-could-easily-shut-down-the-electric-grid-for-the-entire-east-coa

To make matters worse a cyber attack that can take out a civilian power grid, for example could also cripple the U.S. military. The senator notes that is that the same power grids that supply cities and towns, stores and gas stations, cell towers and heart monitors also power "every military base in our country." "Although bases would be prepared to weather a short power outage with backup diesel generators, within hours, not days, fuel supplies would run out", he said. Which means military command and control centers could go dark. Radar systems that detect air threats to our country would shut Down completely. "Communication between commanders and their troops would also go silent. And many weapons systems would be left without either fuel or electric power", said Senator Grassley. "So in a few short hours or days, the mightiest military in the world would be left scrambling to maintain base functions", he said. We contacted the Pentagon and officials confirmed the threat of a cyber attack is something very real. Top national security officials—including the Chairman of the Joint Chiefs, the Director of the National Security Agency, the Secretary of Defense, and the CIA Director— have said, "preventing a cyber attack and improving the nation~’s electric grids is among the most urgent priorities of our country" (source: Congressional Record). So how serious is the Pentagon taking all this? Enough to start, or end a war over it, for sure (see video: Pentagon declares war on cyber attacks http://www.youtube.com/watch?v=_kVQrp_D0kY%26feature=relmfu ). A cyber attack today against the US could very well be seen as an "Act of War" and could be met with a "full scale" US military response. That could include the use of "nuclear weapons", if authorized by the President.


Blackouts cause nuclear reactor meltdowns—guarantees extinction


Hodges 14

Dave, an established award winning psychology, statistics and research professor as he teaches college and university classes at both the undergraduate and graduate level, an established author as his articles are published on many major websites, citing Judy Haar, a recognized expert in nuclear plant failure analyses, "Nuclear Power Plants Will Become America's Extinction Level Event", April 18 2014, www.thelibertybeacon.com/2014/04/18/nuclear-power-plants-will-become-americas-extinction-level-event/



