A/T Cyber Attacks in the Past

There is a distinction we have engaged in limited war, our evidence is talking about
unrestricted war
Shimaell et. Al. 02
Timothy Shimaell, Phil Williams Casey Dunlevy 2002 Countering cyber war (Timothy Shimeall is a senior analyst with the CERT Analysis Center of
Carnegie Mellon University, Pittsburgh, Pennsylvania, with specific interests in cyber war and cyber terrorism. Phil Williams, a former NATO
fellow, is a profes- sor at the University of Pittsburgh and a visiting scientist at the CERT Analysis Center. Casey Dunlevy is a former intelligence
analyst, and leads the CERT Analysis Center.)

In this connection, it is worth emphasising that cyber war is not the defacement of web sites owned by a rival nation, organisation or political
movement. Even when they accompany other tensions or hostilities as they did during NATOs Kosovo air campaign in 1999 such attacks
on web sites are best understood as a form of harassment or graffiti and not as cyber war per se. There
are, nevertheless, several levels
of cyber war, of which three stand out: cyber war as an adjunct to military operations; limited cyber war; and
unrestricted cyber war. When modern military establishments are involved in military hostilities, a key
objective is to achieve information superiority or information dominance in the battle space. This
requires suppressing enemy air defences, blocking and/or destroying radar , and the like. The aim, in Clausewitzian
terms, is to increase the fog of war for the enemy and to reduce it for ones own forces. This can be achieved through direct military strikes
designed to degrade the enemys information-processing and communications systems or by attacking the systems internally to achieve, not
denial of service, but a denial of capability. In effect, this form of cyber warfare focuses almost exclusively on military cyber targets. In
a
limited cyber war, the information infrastructure is the medium, target and weapon of attack, with little
or no real-world action accompanying the attack. As the medium of attack, the information infrastructure forms
the vector by which the attack is delivered to the target often through interconnections between the enemy and its
allies, using links for sharing resources or data, or through wide-area network connections. Alternatively, an inside agent might place malicious
software directly on the enemys networks. As the target of attack, the infrastructure forms a means by which the effectiveness of the enemy is
reduced. Networks facilitate organisational missions. Degrading network capacity inhibits or prevents operations that
depend on the network. Degrading the level of service on the network could force the enemy to resort to backup means for some
operations, which might expose additional vulnerabilities. Degrading the quality of the data on a net- work might even force the enemy to
question the quality of the information available to make decisions. As the weapon of attack, the infrastructure could be perverted to attack
itself either via the implantation of multiple pieces of malicious software, or via deliberate actions that exploit weaknesses. Limited
cyber war of this kind could be designed to slow an adversarys preparations for military intervention, as
part of an economic warfare campaign, or as part of the manoeuvring that typically accompanies a crisis or confrontation
between states. More serious, and perhaps more likely, than limited cyber war is what can be termed unrestricted
cyber war, a form of warfare that has three major characteristics. First, it is comprehensive in scope and
target coverage with no distinctions between military and civilian targets or between the home front and
the fighting front. Second, unrestricted cyber war has physical consequences and casualties, some of
which would result from attacks deliberately intended to create mayhem and destruction, and some of
which would result from the erosion of what might be termed civilian command and control capabilities
in areas such as air-traffic control, emergency-service management, water- resource management and
power generation. Third, the economic and social impact in addition to the loss of life could be
profound. An unrestricted cyber campaign would almost certainly be directed primarily against the target
countrys critical national infrastructure : energy, transportation, finance, water, communications, emergency services and the
infor- mation infrastructure itself. It would likely cross bound- aries between government and private sectors, and, if sophisticated and
coordinated, would have both immediate impact and delayed consequences. Ultimately, an
unrestricted cyber attack would likely
result in significant loss of life, as well as economic and social degradation.
 Link Weakened Encryption
NSA bulk data collection has weakened cyber security it gives a roadmap to hackers
and has weakened encryption programs
Donahue 14 (Eileen,- visiting scholar at Stanford University's Freeman Spogli Institute for International Studies, former U.S.
ambassador to the United Nations Human Rights Council Why the NSA undermines national security)

What is most disconcerting is that the NSAs mass surveillance techniques have compromised the
security of telecommunication networks, social media platforms, private-sector data storage and public
infrastructure security systems. Authoritarian governments and hackers now have a roadmap to
surreptitiously tap into private networks for their own nefarious purposes. By weakening encryption
programs and planting backdoor entries to encryption software, the NSA has demonstrated how it is
possible to infiltrate and violate information-security systems. In effect, the spy agency has modeled
anarchic behavior that makes everyone less safe.

