Beruflich Dokumente
Kultur Dokumente
Intelligence Advantage
No Saudi-Iran war
Khashoggi 15 - US-educated Saudi journalist, columnist, author and the
general manager and editor-in-chief of Al Arab News Channel [Jamal
3
10
and most of its traditional allies (but very likely not Turkey, based on the
evolution of Turkish politics) in addition to some Persian Gulf states, Jordan
and perhaps Egypt, depending on where its revolution takes it. Much would
depend on whether U.S. leaders could persuade others to go along, which
would mean convincing them that U.S. forces could shield them from Iranian
and Iranian-proxy retaliation, or at least substantially weaken its effects.
Coalition warfare would present a number of challenges to the U.S.
government. Overall, it would lend legitimacy to the action, but it would also
constrict U.S. freedom of action, perhaps by limiting the scope and intensity
of military operations. There would thus be tension between the desire for a
small coalition of the capable for operational and security purposes and a
broader coalition that would include marginally useful allies to maximize
legitimacy. The U.S. administration would probably not welcome Israeli
participation. But if Israel were directly attacked by Iran or its allies,
Washington would find it difficult to keep Israel outas it did during the 1991
Gulf War. That would complicate the U.S. ability to manage its coalition,
although it would not necessarily break it apart. Iranian diplomacy and
information operations would seek to exploit Israeli participation to the
fullest. Iran would have its own coalition. Hizballah in particular could
act at Irans behest both by attacking Israel directly and by using its
asymmetric and irregular warfare capabilities to expand the conflict and
complicate the maintenance of the U.S. coalition. The escalation of the
Hizballah-Israel conflict could draw in Syria and Hamas; Hamas in
particular could feel compelled to respond to an Iranian request for
assistance. Some or all of these satellite actors might choose to leave Iran to
its fate, especially if initial U.S. strikes seemed devastating to the point of
decisive. But their involvement would spread the conflict to the entire
eastern Mediterranean and perhaps beyond, complicating both U.S.
military operations and coalition diplomacy.
Extinction
Giribets 12 [Miguel Giribets, If US Attacks Iran, Human Survival May Be
at Risk (Part III), Argen Press, 10 January 2012, pg.
http://watchingamerica.com/News/141596/if-us-attacks-iran-human-survivalmay-be-at-risk-part-iii/]
The dangers of global war are clear. On one side, hundreds of Russian
technicians would die working on Iranian nuclear facilities, to which
Russia could not stand idly by. According to Chossudovsky: "Were Iran
to be the object of a "pre-emptive" aerial attack by allied forces, the
entire region, from the Eastern Mediterranean to China's Western frontier
with Afghanistan and Pakistan, would flare up, leading us potentially into a
World War III scenario. The war would also extend into Lebanon and
Syria. It is highly unlikely that the bombings, if they were to be implemented,
would be circumscribed to Iran's nuclear facilities as claimed by US-NATO
official statements. What is more probable is an all out air attack on
14
subversion but also to preserve its sense that Saudi Arabia is the leading
nation in the Muslim world. The Saudi government is already pursuing a
nuclear power capability, which could be the first step along a slow road to
nuclear weapons development. And concerns persist that it might be able to
accelerate its progress by exploiting its close ties to Pakistan. During the
1980s, in response to the use of missiles during the Iran-Iraq War and their
growing proliferation throughout the region, Saudi Arabia acquired several
dozen css-2 intermediate-range ballistic missiles from China. The Pakistani
government reportedly brokered the deal, and it may have also offered to sell
Saudi Arabia nuclear warheads for the css-2s, which are not accurate enough
to deliver conventional warheads effectively. There are still rumors that
Riyadh and Islamabad have had discussions involving nuclear weapons,
nuclear technology, or security guarantees. This "Islamabad option" could
develop in one of several different ways. Pakistan could sell operational
nuclear weapons and delivery systems to Saudi Arabia, or it could
provide the Saudis with the infrastructure, material, and technical support
they need to produce nuclear weapons themselves within a matter of years,
as opposed to a decade or longer.Not only has Pakistan provided such
support in the past, but it is currently building two more heavy-water reactors
for plutonium production and a second chemical reprocessing facility to
extract plutonium from spent nuclear fuel. In other words, it might
accumulate more fissile material than it needs to maintain even a
substantially expanded arsenal of its own. Alternatively, Pakistan might offer
an extended deterrent guarantee to Saudi Arabia and deploy nuclear
weapons, delivery systems, and troops on Saudi territory, a practice that the
United States has employed for decades with its allies. This arrangement
could be particularly appealing to both Saudi Arabia and Pakistan. It would
allow the Saudis to argue that they are not violating the npt since they would
not be acquiring their own nuclear weapons. And an extended deterrent from
Pakistan might be preferable to one from the United States because
stationing foreign Muslim forces on Saudi territory would not trigger the kind
of popular opposition that would accompany the deployment of U.S. troops.
Pakistan, for its part, would gain financial benefits and international clout by
deploying nuclear weapons in Saudi Arabia, as well as strategic depth against
its chief rival, India. The Islamabad option raises a host of difficult issues,
perhaps the most worrisome being how India would respond. Would it target
Pakistan's weapons in Saudi Arabia with its own conventional or nuclear
weapons? How would this expanded nuclear competition influence stability
during a crisis in either the Middle East or South Asia? Regardless of India's
reaction, any decision by the Saudi government to seek out nuclear weapons,
by whatever means, would be highly destabilizing. It would increase the
incentives of other nations in the Middle East to pursue nuclear weapons of
their own. And it could increase their ability to do so by eroding the remaining
barriers to nuclear proliferation: each additional state that acquires nuclear
weapons weakens the nonproliferation regime, even if its particular method
of acquisition only circumvents, rather than violates, the npt. N-PLAYER
COMPETITION Were Saudi Arabia to acquire nuclear weapons, the Middle East
16
would count three nuclear-armed states, and perhaps more before long. It is
unclear how such an n-player competition would unfold because most
analyses of nuclear deterrence are based on the U.S.- Soviet rivalry during
the Cold War. It seems likely, however, that the interaction among three or
more nuclear-armed powers would be more prone to miscalculation and
escalation than a bipolar competition. During the Cold War, the United
States and the Soviet Union only needed to concern themselves with an
attack from the other.Multipolar systems are generally considered to be less
stable than bipolar systems because coalitions can shift quickly, upsetting the
balance of power and creating incentives for an attack. More important,
emerging nuclear powers in the Middle East might not take the costly
steps necessary to preserve regional stability and avoid a nuclear
exchange. For nuclear-armed states, the bedrock of deterrence is the
knowledge that each side has a secure second-strike capability, so that no
state can launch an attack with the expectation that it can wipe out its
opponents' forces and avoid a devastating retaliation. However, emerging
nuclear powers might not invest in expensive but survivable
capabilities such as hardened missile silos or submarinebased
nuclear forces. Given this likely vulnerability, the close proximity of states
in the Middle East, and the very short flight times of ballistic missiles in the
region, any new nuclear powers might be compelled to " launch on
warning" of an attack or even, during a crisis, to use their nuclear forces
preemptively. Their governments might also delegate launch authority
to lower-level commanders, heightening the possibility of
miscalculation and escalation. Moreover, if early warning systems were not
integrated into robust command-and-control systems, the risk of an
unauthorized or accidental launch would increase further still. And without
sophisticated early warning systems, a nuclear attack might be
unattributable or attributed incorrectly. That is, assuming that the
leadership of a targeted state survived a first strike, it might not be able to
accurately determine which nation was responsible. And this uncertainty,
when combined with the pressure to respond quickly, would create a
significant risk that it would retaliate against the wrong party,
potentially triggering a regional nuclear war. Most existing nuclear powers
have taken steps to protect their nuclear weapons from unauthorized use:
from closely screening key personnel to developing technical safety
measures, such as permissive action links, which require special codes before
the weapons can be armed. Yet there is no guarantee that emerging nuclear
powers would be willing or able to implement these measures, creating a
significant risk that their governments might lose control over the weapons or
nuclear material and that nonstate actors could gain access to these items.
Some states might seek to mitigate threats to their nuclear arsenals; for
instance, they might hide their weapons. In that case, however, a single
intelligence compromise could leave their weapons vulnerable to attack or
theft.
17
18
19
African case, many of the previous leakers were unhappy about their
governments willingness to aggressively exploit their growing capacity to
monitor communications, even when doing so threatens civil liberties.
21
specifically when asked about expanded intelligence-sharing. "The United States is providing our partners
with necessary and timely intelligence to defend Saudi Arabia and respond to other efforts to support the
legitimate government of Yemen," said Alistair Baskey, a White House spokesman. LEGAL BARRIERS Aid
groups have said the Saudi strikes, which began March 25, have caused many civilian deaths, including a
March 30 attack on a Houthi-controlled refugee camp in northern Yemen that the International
Organization for Migration said killed 40 people. Senior Saudi officials have blamed such incidents on the
Houthis themselves. The Saudi-led air campaign is aimed at rolling back territorial gains by the Houthis
and reinstalling Yemeni President Abd-Rabbu Mansour Hadi, who has fled the country. While the White
House announced U.S. intelligence support soon after the operation began, American officials said that
data sharing had been extremely minimal in the campaign's early days. That is partly due to legal barriers,
the officials said. While the United States has used lethal force against an al Qaeda offshoot in Yemen, it
does not consider itself at war with the Houthis. Some officials said the U.S. administration's analysis is
that it lacks the ability under international and U.S. law to collaborate with the Saudis in an offensive
against the Houthis. Baskey said that U.S. actions were "fully consistent with applicable domestic and
international legal requirements." Deputy Secretary of State Antony Blinken spoke in general terms about
the expanded cooperation during a Monday visit to Riyadh, without disclosing specifics. "Saudi Arabia is
sending a strong message to the Houthis and their allies that they cannot overrun Yemen by force," Blinken
22
said. "As part of that effort, we have expedited weapons deliveries, we have increased our intelligence
sharing, and we have established a joint coordination planning cell in the Saudi operation center," he
added. The United States has sent a 20-member military coordination team to interact with the Gulf allies,
led by Marine Major General Carl Mundy. Assigning a two-star general will facilitate interactions with other
high-ranking officials from other nations, U.S. officials said. The United States this week started daily air-toair refueling flights of fighter jets from Saudi Arabia and the United Arab Emirates. But even with its
refueling flights, the United States is exhibiting caution -- carrying out the flights outside Yemeni airspace
and requesting financial reimbursement from allies. It is still unclear how the United States plans to
accelerate the delivery of bombs and guidance kits to its allies. One person familiar with the matter,
speaking on condition of anonymity, said the United States might accelerate shipments to the United Arab
Emirates, which could then also help resupply Saudi Arabia.
(Aaron and Jonathan, May 18th, Aaron Y. Zelin is the Richard Borow Fellow at
The Washington Institute and the Rena and Sami David Fellow at the International Centre for the Study of
Radicalisation. He also runs the website Jihadology.net. Jonathan Prohov is a research assistant at the
Institute, Proactive Measures: Countering the Returnee, http://www.washingtoninstitute.org/policyanalysis/view/proactive-measures-countering-the-returnee-threat)//RTF
Fears that foreign fighters traveling to Syria might return home once
the conflict is over and engage in terrorism have prompted an
unprecedented level of proactive measures by countries around the
world. In the past, many countries only changed their laws after an attack occurred, but this time
around many states are trying to get ahead of the issue. Compared to the number of foreigners who fought
against the United States in Iraq or the Soviets in Afghanistan, the number of foreigners fighting in Syria
has exceeded both of those cases -- and in less than half the time. Around 9,000 individuals from more
than 80 countries have joined the fight against the Asad regime, with the majority coming from the Arab
world and Western Europe. U.S. intelligence officials told the Los Angeles Times in February that at least 50
Americans had joined the fight in Syria, and FBI director James Comey recently stated that the number of
Americans who had either traveled to Syria or tried to do so had grown by a few dozen since the beginning
of 2014. The United States was one of the first to designate Jabhat al-Nusra, Al Qaeda's branch in Syria, as
a terrorist organization. Some European Union (EU) countries, as well as Canada, Australia, and Britain,
individuals' access to government benefits such as healthcare and other social services if they've
23
the Saudis also promoted a disillusioned returned Saudi fighter, Sulayman Sa'ud Subai'i, on the television
program Humumana ("Our Concerns"). In the show, Subai'i explained that the Syrian jihad is not as
glamorous as it is portrayed in the media and online and decried a number of offensive practices he saw
various rebel groups in Syria engaged in, including what he referred to as "the weaponization of takfir"
among the different rebel groups. (Takfir is an Islamic term that refers to the act of labelling another
In
Kuwait, where much of the financing for extremists in Syria has originated or been routed through,
members of parliament passed a bill in early April 2014 to combat
money laundering and funding of terror groups that carries a
potential sentence of up to 20 years in prison. Similarly, Turkey passed
an anti-terrorism finance law in February 2013 in order to maintain
compliance as a member of the Financial Action Task Force , a moneylaundering watchdog organization comprised of 36 members. The new law allows the state
to freeze the financial assets of terrorists without a court order ;
Muslim as a non-Muslim, which in this context then implies that one can now kill that person.)
however, Turkey's enforcement of these laws remains very poor. More recently -- and perhaps more
24
be at mitigating the threat of foreign fighters returning home from Syria. The fact that countries across the
region and far beyond are already making such changes indicates the seriousness of the threat posed by
25
the proliferation of violence well beyond Syria's borders. Foreign fighters present such a complex problem
and strengthened, the fact remains that it only takes one successful attack for these policies to be deemed
insufficient. Attacks have already occurred in the Middle East, where security is precarious due to domestic
The United
States must remain vigilant at home and continue to take a
leadership role abroad, encouraging best practices and helping
foreign governments craft policies to address the threat. In particular, the
instability, and attacks have quietly been thwarted in western countries as well.
United States needs to apply further pressure on certain key countries, such as Turkey, which is the main
point of entry into Syria for foreign fighters and whose borders are still notoriously easy for fighters to
cross, and Kuwait, which remains the "epicenter of fundraising for terrorist groups in Syria." Meanwhile, the
source of the problem -- the Syrian conflict itself -- has become what the Economist describes as a "bloody
stalemate" with no end in sight.
26
with the host countrys authorities. She also wants to reach out to Arab-speaking populations by
"improving our capacity to speak Arabic, read Arabic" and "listen to the messages coming from the Arab
terrorists and terrorist attacks are Muslims and Arab countries, she said. Mondays meeting, marked by a
A meeting in
Brussels is also planned in the next few days with experts from the
EU, US, Australia, Canada, Iceland, Japan, Norway, Switzerland, and
UN agencies to figure out how to cut the funding schemes that
bankroll militant groups in Iraq and Syria. The aftermath of the Charlie Hebdo
sense of urgency, outlined plans with formal decisions set to be taken on 12 February.
murders, which left 17 dead, has seen national governments trying to fast track security measures
provisionally announced last October. These includes, among others, stepping up external border checks
and blocking, with the help of Facebook, Google, Twitter, and Microsoft, online content that glorifies the
violence perpetrated by Islamic militants. But concerns are mounting that additional security calls made by
national governments, such as confiscating passports, pose a threat to civil liberties and may result in
unanticipated adverse affects.
(Hans, October 6th, Senior Fellow, DCAF, Geneva, International Intelligence Cooperation: The
Need for Networking accountability,
http://www.dcaf.ch/content/download/37081/529379/version/1/file/born-international-intelligencecooperation-networking-accountability-071006.pdf)//RTF
27
West, but has also extended to a range of states that were not
previously considered to be traditional allies in security matters
principally in the Middle East, Central Asia and Southeast Asia.
Cooperation with these non-traditional partners has generated significant problems, largely because the
collection and use of intelligence may not be subject to the same human rights safeguards as applied in
NATO member states. As many of you may be aware, international intelligence cooperation as part of the
so-called war on terror has generated a series of high profile controversies to name just two examples
the alleged CIA secret detention centres in Europe and the case of Maher Arar in Canada. These practices
have been exposed through inquiries, however, the fact these events took place is in part the result of a
lack of accountability of intelligence cooperation, I will now discuss this accountability gap more fully.
28
Alt Causes
Alt Causes to Intel Sharing:
1. Personal data
McGill and Gray 12
and is discovered to have ties to a smuggling ring the US must submit a separate request to use the
murder information in the case regarding the smuggling activities.
2. Extraordinary Rendition
McGill and Gray 12
29
a treaty on extradition and Mutual Legal Assistance Treaty (MLAT) and both parties ratified the treaties in
2003. The extradition treaty allowed for a blanket policy for European nations to grant extradition on the
condition that the death penalty will not be imposed and the MLAT provided enhanced capability to
indicted 13 CIA agents for allegedly kidnapping an Italian resident and transporting him to a third country
for interrogation. Ultimately 22 CIA agents and one US military officer were convicted in absentia of crimes
director of the Europe program at the Center for Strategic and International Studies (CSIS),
3. Anti-Americanism
McGill and Gray 12
of nave benevolence toward seemingly legitimate charities, those hiding behind the veil of religious duty,
and sympathy for al Qaedas cause against the West made enforcement of counterterrorism measures in
Saudi Arabia highly unlikely. It wasnt until the 2003-2004 Riyadh terrorist attacks did the Saudis jump into
action. Since then they have been an extremely helpful ally for the US and yet domestic support for Islamic
extremists remain and will continue to cause strains for US-Saudi CT cooperation in the future. The USSaudi relationship was able to weather the storm of domestic anti-Americanism in large part to the long
history of their alliance. Though traditional by no means this arrangement hinged on the trade of oil for
security and the US dependence on Saudi oil prevented it from abandoning its relationship despite the feet
dragging on CT issues. Had the Saudis not made an about face following the Riyadh attacks, it is
30
nurtured and ingrained alliance. Over the past half-century the relationship
has been marked with highs and lows and though the US is heavily
reliant on Pakistan for CT operations in Central Asia now, recent
developments threaten to dismantle their alliance. Pakistan is home to many Islamic
radicals and militants including Tehrik-i-Taliban Pakistan, responsible for the attempted Time
Square bombing, and Lashkar-e Toiba, responsible for the 2008 Mumbai attacks. These extremist
groups, Lashkar-e Toiba in particular, enjoy a considerable amount of
influence amongst the populace and antiAmericanism is a
cornerstone of the message it wishes to impart on the Pakistani
people. The recent crisis over the arrest Raymond Davis, a CIA contractor accused of killing two
Pakistani men in Lahore, highlights this tension and threatens Pakistani support of the war on terrorism as
well as its own domestic stability. Upon the arrest of Davis, the US demanded his release on the grounds of
diplomatic immunity. The location of the shooting, the city of Lahore in the Punjab region of Pakistan
happens to be a hotbed of anti-American sentiment and a stronghold of many Pakistan based militant
groups. Despite American pressure, and possibly pressure from the government of Pakistan, the Lahore
courts have denied Daviss diplomatic immunity. For the past month multiple demonstrations organized by
extremists groups like Lashkar-e Toiba and Jammat-i-Islami have called for the execution of Davis and
accused the Pakistani government of being Washingtons agents (Hindustan Times). Demonstrators were
also seen carrying signs with messages like Friends of America are traitors (Arnoldy 1). As a result of the
public outcry against US demands for Daviss release the Government of Pakistan has officially stated that
it will not make a determination on Daviss diplomatic immunity until March 14th. The US, in response,
cancelled Secretary of State Hillary Clintons meeting with Pakistans Foreign Minister and a trilateral
meeting with Afghanistan and Pakistan officials in Washington (Crilly 1; Arnoldy 1). Adding to the political
pressure against the Government of Pakistan, President Obama himself spoke out on the matter shortly
after the crisis began to urge the Pakistanis to release Davis on the conditions of diplomatic immunity and
to emphasize that the case was a priority for the US government (Tapper & Farren 1). He further
emphasized the importance of this matter by stating that the arrest and detention of foreign diplomats is a
violation of the Vienna Convention and sets a dangerous precedent. If the Pakistanis chose to detain Davis
they risk losing US aid and if Pakistans anti-American sentiments are further incited, and possibly
exploited by Pakistani extremist groups, the US may lose a key ally in its CT and counterinsurgency
operations in Afghanistan and the FATA.