Fukushima is often spoken of by many, as a possible extinction level event because of the radiation threat. Fukushima continues to wreak havoc upon the world and in the United States as we are being bathed in deadly radiation from this event. Because of Fukushima, fish are becoming inedible and the ocean currents as well as the prevailing ocean winds are carrying deadly radiation. Undoubtedly, by this time, the radioactivity has made its way into the transpiration cycle which means that crops are being dowsed with deadly radiation. The radiation has undoubtedly made its way into the water table in many areas and impacts every aspect of the food supply. The health costs to human beings is incalculable. However, this article is not about the devastation at Fukushima, instead, this article focuses on the fact that North America could have a total of 124 Fukushima events if the necessary conditions were present. A Festering Problem Long before Fukushima, American regulators knew that a power failure lasting for days involving the power grid connected to a nuclear plant, regardless of the cause, would most likely lead to a dangerous radioactive leak in at least several nuclear power plants. A complete loss of electrical power poses a major problem for nuclear power plants because the reactor core must be kept cool as well as the back-up cooling systems, all of which require massive amounts of power to work. Heretofore, all the NERC drills which test the readiness of a nuclear power plant are predicated on the notion that a blackout will only last 24 hours or less. Amazingly, this is the sum total of a NERC litmus test. Although we have the technology needed to harden and protect our grid from an EMP event, whether natural or man-made, we have failed to do so. The cost for protecting the entire grid is placed at about the cost for one B-1 Stealth Bomber. Yet, as a nation, we have done nothing. This is inexplicable and inexcusable. Our collective inaction against protecting the grid prompted Congressman Franks to write a scathing letter to the top officials of NERC. However, the good Congressman failed to mention the most important aspect of this problem. The problem is entirely fixable and NERC and the US government are leaving the American people and its infrastructure totally unprotected from a total meltdown of nuclear power plants as a result of a prolonged power failure. Critical Analyses According to Judy Haar, a recognized expert in nuclear plant failure analyses, when a nuclear power plant loses access to off-grid electricity, the event is referred to as a “station blackout”. Haar states that all 104 US nuclear power plants are built to withstand electrical outages without experiencing any core damage, through the activation of an automatic start up of emergency generators powered by diesel. Further, when emergency power kicks in, an automatic shutdown of the nuclear power plant commences. The dangerous control rods are dropped into the core, while water is pumped by the diesel power generators into the reactor to reduce the heat and thus, prevent a meltdown. Here is the catch in this process, the spent fuel rods are encased in both a primary and secondary containment structure which is designed to withstand a core meltdown. However, should the pumps stop because either the generators fail or diesel fuel is not available, the fuel rods are subsequently uncovered and a Fukushima type of core meltdown commences immediately. At this point, I took Judy Haar’s comments to a source of mine at the Palo Verde Nuclear power plant. My source informed me that as per NERC policy, nuclear power plants are required to have enough diesel fuel to run for a period of seven days. Some plants have thirty days of diesel. This is the good news, but it is all downhill from here. The Unresolved Power Blackout Problem A long-term loss of outside electrical power will most certainly interrupt the circulation of cooling water to the pools. Another one of my Palo Verde nuclear power plant sources informed me that there is no long term solution to a power blackout and that all bets are off if the blackout is due to an EMP attack. A more detailed analysis reveals that the spent fuel pools carry depleted fuel for the reactor. Normally, this spent fuel has had time to considerably decay and therefore, reducing radioactivity and heat. However, the newer discharged fuel still produces heat and needs cooling. Housed in high density storage racks, contained in buildings that vent directly into the atmosphere, radiation containment is not accounted for with regard to the spent fuel racks. In other words, there is no capture mechanism. In this scenario, accompanied by a lengthy electrical outage, and with the emergency power waning due to either generator failure or a lack of diesel needed to power the generators, the plant could lose the ability to provide cooling. The water will subsequently heat up, boil away and uncover the spent fuel rods which required being covered in at least 25 feet of water to remain benign from any deleterious effects. Ultimately, this would lead to fires as