Instigator / Pro
7
1762
rating
45
debates
88.89%
won
Topic
#2761

Resolved: The benefits of the United States federal government’s use of offensive cyber operations outweigh the harms.

Status
Finished

The debate is finished. The distribution of the voting points and the winner are presented below.

Winner & statistics
Better arguments
3
0
Better sources
2
2
Better legibility
1
1
Better conduct
1
1

After 1 vote and with 3 points ahead, the winner is...

MisterChris
Parameters
Publication date
Last updated date
Type
Standard
Number of rounds
4
Time for argument
Two weeks
Max argument characters
15,000
Voting period
One month
Point system
Multiple criterions
Voting system
Open
Contender / Con
4
1644
rating
64
debates
65.63%
won
Description

I, PRO, believe that the benefits of the US federal government using offensive cyber operations outweigh the harms. As CON, you believe that the harms of the US federal government using offensive cyber operations outweigh the benefits.

In accordance with the harms-benefit analysis built into the resolution, BoP is shared.

DEFINITIONS:
I’m defining offensive cyber operations as any cyber operation that involves the willful invasion of the cyberspace of another party aside from the US federal government. The Australian Strategic Policy Institute furthers:
“In both UK and US military doctrine, offensive operations are a distinct subset of cyberspace operations that also include defensive actions; intelligence surveillance and reconnaissance and operational preparation of the environment”
(https://www.aspi.org.au/report/defining-offensive-cyber-capabilities#:~:text=US%20military%20joint%20doctrine%20defines,6)

STRUCTURE:
R1- PRO Constructive & CON Constructive
R2-3- Fluid attack/defense. No set structure here.

RULESET:
1. No new arguments made in final round
2. No trolling
3. You must follow the debate structure
4. No plagiarism
5. Must follow debate definitions.

RULESET PENALTY:
If the ruleset is broken, the penalty will be the loss of a conduct point. By accepting the debate, the contender accepts the RULESET and the RULESET PENALTY.

Round 1
Pro
#1
Thx, Undefeatable.

“Resolved: The benefits of the United States federal government’s use of offensive cyber operations outweigh the harms.” 

  • RECALL that PRO is defining offensive cyber operations as any cyber operation that involves the willful invasion of the cyberspace of another party aside from the US federal government. 
  • PRO observes that the resolution is a dichotomy between the status quo, a world in which the US is seeking to use offensive cyber operations more often, and a world in which offensive cyber operations are not in use by the US federal government at all. 
Contention 1: Crime & Terror

Criminal groups have become more digitized than ever before. According to the UN in 2019, “almost all organized criminal groups will use some type of networked technology to organize themselves and their crimes, some are also using those technologies to commit cybercrimes.”

As criminal groups become more digitized and streamlined, they become harder for law enforcement to counter without technological developments of their own. Even worse, as the ASP cites:

“The 2019 Worldwide Threat Assessment by the U.S. Intelligence Community highlights the concern that “financially motivated cyber criminals” may target the U.S. within the next few years. They warn that this could “disrupt U.S. critical infrastructure in the health care, financial, government, and emergency service sectors.” Officials are also concerned that terrorists may hack into databases and obtain personal information that could be used to inspire and enable physical attacks.

The threat of cyberterrorism has grown ever more pressing in the past few years. As of 2018, 81% of Americans viewed cyberterrorism as a critical threat—an increase from 73% in 2016. There is bipartisan consensus regarding the danger, as Democrats and Republicans express similar concern. Cyberterrorism is considered the second most critical threat to our country, just behind the development of nuclear weapons by North Korea.

Moreover, American military servicemembers assess cyberterrorism to be the greatest danger to U.S. national security. 89% of service members believe that it is a significant or very significant concern, but the majority thinks the U.S. lacks preparedness for a cyberattack. About a third disapprove of existing policies on combatting cyberterrorism, with many believing the guidelines do not go far enough.”

Thankfully, the FBI, CIA and other agencies like the NSA can use offensive cyber operations like hacking and wiretapping to exploit the digital networking of these organizations, gather intel, and eventually take them down, both domestically and abroad through cooperation with other countries. 

As Foreign Affairs writes in 2018,
“In countries where technology companies are willing to cooperate with the U.S. government (or with requests from their own government), a phone call to the right cloud provider or Internet service provider (ISP) could result in getting bad actors kicked off the Internet. This is not a permanent solution, but it will force adversaries to rebuild, which often prompts unforced errors, making them more vulnerable to U.S. surveillance and disruption.

...In situations where the defense of the nation is on the line, U.S. hackers could pursue a campaign of erasing computers at scale, disabling accounts and credentials used by hackers to attack, and cutting off access to services so it is harder to compromise innocent systems to conduct their attacks. Such a campaign would aim to make every aspect of hacking much harder: because hackers often reuse computers, accounts, and infrastructure, targeting these would sabotage their capabilities or render them otherwise useless.” 

This is important, because by negating you are throwing away our most valuable assets to combat these organizations and you are leaving our government constantly scrambling, always one step behind the organizations which we used to have a lead on. International criminal syndicates would be thrilled at the decision. But further, it would open our nation up to attack from the cyberterrorists of the future, with potentially deadly impacts.

Jeremy Straub writes in 2019 for Live Science,
“As someone who studies cybersecurity and information warfare, I'm concerned that a cyberattack with widespread impact, an intrusion in one area that spreads to others or a combination of lots of smaller attacks, could cause significant damage, including mass injury and death rivaling the death toll of a nuclear weapon.

Unlike a nuclear weapon, which would vaporize people within 100 feet and kill almost everyone within a half-mile, the death toll from most cyberattacks would be slower. People might die from a lack of food, power or gas for heat or from car crashes resulting from a corrupted traffic light system. This could happen over a wide area, resulting in mass injury and even deaths.

Contention 2: Enforcing Cyber Norms

Shifting our view to the world stage, offensive cyber operations can be a useful tool in enforcing international cyber norms in the long run. Currently, there is an enforcement void that needs to be filled… Countries are pushing back on existing cyber norms unprovoked without consequence, particularly China & Russia, and the US is paying for it.

The Atlantic furthers in 2019,
“(it’s) clear that cyber norms have been very much contested by China, Russia, and their autocratic buddies...Not only that, but Team Autocrat seems to be winning through a devious strategy of populating international organizations like the UN with their own countrymen to push their own views of global norms. In case you missed it, China is now the second-largest contributor to the United Nations budget. The result is that “[China] is successfully lobbying for its nationals to obtain senior posts in the UN Secretariat and associated organizations, and it is using its influence to press the UN and member states to acquiesce in China’s preferences on issues”

This manifests in a very destructive way. Foreign Affairs writes in 2018,
“During the 2016 U.S. presidential campaign, Russian hackers broke into the Democratic National Committee’s e-mail servers and made more general efforts to influence the election’s outcome...In February, U.S. intelligence and law enforcement officials warned that the Russian government would again try to use cyber-operations to interfere with midterm elections in November. That same month, the White House publicly blamed Russia for “the most destructive and costly cyberattack in history,” the 2017 NotPetya malware campaign, which crippled the government of Ukraine before spreading to multinational corporations...causing billions in damage....They also note that “Chinese hacking groups have stolen U.S. intellectual property from industrial manufacturers and military contractors.”

Ultimately, with the UN out of the picture, and China and Russia freely violating cyber norms, NATO and the US needs to take a firm stance in enforcing cyber norms by making China and Russia bleed. If we don’t, there is ultimately nothing stopping China & Russia from freely wreaking havoc.