31
A long-awaited
rapprochement between Riyadh and Tehran is a key tool to defuse
sectarian tensions and long-simmering conflicts in the region ,
particularly in Syria and Iraq, analysts said. "The ISIS threat has brought Iran and Saudi Arabia closer
together and convinced them to engage in diplomacy in order to resolve
lingering issues," Hilal Khashan, a professor of political science at the American University of
Beirut, told The Daily Star. "I think Saudi-Iranian cooperation is very important in
the battle to defeat ISIS. In order for them to successfully eliminate the ISIS threat, they need to
agree on lingering regional issues, such as the situation in Yemen,
Iraq and Syria," he said. "For Saudi Arabia, ISIS poses an existential threat, while ISIS poses a
strategic threat for Iran in the region," Khashan added. " ISIS can have an appeal to a
segment of the Saudi population, but it does not have such an appeal within the Iranian
population." Sami Nader, a professor of economics and international relations at the Universite St.
its prisoners and the beheading of two American journalists.
Joseph, echoed a similar view. "A Saudi-Iranian rapprochement is fundamental to confront the Daesh threat
in the region," Nader told The Daily Star, using the Arabic acronym for ISIS. "For Saudi Arabia, ISIS poses
an existential threat, while the militant group poses a strategic threat for Iran." " Both
countries
have shown a great deal of pragmatism in the attempt to cooperate to face the
Daesh threat," said Nader, also the director of the Levant Institute for Strategic Affairs (LISA), a Beirutbased think-tank. " A
said that strained Saudi-Iranian ties were going through "detente" that could lead to the beginning of a
rapprochement. "For now, [the] dtente is based on a single subject, which is a common threat posed by
Both countries are facing the Daesh threat . This is why the
confrontation by their proxies in the region has calmed down ," he said.
Signs of a thaw in strained Saudi-Iranian relations emerged last
month when Iran's Deputy Foreign Minister Hossein Amir Abdollahian held an
ice-breaking meeting with Saudi Foreign Minister Prince Saud al-Faisal in the
Saudi city Jeddah. Abdollahian described the talks, which also covered the ISIS threat, as "positive
and constructive." "Both sides emphasized the need to open a new page of
political relations between the two countries," he said after meeting Prince Saud. Abdollahian is
ISIS.
expected to visit Beirut next week as part of a tour that will also take him to Syria to brief officials in both
countries on the new climate of understanding between Saudi Arabia and Iran, a political source told The
Daily Star. Prince Saud has said he had invited his Iranian counterpart Mohammad Javad Zarif to visit Saudi
Arabia and was awaiting a reply. He said Iran is a neighboring country which can contribute to stability in
the region. Zarif said he was ready to visit Saudi Arabia and welcome Prince Saud in Tehran. Speaking at a
32
news conference in Tehran Aug. 31, Zarif, commenting on Abdollahian's talks in Jeddah, said: " Iran is
always eager to establish good relations with neighboring states and Saudi Arabia is the most important of
these states. It is an important country at the Islamic world level and enjoys a wide role and influence." He
said Iran and Saudi Arabia have "common interests and are facing common threats. "Extremism, violence
and terrorism are the most important dangers facing the Islamic world," he added. Since he was elected as
Riyadh and Tehran comes as U.S. President Barack Obama, with his NATO allies, is struggling to establish
an international coalition to confront the ISIS threat. The United States said Friday that it was forming a
"core coalition" to battle ISIS militants in Iraq. Obama sought to use a NATO summit in Wales to enlist allied
support in fighting the Islamist militants, but it is unclear how many nations might join the United States in
been suspicious of Iran's influence in the region. Riyadh and other Gulf states have also been apprehensive
of Tehran's nuclear ambitions. Saudi-Iranian relations have been further strained by policy differences,
particularly over the war in Syria, where the two countries support opposing sides. Saudi Arabia and its
Gulf neighbors back rebels fighting to topple President Bashar Assad's government, which is supported by
Tehran. In Lebanon, Saudi Arabia and Iran also support opposing sides. While Saudi Arabia backs the Future
Movement-led March 14 coalition, Iran supports the Hezbollah-led March 8 alliance. Speaker Nabih Berri
and rival Lebanese politicians have said that improved Iranian-Saudi relations would result in
renewal of
talks between Saudi Arabia and Iran would ward off terrorism
threats facing the region. "I am counting on the Saudi-Iranian meeting to fight off the danger
breakthroughs in Lebanon and the conflicts in Syria and Iraq. Berri expressed hope that
facing the region," Berri was quoted as saying by lawmakers last week. Shafik Masri, a professor of
international law at the Lebanese University and the American University of Beirut, agreed that a Saudi-
rapprochement has
not materialized yet . But there are intentions driven by an
understanding between Saudi Arabia and Iran," Masri told The Daily Star. " The SaudiIranian understanding is seeking to address the region's problems, beginning with
the ISIS threat."
Iranian dtente is pivotal to confronting the ISIS threat. "A Saudi-Iranian
33
about ISIS persecuting and oppressing representatives of religious minorities, including Christians, forcing
them to flee the country. It regarded such aggressive and systematic actions as absolutely
unacceptable and criminal. ISIS has become a sort of bogeyman for a reason. Its religious fanaticism,
severe discipline and brutality can overshadow even Al-Qaedas. Its military advance and expanding turf in
futile. On one hand, there is the increasing confrontation between Russia and the West over Ukraine and
lingering distrust toward the Kremlin, and on the other hand, skepticism about the true scale of the ISIS
threat. Indeed, naysayers would posit that the ISIS threat is highly exaggerated. Does
ISIS really pose a threat to Russia and the U.S.? Can this Islamic organization really succeeded in
expanding its influence globally? Should the world really take seriously the declarations from ISIS about
their geopolitical ambitions and a global caliphate? ISIS
ISIS and international terrorism for Russia, the U.S., and Europe
seems like it has the potential to bring them closer together and
forget about (or at least ignore) their differences over Ukraine .
Although such a scenario is unlikely (at least while ISIS doesnt pose a more serious
existential threat for all stakeholders), the question of how to minimize Russia-West
confrontation over Ukraine to deal with ISIS together remains open. Russia Direct interviewed experts to
find out if ISIS poses a real threat for Washington and Moscow and if they can overcome their differences
over Ukraine and find ways to collaborate despite the beginnings of a new Cold War? Mark Kramer,
Professor, Director of the Cold War Studies Program at Harvard's Davis Center for Russian and Eurasian
ISIS). Because of glaring blunders committed by the Obama administration in its dealings with Iraq, the
brutal terrorists in the Islamic State were able to gain a foothold and spread their influence. Obama's weak
and indecisive response to the disaster in Syria has further strengthened the Islamic State and other
radical Islamist terrorists who are using Syria as a training ground. Russia has not made as many foolish
blunders, but it has not done enough to try to combat the Islamic State. U.S.-Russian cooperation against
the Islamic State might inspire other countries to do more, including counter-terrorism offensives that
would take the fight to ISIS, seeking to destroy it. U.S.-Russian cooperation [in the region] might prove
difficult in some respects the Russian authorities will want to solidify Bashar al-Assad's regime, whereas
the United States has sought to replace Assad but these problems are not so severe that they will stymie
of Oriental Studies at the Russian Academy of Sciences (RAS), editor-in-chief of Vostok (ORIENS) journal,
member of the Science Council at the Russian Foreign Ministry and the Russian Security Council No doubt,
Chechen jihadist fighters in Syria represent a domestic security problem for Europe and Turkey because
many of them come from the diaspora Georgia, Turkey, and dozens from Austria and France and rather
fewer from Belgium, Scandinavia and Germany. What will be their agenda when they come back home
and who are they going to fight against? Without meaningful cooperation, well be not able to deter this
threat. Another example: ISIS leaders declare that they will be killing Americans everywhere in the world.
Doesnt the U.S. need cooperation with all partners including Russia to obstruct terrorists from inflicting
damage to U.S. citizens inside and outside the U.S.? Russia, in turn, also needs international support in its
era of hyper-globalization.
satellites for information about the launch of enemy missiles. Russia and U.S. should eliminate launch on
the
target country has only a few minutes to decide whether to launch
after detection of an apparent attack. Due to the emergence of cyber-warface, there is
warning from their strategies Strategic missiles have a flight time of about 15-30 minutes, so
a significantly high potential for false alerts from early warning systems. So, there is a likelihood of error
and the opportunities for ill-considered decisions are quite real. Cartwright and Dvorkin said that the
presidents of Russia and the United States should discuss and eliminate the launch on warning option from
down as an urgent priority." A joint decision on this will not affect either country's nuclear deterrence, they
said.
36
tweet of the Syrian airstrikes First tweet of the Syrian airstrikes 01:08 PLAY VIDEO Who is Khorasan? Who is
Khorasan? 03:02 PLAY VIDEO Iraqi PM: Happy Arab nations joined U.S. Iraqi PM: Happy Arab nations joined
U.S. 01:09 PLAY VIDEO The potential benefits to al-Assad from the airstrikes "may be the most dangerous
and morally troubling consequence of President Obama's decision to cross the Syrian border to fight the
Islamic State," The New York Times warned in an editorial Tuesday. To try to prevent that, the Obama
administration has to delicately navigate this minefield. Here are the challenges it faces: 1. Distance itself
from al-Assad The White House has been at pains to stress that the airstrikes took place without any
cooperation with al-Assad's government, which has been fighting against rebel groups for more than three
years in a vicious conflict that has killed around 200,000 people. "I want to be very clear ... that we did not
coordinate with them, we did not provide them advance notice of the timing or of targets that the U.S. was
going to strike. In fact, we warned them to not pose a threat to our aircraft," Ben Rhodes, Obama's deputy
national security adviser for strategic communications said Tuesday. The only contact, he said, was U.S.
Ambassador to the United Nations Samantha Power telling her Syrian counterpart that direct action was to
be taken. U.S. officials are also playing down the advantages of the airstrikes to the Syrian regime,
although not very convincingly. Map: Airstrikes in Syria EXPAND IMAGE "I wouldn't characterize the effects
we had last night as benefiting Assad," said Lt. Gen. William Mayville, director of operations for the Joint
Chiefs of Staff. 2. Quickly bolster moderate rebels The big question is that if the airstrikes weaken ISIS' grip
Obama
emphasized intensified U.S. efforts to train and equip more moderate Syrian
rebels as "the best counterweight" to both ISIS and al-Assad. But many analysts are
skeptical that the rebels will be in a position to make major inroads
on northern Syria, who will step in and take that territory. In his address Tuesday,
anytime soon. Congress only approved Obama's request to arm and train "appropriately vetted" rebel
groups last week. U.S., Arab nations attack ISIS in Syria 13 photos 01 isis airstrikes 092502 isis airstrikes
092505 isis airstrikes03 isis airstrikes 092507 Syria attack obama 092302 syria attack 092303 syria attack
092305 syria attack 092304 syria attack 092301 syria attack 092306 syria attack10 syria attack 092311
syria attack 0914 EXPAND GALLERY What life is like inside ISIS stronghold What life is like inside ISIS
stronghold 02:40 PLAY VIDEO What weapons are U.S. using? What weapons are U.S. using? 01:23 PLAY
VIDEO Pentagon: ISIS fight will take years Pentagon: ISIS fight will take years 04:23 PLAY VIDEO Turning
those groups into a force that can take on ISIS' feared fighters and al-Assad's military will take time. But
the strikes against ISIS are happening now. 3. Manage a fragmented opposition Experts say that the rebels
fighting for the Western-backed Free Syrian Army ( FSA) lack a unified leadership. "Syria is
a fragmented country, and most of these militias have a very town-centric quality. They're based on clan
structures and regional structures," Joshua Landis, director of the Center for Middle East Studies at the
University of Oklahoma, said in an interview with WBEZ earlier this month. "None of them have really
developed a national scope, except for the Islamist ones, like al Qaeda and ISIS," he said. The sheer
number of different militias across Syria -- estimated in the hundreds -- runs the risk of turning Syria into a
patchwork of warlord fiefdoms. "If you just give them money without unifying them, you're going to get
Somalia," said Landis. 4. Juggle unaligned objectives
If
their only object is to kill ISIS, many of them feel the revolution will
be dead."
it contingent -- they don't like ISIS. But their goal, from the beginning, has been to fulfill this revolution.
38
on its military objectives or evolve into a wholly political force and further develop as a grassroots
movement with a vast political and social network. If Hezbollah goes with the first option, it would likely
move quickly to consolidate its control over Lebanon, possibly using military force. Such a move might be
precipitated by emboldened Sunni aggression toward Hezbollah or by other circumstances that threaten
the organization and its weapons. But Hezbollahs probable triumph in an armed struggle would be a
pyrrhic victory, dramatically undermining its popular credibility in Lebanon and leaving the country highly
acknowledged that a third Israel-Lebanon war would be far more brutal, and encompass far more territory,
than the one in 2006. But if either Israel or Hezbollah miscalculated and provoked a conflict, Hezbollah
would be at a strategic disadvantage without a Syrian supply line and safe haven. War with Israel could
rejuvenate Hezbollahs resistance narrative, particularly if Israel used excessive force that produced
massive civilian casualties. But Hezbollah would pay a significant price internally, particularly with its warweary Shia constituency.
39
AT Hurts Privacy
The program itself is incredibly reasonable and has built
in safeguards to prevent widespread paranoia and civil
liberties violations
USDA, 2014, (USDA Insider Threat Program, Office of Homeland
Security and Emergency Coordination (OHSEC), U.S. DEPARTMENT OF
AGRICULTURE, June 30, 2014,
http://www.ocio.usda.gov/sites/default/files/docs/2012/DR%204600003%20Insider%20Threat.htm)//erg
The purpose of this directive is to set forth the U.S. Department of Agricultures
(USDA) roles and responsibilities for an Insider Threat Program, as
directed by Executive Order (EO) 13587 dated October 7, 2011, titled, Structural
Reforms to Improve the Security of Classified Networks and Responsible Sharing and Safeguarding of
Classified Information and the National Insider Threat Policy and the Minimum Standards issued in
mandated to
develop and implement an Insider Threat Program with the primary
mission to prevent, deter and detect compromises of classified
information by malicious insiders. Although EO 13587 applies only to
the safeguarding and sharing of classified national security
information , the National Insider Threat Task Force (NITTF) recognizes that an agency may possess
November 2012. 2. BACKGROUND The Secretary of Agriculture, under EO 13587, is
information that it considers sensitive but that is not classified. As stated in the NITTFs Guide to
Accompany the National Insider Threat Policy and Minimum Standards, issued in November 2013, the
policies and standards under EO 13587 can be applied generally to protect the sensitive but unclassified
environment. The National Insider Threat Policy and Minimum Standards require that the USDA addresses
policies and procedures whereby the organization's insider threat program accesses, shares, and
integrates information and data derived from offices across the organization, including security,
information assurance, and human resources offices. d. Designate a senior official(s) with authority to
provide management, accountability, and oversight of the organization's insider threat program and make
identifiable information) are appropriately addressed. f. Promulgate additional department and agency
guidance, if needed, to reflect unique mission requirements, but not inhibit meeting the minimum
standards issued by the NITTF pursuant to this policy. g. Perform self-assessments of compliance with
insider threat policies and standards; the results of which shall be reported to the Senior Information
Sharing and Safeguarding Steering Committee (hereinafter Steering Committee). h. Enable independent
40
assessments, in accordance with Section 2.1 (d) of Executive Order 13587, of compliance with established
insider threat policy and standards by providing information and access to personnel of the NITTF.
including contractors and others who access classified information, or operate or access classified
computer networks controlled by the federal government); and all classified information on those
Department and agency heads also have a responsibility to ensure these protections are maintained
through oversight of their insider threat programs.
to implement the new minimum standards? Yes, taken together, the E.O. and the national policy mandate
that every executive branch agency with access to classified information establish an insider threat
there is a recognition of
differing levels of riskand, therefore, differing levels of protection
required based on such things as size of cleared population, extent of access to classified computer
systems, and amount of classified information maintained by the D/A. The national insider threat policy
directs heads of D/As to developtheirprogramsusingriskmanagementprinciples.
42
TheNITTFisworkingwithD/As,as well as the Classified Information Sharing and Safeguarding Office in the
office of the Program Manager--Information Sharing Executive, to assess the extent of applicability of the
minimum standards to each of the 70+ executive branch D/As with access to classified information based
on associated risk.
of incidents, and not of the individuals committing the violations. This is important for a wide variety of
reasons. The action that employees need to take is to simply report the questionable incidents to Human
another employee can clearly result in negative consequences for all involved. The anonymity is critical
The goal is to
detect incidents and stop the loss. Most organizations should already have an
even if it potentially means that it is impossible to gather criminal evidence.
established incident reporting structure. Those that do not should consult with the legal and human
resources departments to create one. Clearly, when trying to motivate employees to inform the
organization about the violations of other employees, you should get the Human Resources and Legal
departments involved in at least approving the awareness materials that are distributed. They very likely
will be able to provide guidance on how to best implement other aspects of the program as well. [Insider
threats and how they can be mitigated] Snowden's activities triggered an interest in organizations to
examine what technological controls that they can put in place to stop their own Snowden. Yet much like
should have been able to more effectively detect his actions than any technical countermeasure could
have. Therefore,
43
detectors of insider abuse . The insider threat is too important a subject to shy away from,
no matter how sensitive the implications may be. Unfortunately, history has shown us that
the risk is too great.