well and the release of radioactivity into the atmosphere. This would be the beginning of another Fukushima event right here on American soil. Both my source and Haar shared exactly the same scenario about how a meltdown would occur. Subsequently, I spoke with Roger Landry who worked for Raytheon in various Department of Defense projects for 28 years, many of them in this arena and Roger also confirmed this information and that the above information is well known in the industry. When I examine Congressman Franks letter to NERC and I read between the lines, it is clear that Franks knows of this risk as well, he just stops short of specifically mentioning it in his letter. Placing Odds On a Failure Is a Fools Errand An analysis of individual plant risks released in 2003 by the Nuclear Regulatory Commission shows that for 39 of the 104 nuclear reactors, the risk of core damage from a blackout was greater than 1 in 100,000. At 45 other plants the risk is greater than 1 in 1 million, the threshold NRC is using to determine which severe accidents should be evaluated in its latest analysis. According to the Nuclear Regulatory Commission, the Beaver Valley Power Station, Unit 1, in Pennsylvania has the greatest risk of experiencing a core meltdown, 6.5 in 100,000, according to the analysis. These odds don’t sound like much until you consider that we have 124 nuclear power generating plants in the US and Canada and when we consider each individual facility, the odds of failure climb. How many meltdowns would it take in this country before our citizens would be condemned to the hellish nightmare, or worse, being experienced by the Japanese? The Question That’s Not Being Asked None of the NERC, or the Nuclear Regulatory tests of handling a prolonged blackout at a nuclear power plant has answered two critical questions, “What happens when these nuclear power plants run out of diesel fuel needed to run the generators”, and “What happens when some of these generators fail”? In the event of an EMP attack, can tanker trucks with diesel fuel get to all of the nuclear power plants in the US in time to re-fuel them before they stop running? Will tanker trucks even be running themselves in the aftermath of an EMP attack? And in the event of an EMP attack, it is not likely that any plant which runs low on fuel, or has a generator malfunctions, will ever get any help to mitigate the crisis prior to a plethora of meltdowns occurring. Thus, every nuclear power plant in the country has the potential to cause a Chernobyl or Fukushima type accident if our country is hit by an EMP attack. CAN YOU EVEN IMAGINE 124 FUKUSHIMA EVENTS IN NORTH AMERICA HAPPENING AT THE SAME TIME? THIS WOULD CONSTITUTE THE ULTIMATE DEPOPULATION EVENT. …And There Is More… The ramifications raised in the previous paragraphs are significant. What if the blackout lasts longer than 24 hours? What if the reason for the blackout is an EMP burst caused by a high altitude nuclear blast and transportation comes to a standstill? In this instance, the cavalry is not coming. Adding fuel to the fire lies in the fact that the power transformers presently take at least one year to replace. Today, there is a three year backlog on ordering because so many have been ordered by China. This makes one wonder what the Chinese are preparing for with these multiple orders for both transformers and generators. In short, our unpreparedness is a prescription for disaster. As a byproduct of my investigation, I have discovered that most, if not all, of the nuclear power plants are on known earthquake fault lines. All of California’s nuclear power plants are located on an earthquake fault line. Can anyone tell me why would anyone in their right mind build a nuclear power plant on a fault line? To see the depth of this threat you can visit an interactive, overlay map at this site. Conclusion I have studied this issue for almost nine months and this is the most elusive topic that I have ever investigated. The more facts I gather about the threat of a mass nuclear meltdown in this country, the more questions I realize that are going unanswered. With regard to the nuclear power industry we have the proverbial tiger by the tail. Last August, Big Sis stated that it is not matter of if we have a mass power grid take down, but it is a matter of when. I would echo her concerns and apply the “not if, but when” admonition to the possibility of a mass meltdown in this country. It is only a matter of time until this scenario for disaster comes to fruition. Our collective negligence and high level of extreme depraved indifference on the part of NERC is criminal because this is indeed an Extinction Level Event. At the end of the day, can anyone tell me why would any country be so negligent as to not provide its nuclear plants a fool proof method to cool the secondary processes of its nuclear materials at all of its plants? Why would ANY nuclear power plant be built on an earthquake fault line? Why are we even using nuclear energy under these circumstances? And why are we allowing the Chinese to park right next door to so many nuclear power plants?