Thankfully, the US is trying to step up their game in response. In October 2018, the US responded to these threats with a new strategy. According to Fifth Domain, it “is best described as DoD working on foreign networks to prevent attacks before they happen. The way Cyber Command meets those goals is through persistent engagement, which means challenging adversary activities wherever they operate.”

But this doesn’t mean the US will be hacking willy-nilly. In fact, the new “defend-forward” strategy is largely self-defensive… it’s about gathering intel to take out threats before they take you out first. Fifth Domain furthers: “The idea is that you gain access, then camp and wait for when intelligence sources tell you that something nefarious might come out of a given network.” If that intelligence is credible enough, you strike, sending a clear message and disabling your opponent. RECALL from my constructive that, among other things, the US can have these bad actors simply kicked off the internet, or have their accounts & computers forcibly wiped. By doing this, we raise the cost of attacking to an extent to where opposing factions become less trigger-happy. 

What’s more is that many of these operations can be reversed, creating clear leveraging power over enemy parties. Fifth Domain furthers: “The concept of reversible cyberattacks is similar to ransomware, when a criminal can hold data hostage for money. An example of a reversible offensive cyberattack would be encrypting an enemy’s data to force a change in behavior and then decrypting that information once there has been an agreement… another example is copying data, and then deleting it from an owner’s system to hold the information ransom. Reversible cyberattacks are similar to economic sanctions, but more potent. “Sanctions are inherently public, which leads to additional reputational costs for the aggressor if it backs down post-action. The value of (cyber operations) is that these activities could potentially take place in a covert manner, making it easier for a leader to save face,”

It’s not at all a reach to suppose that this method of coercion could shape the behavior of aggressive parties. It’s no wonder that the Washington Post argues the following: statistical analyses of international cyber-incidents reach mostly similar conclusions, as does research on battlefield operations in Ukraine. The emerging consensus among researchers is that cyberattacks aren’t unusually escalatory. If anything, the opposite is true.”

This will be especially effective as even when US deterrence won’t work, deterrence by the entire 29 members of NATO will. According to Cyberscoop in 2018, the new cyber strategy “says the U.S. will initiate a “Cyber Deterrence Initiative” to build a group of “like-minded states” to “ensure adversaries understand the consequences of their malicious cyber behavior.” This could happen through NATO. James Lewis notes that NATO could trigger an Article 5 response and hit back collectively, or the US could respond on its own, doing damage and deterring China & Russia from openly defying international norms in the future. 

Contention 3: Military Necessity

Offensive cyber operations are absolutely necessary for the US to be militarily competitive with other nations. The negative would make us defenseless.

As James Lewis, Senior Vice President and Director for the Strategic Technologies Program writes:
“An early scene in the 1962 film Lawrence of Arabia shows German planes swooping back and forth to bomb the rebel camp and Prince Feisal, who’s heroically mounted on a white charger, chasing the planes with his sword in hand. Horses against aeroplanes aptly describes the circumstance for any nation that wants to defend itself if it lacks military cyber capabilities. You can’t reasonably expect to have a modern, effective military if you can’t carry out cyber operations. This isn’t a like-for-like match of cyber versus cyber—an astute opponent will use cyber techniques to paralyse command and control, interfere with the operation of weapons, and generally attempt to fatally expand the confusion that accompanies any armed conflict… Eventually, all modern militaries will have offensive cyber capabilities, just as they have acquired jets, helicopters, missiles and, increasingly, UAVs. Nobody likes warfare, but declining to modernise, sticking to the cyber equivalent of horses and swords against airplanes, is a gift to opponents who will be quick to seize upon a careless attitude towards national defence.”

Indeed, Strategic Studies Quarterly affirms their utility:(CFCC = counterforce cyber capabilities)
“Several scholars note that “unlike weapons of mass destruction, cyber weapons are an integral part of the commander’s arsenal in conducting force-on-force and asymmetric warfare and will be used in concert with kinetic weapons to soften up the adversary’s defenses. Indeed, there is little question that CFCCs can be deployed in conjunction with other military capabilities—in fact, that is what makes them attractive to use. Like small amounts of investments can create much larger changes in total output of an economy through a multiplier effect, so can the use of a relatively simple CFCC greatly alter the outcome of a conflict.”

In a CON world, we would be at a significant tactical disadvantage. This is bad for several reasons.

For one, it would increase the amount of casualties military operations inflict, as

a.) Our soldiers would be more vulnerable to attack
      &
b.) We would have to rely on more gruesome, kinetic means.

Secondly, it would allow terrorist organizations to evade military action and attack their targets more efficiently, yielding economic destruction and death in their wake.

Third, with having such a military decline, the US won't be taken seriously as a world power when it comes to diplomacy. This is bad, as you can RECALL that "Team Autocrat" is trying to expand their influence.  With Chinese hegemony comes even more violation of international norms on cyberspace accompanied with increased violations of human rights. 

Lastly, it also comes at a cost of increased nuclear proliferation. Believe it or not, cyber operations are one of our best tools to prevent autocratic countries from acquiring nuclear arms. According to the Journal of Conflict & Security Law
“States could conduct cyber attacks to directly damage or disrupt the facilities where nuclear weapons are being manufactured or, if the State in question has already acquired nuclear weapons, to attack other infrastructures in order to persuade it to disarm.”

For example, Stuxnet set back Iran 2 years in their nuclear program according to The Atlantic. “It will take two years for Iran to get back on track,” Langer said in a telephone interview from his office in Hamburg, Germany. “This was nearly as effective as a military strike, but even better since there are no fatalities and no full-blown war. From a military perspective, this was a huge success.”

Back to you, Undefeatable. 




Con
#2
My framework is simple: "PARANOID ANDROID". The nickname from this comes from the essence of the necessity of security. We must enforce trust and alliance with foreign nations. But unfortunately, robots, networks, and drones can only exhibit our intentions and behaviors. We strike unnecessarily at the vague idea of the anonymous hacker. We arbitrarily dehumanize them while calling our operations justified. Yet in reality, looking at the reasoning behind the attacks, the Con framework makes it very clear that we are no more than... PARANOID ANDROIDS. I do not deny that the FBI has stopped some hackers from gaining private information. But I argue that the US's "Paranoid Android" attitude will result in two problematic categories. One, with the US oppressing countries that have no threat, or two, attacking the sleeping giant and provoking greater retaliation. Of course, full-blown warfare was precisely what Pro wanted to avoid, so the latter case is worse. Yet the former case is arguably equally bad because we become no different from our enemies. If they were already defenseless in the first place, aren't we the terrorists?

Voters should note carefully how every country pro lists only enhances the "paranoid" thought set, undermining international relationships and causing distrust among our people, and the foreign countries' people. After all, how can we trust the US government to respect ourselves if they don't respect other peaceful countries?

I. China

An author from Harvard Kennedy school knows what's up with our Paranoid Android here. We're exaggerating the Chinese threat (and to an extent, the Russian threat) and treating them as enemies, but they have no reason to attack us unless we provoke them. In summary, Jon advocates for the US's standard democratic ideals: "To ensure the continued high performance of information technology firms and the mutual benefits of globalization, the United States should preserve liberal norms of open interconnection and the multi-stakeholder system—the loose network of academic, corporate, and governmental actors managing global technical protocols." [1] Also, China is rational and wants its mutually beneficial growth with the US. Both countries are major trade partners, and cutting that off would just destroy the two from the inside slowly.