In response to
the breach by former Army intelligence analyst Pfc. Bradley
Manning, President Obama in 2011 issued an executive order that
established a National Insider Threat Task Force and required all federal
understanding what the threat can mean to them, and the risk it poses to them.
agencies that handle classified material to institute programs designed to seek out saboteurs and spies.
While corporate security has long been part of Beltway culture, the heightened focus and the emergence
of new monitoring technology touched off a burgeoning industry. In addition to Raytheon, Lockheed Martin
has developed an insider-threat detection service, as have several start-ups in the Washington area. Even
Booz Allen Hamilton, which faced national embarrassment when Snowden, one of its employees, walked
off with some of the countrys most guarded secrets, counsels its clients on how to detect rogue
employees. A recent job posting said the company was looking for an insider threat analyst, which
required a security clearance and more than five years of experience in counterintelligence. The posting
spread on the Web and sparked ridicule over the notion that the company that employed Snowden was
now looking to help turn the historic breach into a profitable lesson learned. Raytheons SureView program
allows agencies to create all sorts of internal alerts indicating when something may be amiss. A company
could, for example, program the software to detect whenever a file containing the words top secret or
Once
that wire is tripped, an alert almost immediately pops up on a
security analysts monitor, along with a digital recording of the
employees screen. All the employees actions the cursor scrolling over to open the secure
proprietary is downloaded, e-mailed or moved from one location on the system to another.
file, the file being copied and renamed can be watched and replayed, even in slow motion. Its the cyber
equivalent of the security camera that records robbers sticking up a convenience store. Lockheed Martin
provides a service called Wisdom, which acts as your eyes and ears on the Web, according to a company
44
solutions. A trade-off for companies The market is much broader than the defense and intelligence
industries. It extends to hospitals, which need to protect patients information; retailers, which hold
customers credit card numbers; and financial institutions. Some worry that the programs are an
overreaction to a relatively rare threat that will do more to hinder the free flow of information than to deter
crime, while creating repressive working environments. Despite the soon-to-come federal mandate, many
defense contractors have already implemented fairly imposing controls to minimize the unauthorized use
of data, said Loren Thompson, a defense industry consultant who has worked with Lockheed Martin and
other contractors. But he warned that this clearly is a trade-off in which values like efficiency and
collaboration will be sacrificed in order to reduce the likelihood of internal wrongdoers from succeeding.
After Sept. 11, many agencies were criticized for not sharing
sensitive information that could have prevented the attacks, so
steps were taken to consolidate data within the government. Thompson
fears the current climate of worry about Snowden-like leaks could lead to a return to the old habits, with
key information once again compartmentalized. Insider threats are a real problem, but mandating a
particular standard for all contractors will cost huge amounts of money and quite possibly result in the
wrong steps being taken, he said. In addition to the cases that have made headlines worldwide, there are
an untold number of incidents in the broader corporate world where insiders wreak havoc from the
systems administrator at what was then UBS Paine Webber who planted a logic bomb on the companys
network, to the Chinese national who was convicted of stealing trade secrets from Ford Motor Co.
Web sites they go to, which file servers they go to. But what we dont do is absorb the content of that
data.
We dont read e-mails or chats or texts. Or even the content of the Web sites
they go to. Were looking at the patterns they use. MITRE, a not-for-profit research and
45
development company, did a study in 2009 where it asked some of its own employees to try to access
sensitive information on its own network. In addition to assessing the networks strength, the company
wanted to study evasiveness, said Deanna Caputo, MITREs principal behavioral psychologist. We
wanted to see what good guys gone bad would look like. Working under a grant from the Defense
Advanced Research Projects Agency, the Pentagons research arm, Georgia Tech computer scientists have
worked to develop software that can detect a rogue employee even before he or she has broken bad.
When a soldier in good mental health becomes homicidal or a government employee abuses access
privileges to share classified information, we often wonder why no one saw it coming, said a Georgia Tech
news release. All this corporate scrutiny doesnt necessarily bother groups that advocate for privacy
protections. When it comes to using a government or corporate network, employees often do not have
expectations of privacy, especially if they are dealing with classified information, said Ginger McCall, an
associate director at the Electronic Privacy Information Center. I
think there is an
important distinction between monitoring a persons personal emails and monitoring access to sensitive databases , she said. And since
so much information about ordinary Americans is contained on
government and corporate databases, there are benefits to making
sure they are protected and under constant surveillance. We would
want to know if someone at the FBI is accessing a database on a
person when they shouldnt be, she said. Michael Crouse, Raytheons director of insider
threat strategies, said such programs help agencies trust but verify. We trust our privileged users, he
said. But what were seeing is that you can verify that they are doing the work that is assigned to their
role. Its sort of like a big factory, he said, where the foreman is looking down on the factory floor making
sure everyone is doing their job.
46
Groupthink Advantage
47
48
credible. Washington has gone further, but not far enough to signal serious
intent. What Mr Putin has seen of a divided west tells him it is bluffing. He will
take sanctions seriously when he sees that those threatening them are ready
to bear the costs.
51
The American people are tired. Pity the poor politician who tries to sell the
American public on yet another war, especially some complex conflict in a
distant Eastern Europe nation. Neville Chamberlains words during the 1938
Czechoslovakia crisis come to mind: How horrible, fantastic, incredible it is
that we should be digging trenches and trying on gas-masks here
because of a quarrel in a far away country between people of whom
we know nothing.
Americas allies are tired. NATO sent troops to support the American
campaign in Afghanistan, and has little to show for it. Britain sent
troops to Iraq and Afghanistan, and has little to show for it. It is almost
inconceivable to imagine the Western European public marching in the
streets to demand the liberation of Crimea, especially considering the
regions sputtering economy, which might be snuffed out should Russia stop
exporting natural gas. As for military capabilities, the Europeans couldnt
evict Libyan dictator Muammar Gaddafi without American help. And
Germans fighting Russians again? Lets not even go there.
54
56
58
No Groupthink
Organization electronic detection protocols check and
prevent groupthink
Lewellen et al 13, (Todd Lewellen, George J. Silowash, Daniel Costa,
Insider Threat Control: Using Plagiarism Detection Algorithms to Prevent
Data Exfiltration in Near Real Time, Software Engineering Institute, October
2013,
http://resources.sei.cmu.edu/asset_files/TechnicalNote/2013_004_001_64688.
pdf)//erg
We define a malicious insider as a current or former employee,
contractor, or business partner with all three of the following
attributes: has or had authorized access to an organizations network,
system, or data intentionally exceeded or misused that access
negatively affected the confidentiality, integrity, or availability of the organizations
information or information systems Malicious insiders are able to act
within an organization by taking advantage of weaknesses they find
in systems. Organizations must be aware of such weaknesses and how an insider may exploit them.
Organizations must also be aware of the many ways in which
weaknesses are introduced. For example, an organization may have relaxed or nonexistent
acceptable-use policies for internet access. In other cases, a lack of situational awareness introduces
weaknesses that malicious insiders can exploit. Additionally, an organization that allows its employees to
use web-based services, such as email, increases the potential for data leakage. Establishing proper
auditing policies and technical controls, as discussed in this technical note, mitigates some of these risks.
information using web-based services, in particular, email accessed through a web browser using the HTTP
Preventing Data Exfiltration Through Encrypted Web Sessions via Traffic Inspection [Silowash 2012]. Those
wishing to implement the capabilities discussed in this report will need to be familiar with the prior
technical note and will need to have configured their environment accordingly. This technical note will
leverage the existing work by implementing an additional ICAP server to perform additional content
scanning of attachments and text entered into web pages to determine if IP is being exfiltrated. 2.2
TheInspectionProcess In the prior technical note, Detecting and Preventing Data Exfiltration
Through Encrypted Web Sessions via Traffic Inspection, a Squid proxy server, C-ICAP, and ClamAV are used
leverages the GreasySpoon ICAP server1 and Apache Lucene2. According to the Apache Software
Foundation, Apache LuceneTM is a high-performance, full-featured text search engine library written
entirely in Java. It is a technology suitable for nearly any application that requires full-text search,
59
agent is written in Java and monitors a given directory of IP. When a new file is created, updated, or
deleted, the agent reads the file and updates Lucenes index. When a user uploads a document to a webbased service such as Gmail, Yahoo Mail, or Facebook, or pastes text into an online form, the document or
used with the document tagging and keyword detection capabilities discussed in the prior technical note.
60
AT Russia Scenario
The US is gearing up to fight Russia now the aff cant resolve this
Bandow 6/24 (Doug, Senior Fellow at the Cato Institute and a former Special Assistant to President
Ronald Reagan, Washington Confronts Russia over Ukraine: Yet Europeans Wont Protect Themselves from
Vladimir Putin, http://www.cato.org/publications/commentary/washington-confronts-russia-over-ukraineyet-europeans-wont-protect)//RTF
Europe is at risk, we are told. Russias assault on Ukraine threatens the post-Cold War
order. Moscow may follow up with similar attacks on Moldova and even such NATO members as Estonia,
Latvia, and Lithuania. But no one in Europe seems to care. Even the countries
supposedly in Vladimir Putins gun sites arent much concerned. No one is bolstering their military. And the
Unfortunately, the
Ukraine crisis is likely to continue for some time. The allies hope sanctions will
European people oppose taking any military risks to help their neighbors.
bring Moscow to heel, but the Pew Research Center found that 88 percent of Russians backed Vladimir
Putin, though no
friend of the West, is no fool. He recently opined: only an insane person and only
in a dream can imagine that Russia would suddenly attack NATO.
But if Putin changes his mind, the Europeans dont plan on
defending themselves. Instead, virtually everyone expects America
to save them, if necessary. Washington is being played for a sucker as usual. Defense
Secretary Ashton Carter is visiting Europe this week. On Monday while
observing exercises by NATOs new rapid response force he announced that the U.S. will
contribute aircraft, weapons, and personnel to the Very High
Readiness Joint Task Force. Americans will provide intelligence,
logistics, reconnaissance, and surveillance support. Thats not all. Separately,
the Obama administration plans to pre-position tanks and other
equipment for a combat brigade in seven nations in Eastern Europe .
Putins foreign policy, the highest number since Pew started polling in 2003. At least
James Stavidis, a former NATO commander, now dean of the Fletcher School at Tufts, said this provides a
mean by we? Washington again will do the heavy lifting. You can nearly hear the sigh of relief in
Europe, said Heather Conley of the Center for Strategic and International Studies, in learning that the U.S.
again would bail out its allies. The Europeans scrimp on the military while funding their generous welfare
state. They promise Washington whatever it desiresto increase outlays, hit the two percent of GDP level,
improve international coordination, and more. Then they will go back to doing what they do best, depend
on America. Washington is being played for a sucker as usual. NATO always stood for North America and
the Others. During the Cold War the allied states shamelessly took a very cheap ride on the U.S. That
made sense in the immediate aftermath of World War II, but by the 1960s Europe had recovered and
should have spent amounts commensurate with the Soviet threat. However, Europeans correctly gauged
that Washington wouldnt leave, despite periodically upbraiding them for their meager efforts. Cato
Institute forum on future of NATO The problem has gotten worse in recent years .
The U.S.
accounts for three-quarters of NATO outlays even though Europe has
a larger GDP than America. Because of European cutbacks, overall outlays are down 1.5
percent this year. Of 28 members only the U.S., Britain, and Greecemostly because of its confrontation
with fellow alliance member Turkeytypically broke the officially recommended level of two percent of
GDP. Estonia has become a member of that exclusive club, but not Latvia and Lithuania, despite being on
the front line. After frenetically demanding that the U.S. do more, Poland only hit that mark this year. But
several members have been cutting outlays, despite the continents embarrassing showing against Libya
(running out of missiles, for instance) and limited capacity to aid the Baltics (little more than nil) let alone
defend a nation like Ukraine. Of the five largest European defense budgets, only Frances will increase.
Those of Canada, Germany, Great Britain, and Italy will continue to decline. None of these countries will hit
the recommended two percent of GDP level in 2015. Only Britain and France exceed 1.5 percent. Canada
61
barely makes one percent. (At the G-7 Summit President Barack Obama essentially begged the British to
spend more; London has responded by considering whether reclassifying intelligence and foreign aid
outlays as military would allow Britain to technically meet the standard.) Those NATO members spending
more this yearEstonia, Latvia, Lithuania, Poland, Netherlands, Norway, and Romaniacollectively have
outlays only half that of Britain. Cooperation is poor even among those most at risk. Add Poland to the
three Baltic and five Nordic states and the group enjoys a GDP about a third larger than that of Russia.
However, their military outlays are only about 40 percent of Moscows. Moreover, complains Edward Lucas
of the Center for European Policy Analysis, they are divided and suffer from strategic incoherence.
Never mind the events of the last year. Ukraine has not served as Thomas Jeffersons famed fire bell in
the night, despite the supposedly terrible threat posed to the peace and stability of Europe. It is much
more business as usual, said British defense analyst Ian Kearns. As of 2013 the Europeans devoted just
3.6 percent of their governments budgets to the military, compared to a fifth of U.S. government
spending. Americas per capita military outlays are five times that of the alliances Cold War members and
eight times that of those states which joined later. Total military spending by NATOs European members
was less in real terms in 2014 than in 1997and there are 12 more member states in NATO today,
From the
onset of the crisis with Russia a number of American analysts have
proposed deploying U.S. forces to Ukraine, treating the latter as if it
was a NATO ally. No Europeans have volunteered to follow. The U.S. House has
approved legislation to arm Kievs forces, and a similar measure is
being pushed by ever warlike Senate Armed Services Committee
Chairman John McCain. Most European governments have resisted the idea. Make no mistake:
observed my Cato Institute colleague Chris Preble. The issue is more than just money.
we will defend our allies, declared Carter. But will the Europeans defend anyone, even themselves? A new
poll suggests not. The Pew Foundation recently surveyed eight leading NATO countries: If Russia got into a
conflict with another member of NATO, should your country use military force in the victims defense? A
majority of French, Germans, and Italians said no. (The Germans were particularly emphatic, with 58
percent rejecting war. German support for NATO has dropped by 18 percent in just six years.) Only
pluralities said yes in Poland, Spain, and the United Kingdom. (Yet Poland is insisting that everyone else
defend it!) The highest European support level was in Britain, at 49 percent. Only in America, naturally,
and Canada did a majority say yes (56 and 53 percent, respectively). Ivo Daalder, a former U.S.
ambassador to NATO, said it will take a serious effort by the alliance to convince its public of the need to
prepare for, deter and, if necessary, respond to a Russian attack. Yet why should they take action as long
as they believe they can count on Washington to save them? According to Pew, two-thirds of Europeans
were convinced the Americans would come rushing over to do what they would not do for themselves. Its
time to change that. Judy Dempsey of Carnegie Europe asked why Washington allowed itself to be used in
this way: Europe is prosperous. It should be confident enough both to take care of its own security and to
contribute to a greater role in burden sharing. It will not do so as long as U.S. policymakers insist that
Americans do the job instead. The Cold War is over. Moscow is an unpleasant regional actor, not a global
threat. Europe has a much larger GDP and population than Russia and even with its current anemic level of
military outlays devotes more to defense. The U.S. government is essentially bankrupt, with far greater
unfunded liabilities than the Europeans, despite Greeces travails. Instead of pouring more resources into
NATO, Washington should be disengaging militarily, turning leadership of the alliance and responsibility for
defending the continent over to Europe. Americans shouldnt be expected to protect their rich cousins
even if the latter were devoted to protecting each other. That the Europeans expect the U.S. to do their job
is yet another reason for Americans to say no more.
The White House came under bipartisan pressure from both sides of
the Capitol to provide weapons to Ukraine Thursday. Republicans and
Democrats on the Senate Armed Services Committee made a big
push on the issue, while a bipartisan group of House members called
for the same course of action in a letter. "The United States must act
with urgency to provide defensive lethal assistance to Ukraine," said
Sen. John McCain (R-Ariz.), the chairman of the Armed Services Committee. "Russia's
62
behavior." The White House has so far turned down Ukraine's requests for weapons out of fear it would
further provoke Russia, but has provided nearly $122 million in non-lethal military equipment to Ukrainian
risk and costs Russia must incur to continue its offensive," he said. McCain said that since April, Russianbacked separatists in Ukraine have killed 5,358 Ukrainian forces, wounded 12,235 others and killed 224
drones, electronic counter-measures against Russian drones, secure communications capabilities, armored
Humvees and medical equipment, they said. Lethal aid should include light anti-armor missiles, "given the
large numbers of armored vehicles that the Russians have deployed in Donetsk and Luhansk and the
63
abysmal condition of the Ukrainian militarys light anti-armor weapons," the letter said. The letter was also
signed by Reps. Steny Hoyer (D-Md), Michael Burgess (R-Texas), Gerry Connolly (D-Va), Steve Chabot (ROhio), Rosa DeLauro (D-Conn.), Eliot Engel (D-N.Y.), Michael Fitzpatrick (R-Penn.), Alcee Hastings (D-Fla.),
Steve Israel (D-N.Y.), David Jolly (R-Fla.), Marcy Kaptur (D-Ohio), Mike Kelly (R-Penn.), John Larson (D-Conn.),
Sander Levin (D-Mich.), Daniel Lipinsky (D-Ill.), Thomas Marino (R-Penn.), Michael McCaul (R-Texas), Tom
McClintock (R-Calif.), Tim Murphy (R-Penn.), Mike Quigley (D-Ill.), Bill Pascrell (D-N.J.), Robert Pittenger (RN.C.), Ted Poe (R-Texas), Reid Ribble (R-Wisc.), Thomas Rooney (R-Fla.), Peter Roskam (R-Ill.), David
Schweikert (R-Ariz.), John Shimkus (R-Ill.), Adam Smith (D-Wash.), Steve Stivers (R-Ohio), and Michael
Turner (R-Ohio). The non-voting member from Guam, Del. Madeleine Bordallo (D), also signed. "We know
that a resolution to the Ukrainian crisis will ultimate require a diplomatic, not military, solution," the letter
said. "But Russia is feeling emboldened, and Ukraine is economically stretched to its breaking point. It is
time to provide the Ukrainiain government with the tools to keep the separatists at bay and to make the
conflict too costly for their Russians patrons to continue." Separately, Senate Foreign Relations Committee
Chairman Bob Corker (R-Tenn.) urged President Obama in a letter Thursday to fully implement a law passed
last year, which requires him to report to Congress by Feb. 15 on plans to provide weapons to Ukraine. We
hope the administration will submit a report to the Senate Foreign Relations Committee later this month
that clearly states your readiness to supply appropriate lethal assistance to the Ukrainian government and
provides details of the specific weapons to be delivered, said Corker, a co-author of the bill.