Plan – 1AC



The United States federal government should propose to the People’s Republic of China a ban on cyberattacks on one another’s critical infrastructure and offer to improve their capabilities to attribute cyber-attacks.

Solvency – 1AC



The plan creates a mutual ban on critical infrastructure attacks and improves China’s attribution capabilities. This reduces the frequency of spying, enhances stability and solves issues of trust and verification by putting China and the US on the same technological level.


Harold, RAND Center for Asia Pacific Policy associate director, 2016

(Scott, “Getting to Yes with China in Cyberspace”, http://www.rand.org/pubs/research_reports/RR1335.html)



Given that the United States and China would like to reduce mutual suspicion in cyberspace, one option might be the negotiation of agreement on a set of norms. Since both sides express concern over the possibility of the other side targeting its critical infrastructure, the core of the deal would be for the United States and China to abjure cyberattacks on each other’s critical infrastructure.30 This proposal was well received by the respondents, with interviewees from across academic, think tank, military, and state organizations all responding positively to this proposal.31 Respondents appeared to hold relatively similar views of the definition of critical infrastructure to those of their U.S. counterparts—such things as the electrical power grid and the banking system. One respondent noted that there is precedent for such a deal; in early May 2015, just days before we conducted our field interviews, Russia and China announced a general agreement to cooperate with and not attack each other in cyberspace.32 The first component of any mutual forbearance proposal is that progress has been made on not attacking critical infrastructure since our interviews in Beijing. In July 2015, the Chinese signed a UN report that called for such attacks to be abjured.33 There are also indications that the United States and China mutually agree not to attack each other’s critical infrastructure—or at least not be the first to do so.34 As of this writing, however, there is little indication that these agreements have evolved from the trust-us-not-to stage to something that is verifiable. This is why two more components to such an agreement are crucial to fulfill the purposes of the first component. As a second, and logically entailed, component of any mutual forbearance proposal, the United States and China could also agree not to carry out cyber espionage on each other’s critical infrastructure. The rationale for this step is that cyber espionage is almost always a prerequisite for a cyberattack and that it is impossible to distinguish intrusions for the purposes of cyber espionage from an imminent attack if detected by the target. If the two sides have no intent to attack each other’s critical infrastructure, they have no need to compromise each other’s critical infrastructure systems either, particularly if carried out by inserting malicious code into the target infrastructure. Indeed, both cyber espionage and cyberattack typically entail the prior implantation of computer code in target systems, which then periodically calls back (beacons) to the attacker for further instruction. Implants make subsequent penetrations much easier because the attackers are already inside the target’s systems. Banning cyber espionage against critical infrastructure would make it much more difficult to quickly carry out cyberattacks on such infrastructure. Without preplanning and cyber espionage, it could take weeks, months, or even years to carry out such attacks, but if potential adversaries are already inside each other’s critical infrastructure, attacks can be carried out almost instantaneously. Such a ban, if enacted by the two sides, would have several advantages. First, if successfully executed, a ban would enhance stability, since it would remove critically important systems from being targeted. Second, a ban would raise the costs of targeting such systems (since, if China were discovered doing so, it would violate the country’s given word, potentially affecting its ability to credibly negotiate on other issues in the future), while simultaneously addressing the problem of time that cyberattacks prepared in advance can pose. Third, such an agreement, if fully realized, would reduce the prospect of accidental conflict by committing the two sides not just to not attacking each other’s critical infrastructure but to staying away from it completely, thereby eliminating the possibility of misunderstanding a cyber espionage effort as an imminent attack. While our respondents generally declined to explicitly agree with this second aspect of our proposal, they did not explicitly push back either. They understood the logic that linked attacks to espionage and that, if one foreswears attacking a system, the rationale for spying on it is that much weaker. Yet, the respondents did not feel quite so comfortable with the notion of foreswearing all espionage against U.S. critical infrastructure. The third component of a mutual forbearance pact would focus on attribution and an agreement to impose consequences.35 Yet, in some ways, the problem is not merely or even mostly technical,36 but political: What arrangements would persuade China to accept evidence (without, at the same time, making it difficult to draw reasonable conclusions from such evidence)?37 If there were a mutually agreed process for attribution and if China could be counted on to respond appropriately when the process indicates that an attack on the critical infrastructure were traced to China, the threat from China to U.S. critical infrastructure (and vice versa) would be correspondingly reduced. Part of the political problem is that the United States catches China spying far more often than the other way around. China claims that it experiences frequent attacks from the United States (which remains, for instance, the leading source of bots and botnet command-and-control servers), but has forwarded no evidence that the U.S. government protects hackers (or at least private hackers) or carries out specific intrusions.38 China’s reluctance