The further we investigate, the more it's unclear who is the bully and victim here. The US's significant advantage makes me feel like China is unnecessarily suffering here. My expert continues, "The United States conducts its cyber espionage against China, as the Edward Snowden leaks dramatized, which can indirectly aid U.S. firms (e.g., in government trade negotiations). China's uneven industrial development, fragmented cyber defenses, erratic cyber tradecraft, and the market dominance of U.S. technology firms provide considerable advantages to the United States". 

Now Pro's probably like, "That's great! China is zero threat, proving our cyber offense success!" Yet China was already ineffective in essence before the US struck in the first place. Merely our defenses holding in place were enough. Pro claims “Chinese hacking groups have stolen U.S. intellectual property from industrial manufacturers and military contractors.” Yet the amount of this is incredibly insignificant and has no reasoning. The logistics behind the hacking are far more complex than Pro realizes. As Jon furthers: " there is little evidence of skill or subtlety in China's military cyber operations. Although Chinese strategists describe cyberspace as a highly asymmetric and decisive domain of warfare, China's military cyber capacity does not live up to its doctrinal aspirations... the Chinese military is rigidly hierarchical and has no wartime experience with complex information systems. Further, China's pursuit of military "informatization" increases its dependence on vulnerable networks and exposure to foreign cyberattacks." Yet the US's defenses are plenty strong. His news is incredibly ambiguous and illogical as a result. 

Now US implements its PARANOID ANDROID plan, undermining the trust we may have had for each other, causing unnecessary tension. Now China is getting its revenge in other ways-- "China moves to exclude U.S. firms such as IBM, Oracle, EMC, and Microsoft from its domestic markets and attempts to persuade other states to support governance reforms at odds with U.S. values and interests". And we can't just keep pressuring with the cyber offense when we have economics at stake, something on a completely different battlefield. 

So clearly, the US is a Paranoid Android against China and blurs the line of warfare. What's preventing us from being the terrorists, hacking China's private information, and holding it above their head? Not anything. You could argue from self-defense that China's attempt to strike back was perfectly reasonable. We have spent billions of dollars on cyber operations and only ended up with a squabble that lost us the potential of a globalized economy. The net loss must be somewhere in the hundreds of billions of dollars, not to mention we reduce the people's trust. 

II. Russia

The Paranoid Android swings the opposite way for the powerful adversary Russia. We must forgive and forget what has been done to us. Russia holds a significant advantage in cyber warfare. If we continue being angry and vengeful, we are well on our way to a losing war, rather than discouragement. As Wired notes, "the US economy and infrastructure is far more reliant on digitization and automation than Russia's, giving the Kremlin an inherent advantage in any future no-holds-barred cyberwar". [2] But I guess, the correct word is more of "insecure" than "paranoid". Regardless, we haven't tried hard enough with diplomatic power or economic incentives. The idea of "eye for an eye" to stop Russia is ridiculous. Russia would happily tango with us as unlike China, trading is not essential, and the escalation for war is far more costly for both. As soon as we escalate, Russia can do the same. There is no unique benefit we hold over here. And we're just gonna keep building and building up the reasons for warfare, and I'm afraid it won't end as neatly as The Cold War. 

Indeed, as an expert analyzes, even the UK has problems especially with ethics and international relations as it tries to deter Russia [3]. Remember that any of Russia's offenses can also apply to the US -- there is no clear standard or line to determine the true intentions or label for the cyber operation. The research admits that Russia's attacks "can certainly be looked upon from Moscow’s point of view as a necessary ‘defense’ mechanism with the general aim of destabilizing potential adversaries and, in particular, of warding off a regime-destroying ‘color revolution’. Such Russian measures can, of course, also be seen in another light: as aggressive and designed to weaken Russia’s Western opponents so that, in a zero-sum sense, they create latitude for Russia, as a revisionist state, to be a more powerful global player (Adamsky 2018)". From Russia's point of view, they see the same thing as the US sees. So we are stuck in an eternal loop. Some people will be forced to suffer as someone's self-defense. We claim that Russia is bad, but return punch for punch and ironically justify their self-defense in return. 

As an extension, other sources suggest that the US may also unintentionally violate the international rules. Edwin notes, "The United States is only entitled to respond to economic cyber intrusions with countermeasures if it can establish that the intrusions undertook against it breach international law." [8] Yet the economic intrusions often fall into a grey line that is very hard to truly determine. Not to mention that it likely does not violate sovereignty, as it doesn't prevent the US government from executing major functions. By contrast, the US's violation is far more obvious. We are obtaining exact data from China government. We admit to preventing their cyber technology from advancing. It would be much easier to convict us than them.

Thornton wisely realizes that we don't know if the US's true intentions are good or not. While stopping hackers seems good, the extent to our offensive operations has reached too far. Two senior officers in a journal remarked that "the US political and military leaders view the worldwide information environment as a domain of its vital interests and control over it as a way to achieve their strategic objectives of global domination’ (Vorobyov and Kiselyov 2014, 52)". In this essence, we are no more human than our opponents. We think of any means to achieve our desired ends, rather than our upholding of values. The US thinks that Russia is the country that started this, but it is impossible to know for sure. "Heather Dinniss notes, it is ‘difficult to state with any certainty that the entity that appears to be the perpetrator of the attack is, in fact, the ultimate attacker’ (Dinniss 2012, 100). "  

So not only does this destroy any certainty in pro's self-defense idea, this reinforces the problem of "paranoid android". Yes, perhaps Russia is also a paranoid android. But we are no better than them. Pro claims we do not arbitrarily attack them, yet provides no clear rules to determine whether someone truly holds threat, or is merely defending themselves like our own justifications. And the US also runs the risk of falling into the trap of accused of launching a "retaliatory attack", which violates established laws. Soon enough it'll be our allies against ourselves, not just our enemies. Let Russia crumble on their own and expose them for what they're doing. Don't be the same as them and be also confused as a power-hungry country that wants to dominate the world.

Quick Rebuttal: Military Necessity

We are talking about utilitarian benefits. As such, any Kantian "necessary virtue/ideal/practice" is useless. We aren't talking about "what if Cyber offensive operations did not exist". There is no such thing as a "Con world". There is only this world, and arguing about benefits vs detriments. Pro might say: if the US is a paranoid android, we can never use cyber offensive operations. However, it's also entirely possible that all US targets have been wrong thus far and we must patiently wait for the right opportunity. As a result, this argument has almost zero impact whatsoever. Pro says it *could* bring an advantage. I'll buy that. But the premise is not "COULD" the US Cyber Offensive Operation benefits outweigh the harms. So this argument's only practicality is stopping Iran. But this is also meaningless since pro never mentioned any justification for stopping Iran in the first place. Unfortunately, this argument comes down to a big fat zero.

III. Target of Innocents

We have a famous idea in the US: better let ten guilty men go free than one innocent man jailed. Yet the violation of innocent civilians is very clear in cyber operations, especially linking back to international law and personal trusts. Remember: When we harm civilians, we lose our credibility. When we harm bystanders, we become the villain. As ICRC introduces, "Apart from causing substantial economic loss, cyber operations can cause physical damage and affect the delivery of essential services to civilians. Cyber attacks against electrical grids and the health-care sector have underscored the vulnerability of these services." [4] With the lack of clear standards for rules of war, there is little preventing the US from targeting civilians, as we did in the Vietnam War -- with no less than 4 million civilian deaths [5].