(Donald, November 18th, resident fellow at the Center for Transatlantic Relations in the
Nitze School of International Studies at Johns Hopkins University, Republican Congress to Push Harder
Russia Line, http://imrussia.org/en/analysis/world/2085-republican-congress-to-push-harder-russialine)//RTF
will also be under pressure to show the electorate that they are capable of governing after drawing scorn
for shutting down the government last year and allegedly demonizing the president. The presidents
supporters and the national media, in turn, are also guilty of exaggeration: they are fond of caricaturing
the GOP as being held hostage to an extremist Tea Party base. Many of these critics expect (and hope)
that Republican unity will be difficult to achieve. The day after the midterm elections, President Obama
promised to work with Republicans, but warned that he was also prepared to make more use of his
executive powers. Foreign policy is rarely a primary concern of U.S. voters. Indeed, surveys suggest that
those who went to the polls this November were primarily concerned with the state of the economy,
partisan gridlock in Washington, and Obamas leadership. In September, according to a Pew Research
Center poll, 64 percent of respondents said foreign policy would be an important factor in their midterm
election vote. In an October poll, by a margin of 43 to 37 percent, voters believed Republicans would do a
better job of handing foreign affairs than Democrats. It appears such sentiments have much to do with the
publics view that Obama has demonstrated poor leadership on international issues. Setting aside
individual debates about individual policy choices, David Rothkopf recently wrote for Foreign Policy, the
64
In Congress,
however, where sympathy for Ukraine was strong (and bipartisan),
there was firm support for providing arms. This debate took place, as Standard
withstand Russian aggression if it focused on political and economic reform.
Bank analyst Tim Ash wrote in October, amid widespread uncertainty about what Putin would do next and
general agreement that Western sanctions on Russia are working. Although they may have done little to
directly discourage Russian military activity, sanctions have extracted a heavy price from Russia and the
elites around Putin. Two bills that would provide Ukraine with defensive but lethal weapons are likely to be
With a GOP
majority in both houses of Congressincluding in the crucial Senate
Armed Services and Foreign Affairs CommitteesRepublican leaders
are now likely to step up the pressure on the weakened president,
already a lame duck, to be tougher on Russia and provide weapons
to Ukraine. Senator John McCain, the incoming chairman of the Senate Armed Service
Committee, said in an interview on November 5 that he has already discussed a new
national security agenda with fellow Republicans Bob Corker and
Richard Burr, who are likely to be chairmen of the Senate Foreign
Relations Committee and Senate Select Committee on Intelligence,
respectively. McCain promised to raise the issue of military
assistance. Two bills that would provide Ukraine with defensive but lethal weapons are likely to be
taken up by the new Republican Senate majority, despite the presidents wishes.
taken up by the new Republican Senate majority, despite the presidents wishes. The first of these bills, the
Ukraine Security Assistance Act of 2014, would help Ukraine neutralize the military-support advantage
that separatist rebels are using to target civilian and military aircraft in in eastern Ukraine and would
authorize President Obama to provide adequate and necessary assistance to protect Ukrainian democracy
and sovereignty. The second, the Ukraine Freedom Support Act of 2014, calls for military and security
assistance to Ukraine, designates it as a major non-NATO ally (MNNA), and imposes further sanctions on
the Russian Federation. MNNA is a designation given by the United States government to close allies
(including Australia, Egypt, Israel, Japan, and South Korea) who have strategic working relationships with
U.S. armed forces but are not members of NATO. While the MNNA status does not automatically establish a
mutual defense pact with the United States, it does confer a variety of military and financial advantages
that otherwise are not obtainable by non-NATO countries. Moreover, codifying U.S. sanctions against
Russia into legislation would make it far more difficult to end them than is currently the case, thereby
immunizing the sanctions against actions by the White House. It is unclear whether Obama will veto either
Obama veto would also put him at odds with powerful congressional leaders in both parties, now
emboldened by the elections to take a tougher line on an issue that appears secondary to the rest of the
remain uncertain. On the one hand, the Kremlin has little incentive to escalate its military presence in
Ukraine, regardless of any military assistance the U.S. might provide Ukraine (though such aid would
certainly give Putin pause). Russian public opinion does not support an invasion: Kremlin authorities made
great efforts during the fighting of August and September to restrict media coverage of Russian military
casualties. The economic costs of rebuilding the Ukrainian east or funding additional sustained major
military operations are likely prohibitive, given the downturn in the Russian economy. On the other hand,
Putins current stepped-up support for separatist forces, in violation of the Minsk agreement and despite
Western threats, suggests that he could go further no matter the economic cost or Western reaction. For
example, he could carry out a quick strike to establish a land bridge to Crimea. The Obama Administration
also continues to seek Russian cooperation on Iran and the Middle East, showing Putin there are limits to
Washingtons willingness to push back over Ukraine. In the end, therefore, the dispute in Washington over
military assistance to Ukraine may have more to do with the power struggle between Congress and the
administration than the realities of the military situation on the ground.
65
(Onan, 2015, writing for Eagles Rising, John McCain says It's "Shameful" Not to Send Arms
to Ukraine!, http://eaglerising.com/20010/john-mccain-says-its-shameful-not-to-send-arms-toukraine/#TKxhbSzXdKLiqT4d.99)//RTF
keep fighting is because Russian support lurks behind the scenes. Putin steadfastly denies any and all such
accusations. This
67
Solvency
68
Noncompliance
The Navy needs their ITP program they wont stop
Lombardo 13
(Tony -Staff writer, SECNAV launches plan to battle 'insider threats', Sep. 7,
2013,
http://archive.navytimes.com/article/20130907/NEWS/309070005/SECNAVlaunches-plan-battle-insider-threats-, JZG)
The Navy has a new plan to confront insider threats in the Navy
and Marine Corps, and it will involve more scrutiny, better training
and a team of top leaders to oversee its implementation. Navy Secretary
Ray Mabus issued an instruction in August that creates the Department of
the Navy Insider Threat Program. The goal is to prevent cases like
the data leaks by Army Pfc. Bradley Manning and former National Security Agency
contractor Edward Snowden, and violence like Army Maj. Nidal Hasans shooting
rampage at Fort Hood, Texas. With this instruction, Secretary Mabus has given
the Department of the Navy its marching orders, said Vice Adm. Michael
Rogers, head of Fleet Cyber Command. We need to do all we can to be aware of
the threat, and take those actions necessary to reduce that threat.
As head of the Navys cybersecurity arm, Rogers team of cyber warriors plays a critical role in fighting
insider threats. But Rogers insists the threat is an all hands issue. All who
serve within the Navy active, reserve, officer, enlisted, civilian employees and contract support
personnel are put at risk by this threat, and all can help diminish that threat, said Rogers, who
responded to Navy Times questions via email.
69
Counterplans
70
Reform ITP CP
71
1NC
CP Text: The United States federal government should
update the ITP program to include a common definition of
what an insider threat is and realign insider threat
training to focus toward preventing threats.
Common definitions solves cohesion
Porter 14 -Master in Security Studies
(Michael Lawrence, COMBATING INSIDER THREATS: AN ANALYSIS OF CURRENT
UNITED STATES INSIDER THREAT POLICIES AND NECESSARY IMPROVEMENTS,
May 2014, http://repositories.tdl.org/asuir/bitstream/handle/2346.1/30135/PORTER-THESIS-2014.pdf?
sequence=1&isAllowed=y, JZG)
The first improvement that is needed is the establishment of a
common definition of an insider threat. Currently, there are over 15
different definitions as outlined in the NCIXs Official Terms & Definitions of Interest List122.
Such a broad list of definitions leaves many questions in the minds
of the different IC agencies as to what an insider threat is, and who
has jurisdiction regarding collection, analysis, and apprehension. Most
importantly, the definition in the 2012 National Policy lacks any sort of tie to a foreign nexus123. This
vague language creates confusion as to who has jurisdiction over
potential insiders. According to the policy definition, CI would have been responsible for
identifying and handling any threat, to include domestic law enforcement cases. The problem is
that if these threats are American citizens, not working for extremist
organizations or foreign nations, then CI does not have jurisdiction
as assigned in EO 12333 . This current lack of specificity can cause
confusion when it comes to handling insider threats , because over utilization
of CI and LE on areas outside of their jurisdiction leaves them both over-exerted and stretched thin125.
Furthermore, establishing a definition will be difficult with as many different and divergent definitions as
we already have throughout the government. As was mentioned,
consensus is important
and right now there is none. Changing this will require the NITTF to build common ground
and push past the differences. The important thing to remember is that words have meanings and, as the
2009 NIS states, insider threats are the priority for CI126. An open-ended definition will tax a stressed
organization. Specificity allows work to be spread across the spectrum of CI and Law Enforcement cases
solved. Inherent to any definition is the constant need for cooperation amongst the different organizations
of CI and in the case of uncertainty, to allow for joint investigations and the sharing of potentially valuable
information between the different disciplines127 Evaluation will be more than just the success or failure of
72
a standard definition. The definition itself will be tied to a broader evaluation of the National Threat Policy.
Accordingly, the ITAG and the JITTF would be primarily responsible for the evaluation of current policies. In
order to do this, an evaluation of classified and unclassified reporting and investigations, at the national
level, will identify increases in reporting, opening of investigations, opening of joint investigations,
prosecutions, and operations conducted. An increase in these numbers would be a strong indication that
programs are working, at least in the short-term. This data would be compiled and presented by the NCIX
to the DNI and policy makers as an indicator of the change that is occurring with new policies. Granted this
information would not be shown to all policy makers, but there are representatives in Congress and the
White House that would be privy to this information, and that serve as representatives for the broader
policy community128.
Not
much needs to be added to current CI training, but an understanding
of the basic threat psychology, as addressed in Chapter 2, should be a part of
the Minimum Standards. A key element of this preventative
measure is the provision of information regarding where
developing threats can seek assistance, how coworkers can report
suspected problems for assistance, and how supervisors can refer to
assistance. These insights would be crucial both for impacting the
potential downward spiral and the apprehension of an individual . The
quickly because the longer they wait the longer the system goes without preventative measures.
one major outlet that exists is in Employee Assistance Programs (EAPs). As stated in EO 12968, all
individuals working for agencies with access to classified information are eligible to use EAPs for
assistance concerning issues that may affect their eligibility for access to classified information, such as
financial matters, mental health, or substance abuse. Essentially EAPs are counseling services for those in
the IC who need an extra support structure to get personal help130. The problem is that often there is a
stigma placed on anyone for using these services. The proper use of these programs is crucial for serving
this preventative measure and should be included in training as a healthy outlet free of judgment or
damage to ones career. One thing that the Spy cycle and the Radicalization cycle both underscored was
that in the earliest stages of the development of an insider threat, there was a need for help. The spy
found that help in the solace of a foreign intelligence service, while the future violent extremist found it in
73
the support network of an international terrorist organization. By focusing training on identification at the
later stages of development, we are skipping an important step in the progression of an insider threat.
Ignoring the early stages does nothing to prevent those potential future threats sitting on the edge of right
74
2NC
Reform to the ITP is necessary
Porter 14 -Master in Security Studies
(Michael Lawrence, COMBATING INSIDER THREATS: AN ANALYSIS OF CURRENT
UNITED STATES INSIDER THREAT POLICIES AND NECESSARY IMPROVEMENTS,
May 2014, http://repositories.tdl.org/asuir/bitstream/handle/2346.1/30135/PORTER-THESIS-2014.pdf?
sequence=1&isAllowed=y, JZG)
Chapter 4: The Reform Process Given the many insider threat-related
challenges the CI Community faces, the United States has done a great deal
to confront this dangerous enemy. Nonetheless, the CI Community must
make additional changes due to weaknesses in the current
legislative processes, organizational interactions , and other issues involved in
this effort 99. As addressed in Chapter 3, the structure of the CI Community has adapted over the years,
but the sad reality is that these changes happened largely as a result of failures in the system and
kneejerk reactions designed to address specific instances of failure100. Even then, the changes that do
The
ever-present threat posed by insiders means that the US CI
Community must routinely evaluate the process it operates under
and look to better itself. Our CI specialists must address a range of persistent vulnerabilities
occur often do not come easily and are the result of extensive reform processes throughout the IC.
to help strengthen the American security apparatus. The problem is that substantive reform is often very
difficult to accomplish in the IC, and subsequently the CI Community, for two reasons. First, intelligence
reform is usually more politically motivated than it is focused on, and motivated by, the need for
substantive change101. Second, since the IC is a tool of the policy makers, who ultimately oversee these
organizations, this often means that the people making decisions for the IC have little to no real
understanding of the Intelligence process102. As Chapter 3 demonstrated, there were multiple reforms
over the past 20 years that have helped mold the CI Community into an organization that could fight the
insider threat. These changes however, were not the result of planned reform, they were reactionary
movements to larger community failures that allowed insiders like Ames, Hanssen, and Hassan to exist.
Politicians do not like huge failures for political reasons, so large high-profile events act as motivation for
change, and to show their constituents that they are making things better103
75
DOD CP
76
1NC
CP Text: The Department of Defense should enact new
efficiency standards and guidelines for their insider threat
program.
Reform through the GAO standards solves efficiency and
insider threats
Pomerleau 15
(Mark, DOD coming up short on insider threat safeguards, GAO says, Jun 04,
2015, http://defensesystems.com/Articles/2015/06/04/DOD-insider-threatgaps-GAO.aspx?Page=1, JZG)
While certain components of DODs insider-threat implementation
program have been incorporated, other major standards have been
neglected, according to a Government Accountability Office report. Specifically, the
department has not analyzed gaps or incorporated risk assessments
into the program. Going back to 2000, DOD issued an integrated process team report to guard
against insider threats to information systems. This issue came to a head in 2010 following massive
disclosures of classified information by then-Army soldier Bradley (now Chelsea) Manning. (The report
refers to leaks by Manning and Edward Snowden, though not by name.) Congress in 2011 called for DOD to
establish an insider threat program while the White House issued an executive order establishing an
interagency task force, known as the National Insider Threat Task Force. A 2012 presidential memorandum
directed agencies to create insider threat programs by May 2013 and identified six minimum standards for
the programs: (1) designation of senior official(s); (2) information integration, analysis, and response; (3)
insider-threat program personnel; (4) access to information; (5) monitoring user activity on networks; and
(6) employee training and awareness. GAO stated that DOD and the six selected DOD components it
reviewed have begun incorporating the minimum standards, they have not done so consistently. GAOs
report, which was originally issued in a classified setting in April, notes that around that same time, DOD
made a particular point to highlight the need to mitigate insider threats in its newly updated Cyber
Strategy, which said DOD was pursuing security against insider threats through continuous network
monitoring, improved cybersecurity training for the workforce, and improved methods for identifying,
reporting, and tracking suspicious behavior. The report continued: Mitigating
the insider
threat requires good leadership and accountability throughout the
workforce. Beyond implementing policies and protocols, leaders will
strive to create a culture of awareness to anticipate, detect, and
respond to insider threats before they have an impact. Although DOD is
required to complete a continuing analysis of gaps in security measures, DOD officials reported in 2014
that this survey had been suspended due to financial and personnel limitations. This survey would have
allowed DOD to define existing insider-threat program capabilities; identify gaps in security measures; and
advocate for the technology, policies, and processes necessary to increase capabilities in the future, GAO
wrote. Without that information, the department will not know whether their capabilities for insider-threat
GAO starkly
pointed out that it found DOD had not incorporated risk assessment
s into insider threat programs. Risk assessments, GAO pointed out,
provide a basis for establishing appropriate policies and selecting
cost-effective techniques to implement these policies. Risk
assessments generally include the tasks of identifying threats and
vulnerabilities, and determining consequences. Despite the fact that some
detection and analysis are adequate and fully address the statutory requirements.
DOD officials said insider threats are included in other risk assessments, these assessments are technical
in nature and focus on the vulnerabilities of individual systems and do not provide insider-threat program
officials with complete information to make informed risk and resource decisions about how to align
cybersecurity protections. Further compounding this issue, GAO continued, is that officials in the Office of
77
the Undersecretary of Defense for Intelligence do not view the results of the National Security Agency
assessments or Command Cyber Readiness Inspection reports, meaning a senior-level official does not
know which specific types of risk the department is incurring. Aside from the two major flaws mentioned
identify actions, such as the key elements, beyond the minimum standards that they should take to
enhance their insider-threat programs, according to the report. The
78
2NC
The insider threat program has a ton of data now new
guidelines and effectiveness measures are critical to
success
Tucker 7-19
(Patrick -Patrick Tucker is technology editor for Defense One. Hes also the
author of The Naked Future: What Happens in a World That Anticipates Your
Every Move? (Current, 2014). Previously, Tucker was deputy editor for The
Futurist for nine years. Tucker has written about emerging technology in
Slate, The Sun, MIT Technology Review, Wilson Quarterly, The American
Legion Magazine, BBC News Magazine, Utne Reader, and elsewhere, To
Prevent Insider Threats, DOD Must First Define Normal, JULY 19, 2015,
http://www.defenseone.com/threats/2015/07/insider-threat-preventioncomplicated-automated/118099/, JZG)
Imagine your job is to anticipate when that sort of thing might occur
by using digital data produced by and about soldiers like Hasan. The
task before you is enormous. There were around 65,000 people
personnel stationed at Fort Hood at the time of Hasans rampage. If you were to scan
every piece of electronic communication between those soldiers, and their contacts, for hints of future
according to a paper published after the incident by the Defense Advanced Research Projects Agency, or
the Task Force have since taken various steps to predict and prevent insider attacks. But the ultimate goal
a continuous and automated understanding of every potential threat posed by everyone with any
Analysis Center, or DITMAC, slated to reach initial capability this fall, is meant to be able to analyze and
fuse insider threat data that it gets from different components. Full operational capability will come in 2018
or 2019. Insider threat detection, as specified by DOD requirements, will also become standard for any
defense contractor with top-secret clearance, according to forthcoming changes in the National Industrial
or access for changes that Department believes could make them insider threats, like credit problems,
family issues, arrests, etc. But DoD would like to be able to subject all personnel to that sort of
examination. A recent quarterly report of the Insider Threat program suggested that 225,000 personnel
would be subject to continuous evaluation by one of the CE pilot programs by the end of 2015, and 1
The DoD CE
program will automatically and continuously check records using
data from the government, commercial sources to insure to look for
warning signs. As it matures, the CE capability will continuously ingest and
million by 2017. But, as recent GAO reports make clear, progress has been uneven.