to accept U.S. accusations of Chinese hacking may reflect the fact that China cannot detect and attribute U.S. cyber espionage as well as the United States can detect and attribute China’s cyber espionage. This fact is based on three differences: China’s operational security lags U.S. capabilities; China’s ability to detect intrusions lags U.S. capabilities; China’s ability to attribute detected intrusions lags U.S. capabilities.39 As long as China’s attribution capabilities substantially lag U.S. capabilities, it may be hard to convince China that such a deal would be fair. Worse, until China gains confidence in its own attribution capabilities, it may not believe that U.S. attribution capabilities are particularly good either.40 Several respondents indicated that it would be difficult to have a meaningful agreement without improvements in China’s attribution capabilities. There are several potential approaches to developing a trustworthy attribution mechanism. However, none of them uncontestably solves the problem, and many would be politically difficult for one or both sides to adopt. One option would be to develop a standing, bilateral fact-finding body to investigate claims of cyberattack. The advantages to this approach would be that both sides, having participated in the deliberations, would be more likely to accept the outcome of any joint investigation. Such an approach would encounter some risk. A concern for the United States would be that China’s participation in any such body would be beholden to its government and would there- fore be unlikely to be free to conclude that an attack had indeed been carried out by the Chinese government or PLA. China, for its part, may fear that U.S. capabilities are so superior that such a standing body would turn into a U.S.-dominated forum in which China would be reduced to spectator status. Alternately, if China’s cyber espionage is indeed sloppier and more broad gauge than U.S. cyber espionage, the cases that are brought to such a body may overwhelmingly or even exclusively be Chinese in origin, which could be both humiliating and disadvantageous for China. Shifting such a body from a bilateral to a multilateral forum might assuage some of these concerns (since both U.S. and China representation would be diluted). One respondent proposed the International Atomic Energy Agency as a model, but another said it was inappropriate because far more people touch the Internet than interact with their respective country’s nuclear establishment. Additionally, it is unclear whether China would perceive a difference if U.S. experts were replaced by experts (many of whom have ties to the United States) from countries seen by China as friends of the United States. Might these obstacles be lowered if the United States offered to share its insights into attribution techniques with China in return for China’s willingness to credit such techniques as evidence of verification and then move to prosecute those who carried out such intrusions? At first glance, such a proposal appears implausible: Under most circumstances, countries do not share strategic technology or operating concepts with potential adversaries. Yet, there have been exceptions to this general pattern. For example, the United States, in pursuit of nuclear stability, encouraged other countries to adopt permissive action links for their nuclear weapons (a technology that prevents such weapons from being used accidentally or at the instigation of unauthorized users). An added benefit is that stronger Chinese attribution capabilities could reduce the chances of a catalytic conflict if China is attacked by someone masquerading as a U.S. source. As a practical matter, the United States need not share what normally would be classified intelligence sources and methods; it can leverage recent improvements in private attribution capabilities (most, but not all, of which are associ- ated with U.S.-based companies) to give China more confidence in its own attribution capabilities. It is worth clarifying that an offer to help bring Chinese attribution capabilities closer to those available in the United States does not mean that the United States would be teaching China how to detect cyber espionage intrusions, how to improve its defenses, or how to keep its own penetrations from being detected by the United States, to say nothing of it having no relationship to improving the efficiency of PRC cyberintrusion or attack capabilities. Granted, an offer to help bring China’s attribution capabilities up to the level of the United States would probably help China mask its attacks. Inasmuch as the United States has yet to use such attribution to curb Chinese cyber espionage (and cyberattacks), it is unclear exactly how great a loss that would be.41 Even if it becomes harder to attribute attacks to China, it would only make a modest difference because China does not admit complicity in the face of considerable evidence today as is. Our Chinese respondents reacted favorably to this proposition, even when coupled with the implication that the United States would therefore expect China to give more credence to evidence that a particular intrusion set originated in China. Given the sensitivities associated with how attribution is done in the United States, a deal to get China to sign up to an attribution regime in possible return for the United States showing China how it does attribution would likely require substantial additional research and caveating prior to any possible adoption as policy. For China, an agreement to foreswear attacking critical infrastructure would need to be introduced clearly and officially, probably incrementally, and with clear consequences for cheating. Still, this proposal carries some prospect of raising the costs of cyber espionage to the point that lower-grade, nonstrategic (i.e., economic) actions are reduced or eliminated. It also reduces the risk of misattribution due to malicious third-party actors seeking to route their attacks on one or another side through U.S. or Chinese servers. And it appears to be one area where it might be possible to gain meaningful buy-in and payoffs from the two sides. For such reasons, it may be worth further exploration.