In the state of true war, the cyber offensive operations would extend these problems to a widespread rate that would be even harder to detect and make the US responsible for endless deaths. Even if that were decades, the problems continue in areas that are difficult to monitor. Specifically, even Afghanistan had 132 civilians killed last year alone. [6] This may not seem like much, but imagine it was 130 power plants shut down instead. Or electrical grids. In more developing countries near Iraq and Iran, the problem would multiply tenfold as the citizens who already have difficulty accessing resources would be denied all services. If two wars alone aren't enough, just take a look at the Somalia wars. We didn't even care about the airstrike, and only focused on winning the war. [7] All our past examples highlight that we cannot trust the US in wars. This is worse in that it inherently blurs lines and has ambiguous rules. And our ruthlessness would far exceed any mere "stolen personal information" as presented by a pro. If even a handful of innocents die with no true justification, then the war's negatives outweigh the positives. Nothing is more important than one's own life. Not to mention that our proclaimed "deterrence" had arbitrary reasoning, to begin with.

Counter-Plan: Defense

Okay, I hate to copy other people's case, but this was excellent from Speedrace. I will succinctly summarize this. Defense powerfully keeps the deterrence of hackers intact without excuse to make other countries retaliate, or harm innocents, or violate international treaties. One plan finds with even different attackers, defense was able to keep the US safe, achieving pro's desired goals. [9] Another expert raises defense above offense as well, as deception is crucial against attackers. The attack actually has a disadvantage due to forced to being cautious and having to plan out, probing weaknesses and remaining invisible. But the defense is far superior -- "High-reward targets... are more likely to be protected with defensive deception,including both intentional disinformation measures and the de facto complexity of internet-worked targets" [10] . This works both ways. If we're gonna copy the enemy, we might as well do it right. Hide our information and make it difficult to find. We have been wasting too much time being a paranoid android. Be a Smart Android instead. While offense is just a temporary solution with strikes again and again every time a seemingly dangerous threat pops up, defense is far more useful over the long term, as it parries hackers left and right and build upon past code. 

Conclusion

China is too weak, Russia is too dangerous. Necessity does not equal to benefits. US is being reckless and practically violating international law, re-asserting its ruthlessness in war and lack of care for innocents. Surely you can see now why I called US cyber operations belonging to a "paranoid android" category.

Now back to Pro.

Round 2
Pro
#3
Thx, Undefeatable.

OBSERVATIONS:

  • CON drops & concedes PRO’s R1 observation of the dichotomous nature of the resolution. Extend.
REFUTATIONS:

A/2 Framework:

PRO counters CON’s proposed framework of “Paranoid Android” with a framework of Utilitarian Good. 

The VOTER should prefer this framework because CON’s proposed framework is a scramble of ideas that gives no coherent lens through which the voter can view impacts. That we are being overly paranoid is a false assertion, not a weighing mechanism.

A/2 I. China:

“We're exaggerating the Chinese threat (and to an extent, the Russian threat) and treating them as enemies, but they have no reason to attack us unless we provoke them.”

  • The source never says that China won’t attack (in fact it says that they have been and will continue to attack), only that it doesn’t cause any “real harm,” to which PRO disagrees.
  • PRO (& most experts) disagree with CON’s source on the scope of the issue. While certainly not a “catastrophe,” China is a larger problem than the source acknowledges according to those working in the field of national cyberdefense. 
In the status quo, White House officials calculate that Chinese hacking has cost the United States more than 57 billion dollars annually, and they expect this number to grow if nothing is done. 

Moreover, according to the NSA: These networks often undergo a full array of tactics and techniques used by Chinese state-sponsored cyber actors to exploit computer networks of interest that hold sensitive intellectual property, economic, political, and military information,”

At one point, China hacked Equifax, stealing the personal information of over half of all Americans. 

  • Even if CON’s source is correct that severe harm won’t be caused, there is still harm being caused and China is pushing for it to be acceptable internationally. This means that in the long run, smaller harms will compound & amount to larger impacts.
  • The idea that, given no retaliation from the US, the Chinese would stop their barrage of cyberattacks on their own is foolish. The entire appeal to cyberattacks is that they are so cheap to create and use that it doesn’t matter how good a nation’s cyberdefenses are: one breach yields a net profit. 
Before CON counters that the US’ trade partnership with China prevents Chinese hacking, there are a few reasons why China will continue to attack unless you affirm:

1. China will continue to target the US as long as they can get away with it with no repercussions. As long as it is more profitable than not, China will do it, and China HAS been doing it. CON will say this is proof of failure of the new 2018 cyber strategy, but the US hasn’t actually been following through on its 2018 cyber strategy as of yet. If you affirm, they will actually make use of the strategy as they will now be “using offensive cyber operations.” Additionally, coercion takes time. We have to wait for true results to show, as geopolitical strategies are designed to play out over the course of decades.

2. China is looking to shift their economic ties to Europe in order to spread their influence (in fact, just last year “China pushed past the United States in the third quarter to become the European Union's top trade partner”).

  • Even if China weren’t attacking anyone of their own volition, RECALL & EXTEND that “the US will be hacking willy-nilly. In fact, the new “defend-forward” strategy is largely self-defensive” If China isn’t attacking, we won’t respond under the strategy, negating CON’s impacts.
“Jon advocates for the US's standard democratic ideals"

  • VOTER, turn this point in PRO’s favor. RECALL & EXTEND PRO's Contention 2: CON makes enforcing international norms and upholding democratic ideals impossible as they promote free violation of those ideals.
“China is zero threat/weak”

  • China’s weakness has not stopped them from attacking the US and doing plenty of damage because it continues to be profitable for them. Until we make it unprofitable, nothing will change.
  • This is actually a reason to vote PRO. If China is weak that means an offensive strategy will be even more effective because the US is the strongest power of the two and can more easily deter China.
  • Even if you don’t buy any of that, China will be a greater threat in the future as their technology develops. We forget that in 1980 China had an economy about the size of Mexico. Their development has been astoundingly fast-paced.
“China was already ineffective in essence before the US struck in the first place. Merely our defenses holding in place were enough.”

  • The US is adopting offensive operations as a retaliation to Chinese & Russian aggression. Remember that this strategy only first appeared in 2018. China is the aggressor in this relationship, and they won’t stop until we stop being complacent.
“The logistics behind the hacking are far more complex than Pro realizes. As Jon furthers…”

  • Turn this point. If China is weak and unable to respond well to American retaliation, then PRO’s case is made even stronger. 
  • PRO’s source only establishes that the Chinese military has kinks to work out, not that this data isn’t useful or able to be manipulated to the Chinese advantage as nearly all cybersecurity experts acknowledge (If it weren’t, China wouldn’t be targeting the US). 
  • RECALL & EXTEND: “China will be a greater threat in the future as their technology develops. We forget that in 1980 China had an economy about the size of Mexico. Their development has been astoundingly fast-paced.”
“Now China is getting its revenge in other ways-- "China moves to exclude U.S. firms.”

  • CON openly concedes that China is pushing a global agenda counter to US interests, backing up PRO’s 2nd Contention.
  • There is no link. China was the aggressor, undermining the notion that this is a retaliation instead of a move to garner more soft power as his source indicates. These moves need to be shown to be the direct result of US offensive cyber operations. CON can not demonstrate this.
  • Even if this was a direct retaliation to cyber operations, CON has openly conceded that China is not in the same cyber league as the US and thus it follows that China would back off should the US apply sufficient pressure.
“We have spent billions of dollars on cyber operations and only ended up with a squabble that lost us the potential of a globalized economy.”