79
working through
a number of different efforts right now, behavioral analytics, to
actually try and figure out [for] all of these different known insider
threats that weve seen, what the characteristics have been of those
individuals, what are the behaviors that theyve exhibited, said Nehmer.
Where were they in their work life? Where were they in their social life? Were doing as deep a dive as we
can get on individuals that have actually exhibited insider threat behavior, Nehmer said at a recent
Defense One event. That seems straightforward enough but it presents a technical challenge as big as
big data. Consider Hasan, on whom the Army had an abundance of data. They knew that he had become
withdrawn after receiving abuse from other soldiers and that he wanted out of the military. In the summer
of 2009, they knew that Hasan had begun to buy non-issue guns. The military looks for those behaviors
among many others, as indicators of potential insider attacks. This 2011 guide to characterizing so-called
indicators of potential insider attackers lists a few of them. Socially withdraws on some occasions,
strange habits, and lacks positive identity with unit or country are Category I indicators that could
apply to every American teenager. The Category III indicators include takes unusual travel, Exhibits
sudden interest in partner nation headquarters or individual living quarters, and Stores or collects
ammunition or other items that could be used to injure or kill multiple personnel. But these clues can
There is no normal across a command Weve been doing some machine learning in the department and
theyve been looking at what normal behavior looks like by a single position. You go to a particular
component, you go to a sub unit in that component, and then you look at a position. We know what that
should look like. Thats where weve done the homework. For instance, say you have someone who is an
administrative assistant. And this assistant is spending a lot of time looking at foreign military websites.
And theyre downloading things off the Internet and sending emails to a foreign email address. So
someone looks into that and finds that the person is actually putting together travel for one of the flags
[flag officers], in that particular country. Nehmer says that that sort of behavior should be automatically
flagged by a user activity monitoring, or UAM, system, prompting a closer inspection by a human analyst
within the insiders component. It shouldnt necessarily trigger high institutional concern. Developing
software to automatically flag and possibly mitigate concerns as they come up will involve training
As
continuous evaluation rolls out, a higher level of surveillance is
going to become the norm across the Defense Department . Patricia
Larsen, co-director of the National Insider Threat Task Force, said that while continuous
evaluation might feel intrusive for DOD employees, it doesnt
actually represent a fundamental change from types of screening
and vetting procedures that the Department undertakes now.
Analysts looking for insider threats today can use a tool called the
Automated Continuous Evaluation System, or ACES, to run queries
about an individual across different databases. Its Google for instant background
programs on massive amounts of anonymized data related to emails, texts, and messages.
checks, not truly automatic. ACES has been running for 20 years, Larsen said. So we have been looking
at you as a person. But its been a slow, methodical and sometimes painstaking way of doing it. What
were saying is that theres a lot of information about you thats already out there. We want to put it
80
together in one place so we can short-circuit the information gathering point and get to the analysis of you
faster and be able to look at you more proactively. Carrie Wibben, director security policy and oversight
division for the Office of the Under Secretary of Defense (Intelligence) likened the new level of scrutiny to a
routine lie-detector test. I dont like that, she said, but I feel better knowing that everyone alongside me
had to go through the same polygraphic examinations that I had. Of course, continuous evaluation will be
a great deal more intrusive than a one-time polygraph session. It will, among other things, collect every
DOD workers public posts on social media along with all other communication that the Department can
legally collect. Such data could be used, as far as possible, to monitor not just credit and life changes but
each individuals current emotional state. A machine could monitor that and get a contextual feel for a
persons mood. I think thats in the future. But we have to sift through the volumes that were talking
about and you have to get a baseline for people, said Nehmer. Deriving a sense of mood or sentiment
from textual clues, perhaps in real time, is a fast-growing area of machine learning research. Consider this
paper by Chris Poulin in which he and his fellow researchers tried to use subtle language clues harvested
from social media to predict which veterans might attempt suicide. They found indicators that allowed
them to predict with better than than 65% accuracy. Then theres another worry: the data thats left off the
table. Asked how her office was looking into deep web or dark web content for insider threat indicators,
Wibben answered, Were not looking to that at all. We have to stay within the bounds of the [Standard
Form 86] consent form, so things that individuals put out there publicly, thats what were looking at right
now. If you protect it behind a password, were not looking at it at least not on the background
investigation, continuous evaluation side. All the data that DOD can obtain, legally but at no small
inconvenience to those who soldiers who create it, may still not be enough to prevent future insider
attacks from taking place.
81
82
Coast Guard CP
83
1NC
CP Text: The Coast Guard should implement reforms to its
insider threat program.
Coast Guard insider threat prevention needs to be
reformed to solve
McDermott 15
(Ryan -Editor in the Government Publishing Group at FierceMarkets, G: Coast
Guard taking steps to reduce insider threats, but more needs to be done,
April 9, 2015, http://www.fiercehomelandsecurity.com/story/ig-coast-guardtaking-steps-reduce-insider-threats-more-needs-be-done/2015-04-09, JZG)
Although the Coast Guard has taken steps to reduce insider threats,
there's still more to do, including training Coast Guard employees
about insider threat awareness, says a March 27 Homeland Security Department
inspector general report. The IG reviewed the efforts of the Coast Guard's progress toward protecting its
information technology assets from threats posed by its employees, especially those with trusted or
elevated access to sensitive but unclassified information systems or data.
generally been doing a good job, the report (pdf) says. The service established an Insider
Threat Working Group designed to implement a program focused on the insider risk and has established
the Cyber Security Operations Center to monitor and respond to potential insider threat risks. They also
implemented a process to verify that system administrators have the appropriate level of access to
Coast Guard
still needs to implement software to protect against the
unauthorized removal of sensitive information through the use of
removable media devices, such as flash drives, and email accounts.
Coast Guard also should implement stronger physical security
controls to protect Coast Guard's information technology assets
from possible loss, theft, destruction or malicious actions, the IG says.
Employees at the Coast Guard all need better threat security
awareness training, says the report. Coast Guard agreed with all of the IG's recommendations.
information technology systems and networks to perform their assigned duties. But
84
2NC
Coast guard reform is needed prevents terrorism and
allows for an effective coast guard
Kimery 15
(Anthony, Insider Threats Continue To Pose Risks To USCG, IG Audit
Found 04/07/2015, http://www.hstoday.us/briefings/daily-newsanalysis/single-article/insider-threats-continue-to-pose-risks-to-uscg-ig-auditfound/b03b06fe2027f79bc68b50d296f5864e.html, JZG)
The Department of Homeland Security (DHS) Inspector General (IG) concluded in
a 29-page audit report that while the US Coast Guard (USCG) has taken steps
to address the risk of insider threats to its information systems and
data, is still needs to take additional steps to further address the
risks posed by so-called trusted insiders inside the Coast Guard. An internal
breach by a trusted employee could impact [the Coast Guards]
ability to protect the nations maritime interests and environment,
the IG disclosed. Specifically, the IG said the Coast Guard needs to implement
software to protect against the unauthorized removal of sensitive
information through the use of removable media devices and email
accounts; implementing stronger physical security controls to
protect USCGs information technology assets from possible loss,
theft, destruction or malicious actions; and providing insider threat
security awareness training for all Coast Guard employees. According to
the IGs audit report, the Coast Guard has taken some steps to address the risk of insider
threats to its information systems and data, such as establishing an Insider Threat Working
Group thats designed to implement a holistic program focused on the insider risk. In
addition, the IG stated, USCG implemented a process to verify that system administrators
have the appropriate level of access to information technology systems and networks to
perform their assigned duties. Further, USCG established the Cyber Security Operations Center
to monitor and respond to potential insider threat risks or incidents against USCG information
stated. In its audit of Coast Guard efforts to address the risk posed by trusted insiders, the IG
determined the USCG has taken some steps to address the risk of insider threats, but that it
also discovered additional steps [that] are needed to further reduce the risk of insider
threats to information technology assets. The IG said its testing revealed potential
vulnerabilities in technical and physical security controls that could allow for: The
unauthorized data removal from USCG information systems; and The loss, theft or destruction
of information technology assets. In addition, the IG stated, insider threat security
awareness training is needed for USCG employees. The IGs audit report stated, Trusted
86
ADAMS CP
87
1NC - Solvency
The Defense Advanced Research Projects Agency should
substantially increase its funding for the Anomaly
Detection at Multiple Scales program.
ADAMS is still in its infancybut success makes the ITP
more effectivedestroys false positives
Keating 13 Joshua E. Keating is an associate editor at Foreign Policy. JUNE
13, 2013, Type S for Suspicious, http://foreignpolicy.com/2013/06/13/types-for-suspicious/
Government-funded trolls. Decoy documents. Software that identifies you by how you type. Those are just
a few of the methods the Pentagon has pursued in order to find the next Edward Snowden before he leaks.
network of military, government, and private agencies, rooting out the next Snowden or Bradley Manning
is a daunting task. But even before last weeks National Security Agency (NSA) revelations, the
government was funding research to see whether there are telltale signs in the mountains of data that can
help detect internal threats in advance. In the months following the WikiLeaks revelations, the Defense
Advanced Research Projects Agency (DARPA) the U.S. militarys far-out tech arm put out a number of
requests for research on methods to detect suspicious behavior in large datasets as a way to root out
rogue actors like Manning (or in more extreme cases, ones like Fort Hood shooter Nidal Malik Hasan.) The
most ambitious of these is known as Anomaly Detection at Multiple Scales (ADAMS), a program that as an
October 2010 research request put it, is meant "to create, adapt and apply technology to the problem of
much training a computer to detect aberrant behavior theres plenty of that going around on any large
network its training a computer what to ignore. "I like to use the example of learning
to recognize the difference between reindeer and elk," wrote Oregon State University computer scientist
Tom Dietterich, who worked on developing anomaly detection methods for ADAMS, in an email to Foreign
Policy. "If all I need to do is tell these species apart, I can focus on the size [of] their antlers and whether
the antlers have velvety fur, and I dont need to consider color. But if I only focus on these features, I wont
notice that Rudolph the Red-Nosed Reindeer is anomalous, because Im ignoring color (and noses, for that
three years, DARPA has shelled out millions of dollars on efforts to learn how to root out Rudolphs from the
rest of the reindeer and find out exactly what these red noses look like. This includes a $9 million award to
Georgia Tech to coordinate research on developing anomaly detection algorithms. You can peruse much of
the research funded through ADAMS online. For instance, a proposal by the New York-based firm Allure
Security Technology, founded by a Columbia University computer science professor, calls for seeding
government systems with "honeypot servers" and decoy documents meant to entice potential leakers to
subversives. The files would alert administrators when accessed and allow the system to develop models
for suspicious behavior. The company cheekily refers to this technique as "fog computing." Another
ADAMS-funded paper by Carnegie Mellon University computer scientist Kevin Killourhy looks at systems to
"distinguish people based on their typing." For instance, Killourhy explains, when three typists are asked to
type the password ".tie5Roanl," the three users can be easily identified by how long they hold down the "t"
key. The paper suggests such
detection," though unfortunately even the best systems can have an error rate of up to 63 percent,
and detection can apparently be thrown off if the person just isnt a very good typist. (Note to prospective
88
whistle-blowers: Try two-finger typing.) Under the fairly obtuse title "Non-Negative Residual Matrix
Factorization with Application to Graph Anomaly Detection," two DARPA-supported IBM researchers
attempted to identify the kind of behaviors that might indicate suspicious behavior in a large network.
These included "a connection between two nodes which belong to two remotely connected communities,"
such as an author publishing a paper on a topic not normally associated with his or her research; "portscanning like behavior," which is when a particular IP address is receiving information from an unusually
high number of other addresses; and "collusion," such as a "group of users who always give good ratings
to another group of users in order to artificially boost the reputation of the target group." The thinking has
gone somewhat beyond the theoretical level. At a conference in May, researchers from defense firm SAIC
presented results from the PRODIGAL (Proactive Discovery of Insider Threats Using Graph Analysis and
Learning) research team part of the overall ADAMS initiative which tested a series of anomaly
detection methods on an organization of approximately 5,500 users over the course of two months. "Red
teams" were inserted into the data simulating characters such as a "saboteur," an intellectual property
thief, and a "rager" someone prone to "strong, vociferous, abusive, and threatening language in
Such
systems are clearly not yet up to the task of identifying a leaker
before he or she strikes, and Dietterich, the Oregon State computer scientist, was cautious
email/Webmail/instant messages." The detection methods varied widely in effectiveness.
when asked whether they ever would be. "Anything I would say here would just be speculation, and
artificial intelligence researchers have learned the painful lesson that we are very bad at predicting when,
if, or how the methods we develop will be useful," he stated.
trial stage, but "insider threat" detection was clearly a major priority for the U.S. government even
before last week. In October 2011, for instance, President Barack Obama signed an executive order calling
for the creation of an interagency Insider Threat Task Force charged with the "safeguarding of classified
information from exploitation, compromise, or other unauthorized disclosure."
89
thats just the beginning. The budget for the Military Intelligence Program was released this week, adding
another $19.2 billion down from a record $27 billion in 2010. That also doesnt include the budget for
the National Intelligence Program, which oversees spy agencies like the CIA. Their budget hasnt been
released yet but prior budgets have shown it to hover in the $50 billion range. So we could be talking
90
2NC - Solvency
ADAMS key to effective data analysis
Hemsoth 12 Nicole Hemsoth, Co-Editor at The Platform, August 15, 2012,
How DARPA Does Big Data,
http://www.datanami.com/2012/08/15/how_darpa_does_big_data/
DARPA, like other government agencies worldwide, is struggling to keep up with its
lava flow of hot military intellignce data. Research and public sector organizations
have become experts at finding new ways to create data, so the challenge has been keeping up with it
effectively running fast enough to stay just ahead of the heat with the hopes of being able to understand
its source before the stream hardens and becomes static, useless. As many are already aware, these
challenges were at the heart of the U.S. governments recent big data drive, where funding was doled out
to address barriers to making use of the flood of intelligence, research and military data. This week we
wanted to take a step back and look at how a defense-oriented intelligence and research organization is
trying to capture, handle and make the best use of its data flows by highlighting select projects. Without
further delay, lets begin with the first big intel data project NEXT Who Needs Precogs When You Have
ADAMS? >> Who Needs Precogs When You Have ADAMS? Its a sad but relatively commonplace surprise
when a solider or government agent whom others might have thought to be in good mental health
suddenly begins making bad decisionseither to the detriment of national security or those around him.
When this happens, the first reaction is often one of awe, how could something like this happenhow
couldnt someone know that there was a problem before it got to such a point? In other words, in the case
of a government that has some of the most sophisticated intelligence-gathering and analysis capabilities,
how could anything slip through the cracks? DARPA is seeking to snag this problem by understanding
operative and soldier patterns via network activity and large volumes of data with a $35 million project
that has been underway since late 2010. According to DARPA, the Anomaly Detection at Multiple Scales
(ADAMS) program
ADAMS system
will be capable of pulling these terabytes of data together and using
novel algorithms to quickly analyze the information to discover
anomalies. We need to bring together high-performance computing, algorithms and systems on an
activities, such as computer logins, emails, instant messages and file transfers. The
unprecedented scale because were collecting a massive amount of information in real time for a long
period of time, explained Bader. We
91
and a professor at the Georgia Tech School of Computational Science and Engineering and the Georgia
Tech Research Institute. The project is led by Science Applications International Corporation (SAIC) and
includes researchers from Oregon State University, the University of Massachusetts, and Carnegie Mellon
University. The project also seeks to determine how trusted insiders become radicalized; but doing so
Researchers want the system to boil down the number of anomalies to a short list for an analyst to
The
team is taking a different approach from traditional methods that
use pattern matching and profiling by working on algorithms to identify suspicious user
activities through change detection. Because an anomaly is an unexplained event
in the context of a person's work routine, the algorithms being
developed for ADAMS will allow analysts to understand a users
behavior. Unlike pattern matching , which has many false positives , were
using a different approach to understand humans within an
organization, he said.
investigate. Today an analyst is overwhelmed with thousands of anomalies per day, said Bader.
92
93
Disadvantages
94
Terrorism
95
1NC Terrorism
Leaks risk terrorism
Clapper 15 - Director of National Intelligence [James R. Clapper,
Worldwide Threat Assessment of the US Intelligence Community, Senate
Armed Services Committee, February 26, 2015
COUNTERINTELLIGENCE
We assess that the leading state intelligence threats to US interests
in 2015 will continue to be Russia and China, based on their capabilities,
intent, and broad operational scopes. Other states in South Asia, the
Near East, and East Asia will pose increasingly sophisticated local
and regional intelligence threats to US interests. For example, Irans
intelligence and security services continue to view the United States as a
primary threat and have stated publicly that they monitor and counter US
activities in the region.
Penetrating the US national decisionmaking apparatus and
Intelligence Community will remain primary objectives for foreign
intelligence entities. Additionally, the targeting of national security
information and proprietary information from US companies and research
institutions dealing with defense, energy, finance, dual-use technology, and
other areas will be a persistent threat to US interests.
Non-state entities, including transnational organized criminals and
terrorists , will continue to employ human, technical, and cyber
intelligence capabilities that present a significant counterintelligence
challenge. Like state intelligence services, these non-state entities
recruit sources and perform physical and technical surveillance to
facilitate their illegal activities and avoid detection and capture.
The internationalization of critical US supply chains and service infrastructure,
including for the ICT, civil infrastructure, and national security sectors,
increases the potential for subversion. This threat includes individuals, small
groups of hacktivists, commercial firms, and state intelligence services.