Solving attribution issues is critical to strategic trust-otherwise any deal is met with suspicion.


Mussington, Institute for Defense Analyses Information Technology and Systems Division assistant director and PhD, 2015

(B. David A., “The Missing Compliance Framework in the 2015 U.S.-China Cybersecurity Agreement”, https://www.ida.org/~/media/Corporate/Files/Publications/IDA_Documents/ITSD/2015/D-5648.ashx)



A concrete compliance framework would be a significant diplomatic and political breakthrough – indicating that both sides had considered the costs of continuing the status quo – selecting instead an alternate course with agreed facts, definitions, and dispute discussion (if not resolution) procedures. Further, such a bilateral framework might partially insulate the relationship from temporary hiccups – caused by the discovery of ongoing activities (legacy) that had yet to be reined in consistent with the new rules of the game. CERT1 -to-CERT-type contacts would further deepen the linkage between bilateral agreements to refrain from proscribed actions in cyber and operational exchanges on data that support non-controversial investigations of cyber-crime. Lastly, such a framework could provide a mechanism for discussion of IP rights holder injury and remediation options. In this way the compliance framework would provide added support to law enforcement cooperation on cyber-crime already established, as well as aligning well with norms emerging from the United Nations Group of Governmental Experts (GGE) process. Summing Up – Compliance as a Metaphor for Muddling Through In recent days the United Kingdom (UK) reached an agreement with China on cyber norms closely paralleling that reached by the United States. In this case the UK Government seems to be seeking a deeper relationship with China for economic purposes, and as a political engagement driven by the practicalities of global politics – emphasizing pragmatism. Narrow compliance judgments or mechanisms for minimizing cyber-enabled IP theft are absent from public pronouncements. The economic stakes in play are significant and suggest a hedging strategy where – unsure that the United States will persist in a disciplined and nuanced approach to cyber differences – the UK may be seeking its own way with a rising power – achieving concrete benefits in the near term, taking advantage of the aversion to escalated cyber conflict that China and the United States ostensibly share. UK success in this approach might make this route attractive to other Western nations, further diminishing the likelihood of collective action against what some perceive as a long-standing strategic technology and scientific data exfiltration campaign supporting China’s macroeconomic development. Absent a specific compliance management approach, cyber risk mitigation actions in national policy may appear to be de-linked from actual threat actor behavior proscribed in the agreement. This weakens potential deterrence, reducing incentives to avoid restricted activities due to the continuing small likelihood of successful and “objective” attacker attribution. In turn, basic data on risks, losses, and attacker identity will be less available (from government sources) and arguably of lower quality. Private Cyber threat information providers may, however, be able to document a baseline on risks, costs, and behavior. Note that definitions of “attack,” “vulnerability,” and cyber norms remain uncertain in this situation – again preventing clearer understanding of whether violations of nascent norms are actually occurring. Also clear in such a situation is a growing dissonance between public reporting of cyber intrusions and risk activity and the risks posed by state or state sponsored cyber-attacks on critical infrastructures and sensitive data. Accurate data on attacker behavior, cyber campaign plans, and targeting of vital services and critical infrastructures should enable better cyber risk decisions and investments. Absent a compliance framework such data will be less rich, less easily shareable, and less useful for shaping cyber protections and resilience responses. Cyber risk disputes between the United States and China will continue. An explicit compliance framework offers benefits in terms of transparency, data availability and improved attacker attribution. This information might assist in bilateral risk management between the two countries. More generally, enhanced information availability will enable improved alignment of incentives for commercial IP owners to invest in protections capable of matching changes in cyber risk conditions. Better information quality might lead to more effective asset, critical infrastructure, and sensitive data cyber protection options in the market place. A compliance framework might produce a novel and useful extra benefit: a bootstrap for improved cyber risk data availability and quality – leading to more accurate calculation of cyber risk exposures and mitigation effectiveness. In turn, such a development might accelerate broader and deeper improvements in planning – facilitating better management of legacy and emerging cyber risks. Elaborating on a cyber-risk compliance framework in the U.S.–China bilateral agreement may seem like expecting too much. Far from it. China is a leading source of cyber intrusion activity targeting U.S. Government and private sector institutions. Narrowing differences through discussion and diplomatic interchange can facilitate risk management and transparency. By leaving compliance unaddressed, the agreement fails to clarify not only the risks posed to U.S. interests by China-directed or -sponsored cyber activity, but it also misses an opportunity to enrich the data upon which cross-infrastructure cyber risk management decisions might be made.


Download 0.59 Mb.

Share with your friends:
1   2   3   4   5   6   7   8   9   ...   19




The database is protected by copyright ©ininet.org 2024
send message

    Main page