  • Cyber operations protect a globalized economy from sabotage, they do not shut it down. 
  • There is no warrant for this impact. That which is asserted without evidence can similarly be dismissed without it.
A/2 II. Russia:

“Russia holds a significant advantage in cyber warfare...As Wired notes, "the US economy and infrastructure is far more reliant on digitization and automation than Russia's, giving the Kremlin an inherent advantage in any future no-holds-barred cyberwar"

  • First, you can turn this point. CON assumes that an offensive posture leads to a full on cyberwar. In reality, if cyberwar with Russia is to be avoided, you should prefer a PRO case because our posture is exclusively retaliatory, preventing escalation to that point.
RECALL: Fifth Domain furthers: “The idea is that you gain access, then camp and wait for when intelligence sources tell you that something nefarious might come out of a given network.” If that intelligence is credible enough, you strike, sending a clear message and disabling your opponent.”

In a PRO world, Russia knows the only reason they are being attacked is because they were about to do something nefarious to the US. This is a direct incentive to alter their behavior because it makes aggression extremely costly. This works even better if we utilize reversible strikes paired with diplomatic negotiation. 

RECALL: Fifth Domain furthers: “Sanctions are inherently public, which leads to additional reputational costs for the aggressor if it backs down post-action. The value of (cyber operations) is that these activities could potentially take place in a covert manner, making it easier for a leader to save face,”

Even if this didn’t work with the US alone, RECALL that “deterrence by the entire 29 members of NATO will.”

  • Even if you buy none of that and agree with CON that tensions will rise further in a PRO world, this is nonunique because on the CON side, CON allows Russia to attack freely and violate international norms, escalating tensions further as well. Even worse, Russia is actually directly incentivized to attack in the CON world because:
1. US retaliations would be kept to inherently open acts that require Russian responses to save face (i.e. sanctions, public condemnations, military shows of force). This reduces the Russian incentive to negotiate and raises the incentive for Russia to respond. 
2. The US has far less leveraging power because they are seen as militarily inept. RECALL & EXTEND PRO’s 3rd Contention. 

“From Russia's point of view, they see the same thing as the US sees. So we are stuck in an eternal loop.”

  • We can trace back who the instigator was: the US hasn’t introduced an offensive cyber posture until 2018 directly in response to the attacks China and Russia have been instigating upon the US. With Russia targeting first, this shatters CON’s claim that Russia sees this as a means of self-defense. From their point of view it is a means to the end of weakening the US, as CON’s source even concedes is a good possibility. This is also backed up by the fact that most of Russia’s attacks have been made with the clear goal of eroding democracy in the US and inciting instability, such manipulating our election’s outcome on multiple occasions. This has no use in self-defense, only in the self-destruction of a rival.
  • Regardless, this can not be an eternal loop because all decisions made by any nation include a cost-benefit analysis. If the US makes it more costly to be aggressive than to not, Russia will alter its behavior.
“Edwin notes, "The United States is only entitled to respond to economic cyber intrusions with countermeasures if it can establish that the intrusions undertook against it breach international law.”

  • First, it is extremely easy to show that China and Russia’s behavior violate international norms, legitimizing a US response RECALL & EXTEND that China is costing the US billions with their hacks and Russia is undermining the democracy of the US and both are undermining US national security.
  • Second, realize that if their offensive actions do not constitute a use of force or violate international law, neither do ours (especially given that they are a response to previous attacks). This is backed up by many scholars:
The literature is not settled as to whether merely establishing a position to degrade ongoing adversarial cyber actions – rather than the degradation itself – constitutes a violation of sovereignty. The United States would have a strong argument that mere positioning against persistent adversarial campaigns does not raise sovereignty issues.”

  • Third, turn this point in PRO’s favor. RECALL & EXTEND PRO’s Contention 2: China & Russia are eroding international law & norms, and without an enforcement mechanism they will disintegrate. 
“Thornton wisely realizes that we don't know if the US's true intentions are good or not.”

Turn this point, VOTER. US hegemony should be preferred on all fronts. US hegemony has led to:
1. the highest rise in democracy in human history.
2. a worldwide acceptance of upholding human rights.
3. unprecedented economic growth.
4. the longest world peace in history.

“The US thinks that Russia is the country that started this, but it is impossible to know for sure. "Heather Dinniss notes, it is ‘difficult to state with any certainty that the entity that appears to be the perpetrator of the attack is, in fact, the ultimate attacker’ (Dinniss 2012, 100).”

  • We know for a fact this was not initiated by the United States.
  • Turn this point because PRO allows us to better identify perpetrators by scouting their networks for nefarious activity.
Military Necessity Defense:

  • CON’s argument here falls flat on its face. Nothing said invalidates this contention, as it includes numerous utilitarian benefits.
A/2 III. Target of Innocents:

  • Innocents will not be targeted by the very nature of the strategy. RECALL & EXTEND that the US is not hacking willy-nilly.
  • We aren’t going to start killing people because it’s not tenable as a strategy for deterrence. There are extensive hoops to jump through in order to authorize a cyberattack. No one will authorize the US to murder civilians because it will destroy any possibility for slow but steady coercion.
This is especially true since the US does not need to do this to achieve the results they want. RECALL & EXTEND that the US targets the infrastructure hackers use specifically (And no, hospitals are not sharing the same computers of government hackers in Russia and China).

A/2 Defense CP:
“The United States of America is one of the nations that is encountering a huge amount of cyber attacks every year. That is the reason around 58% of the digital security organizations are situated there and endeavor to discover better approaches to battle with the most recent attacks.”

  • If a defense only strategy was enough, then for the past 20 years the US would’ve had no issues. Only until around 2018 did we have a comprehensive offensive strategy, so before that we had plenty of time to try out CON’s defense strategy. In sum: it doesn’t work. Hacks cost the US billions a year, and whenever we increase our defensive capabilities China & Russia find workarounds.
  • What we need is a mix of both offensive & defensive capabilities. James Andrew Lewis writes:
“All cyber defence usually means is a bigger Computer Emergency Response Team, more technicians, essentially a Maginot line approach… A purely defensive approach cedes the initiative to the opponent and leaves the defender in a reactive posture. No military would choose that.”

  • A union of defensive capability & offensive operations allow us to gather intel on our opponent’s weapons to then counter them. 
As Politico cites in 2015: 
"If you know much about it, [cyber is] very easy to defend against," said Michael Daniel, a special assistant to the president and cybersecurity coordinator at the National Security Council. "Therefore, that’s why we keep a lot of those capabilities very closely guarded."

If we can gather intel ahead of time, our opponents will be that much easier to defend against. Ironically, this also means CON’s defense-only approach makes our defenses even worse. The CON world allows our opponents to probe our defense on the cheap, and when they inevitably find a way through our defenses there is nothing we can do to counter it because we will have no intel on their weapons.

Back to you, Undefeatable. 