NSA surveillance techniques are deliberately weakening cyber security now only
ending bulk data collection reduces vulnerability
Kehl 14
Danielle Kehl. JULY 31 2014. How the NSA Hurts Our Economy, Cybersecurity, and Foreign Policy.
http://www.slate.com/blogs/future_tense/2014/07/31/usa_freedom_act_update_how_the_nsa_hurts_our_economy_cybersecurity_and_foreign.html (Danielle Kehl is a policy analyst at New
America's Open Technology Institute, where she researches and writes about broadband policy, Internet freedom, and other technology policy issues.)

Lastly,theres growing evidence that certain NSA surveillance techniques are actually bad for cybersecurity. As the
Institute of Electrical and Electronics Engineers recently explained: The United States might have compromised both security and privacy in

a failed attempt to improve security. Weve learned in the past year that the NSA has been deliberately weakening the
security of the Internet, including commercial products that we rely on every day, in order to improve its
own spying capabilities. The agency has apparently tried everything from secretly undermining essential
encryption tools and standards to inserting backdoors into widely used computer hardware and software
products, stockpiling vulnerabilities in commercial software, and building a vast network of spyware
inserted onto computers and routers around the world. A former U.S. ambassador to the U.N. Human Rights Council, Eileen Donahoe, wrote a
forceful article back in March about how the NSAs actions threaten our national security.

To collect data, the NSA must build backdoors, sabotage companies, and compromise
systems
Cohn and Timm 13
CINDY COHN AND TREVOR TIMM. OCTOBER 2, 2013. The NSA is Making Us All Less Safe. https://www.eff.org/deeplinks/2013/10/nsa-making-us-less-safe (Cindy Cohn is the Executive Director
of the Electronic Frontier Foundation. From 2000-2015 she served as EFFs Legal Director as well as its General Counsel. Trevor Timm is a co-founder and the executive director of the Freedom
of the Press Foundation.)

By weakening encryption, the NSA allows others to more easily break it. By installing backdoors and
other vulnerabilities in systems, the NSA exposes them to other malicious hackerswhether they are
foreign governments or criminals. As security expert Bruce Schneier explained, Its sheer folly to believe that only the NSA can
exploit the vulnerabilities they create. The New York Times presented internal NSA documents with some specifics. They are
written in bureaucratese, but we have some basic translations: Insert vulnerabilities into commercial encryption
systems, IT systems, networks and endpoint communications devices used by targets Sabotage our
systems by inserting backdoors and otherwise weakening them if theres a chance that a target might also use them. "actively
engages US and foreign IT industries to covertly influence and/or overtly leverage their commercial
products' designs" Secretly infiltrate companies to conduct this sabotage, or work with companies to build
in weaknesses to their systems, or coerce them into going along with it in secret. Shape the worldwide commercial cryptography
marketplace to make it more tractable to advanced cryptanalytic capabilities being developed by NSA/CSS Ensure that the global
market only has compromised systems, so that people dont have access to the safest technology . "These
design changes make the systems in question exploitable through Sigint collection with foreknowledge of the modification. To the consumer
and other adversaries, however, the systems' security remains intact." Make
sure no one knows that the systems have
been compromised. influence policies, standards and specifications for commercial public key technologies Make sure that
the standards that everyone relies on have vulnerabilities that are hidden from users . Each of these
alone would be terrible for security; collectively they are a nightmare . They are also a betrayal of the very public
political process we went through in the 1990s to ensure that technology users had access to real security tools to keep them safe.