Trusted insiders who disclose sensitive US Government information
without authorization will remain a significant threat in 2015. The
technical sophistication and availability of information technology that
can be used for nefarious purposes exacerbates this threat. Pg. 2
96
Politics
97
98
The bill
would empower the director of national intelligence to make
improvements to the government's process for investigating people
with security clearances, such as Snowden. Intelligence officials say the Snowden leaks have
controversial details about the scope of the government's secret surveillance programs.
damaged the ability of the U.S. to spy on terrorists and thwart attacks. The bill would create new
protections for "legitimate" whistle-blowers to bring their concerns to Congress or agency leaders, the
committee said. The measure would also make the NSA director and inspector general subject to Senate
confirmation. "We recognize that budget reductions and sequestration are impacting our intelligence
agencies, and Congress has a responsibility to ensure the [director of national intelligence] and other
intelligence leaders have the resources and flexibility they need to protect the nation, committee
Chairwoman Dianne Feinstein (D-Calif.) said in a statement. The exact level of funding for the surveillance
programs is classified. According to documents leaked by Snowden to The Washington Post, the "black
budget" for intelligence operations in 2013 was $52.6 billion, including $10.8 billion for the NSA alone. The
funding reauthorization bill now heads to the Senate floor. The House Intelligence Committee has yet to
move companion legislation.
the Senate (S. 1681) and House (H.R. 3381) Intelligence Committees
each released their own version of the "Intelligence Authorization
Act for Fiscal Year 2014." This was an opportunity for Congressional leadership to address one of the
November,
defining issues of our time and either take a stand for increased transparency or continue down an
Orwellian path of pervasive secrecy. A review of each chamber's proposed legislation demonstrates that
Tom Devine, Legal Director of the Government Accountability Project, "the 'insider threat' program is a
cover for a witch hunt of whistleblowers."
99
expose fraud and abuse within the government, but unfortunately that has
not been my experience.
I recently won a major Freedom of Information Act case against the Pentagon.
Federal District Court Judge William Alsup described me as being in a David
and Goliath battle with big government. In talking about the Pentagons
efforts to withhold information Judge Alsup stated, and here is the United
States covering it up. In a subsequent hearing he accused the Pentagon of
trying to suppress the evidence. Is the United States Department of Justice
helping me to uncover abuse and mismanagement at the Pentagon? No, the
Department of Justice is representing the Pentagon and essentially helping
them withhold evidence of possible fraud and abuse in the Pentagons
Comprehensive Subcontracting Plan Test Program (CSPTP).
It seems like Im doing the job the Justice Department and the SBA Office of
Inspector General should be doing. Shouldnt they be doing all the work I
have done to expose fraud and abuse in federal small business contracting
and subcontracting programs?
Looking at the way whistleblowers have been treated recently Im
concerned that Im more likely to get a retaliatory IRS audit and/or
prosecution by the Department of Justice than any kind of protection
or assistance from the federal government.
Even immigrant rights advocates, who were on the receiving end of the White
House denials for years, were surprised by his abrupt and enthusiastic move
toward executive action in June after House Speaker John Boehner (R-Ohio)
ruled out a legislative overhaul of immigration this year. Activists had gotten
so fed up in recent months that some tagged the president as the deporterin-chief and demanded that he shift immediately from a legislative strategy
to an administrative one.
The way they talked about it was, Theres nothing we can do, only
Congress can solve it, we dont have the authority, said Lorella Praeli,
director of advocacy and policy for United We Dream. That is very different
from what they are saying today. It is completely different.
The shift could be used by critics as an example of Obama saying
one thing and doing something else, another evolution, in White
House parlance, on a hot-button social issue. Some Republicans see
it as fertile ground for advancing their midterm election strategy,
which focuses on raising questions about the presidents credibility
and competence.
It brings into question, when he commits to other things, whether
he will keep that commitment, said Sen. John McCain (R-Ariz.), who
worked closely with Obama on passing a Senate immigration overhaul bill last
year. Things in this town, to a large degree, are done on peoples
commitments.
that downplays the fact that the White House is running against
public opinion on the issue and spending the little political capital
Obama has left in doing so. There's hardly a guarantee that
Hispanics would respond to the executive order by turning out for
Hillary Clinton, and it could spark a backlash from blue-collar voters
migrating away from the party. Over one-quarter of Democrats
oppose unilateral action on immigration, a significant enough
minority to cause the party future problems. In the meantime, it risks
foreclosing other opportunities for working with the GOP Congress on trade,
tax reform, or even a scaled-back version of immigration reform in the future.
Again, Obama is playing to the base over reaching out to the middle.
When President Obama issued an executive order granting civilian
federal employees a 1% pay raise last December, the White House
did not tell Congress how much those raises would cost.
Instead, White House Office of Management and Budget Director Shaun
Donovan said in a report that the order "is not anticipated to increase
discretionary obligations and outlays overall."
To Rep. Ander Crenshaw, R-Fla., that statement is "ludicrous."
As Congress and the White House battle over whether Obama has
the executive authority to halt deportation, delay implementation of
the Affordable Care Act or negotiate a nuclear deal with Iran,
another skirmish has opened up over the question of how much
Obama's executive orders cost.
The answer: No one knows.
Crenshaw, the chairman of a House appropriations subcommittee that
controls the White House budget, is trying to fix that. He inserted a provision
into the spending bill passed by Congress last year, requiring OMB to issue a
statement on the budgetary impact of each executive order.
But 10 executive orders later, Congress has no more insight into
their cost. OMB has declared six to have a "de minimus," or trivial,
effect on costs or revenues, and four are expected to increase
spending by an unknown amount.
For example, an executive order signed Thursday, requiring agencies
to cut their greenhouse gas emissions by 40%, contains the same
boilerplate language as the pay raise. "This executive order is not
anticipated to increase discretionary obligations and outlays
overall." But it also suggests long-term cost savings through
decreased energy and water use.
107
Insider Threat DA
108
UQ/Links
The NITTF is vital for national security but still preserves
an environment of productivity and trust
NCSC, 14, (National Insider Threat Task Force Mission Fact Sheet, NCSC,
Aug 15, 2014,
http://www.ncsc.gov/nittf/docs/National_Insider_Threat_Task_Force_Fact_Sheet
.pdf)//erg
Why was the NITTF established? The National Insider Threat Task Force was established after the WikiLeaks
Its mission is
to deter, detect and mitigate actions by employees who may
represent a threat to national security by developing a national
insider threat program with supporting policy, standards, guidance
and training. Who runs the task force, and which agencies are involved? Under Executive Order
release of thousands of classified documents through the global media and internet.
(E.O.) 13587, the National Insider Threat Task Force (NITTF) is cochairedbytheU.S.AttorneyGeneralandtheDirectorofNationalIntelligence(DNI). They,in turn, designated the
employees and contractors from a variety of federal departments and agencies (D/A), and its work impacts
Sharing and Safeguarding Steering Committee, which was also established under E.O. 13587. The Steering
Committee comprises representatives from largely Intelligence Community agencies with extensive access
to classified networks and materials, including the Departments of State, Energy, Justice, Defense, and
Homeland Security, CIA, FBI, ODNI, ONCIX, NSA, DIA, the Program Manager--Information Sharing
Environment, Office of Management and Budget, the National Security Council Staff, and the Information
Security Oversight Office. What is an insider threat? It is a threat posed to U.S. national security by
someone who misuses or betrays, wittingly or unwittingly, his or her authorized access to any U.S.
programs within individual D/As. Through its interface with individual D/As, the NITTF identifies and
circulates best practices for detecting, deterring and mitigating emerging threats, and continues to assist
Detection of potentially
malicious behavior involves authorized insider threat personnel
gathering information from many sources and analyzing that
information for clues or behavior of concern. A single indicator may
109
D/As in troubleshooting issues. How do you detect an insider threat?
identity of individuals by comparing Common Access Cards with information in internal and external
how theyve written, where were they in social media, where were they in their work life, where were they
in their personal life that we know of that we can find as deep a dive as we can get on the individuals
that we know have actually committed insider threat behaviors. But despite the push of what Nehmer
called this human science, he said hes not sure when DOD will be able to establish verifiable metrics for
identifying insider threats. The other component to the behavioral issue is tying it to authorizing users
within the network. Authentication goes back to identity. It says youre credentialed to get in. But what if
you steal the credentials? Well now youre authorized, you have the authority to be there but you still
shouldnt, Christine Heckart, CMO of Brocade, a data storage and networking solutions firm, said in an
interview in June. So, weve got to look beyond identity, beyond the normal sources of authentication to
behavior. The network can understand and take a benchmark on all kinds of behavioral based analytics.
What is the norm? And the minute you start deviating from that norm, you can say alright, there might be
many security experts and Federal CIO Tony Scott have called for, especially after recent high-profile
security breaches. Going forward, one challenge regarding analyzing online behavior, however, is context.
Computers and humans have not figured out a way to determine context of social media postings to
determine the tone, be it serious or sarcastic, though, this is only one component of a multi-pronged risk
assessment.
Its important to
prioritize the critical assets requiring extra protectionfor example,
111
espionage, sabotage, data theft, or workplace violence. A risk assessment.
reporting incidents, and bring your own device. The program should also include customized security
training based on employees physical and network access levels, privilege rights, and job responsibilities.
Audits and verification.
112
can also shed light on processes and policies that the organization should either strengthen or implement;
these processes can often enhance efficiency and productivity.
steps your agency needs to take today, we need to take a step back to review the evolving story of
national insider threat policy. Memorandum For National Insider Threat Policy In November 2012, President
Obama issued a MEMORANDUM FOR ALL AGENCIES UNDER HIS JURISDICTION entitled, The National
Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs. The policy
requires all executive departments and agencies that access classified information to establish insider
threat compliance and report the results to the National Insider Threat Task Force, which oversees the
policy implementation. Memorandum Failure Points As with most far-reaching national policies, many of the
memorandums requirements arent specific in expressing what insider threat compliance involves.
fifty of these questions in the assessment, including: Do we have an implemented insider threat program?
Do we have an insider threat policy? Do we monitor user activities for insider threat indicators? Do we
conduct briefings for travel to countries with high-risk security threats and vulnerabilities? KISSI
assessments are useful for a high-level view of an agencys insider threat compliance, but they dont
measure the effectiveness of the program. Instead, metrics should CALCULATE THE VALUE OF DIFFERENT
EFFORTS IN PREVENTING INSIDER THREATS and should require nuanced discussion in their answers. For
example, after noting that your agency employs network monitoring tools, you should also ask: What kinds
of network monitoring tools are employed? How much do they cost? What aspects of user behavior do they
monitor? How effectively do they detect anomalous or suspicious behavior? With the Snowden affair and
Navy Yard shooting occurring after the November 2012 memorandum was issued, the failure points of the
policy became clearer. As a result, federal policy focused more intently on the effectiveness of insider
Defense, Director of National Intelligence and the Director of the Office of Management and Budget
The
President and Congress also demanded that these updated processes be evaluated with specific metrics.
include the Department of Defense and a handful of connected groups, every agency should plan for the
NDAs jurisdiction to widen if its initial requirements are successful. Even if your agency doesnt fall under
the initial jurisdiction of the new law, start preparing today for more accountable insider threat detection
metrics. And since NDA requirements dont come with an explicit budget increase, plan to COMPLETE YOUR
UPGRADES WITH LITTLE OR NO BUDGET BOOST.
In accordance with
sections 113 and 131 through 137 of Title 10, United States
12333, 13526, and 13587 (References (c), (d), and (e)); section 922 of Public Law 112- 81 (Reference
(f)); National Security Directive 42 (Reference (g)), and Committee on National Security Systems Directive
Incorporates and cancels Deputy Secretary of Defense Memorandum (Reference (j)). 2. APPLICABILITY. This
directive: a. Applies to: (1) OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of
Staff and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the Department
of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within DoD
(referred to collectively in this directive as the DoD Components). (2) Contractors and other non-DoD
114
entities that have authorized access to DoD resources as required by their contract or agreement. (3)
Individuals who volunteer and donate their services to the DoD Components, including non-appropriated
fund instrumentalities, pursuant to DoD Instruction (DoDI) 1100.21 (Reference (k)). b. Will not alter or
supersede: (1) The existing authorities and policies of the Director of National Intelligence regarding the
protection of sensitive compartmented information and special access programs for intelligence as
directed by Reference (c) and other laws and regulations. (2) Existing statutes, E.O.s, and DoD policy
issuances governing access to or dissemination of LE, LE sensitive, or classified LE information. (3) Existing
suspicious activity reporting and dissemination requirements as outlined in DoDI 2000.26 (Reference (l)). 3.
POLICY. It is DoD policy that: a.
DoD
efforts to counter insider threats must comply with all applicable
laws and DoD policy issuances, including those regarding
whistleblower, civil liberties, and privacy protections . (1) Personally
The collection, use, maintenance, and dissemination of information critical to the success of
identifiable information (PII) for U.S. persons must be handled in accordance with section 552a of Title 5,
U.S.C. (also known as The Privacy Act of 1974 (Reference (m))), DoD Directive (DoDD) 5400.11
(Reference (n)), and DoD 5400.11-R (Reference (o)). (2) Defense Intelligence Components will handle U.S.
persons PII in accordance with DoD 5240.1-R (Reference (p)). (3) Activities related to the insider threat
program, including information sharing and collection, will comply with DoDI 1000.29 (Reference (q)). (4)
115
compliance reports, referred to in paragraphs 1e, 5d, 5e, 6e, 6f, 8g, 11f and 11h of Enclosure 2 of this
directive, have been assigned report control symbol DD- CIO(A,Q)2561 in accordance with the procedures
in Volume 1 of DoD Manual 8910.01 (Reference (y)).
Are the board always considered when an organization attempts to manage these risks? From our own research involving
500 IT decision makers, the insider threat is not a top security priority, even for IT professionals. This however could be
changing. The belief is that the Target Breach could well be a turning point . The breach
resulted in the first CEO to lose their job because of an insider security breach and possibly five other directors to follow.
This is significant. Every board should now be thinking this is not going to happen to me. we need to address this problem.
The latest news however suggests that the retailers chief executive and board may not get a complete picture on the
companys security, if the CISO does not report directly to them. Proactive Steps to Mitigate the Risk
Todays
government. To help the CERT Insider Threat Centre has been serving as a trusted broker to assist the community in the
short term and through ongoing research since 2001. The foundation of their work is a database of more than 1000 insider
threat cases, government records and information from criminals themselves, which helps characterize the nature of the
insider threat problem and offers dynamic indicators of insider threat risk. They also identify and experiment with
the UK, The CPNI (Centre for the Protection of National Infrastructure) and PA Consulting published new guidance (HoMER)
to help organizations reduce employee risk. HoMER (Holistic Management of Employee Risk) offers a range of practical
This report
combines a review of the insider threat literature with the findings
of a Delphi study to arrive at a new approach to defeating the kind
of trust betrayer intent on carrying out an attack that is fatal to the
organization. While the Delphi research itself began with substantially the same views and counsel
controls, more invasive monitoring through procedural or technological innovations.
as prevailing wisdom represented in the literature, it ended altogether somewhere else. Certain pivot
points in the research revealed that a reasonably prepared infiltrator poses a greater threat than a
disgruntled career employeeat least if the focus is on adversaries bent on bringing an institution to its
knees, rather than on exacting revenge against bosses or carrying out nuisance-level attacks against the
consigned to the sidelines and sometimes referred to as the weakest link in insider defense. Instead,
on the front lines of detection and intervention, where critical operations take place.
117
employees who gave their login details to Snowden were identified, questioned and removed from their
assignments, said a source close to several U.S. government investigations into the damage caused by the
revelation is the latest to indicate that inadequate security measures at the NSA played a significant role in
the worst breach of classified data in the super-secret eavesdropping agency's 61-year history. It's not
clear whether "removed from their assignments" means fired or not, but, if true, his damaging the careers
of coworkers will add another dimension to the debate about whether Snowden is a whistleblower or a
worked at NSA, one of my coworkers pointed out two documents that both describe a fellow employee who
was 1) always interested in what their coworkers are doing, 2) volunteers for extra assignments, 3) always
works late, and 4) never takes a vacation. One of the documents was from human resources on how to get
promoted. The other was from the security department describing how to tell if your coworker is a spy.
NSA employees
failed to determine which side of the spectrum Snowden fell on , while
employees at his past employer, the CIA, accurately determined his
predisposition to expose classified information. Snowden demonstrates that
MORE ON CSO: 10 ways to prep for and ace a security job interview Clearly
even within organizations that should know better, detecting a malicious insider is hit or miss. How then is
an organization outside of the Intelligence Community supposed to make their employees aware of the
concern, especially without inspiring a witchhunt?
insiders have wreaked havoc in organizations of all types. While the IT world focuses on
118
stories of rogue administrators, insiders in all roles carry out thefts and other malicious actions. While
some wrongdoers are very clever and are able to cover their actions very well, the reality is that just about
all malicious insiders show indications of their intent. This is relevant to awareness programs as their
there are three requirements for awareness to be effective: 1) Understanding of the problem, 2) Knowledge
of what actions to take, and 3) Motivation to take the appropriate actions. Generally understanding the
exists, while not being motivated to do anything about it. The easy part of addressing the insider threat is
there are now many examples to help get the message across.
People like Snowden and Chelsea Manning are clear examples that it only takes one
that
person to cause a lot of damage. While these individuals have become household names, it is better to use
examples from your own company or industry. While some companies understandably do not like to
highlight their own incidents, they can anonymize the cases. The message is actually simple, insiders are a
big threat and do not ignore signs of questionable behaviors. The message tagline could be the
organizational equivalent of, If you see something, say something. The message should highlight to be
on the lookout for violations of policies and procedures. It is also critical to remind employees that it is
people, just like themselves, who have stopped major insider crimes. [Why companies need to check their
handling of internal threats]
Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and
Safeguarding of Classified Information. Signed by President Obama in September 2011, Executive Order
13587 requires federal agencies that operate or access classified computer networks to implement insider
threat detection and prevention programs. Since the passage of Executive Order 13587, the following key
resources have been developed: The National Insider Threat Task Force developed minimum standards for
implementing insider threat programs. These standards include a set of questions to help organizations
conduct insider threat self-assessments. The Intelligence and National Security Alliance conducted
research to determine the capabilities of existing insider threat programs The Intelligence Community
CERTs
insider threat program training and certificate programs are based
on the above resources as well as CERTs own Insider Threat
Workshop, common sense guidelines for mitigating insider threats, and in-depth experience and
Analyst-Private Sector Partnership Program developed a roadmap for insider threat programs.
insights from helping organizations establish computer security incident response teams. As described in
this blog post, researchers from the Insider Threat Center at the Carnegie Mellon University Software
Engineering Institute are also developing an approach based on organizational patterns to help agencies
and contractors systematically improve the capability of insider threat programs to protect against and
mitigate attacks. A Pattern-based Approach to Insider Threat This post is the latest installment in an
119
designate paths
through the mitigation pattern language with the goal of mitigating
a specific insider threat behavior. The mitigation pattern outlined
above will be used in a capability development scenario described
below. Such capability development scenarios serve to guide insider threat program designers as they
individual organizations. We therefore use capability development scenarios to
try to ensure their programs are resilient against insider threats to their critical assets. An Example
Capability Development Scenario In a forthcoming report on this topic, we will outline several capability
development scenarios (CDSs). One scenario involves mitigating theft of intellectual property when an
employee resigns or is fired from the organization: Through our analysis of our insider threat database, we
observed that 70 percent of insiders who stole intellectual property from an employer did so within 60 days
of their termination from an organization. This CDS urges that both parties must agree at employee hiring
regarding the ownership of intellectual property as well as the consequences if the agreement is breached.