Con
#4
COO = US Cyber Offensive Operation
CDO = US Cyber Defensive Operation

Objection to Pro's dichotomy

Pro splits his main proposition and support into two sections (the opening, and military necessity). Do not be misled--they are the same argument. He only believes there can be cyber operations or there can be no cyber operations. His military necessity gives the illusion that he has unbeatable support. But Pro does not. Pro's logic and claims:

- COO's are necessary for this day and age. (Pro and Con both agree with this).
- Con believes there are more detriments than benefits. Therefore Con's world does not use COO's. (Con disagrees with this. Con argues that you must smartly protect yourself against unforeseen risk. Any attacks must also balance out with the damage to security, justice, and trustRemember that Pro's benefits must outweigh the negatives by at least tenfold, due to the famous quote "better ten guilty men go free than one innocent jailed".)
- The way that the US uses Cyber operations is practical, logical, such that it resonates with the necessity. (Con disagrees with this)

If there are two worlds, Pro's world is the one where we accept the US's ruthless and cruel cyber operations. And Con's world is one where the US carefully decides based on strict regulation, international laws, respecting boundaries, and making careful decisions. So he must prove why the prevention gives us an excuse to kill innocent civilians and attack morally ambiguous countries, or even dangerous ones.

Pro must prove that the US's cyber operation is *uniquely* necessary for the United States. Russia, China, and the rest of the US's enemies can use the same justification to support their ideals. And therefore the US is actively obstructing other countries from executing necessary functions for their gov. So his argument backfires and proves the "Paranoid Android" mindset.

Now onto my defense.

I. China

Pro's source only highlights the US's faults and corruption. "In dozens of interviews with U.S. gov... officials involved in commerce with China said hacking and theft were an open secret for almost two decades, allowed to quietly continue because U.S. companies had too much money at stake to make waves." Yet another source that proves the US is harming its own citizen's trust and security. Next, his NSA article focuses on defense rather than attack, bringing little to no weight to his *offensive* side of the premise. 

Similarly, Equifax seems to be a severe case but has no logic for us to strike back in advance, nor retaliate at all. The Senate itself was forced to admit our security holes. "Equifax learned of significant cybersecurity deficiencies in 2015, two years before the alleged Chinese hack. “[1] 2015 security audit identified more than 8,500 vulnerabilities that Equifax employees failed to address for more than 90 days beyond the recommended patching timeframe,”... " [1]. Equifax "had no formal method for validating the successful installation of patches". Not only so, "CISO did not regularly attend the “global threats and vulnerability management” meetings where security vulnerabilities were discussed (like Apache Struts) and Equifax had no policy regarding mandatory attendance." It could've been anyone. We attack China because they already did it. But while we are neglecting our security system, any of our enemies could access our systems. Not to mention terrorists belong to any country. This is non-unique to China and only bolsters my Defense argument. Would Pro rather we keep attacking China, while an Indian man hacks into Equifax's weak system? Our target is illogical here.

So as Pro tries to prove that we will stop China, we neglect our defenses against hackers in general. The "Paranoid Android" is so focused on its attack we lose our enforcement of user data. And this further loss of data is even worse than what four Chinese agents can manage. If we don't solve the common source of the problem -- our weak defense -- we can never gain our people's trust. Based on Pro's ideals, we'd just be attacking country after country, unable to stop malicious people in general. If Equifax had enforced its cybersecurity in the first place, we would've avoided this whole problem.

Pro claims: "CON makes enforcing international norms and upholding democratic ideals impossible as they promote free violation of those ideals."

But clearly, this is absurd. Let me lay it out even more clearly why Pro's logic is problematic.
1. US Defenses is Weak if we focus only on Attack (Proved by Equifax)
2. Arbitrary country X continues attacking the US (Pro thinks China is the sole problem, while it is not)
3. We hinder only country X from attacking the US (Why solve problem 2, rather than solve problem 1)?

Pro's adherence to solving P2 makes P1 continue. And hence P2 will merely continue with even more enemies of the US. Unless Pro has a way to make everyone US's friend, it seems more reasonable to solve P1 than P2. Common sense proves that solving 1 will uphold the democratic ideals ("protect people's data in general") far better than solving 2 ("preventing a specific criminal from violating people's data").

Regardless of whether China is a threat or not, the fact that remains that our efforts remain futile. Regardless of whether because of the Chinese's stupidity or equal ruthlessness matching the US, even if we accept that the US spends billions of dollars fighting China, we haven't seen any actual results. With this ridiculous back-and-forth, we are going nowhere. Despite our power, we have nothing to show for it. The US and the FBI are so focused on China in specific, you could get rid of the country name. Studies will still highlight the fact that we lack a comprehensive answer to espionage and private information in general. [2] It's a Paranoid Android versus a Stupid Android in the end. 

II. Russia

Pro claims that the US holds a unique... moral? Political? Help me out here. Some kind of unique metaphysical sphere that justifies the cyber operations. He says: 

"Even if you buy none of that and agree with CON that tensions will rise further in a PRO world, this is nonunique because, on the CON side, CON allows Russia to attack freely and violate international norms, escalating tensions further as well. Even worse, Russia is directly incentivized to attack in the CON world because:
1. US retaliation would be kept to inherently open acts that require Russian responses to save face (i.e. sanctions, public condemnations, military shows of force). This reduces the Russian incentive to negotiate and raises the incentive for Russia to respond. 
2. The US has far less leveraging power because they are seen as militarily inept."

Notice how the second point is not sourced and thus can be dropped.

Pro claims our COO's begun in 2018, but this is not the case. We had already declared our right to use it in 2011: "When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country...." [3] with countless cyberattacks beginning around that year. I don't know what Pro is talking about. 

Next, Pro commits the fallacy of composition, saying that merely because the US has caused a significant change in the world, that each action it does is by default justified and reasonable. This is of course nonsensical. The US isn't a perfect country in all aspects. 

To address these:
1) "The paradox is that the US is the main promoter and defender of last resort of the new global ‘order’, which at the same time is restricting its margins for sovereign action. The ‘democratic empire’ is thus fostering the rise of democratic hegemonism at the expense of a ‘US hegemonism’." [4] In other words, US hegemony is not necessarily the same as democracy, nor identical. Pro also assumes that democracy is by default good. But this is also backed by no sources. 
2) Norms are often contested and weakly enforced for the most part [5]
3) China is ironically regaining power and contesting to replace the US as the leader in economic growth [6]
4) Even Wiki says "Major factors cited as reasons for the Long Peace have included the deterrence effect of nuclear weapons, the economic incentives towards cooperation caused by globalization and international trade, the worldwide increase in the number of democracies... peacekeeping by the United Nations." Nothing about the US being the sole cause or upholding.

Regardless... US's management to uphold democratic values does not automatically mean its decisions are a godsend. I dismiss this argument.

III. Killing of Innocents

Since when is it necessary to kill 4 million civilians in the Vietnam war? Extend all arguments about the US's ruthlessness and carelessness to win any war by any means necessary. Thousands of innocents will be harmed as a result of carelessly using COO's. We cannot continue this attack.

IV. Defense

Pro once again misses out on my point that investing in defense is far superior. Under the current application of COO, the results are appalling. All advantages of defense are still standing. If one needs more support, Belfer Center helps out. The article further notes that over-attacking creates vulnerabilities, is incredibly complex, and has difficult kinetic effects to manage. [7] Notice how Pro dropped the point about Iran. This is because it was not a success. My source notes "An empirical analysis of the Stuxnet cyberattacks on Iran’s nuclear enrichment facilities shows that Stuxnet likely cost the offense more than the defense and was relatively ineffective." It even further supports my international relationships.

 My core point wasn't strictly "who is going to get indicted", it is who receives greater international pressure. As the source states, "Making COO's a national priority can increase instabilities in international relations and worsen national vulnerabilities to attack". The one country that is democratic and more desiring to lead with allies in play would arguably have much more at risk than the country that doesn't care. And thus the solution is not about attacking but rather going on the defensive. "The offense-defense balance can be assessed only for specific operations, not for all of cyberspace, as it is shaped by the capabilities of adversaries and the complexity of their goals in any conflict. When it comes to exerting precise physical effects, cyberspace does not offer overwhelming advantages to the offense. "

Pro thinks that our world and my world are "nonunique" but misses out on the possibility of diverting the majority of resources to defense. Both Pro and Con agree that COO's can be beneficial. Con disagrees with the US's current methods.

For every point Pro made, it only helps the Con case. Think about it this way:
  1. Pro presents another country that rivals the US's cybersecurity
  2. Pro justifies our attack on a moral basis, which we both agree on
  3. Pro doesn't say anything about our actual successes or deterrence 
  4. Ironically, Pro lists more attacks from the opposing countries to prove that they won't stop
  5. Pro thinks escalating further will eventually lead to a breaking point. But even if we accept his 2018 timeline, two years seems absurdly long for such tension.
  6. Continuing this tension will only lead to further lost finances. It seems illogical that foolish China and relentless Russia will stop. Under Pro's world, we won't stop. Why will they?
Russia, China, any of the US's enemies are all equipped with the best technology. We have evenly matched footing for footing. Under current circumstances, we expose our vulnerabilities. If we wait for them to strike -- like in Equifax -- we also give them a chance to fix their problems as well. If we focus most of our efforts on a concentrated defense, we can create far more benefits overall. 

As The Guardian realizes, "The US has by far the most extensive and aggressive intelligence operation in the world. The NSA’s budget is the largest of any intelligence agency...". [8] Yet somehow, we are still struggling to keep companies safe and our country secure. The US's budget is severely disproportionate with regards to the offense. Currently, we spend twice to even three times the amount on offense on defense. Both pro and con can agree to a balance. So if the balance is better than the status quo, then we are wasting money and effort. An extra 30% on budget spent on offense than necessary is an extra 30% went to generating more detriments in the system. 

Now I will admit, the itinerary for the plan gives the illusion that the beginning is in 2018 as Pro remarks.

 "RAISE, 2.5x Budget on Attack; All in." DoD states with this action. Pro is trying to support that bet. But DoD sadly ignored the true cause and ignorance of the defense. Guardian furthers, "During the audit of its network, it uncovered the Orion vulnerability and alerted the US gov. Why don’t organizations like the departments of state, treasury, and homeland security regularly conduct that level of audit on their systems? The gov’s intrusion detection system, Einstein 3, failed here because it doesn’t detect new sophisticated attacks – a deficiency pointed out in 2018 but never fixed". 

In addition, Guardian notes an example where defense is sacrificed for the offense: "In the interests of surveillance, the NSA has pushed for an insecure cellphone encryption standard and a backdoor in random number generators ... another hot point where attack and defense [conflict]. In other words, we allow for insecure standards and systems, because we can use them to spy on others." At the cost of our security, we try to gain an information advantage. 

This combines with my moral ambiguity argument to turn against Pro's international norm argument. Yes, the US must enforce a cyber norm. But why is retaliating against attacks the norm? As CFR notes, "for others, efforts at persuasion have been damaged by the exposed gap between U.S. rhetoric and actions. At the very least, other states must be persuaded... The disclosures, however, reinforced the view of many states that the United States disproportionately benefits from an open, global, and secure Internet[.] [It] is only committed to these values to the extent that they further U.S. economic, political, and military objectives." [9] In common sense, it is better to strengthen oneself first before devoting all resources to preventing one area of attack. Russia's attacks are difficult to justify, but so are ours. Pro would dismiss the two officer's claims based on US Hegemony but fails to connect this with the US's national interest. CFR furthers that if the US would just slow down, work together with other countries, and make its standard stricter, we would see the US in a more credible light. The US on its own may be a strong power, but it is only logical that we are stronger together. 

Conclusion: Now, remember what I said about Paranoid Android? The US sees one attack and goes crazy while ignoring its own mistakes. It uses the attacks as leverage to pursue questionable interests. And hence our allies see how paranoid we are. Our citizens worry about our security and under-staffed defense. And even enemies raise eyebrows, wondering why we are just like a Russia 2.0. There's no significant difference between us and them.




Round 3
Pro
#5
Thx, Undefeatable.

REFUTATIONS:

A/2 Objection to Dichotomy:

CON objects to PRO’s characterization of the resolution as a dichotomy, but his objection ultimately only amounts to a failed attempt to introduce a counterplan. The resolution sets itself up to be a dichotomy:

“Resolved: The benefits of the United States federal government’s use of offensive cyber operations outweigh the harms.” 

PRO is arguing that the benefits of using offensive cyber operations outweigh the harms, and CON is arguing that the benefits of NOT using offensive cyber operations outweigh or are equal to the harms. In other words: his counterplan of cautious use of offensive operations is simply the PRO case reworded. This instantly loses CON the debate, then, because it means that CON agrees offensive cyber operations are a net benefit to be used.

A/2 China Defense:

"Yet another source that proves the US is harming its own citizen's trust and security." 

First off, this greatly enhances PRO’s case and hurts CON’s: CON is not only conceding that China substantially hurts the US and its citizens, but they concede that non-action makes the problem worse. The VOTER can fully drop CON’s 1st Contention and extend PRO’s 2nd Contention: we need to fix this problem through proactive means. 

And let’s be clear: the quote does not actually reflect US corruption at all. Note that CON blatantly lies about the source’s original meaning, as he cuts crucial phrases out of the quote. The government wasn’t deliberately trying to throw these problems under the rug, in fact quite the opposite: they wanted to take action, but businesses wouldn’t comply, thinking it would hurt them. 

And as the source notes later on, this was a miscalculation that is now leading to massive losses: “Companies are facing hundreds of millions of dollars in future losses from the theft, and U.S. officials say they are years behind trying to tackle the problem.”

In essence, CON has demolished all of their own warrants and this contention falls. 

“Similarly, Equifax seems to be a severe case but has no logic for us to strike back in advance, nor retaliate at all. The Senate itself was forced to admit our security holes...we are neglecting our security system, any of our enemies could access our systems.”

CON again concedes that China poses a substantial threat, undermining their own contention, and uses this concession to attempt a turn on PRO’s argument: that by addressing these threats by using offensive operations, we are sacrificing our defense and leaving ourselves vulnerable. 

Unfortunately for CON, his turn fails. Not only does CON never demonstrate that there is a tradeoff of defensive capabilities happening in a PRO world, Equifax’s security issues reflect what PRO has been saying all along: a defense only approach won’t cut it. In 2015, we were most focused on cyberdefenses to mitigate attacks. We had the security regulations in place (note that all of CON’s sources state that this problem was preventable if Equifax simply followed existing protocol). Equifax spent hundreds of millions on security a year. Yet China freely breached them. Just one bug, just one improper implementation of protocol, just one vulnerability, and we can be exploited at massive costs. RECALL & EXTEND: The entire appeal to cyberattacks is that they are so cheap to create and use that it doesn’t matter how good a nation’s cyberdefenses are: one breach yields a net profit.

In other words: focusing solely on defense ultimately does little because humans are imperfect. A larger response team, more security regulations, all it accomplishes is to make China’s job marginally harder but ultimately still profitable. What we need to do is combine defensive and offensive capabilities. RECALL & EXTEND all of PRO’s points last round regarding this. 

“1. US Defenses is Weak if we focus only on Attack (Proved by Equifax)”
 
It is true that if we only use offensive cyber operations our defenses will be weak. PRO fails to see how this helps CON, as PRO never proposed we use an offensive only strategy.