Upon termination, whether voluntary or forced, the organization should disable insiders accesses. During
the exit interview, the organization must review existing agreements regarding IP. The CDS advocates that
an employer monitor insider actions 60 days prior to termination and for 60 days after termination.
Suspicious behaviors including uncharacteristically large downloads of intellectual property should be
handled either by the human resources or legal departments or a combination of both. As specified by the
associated path through the mitigation pattern language, this CDS advocates that organizations Screen
Employees Agree on IP Ownership Periodically Raise Security Awareness Log Employee Actions Increase
Monitoring Due to an Employees Pending Departure Reconfirm Employee Agreements on Departure
Eliminate Methods of Access after Departure Monitor Activity after Departure In summary ,
mitigating
theft of IP at departure involves ensuring that the organization
increases their monitoring of any insider with access to critical
assets for specific suspicious behaviors when the insider resigns or
is terminated. In addition, the insider must agree to and be reminded that they cant take
organization-owned IP with them. Future Work in Insider Threat Continuing our efforts to
help federal agencies and contractors develop insider threat
programs, per executive order 13587, we are now seeking active government partners
to apply and refine our approach. We also are continuing our research into fundamental patterns of insider
120
whether we can distinguish the social networks of malicious and non-malicious insiders. As part of this
research, we are collaborating with Dr. Kathleen Carley, a professor at Carnegie Mellon Universitys
Institute for Software Research in the School of Computer Science.
employee social security numbers, patients protected health information, or customer credit card data.
88 percent
of respondents are concerned about insider threats but have difficulty
to have trouble addressing the risks insiders can pose. According to the Raytheon survey,
identifying specific threatening actions, and 69 percent said their security tools dont provide enough
incident is $412,000, with victims losing an average of $15 million a year. Although most
agencies primarily focus on external cyber threats, it is crucial to also prepare and
combat insider threats. The U.S. Computer Emergency Response Team (CERT) defines an insider threat as:
A current or former employee, contractor, or other business partner who has or had authorized access to
an organizations network, system, or data and intentionally exceeded or misused that access in a manner
that negatively affected the confidentiality, integrity, or availability of the organizations information or
information systems. Insider threats are not necessarily hackers and they often dont start with malicious
intent. Usually a trigger event such as a denied vacation or being bypassed for a raise or promotion
initiates the threat. Whats more striking, the CERT Division of the Software Engineering Institute (SEI) at
Carnegie Mellon University found that 90 percent of IT saboteurs were system administrators. Despite this,
most security tools are designed with hackers in mind, but theyre not always the real threat. For a more
overarching, office-wide approach, Patrick Reidy, former chief information security officer at the FBI, offers
not get overwhelmed with data. Reidy proposes that only two sources of data are needed: HR data to
better understand employees and workplace or personnel issues and system logs to track what is being
printed or downloaded via USB, CD or DVD. D etection
behavior-based techniques . Detecting insider threats is very hard, like looking for a needle
in a stack of needles, Reidy said. By using behavioral analytics, agencies can build a
baseline of behavior and look for red flags anomalies that differentiate potential
insiders from innocuous employees. The CERT Division of SEI also provides 10 best practices to prevent
Implement strict password and account management policies and practices. Log, monitor and audit
employee online actions, especially unusually large queries, downloads, print jobs or e-mails, or other
suspicious behavior. Use extra caution with system administrators and privileged users. Collect and save
data for use in investigations. Implement secure backup and recovery processes. Clearly document insider
threat controls. Provide an Employee Assistance Program or other recourse for employees experiencing
personal problems. Deactivate computer access and change passwords for all accounts upon termination,
including external accounts. Train management on the patterns of behavior that could indicate an IT
122
defenses against
infiltrators or any type of insider threat require a cultural shift . The
challenge is to close the door to infiltrators while leaving it open to legitimate workers and business. Even
if an infiltrator sets sights on a worthy target and exploits weak defenses ,
problems can marginalize the average employee, excluding him or her from playing a useful and
necessary role in insider defense. Employees should be recognized as the first line of defense, bringing
in addressing the
insider threat, we must reconsider our usual efforts to penetrate
with the intensity and focus of a laser what we should instead be
illuminating with a flashlight. No matter how deep the laser drills, it points to only a
them onto the front lines with a No Dark Corners approach. Consequently,
fragment of the entire picture. Caught in the lasers beam, a clever insider can mask or explain away
approach offers open team and employee engagement as a method of implementing layered defenses,
particularly on the front lines of detection and intervention, where critical operations take place.
The
of statistically significant data on hostile insiders. As a review of the current literature indicates, trust
betrayalwhether in espionage or other fields remains statistically rare (Shaw & Fischer, 2005, p. 34;
Parker & Wiskoff, 1991, p. 4).1 When analyzed further, the insider threat has been subordinated to cyber
security studies centering on hackers and disgruntled employees, ex-employees, or consultants (Brackney
& Anderson, 2004; Cappelli, Moore, Trzeciak, & Shimeall, 2009; Leach, 2009). While such studies have
supplied value and drawn attention to the problem, they 1 Shaw and Fischer, looking at espionage as a
subset of trust betrayal, argued that such trust betrayal appeared relatively rare, while betrayals by cyber
insiders might be poised to be more frequent, hence more amenable to profiling and categorizing by
subtype. have offered few solutions other than to advise continuing scrutiny. Data compiled to date
suggest that the vast majority of insider cyber attacks have been either fraud-driven or moderate in scope
yielding practical tools, tactics, or recommendations that would serve a defender in countering the threat.
journey to this destination involves applying lessons of experts from other, more mature arenas of defense
from insider threats, such as workplace violence, line management, corporate security, and counterespionage. In the course of following this path, the study also explores one answer to the question, If
current indicators and countermeasures fall short, what should we do differently?
refers to harmful acts that trusted insiders might carry out; for example, something that causes harm to
the organization, or an unauthorized act that benefits the individual. A 1997 US Depart ment of Defense
(DoD) Inspec tor General report1 found that 87 percent of identified intruders into DoD information
systems were ei ther employees or others internal to the organization. More gener ally, recent studies of
cybercrime (such as the 2004 through 2006 E-Crime Watch Surveys; www.cert. org/archive/) in both
government and commercial sectors reveal that although the proportion of insid er events is declining (31
percent in 2004 and 27 percent in 2006), the financial impact and operat ing losses due to insider
intrusions are increasing. Of those compa nies experiencing security events, the majority (55 percent)
example, this threat may be an employee working for a large corporation, but in reality they are employed
by a competitor to engage in corporate espionage. A second example is highly skilled, disgruntled
125
could be
a spy working for a foreign country. Regardless of who the insider is,
we are dealing with a highly dangerous threat, one that is extremely
difficult to detect. They have access to critical information; they know the
employee motivated to cause a great deal of damage before they are fired. A third example
structure of the organization. They are most likely after information, not systems. As a result, there may be
few attacks and their access to information may even be authorized. It is what they do with that
information that comprises the threat. It is our goal to detect and capture the activity of this threat. For the
purposes of this paper, we will take the lessons learned from the ARDA Cyber Indications and Warning
workshop. In this workshop, we focused on past spies in the Intelligence community. Examples of such
spies include Aldrich Ames, Robert Hansen, and Anna Montes. These individuals were all highly trusted
individuals with extensive and critical knowledge to their respective organizations. However, as insiders
they were able to cause extreme harm to their organizations, and over long periods of time without being
detected.
126
In order to obtain
meaningful insights rather than just confirming the authors opinions, this study
sought out practitioners who each have over 20 years of experience
in responsible charge in their respective fields and were willing to
voluntarily participate in what would otherwise constitute billable hours. This undertaking
respondents, including responses that took the form of explanatory narratives.
required the fullest stretch of the authors network and availing of professional courtesy. Despite 31 years
of industry experience and an address book with some 2,024 entries, the author rated himself fortunate to
be able to assemble a dozen professionals who contributed their career thoughts throughout the Delphi
process. Note that the Delphi method isolates respondents from each other, rather than gathering them
together in a focus group .
Recruitment
of experts and gathering of their signed, informed consent forms, in
satisfaction of the requirements of the Institutional Review Board of the Naval
through April 2009 and consisted of three iterative rounds of questions and feedback.
Postgraduate School, took place between the months of November 2008 to January 2009.
127
Russia Containment DA
128
1NC
Deterring Russia in Europe is k2 curb Russian
expansionism
OHanlon 7/12
(Michael, 2015, senior fellow at The Brookings Institution, We Need to Get Serious
About Russia, Now, http://www.politico.com/magazine/story/2015/07/we-need-to-get-tough-with-russianow-120002.html#ixzz3gOxGu49h)//RTF
As
Gen. Joseph Dunford, the incoming Joint Chiefs chairman, told the
Senate Armed Services Committee at his confirmation hearing last
week: If you want to talk about a nation that could pose an
existential threat to the United States, I would have to point to
Russia. If you look at their behavior, its nothing short of alarming, Meanwhile the
current crisis over Greece and the Eurozonewhich is not likely to
end soon, if everis only likely to further undermine Europes
resolve and induce it to turn inward, allowing Putin to breathe
easier. Or at least, the Russian president might get that impression. So the United States
and its NATO allies need to get serious about the situation now, and
complement their existing policy approach with new ideassome of
them to show resolve and firmness towards Putin and Russia, others to
offer him a way out of this crisis should he wish to take such a path. But this is not a time for
drift; the longer the Kremlin senses irresolution in the West, the
more it is likely to assume that its new order in the east is a fait
accompli. There is also a risk it could become yet more aggressive,
even towards the NATO-member Baltic states, in some way. The context
dealing with Vladimir Putin than Barack Obama has been, will be able to fix the situation either.
of the situation was well summarized in a recent poll, released June 10, that the Pew Research Center
conducted over the previous several months. It underscored that the West has a number of strengths in
dealing with Putinbut also a number of serious vulnerabilities that will not get better just by ignoring
them. The survey, led by Bruce Stokes and Katie Simmons, found that majorities of citizens in a number of
key NATO states would not favor the use of force to protect another alliance member in the event of
Russian aggression against them. That would seem, on its face, to ignore Article V of the NATO alliances
founding charter, the Washington Treaty of 1949, which states that an attack on one is an attack on all,
and should be treated accordingly. This may appear to some as tantamount to an invitation to renewed
Russian aggression. It seems to raise the scenario of Vladimir Putin again employing his patriotic cyber
attackers and little green men, not just in Crimea but perhaps in Latvia or Estoniaformer republics in
the Soviet Union turned independent nations and, since 2004, members of NATO. Each also has significant
populations of Russian speakers that Putin can claim want to be reunited with the motherland; each is too
far east for NATO easily to mount a military defense in any case. Are such parts of the Western alliance,
and perhaps other countries like Poland, now vulnerable to Russian aggression? In fact, it would be a
While there
are indeed some troubling findings in the Pew results, on balance
what emerges is the picture of an alliance that still provides the
West with considerable cohesion, and considerable leverage, in
addressing the problem of Putin. Before trying to make sense of the poll results, it is
mistake to reach this conclusion based on the Pew survey or any other recent polling.
important to summarize not just the headline-dominating findings noted above, but several other key
results from Pew: The NATO publics have negative views of Russia and Putin. They seem to have little
doubt of who is primarily responsible for the crisis in relations of the last two years, dating to the
129
immediate aftermath of the Sochi Olympics when protests in Ukraine forced out the countrys previous
leader, President Yanukovich. Five of eight NATO countries surveyed (the UK, France, Spain, Italy and
Germany) oppose sending weapons to Ukraine to defend itself in the current crisis. NATO countries remain
more than willing to employ sanctions against Russia over its behavior. This was true in every alliance
member-state that was polled, including Germany, the most pro-Russia NATO state that was included in
the polling. Indeed, although just 38 percent of Germans favored a military response in the event of a
hypothetical Russian attack against another NATO member, they remained in favor of sanctions against
Russia. Only 29 percent favored a loosening of the current sanctions, unless Russias behavior were to
change. This helps explain why the EU just reauthorized sanctions against Russia, with even Greece in
support. Putin remains extremely popular in Russia, with favorability ratings approaching 90 percent;
Russians currently blame the West, and falling oil prices, for their current economic woes, and not their
Two more key points are crucial to remember. First, the type of hypothetical Russian attack against a NATO
country that formed the premise for the Pew question about Article V was not clearly specified. Perhaps
respondents were in some sense wondering if a takedown of several Latvian or Estonian computer
networks really needed to be met with NATO tanks? For most western publics, the advisability of a major
military response might well, understandably enough, depend in detail on the nature of the perceived
Russian attack as well as the other options available to the alliance. Second, and relatedly, it is important
to remember that Article V does NOT demand an automatic, unconditional military response by each
alliance member. It says, rather, that an attack on one should lead to a response by allinvolving
whatever means the individual states determine. This ambiguity may risk complicating deterrence, to be
surebut it worked during the Cold War and, if NATO leaders are sufficiently clear in their dealings with
The
United States and other NATO member states should adopt the
Pentagons recent proposal to station modest amounts of equipment
in the easternmost NATO countriesa proposal that is harder to
oppose at this juncture given Putins continued stirring up of the
conflict. Ideally, equipment from NOT ONLY America BUT also other NATO countries would be part of
Putin, it can and should work now. These results collectively suggest the following path ahead:
the initiative. The sanctions tool remains powerful and should still be employed. As they pursue Russian
compliance with the so-called Minsk accords, which Moscow agreed to this past winter, and which would
allow autonomy for Ukraines eastern provinces in return for verifiable Russian withdrawal from those same
regions and an end to hostility by separatists, western policymakers can and should keep up the economic
pressure. A grand solution should also be proposed to Moscow. As a complement to the Minsk concept and
the continuation of economic sanctions, the West should offer a proposal for a new Central European
security architecture for non-NATO states that Russia would be asked and expected to co-guarantee, if it
wishes that countries like Ukraine permanently forgo pursuit of NATO membership. This should not weaken
Ukraines formal sovereignty; no long-term Hong Kong handover solution is needed. But all would
understand that Ukraine would not formally join the West in geostrategic terms, though it certainly could
accept western help out of its current economic malaise once the right policy foundation was established.
So far Putin has managed to convince Russians that their economic predicament is not his fault, but over
time, he may not be able to maintain the charade. The Pew poll suggests that Western publics are firmly
united behind this sanctions-based approachand that modern democracies, while wary about the use of
force, are a far cry from the paper tigers their critics sometimes purport them to be. But our policies are far
from adequate to the task at hand and need to be improved nowbefore the situation escalates further
and reduces our room for maneuver, and before the 2016 U.S. presidential race reduces Washingtons
room for maneuver as well.
(Max, 2015, writing for Vox, How World War III became possible,
http://www.vox.com/2015/6/29/8845913/russia-war)//RTF
130
deliver economic growth and they would let him erode basic rights. Without the economy, what did he
sometimes calls "hybrid war." "This was the theory of the Kaiser before World War I: The more threatening
diplomatic and military incidents into games of high-stakes chicken favors Russia, he believes, as the West
will ultimately yield to his superior will. To solve the problem of Russia's conventional military weakness,
an outcome that should be no cause for celebration in the West," Nye wrote in a recent column.
"States
(Max, 2015, writing for Vox, How World War III became possible,
http://www.vox.com/2015/6/29/8845913/russia-war)//RTF
It was in August 2014 that the real danger began, and that we heard the first
warnings of war. That month, unmarked Russian troops covertly invaded
eastern Ukraine, where the separatist conflict had grown out of its
control. The Russian air force began harassing the neighboring
Baltic states of Estonia, Latvia, and Lithuania, which are members of
NATO. The US pledged that it would uphold its commitment to
defend those countries as if they were American soil, and later
staged military exercises a few hundred yards from Russia's border.
Both sides came to believe that the other had more drastic
intentions. Moscow is convinced the West is bent on isolating,
subjugating, or outright destroying Russia . One in three Russians now believe the
US may invade. Western nations worry, with reason, that Russia could use
the threat of war, or provoke an actual conflict, to fracture NATO and
its commitment to defend Eastern Europe. This would break the status quo order
that has peacefully unified Europe under Western leadership, and kept out Russian influence, for 25 years.
Fearing the worst of one another, the US and Russia have pledged to
go to war, if necessary, to defend their interests in the Eastern
European borderlands. They have positioned military forces and conducted chest-thumping
exercises, hoping to scare one another down. Putin, warning repeatedly that he
would use nuclear weapons in a conflict, began forward-deploying
nuclear-capable missiles and bombers. Europe today looks
disturbingly similar to the Europe of just over 100 years ago, on the
eve of World War I. It is a tangle of military commitments and defense pledges, some of them
unclear and thus easier to trigger. Its leaders have given vague signals for what would and would not lead
around Washington or a Western European capital today, there is no feeling of looming catastrophe. The
threats are too complex, with many moving pieces and overlapping layers of risk adding up to a larger
danger that is less obvious. People can be forgiven for not seeing the cloud hanging over them, for feeling
that all is well even as in Eastern Europe they are digging in for war. But this complacency is itself part
There
is a growing chorus of political analysts, arms control experts, and
government officials who are sounding the alarm, trying to call the
world's attention to its drift toward disaster. The prospect of a major
war, even a nuclear war, in Europe has become thinkable, they warn,
even plausible. What they describe is a threat that combines many of the hair-trigger dangers and
of the problem, making the threat more difficult to foresee, to manage, or, potentially, to avert.
world-ending stakes of the Cold War with the volatility and false calm that preceded World War I a
132
comparison I heard with disturbing frequency. They described a number of ways that an unwanted but
major war, like that of 1914, could break out in the Eastern
European borderlands. The stakes, they say, could not be higher: the
postWorld War II peace in Europe, the lives of thousands or millions
of Eastern Europeans, or even, in a worst-case scenario that is
remote but real, the nuclear devastation of the planet.
nonetheless
133
Twelve weeks have passed since the second Minsk agreement was
signed, and the military situation in Eastern Ukraine has quieted . While
this is a positive development, we cannot declare the crisis over. Unfortunately, it seems
most likely that another territory with non-specified status will emerge in
Europe, opening the door for yet another frozen conflict in the
region. In the short run, the current situation in Ukraine is in some sense understood on all sides:
Ukraine is able to concentrate on its reform agenda efforts; Russia can keep Donbass hostage and
use of force as an instrument of conflict resolution and forcible changes of the state borders via military
leaders in Europe and the U.S. believe Putin is weakas Valeriano and Maness proposethey should
demonstrate that fact to the world and to the Russian president himself. We have yet to see that kind of
clear demonstration.
134
(Max, 2015, writing for Vox, How World War III became possible,
http://www.vox.com/2015/6/29/8845913/russia-war)//RTF
formerly part of the Soviet Union. And they are where many Western analysts fear World War III is likeliest to start.
These small countries are "the most likely front line of any future
crisis," according to Stephen Saideman, an international relations professor at Carleton University. Allison
and Simes, in their essay warning of war, called the Baltics "the
Achilles heel of the NATO alliance." A full quarter of Estonia's
population is ethnically Russian. Clustered on the border with
Russia, this minority is served by the same Russian state media that
helped stir up separatist violence among Russian speakers in
eastern Ukraine. But unlike Ukraine, the Baltic states are all members
of NATO, whose charter states that an attack on one member is an
attack on them all. Whereas a Russian invasion of Ukraine prompted Western sanctions, a Russian
invasion of Estonia would legally obligate the US and most of Europe
to declare war on Moscow. "We'll be here for Estonia. We will be here for Latvia. We will be here for
Lithuania. You lost your independence once before. With NATO, you will never lose it again," Obama pledged in his
September speech in Estonia. Less than 48 hours after Obama's address, Russian agents blanketed an Estonia-Russia
border crossing with tear gas, stormed across, and kidnapped an Estonian state security officer, Eston Kohver, who
specialized in counterintelligence. Kohver has been held illegally in a Russian prison for nine months now. It was
something like an act of geopolitical trolling: aggressive enough to assert Russian dominion over Estonia, but not so
aggressive as to be considered a formal act of war that would trigger a Western counterattack. And it was one of several
The Russian
military has already begun pressing the Baltic states. Russian
warships were spotted in Latvian waters 40 times in 2014. Russian
military flights over the Baltics are now routine, often with the
planes switching off their transponders, which makes them harder to
spot and increases the chances of an accident. Military activity in
the region had reached Cold War levels. NATO, fearing the worst, is
increasing military exercises in the Baltics. The US is installing heavy
equipment. And in February, the US military paraded through the
Russian-majority Estonian city of Narva, a few hundred yards from
Russia's borders. It's a textbook example of what political scientists
call the security dilemma: Each side sees its actions as defensive
and the other side's as offensive. Each responds to the other's
perceived provocations by escalating further, a self-reinforcing cycle
that can all too easily lead to war. It is considered, for example, a major contributor to the
signs that Putin's Russia is asserting a right to meddle in these former Soviet territories.
outbreak of World War I. That it is entirely foreseeable does little to reduce the risk. Even if Russia in fact has no designs
on the Baltics, its bluffing and posturing has already created the conditions for an unwanted war. In early April, for
example, a Russian fighter jet crossed into the Baltic Sea and "buzzed" a US military plane, missing it by only 20 feet. It
was one of several recent near-misses that, according to a think tank called the European Leadership Institute, have had a
"high probability of causing casualties or a direct military confrontation between Russia and Western states." Meanwhile,
136
(Max, 2015, writing for Vox, How World War III became possible,
http://www.vox.com/2015/6/29/8845913/russia-war)//RTF
was trying to answer a question that Western analysts and policymakers had been puzzling over since
Russian provocations began in the Baltics last fall: What does Putin want? Unlike in Ukraine, with which
Russia has a long shared history, there is little demand among the Russian public for intervention in the
Baltic states. They are of modest strategic value. And the risks of Russia's aggression there are potentially
They would almost certainly be aided by a wave of Russian propaganda, making it harder for outsiders to
differentiate unmarked Russian troops from civilian volunteers, to determine who was fighting where and
that the answer is no. That NATO would not intervene, thus
effectively abandoning its commitment to defend its Eastern
European member states. Piontkovsky's scenario, once considered extreme, is
now widely seen by Western security experts and policymakers as
plausible. At the end of 2014, the military intelligence service of Denmark, a member of NATO, issued
a formal paper warning of precisely that: Russia may attempt to test NATOs cohesion by engaging in
military intimidation of the Baltic countries, for instance with a threatening military build-up close to the
borders of these countries and simultaneous attempts of political pressure, destabilization and possibly
infiltration. Russia could launch such an intimidation campaign in connection with a serious crisis in the
post-Soviet space or another international crisis in which Russia confronts the United States and NATO.
"The
said. "Thats the biggest concern." Saideman described a variation on this scenario that I heard from
(Max, 2015, writing for Vox, How World War III became possible,
http://www.vox.com/2015/6/29/8845913/russia-war)//RTF
VI. How it would happen: The fog of hybrid war In
Russian
politicians and state media accused the Estonian government of
fascism and Nazi-style discrimination against ethnic Russians; they
issued false reports claiming ethnic Russians were being tortured
and murdered. Protests broke out and escalated into riots and mass
looting. One person was killed in the violence, and the next day
hackers took many of the country's major institutions offline. Russia
could do it again, only this time gradually escalating further toward
a Ukraine-style conflict. NATO is just not built to deal with such a
crisis. Its mutual defense pledge, after all, rests on the assumption that war is a black-and-white
concept, that a country is either at war or not at war. Its charter is from a time when
war was very different than it is today, with its many shades of gray.
Russia can exploit this flaw by introducing low-level violence that
more hawkish NATO members would consider grounds for war but
that war-averse Western European states might not see that way.
Disagreement among NATO's member states would be guaranteed as
they hesitated over where to declare a moment when Russia had
crossed the line into war. Meanwhile, Russian state media, which has shown real influence in
symbol and annual rallying point for the country's ethnic Russians. In response,
Western Europe, would unleash a flurry of propaganda to confuse the issue, make it harder to pin blame on
Germany, which is
would be particularly
resistant to going to war. The legacy of World War II and the
ideology of pacifism and compromise make even the idea of
declaring war on Russia unthinkable. German leaders would come
under intense political pressure to, if not reject the call to arms, then at least
delay and negotiate a de facto rejection of NATO's collective selfdefense. In such a scenario, it is disturbingly easy to imagine how NATO's
European member states could split over whether Russia had even
crossed their red line for war, much less whether to respond. Under a fog of confusion and
doubt, Russia could gradually escalate until a Ukraine-style conflict in
the Baltics was foregone, until it had marched far across NATO's red
line, exposing that red line as meaningless. But the greatest danger
of all is if Putin's plan were to stumble: By overreaching, by
underestimating Western resolve to defend the Baltics, or by
starting something that escalates beyond his control, it could all too
easily lead to full-blown war. "That kind of misperception situation is
definitely possible, and thats how wars start," Saideman said, going on to
Moscow for the violence, and gin up skepticism of any American calls for war.
widely considered the deciding vote on whether Europe would go to war,
compare Europe today with 1914, just before World War I. "The thing that makes war most thinkable is
when other people dont think its thinkable."
(Ian, 2015, The Guardian, Nato and EU face collapse if they fail to stop Russian
aggression, warn experts, http://www.independent.co.uk/news/world/politics/nato-and-eu-face-collapse-ifthey-fail-to-stop-russian-aggression-experts-warn-10295927.html)//RTF
may have the greater interest in Ukraine. But the West has an even
bigger interest in preserving the post-Cold War environment. If that
is dismantled, it is conceivable that Nato and the EU could collapse
too. The report, whose authors include two former ambassadors to Moscow, Sir Roderic Lyne and Sir
Andrew Wood, said Russian President Vladimir Putin had been encouraged by the weak and unconvincing
responses from the West to events such as Russias seizure of South Ossetia and Abkhazia from Georgia
in 2008. The
140
Above all, NATO pessimists overlooked the valuable intra-alliance functions that the alliance has always
performed and that remain relevant after the cold war. Most importantly, NATO has helped stabilize
Western Europe, whose states had often been bitter rivals in the past. By damping the security
dilemma and providing an institutional mechanism for the development of common security policies,
NATO has contributed to making the use of force in relations among the
countries of the region virtually inconceivable. In all these ways, NATO clearly serves
the interests of its European members. But even the United States has a significant stake in preserving
a peaceful and prosperous Europe. In addition to strong transatlantic historical and cultural ties,
American economic interests in Europe as a leading market for U.S. products, as a source of valuable
imports, and as the host for considerable direct foreign investment by American companies remain
141
(Max, 2015, writing for Vox, How World War III became possible,
http://www.vox.com/2015/6/29/8845913/russia-war)//RTF
fearing a threat from the West it sees as imminent and existential, the stakes are unimaginably high,
justifying virtually any action or gamble if it could deter defeat and, perhaps, lead to victory. Separately,
the ever-paranoid Kremlin believes that the West is playing the same game in Ukraine. Western support for
Ukraine's government and efforts to broker a ceasefire to the war there, Moscow believes, are really a plot
to encircle Russia with hostile puppet states and to rob Russia of its rightful sphere of influence.
Russia, hoping
to compensate for its conventional military forces' relative
weakness, has dramatically relaxed its rules for using nuclear
weapons. Whereas Soviet leaders saw their nuclear weapons as pure
deterrents, something that existed precisely so they would never be
used, Putin's view appears to be radically different. Russia's official
nuclear doctrine calls on the country to launch a battlefield nuclear
strike in case of a conventional war that could pose an existential
potential armageddon. In some ways, that logic has grown even more dangerous.
142
threat. These are more than just words: Moscow has repeatedly signaled its
willingness and preparations to use nuclear weapons even in a more
limited war. This is a terrifyingly low bar for nuclear weapons use,
particularly given that any war would likely occur along Russia's
borders and thus not far from Moscow. And it suggests Putin has adopted an idea that
Cold War leaders considered unthinkable: that a "limited" nuclear war, of small warheads dropped on the
battlefield, could be not only survivable but winnable. "Its not just a difference in rhetoric. Its a whole
different world," Bruce G. Blair, a nuclear weapons scholar at Princeton, told the Wall Street Journal. He
called Putin's decisions more dangerous than those of any Soviet leader since 1962. " Theres
a low
nuclear threshold now that didnt exist during the Cold War." Nuclear
theory is complex and disputable; maybe Putin is right. But many theorists would say he
is wrong, that the logic of nuclear warfare means a "limited" nuclear
strike is in fact likely to trigger a larger nuclear war a doomsday
scenario in which major American, Russian, and European cities
would be targets for attacks many times more powerful than the
bombs that leveled Hiroshima and Nagasaki. Even if a nuclear war did somehow
remain limited and contained, recent studies suggest that environmental and atmospheric damage would
cause a "decade of winter" and mass crop die-outs that could kill up to 1 billion people in a global famine.
(Max, 2015, writing for Vox, How World War III became possible,
http://www.vox.com/2015/6/29/8845913/russia-war)//RTF
VIII. The nuclear dangers: The red line is closer than you think This August, as the Russian military
launched its undeclared and unofficial invasion of eastern Ukraine to defend separatist rebels there against
defeat, Putin attended an annual youth conference at Lake Seliger, just north of Moscow. During a Q&A
session, a teaching student asked an odd question about the "cyclical" nature of history and concerns that
Americans are so unhappy with the Russian regime, they would do it. Praise God, we have a nuclear
143
win a war without ever using a nuclear weapon. Both the US and Russia had
pledged to use nuclear weapons only to deter one another from nuclear attacks. This kept the Cold War
because the US would not need its ICBMs to win a war, that
deterrence is no longer enough to keep Russia safe. In response,
Russia has been gradually lowering its bar for when it would use
nuclear weapons, and in the process upending the decades-old logic
of mutually assured destruction, adding tremendous nuclear danger
to any conflict in Europe. The possibility that a limited or unintended
skirmish could spiral into nuclear war is higher than ever. Russia's
nuclear doctrine, a formal document the Kremlin publishes every few years outlining when it will
and will not use nuclear weapons, declares that the Russian military can launch
nuclear weapons not just in the case of a nuclear attack, but in case
of a conventional military attack that poses an existential threat. In
other words, if Russia believes that American tanks could be bound for
the Kremlin, it has declared it may respond by dropping nuclear
bombs. The danger that this adds to any possible confrontation, particularly along the Baltic states, is
difficult to overstate. If an accident or miscalculation were to lead to a
border skirmish, all it would take is for the Kremlin to misperceive
the fighting as the beginning of an assault toward Moscow and its
own doctrine would call for using nuclear weapons. Indeed, it would be the
only way to avoid total defeat. There is another layer of danger and uncertainty to this : It is not
clear what Russia would consider a conventional threat worthy of a
nuclear response. A few months after he'd annexed Crimea, Putin revealed that
during Russia's undeclared invasion of the territory he had
considered putting his country's nuclear forces on alert; his
government has signaled it would consider using nuclear force to
defend Crimea from an attack, something Russian analysts told me was not just bluster.
cold. But
The United States, of course, has no intention of militarily retaking Crimea, despite surprisingly common
fears to the contrary in Russia. But Russian paranoia about such a threat, and a possible willingness to use
nuclear weapons to avert it, adds more danger to the already dangerous war in eastern Ukraine and the
the
Crimea revelation raises a disconcerting question: Where exactly
does Moscow place the line for a threat severe enough to use
nuclear weapons? Its doctrine says they should be used only against an existential threat, but an
attack on Crimea would be far from existentially dangerous. We can only guess where the
real red line lays, and hope not to cross it by mistake.
fears that greater Russian or Western involvement there could spark a broader conflict. And
(Max, 2015, writing for Vox, How World War III became possible,
http://www.vox.com/2015/6/29/8845913/russia-war)//RTF
IX. The nuclear dangers: How Putin is pushing us back to the brink There is a specific moment that arms
control experts often cite to highlight the dangers of nuclear weapons, how they kept the world poised, for
years at a time, mere minutes away from nuclear devastation. That moment was September 26, 1983.
That evening, a Russian lieutenant colonel named Stanislav Petrov settled in for his shift overseeing the
Soviet Union's missile attack early warning system. Petrov had a top-secret network of satellites, all
pointed squarely at the United States and its arsenal of nuclear-armed intercontinental ballistic missiles,
which pointed back at him. The US and Soviet Union were ramping up development of ICBMs, which could
circle the globe in 30 minutes and reduce an enemy city to ash. Both sides were driven by fear that the
other could one day gain the ability to launch a preemptive nuclear strike so devastating and so fast that it
would start and win the war within hours. Each sought to develop ever more sensitive warning systems,
and ever more rapid mechanisms for retaliation, to deter the threat. Petrov ran one such warning system.
If he caught an American attack as soon as it crossed his sensors, it would give the Soviet leadership about
144
20 minutes of warning time. That was their window to determine how to respond. The space for mistakes
was effectively zero. Five hours into Petrov's shift that night, something he had never encountered in his
11-year career happened: The system went into full alarm. The word "LAUNCH" displayed in large red
letters. The screen announced a "high reliability" of an American ICBM barreling toward the Soviet Union.
Petrov had to make a decision: Would he report an incoming American strike? If he did, Soviet nuclear
doctrine called for a full nuclear retaliation; there would be no time to double-check the warning system,
much less seek negotiations with the US. If he didn't, and he was wrong, he would have left his country
defenseless, an act tantamount to treason. His gut instinct told him the warning was in error, but when he
flipped through the incoming imagery and data and he could reach no hard conclusion from it. After a few
moments, he called his superiors and stated categorically that it was a false alarm. There was, he insisted,
no attack. Petrov waited in agony for 23 minutes the missile's estimated time to target before he
knew for sure that he'd been right. Only a few people were aware of it at the time, but thanks to Petrov,
The US
and Soviet Union, shaken by this and other near-misses, spent the next few
years stepping back from the brink. They decommissioned a large number of nuclear
warheads and signed treaties to limit their deployment. One of their most important
measures was a 1987 agreement called the Intermediate-Range
Nuclear Forces (INF) Treaty, which saw both sides conclude that the
medium-range, land-based nuclear missiles they'd stuffed across
Europe were simply too dangerous and destabilizing to be allowed.
Because the missiles could reach Moscow or Berlin or London at lightening speeds, they shortened
the "response time" to any crisis the window in which a Soviet or Western leader
the world had only barely avoided World War III and, potentially, total nuclear annihilation.
would have to decide whether the country was under attack before such an attack would hit to just a
risk they posed was deemed, in the 1987 INF Treaty, unacceptable to the world. And the weapons were
Putin has taken several steps to push Europe back toward the
nuclear brink, to the logic of nuclear escalation and hair-trigger weapons that made the early
1980s, by many accounts, the most dangerous time in human history. Perhaps most
drastically, he appears to have undone the 1987 INF Treaty,
reintroducing the long-banned nuclear weapons. In March, Russia
announced it would place nuclear-capable bombers and mediumrange, nuclear-capable Iskander missiles in the Russian enclave of
Kaliningrad only an hour, by commercial airliner, from Berlin. Meanwhile, it has been
testing medium-range, land-based missiles. The missiles , to the alarm of
the United States, appear to violate the INF Treaty. This is far from Putin's only nuclear
escalation. He is developing more nuclear weapons, and calling frequent
attention to them, as apparent cover for his aggression and
adventurism in Europe. There are suspicions, for example, that Russia may have deployed
nuclear-armed submarines off of the US Eastern Seaboard. What makes this so dangerous is that Putin
appears to believe, as the scholar Edward Lucas outlined in a recent report for the Center for
European Policy Analysis, that he has a greater willingness than NATO to use
nuclear weapons, and thus that his superior will allows him to bully
the otherwise stronger Western powers with games of nuclear
chicken. This is a substantial, and indeed terrifying, break from Cold Warera nuclear thinking, in
removed.
which both sides rightly feared nuclear brinksmanship as too dangerous to contemplate and used their
weapons primarily to deter one another. "Russias
nuclear saber-rattling is
unjustified, destabilizing and dangerous," NATO Secretary-General Jens Stoltenberg
said in a May speech in Washington. Putin is acting out of an apparent belief that
increasing the nuclear threat to Europe, and as a result to his own country, is
ultimately good for Russia and worth the risks. It is a gamble with
145
146