“2. Arbitrary country X continues attacking the US (Pro thinks China is the sole problem, while it is not)”
 
CON blatantly lies and suggests that PRO only considers China a threat when PRO’s case explicitly points to many actors as threats (not to mention the numerous qualifications PRO gave that the US will target any actors that are notable threats. Our focus isn’t limited to one country at a time).
 
“3. We hinder only country X from attacking the US (Why solve problem 2, rather than solve problem 1)?”
 
CON concedes that offensive cyber operations prevent attacks from target actors, essentially conceding the links to PRO’s 2nd Contention and allowing a full overturning of their case. 

“Pro's adherence to solving P2 makes P1 continue. And hence P2 will merely continue with even more enemies of the US.”

CON is grasping desperately at straws. They’ve conceded that offensive operations work to deter nations from attacking, but try desperately to limit PRO’s impact by saying we could only focus on one nation at a time. CON doesn’t substantiate this claim, and it’s clear why: there is no evidence that this is the case. RECALL that offensive cyber operations are dirt cheap to undergo. 

“even if we accept that the US spends billions of dollars fighting China, we haven't seen any actual results. With this ridiculous back-and-forth, we are going nowhere. Despite our power, we have nothing to show for it.”

CON attempts to argue that the strategy is failing. 

Several responses:
a.) The US hasn’t actually been following through on its 2018 cyber strategy as of yet. If you affirm, they will actually make use of the strategy as they will now be “using offensive cyber operations.”
b.) Coercion takes time. We have to wait for true results to show, as geopolitical strategies are designed to play out over the course of decades.
c.) Even if the results are negligible, it is still preferable to a CON world in which we abandon any forces of deterrence. 

A/2 Russia Defense:

VOTER, notice how CON completely drops PRO’s refutations about how offensive operations actually lower tensions in the long run. Freely extend PRO’s 2nd Contention.

“Notice how the second point is not sourced and thus can be dropped.”

CON has no meaningful response to this point. Freely extend. The US will be throwing away military capabilities that even CON himself recognizes are “necessary,” leading to the US military being both perceived as and reduced to inept. 

CON also drops the first bullet. Freely extend. 

“Pro claims our COO's begun in 2018, but this is not the case. We had already declared our right to use it in 2011”

CON ignores that 2018 was the first time we officially integrated offensive cyber operations into our cyber strategy and removed much of the red tape that prevented them from being used on any meaningful scale

“By 2013 U.S. networks were already under constant attack from sophisticated nation-state actors. Hackers stole millions of sensitive records from the Office of Personnel Management, gained access to White House networks and destroyed dozens of computers at Sony Pictures from thousands of miles away.

But the Department of Defense’s own cyber teams couldn’t hit back or work on enemy networks abroad because, officials said, the rules for such operations were incredibly stringent. In fact, one U.S. senator said DoD didn’t conduct an offensive operation for five years.”

“Next, Pro commits the fallacy of composition, saying that merely because the US has caused a significant change in the world, that each action it does is by default justified and reasonable.”

CON blatantly lies about PRO’s arguments. PRO didn’t say the US was perfect, PRO said that US hegemony and enforcement of international norms is to be preferred to a CON world where abusive autocratic rule is supreme. CON must show specifically why autocracy is to be preferred or their point here is moot.

“1).... In other words, US hegemony is not necessarily the same as democracy, nor identical. Pro also assumes that democracy is by default good. But this is also backed by no sources.”

What CON’s quote actually means is that the US is selflessly sacrificing its own hegemony for the rise of global democracy, something totally unprecedented in human history. 

CON challenges whether democracy is to be preferred, but preferring democracy is indisputable on moral and economic fronts. 
  • Democracy prevents oppression by giving all citizens a voice in the governing system, whereas autocracies allow the free oppression of groups of minorities. 
  • Democracies are much less likely to wage war because the citizens outweigh the power hungry elite. 
  • Democracies are inherently interested in lowering poverty and increasing quality of life because the will of the people always is oriented towards such goals. 
  • Freedom House notes:
World Bank and Freedom House data show a strong correlation between democratic institutions and respect for human rights on the one hand, and better conditions for business on the other.”

“2) Norms are often contested and weakly enforced for the most part [5]”

Hence the need for the US to step up. 

“3) China is ironically regaining power and contesting to replace the US as the leader in economic growth [6]”

China is focused on its own growth and successes, while the US has a clear and indisputable interest in reducing poverty internationally. 

“4) Even Wiki says… Nothing about the US being the sole cause or upholding.”

It is true that the Long Peace is due to a combination of factors, but all these factors can be traced to a world order in which the US is the head (Pax Americana), or the directing force. 

How the US relates to nuclear weapons needs no elaboration, and the US has spearheaded globalization with their capitalistic economy and democratic values, allowing their free enterprise to flourish and dominate global markets. The US is responsible for the UN’s founding,  spearheads the UN peacekeeping efforts and founded the WTO and IMF, allowing globalization efforts in the first place.

Notice that CON openly concedes here that increased numbers of democracies have led to the Long Peace. 

A/2 Target of Innocents Defense:

CON drops all of PRO’s R2 refutations. Extend. 

CON’s objection here only applies should the US be waging war, which is precisely what this strategy prevents. 

Regarding warfare specifically, a lack of offensive cyber operations actually make wars more brutal as we must rely on kinetic means to take out enemies rather than simply disabling infrastructure at cheaper cost to everyone involved. 

A/2 Defense of CP:

CON completely drops that:
  • We tried the defense only strategy but it failed miserably.
  • If we can gather intel ahead of time, our opponents will be that much easier to defend against. 
“Notice how Pro dropped the point about Iran. This is because it was not a success.”
CON gives this empty claim with absolutely no evidence. CON needs to show how a relatively inexpensive strike which set back Iran’s nuclear program for 2 years was a failure when it has been called a “huge success” by experts

“Making COO's a national priority can increase instabilities in international relations and worsen national vulnerabilities to attack”

CON does not demonstrate any meaningful tradeoff between offensive and defensive capabilities, he only says it exists. The US already has about 60% of cyber defense firms under its belt, and as the importance of cyber security increases, it is basically a given that funding for increased cyber security capabilities will coincide with increased offensive capabilities. There is no reason the two can’t coexist. 

Regarding international relations, first realize that the US is working closely with allies and reinforcing bonds through this strategy, not destroying them.

According to DefenseOne in 2019, the cyber strategy is helping ties with NATO. NATO members have already “agreed to integrate national cyber capabilities or offensive cyber into Alliance operations and missions.” This partnership will foster unity between NATO members instead of division. 

According to Gary Brown, a senior legal counsel for Cyber Command: 
“The official said that despite potential friction, DoD is working with allies and partners daily. “The good news is that in almost every situation I can think of, U.S. Cyber Command is working closely with someone else — a foreign partner or ally, another U.S. agency, you name it — to support operations. They work hard at those relationships every day,”

Second, realize that these offensive operations are paired with diplomatic appeals to coerce nations to follow international norms. According to Cyberscoop in 2018, “the US is appealing to the UN in hopes of “restarting talks on global cybersecurity norms.”

“If we wait for them to strike -- like in Equifax -- we also give them a chance to fix their problems as well. If we focus most of our efforts on a concentrated defense, we can create far more benefits overall.”

If Russia and China can attack the US while fixing vulnerabilities, CON needs to demonstrate why the US can’t do the same.

“The US's budget is severely disproportionate with regards to the offense. Currently, we spend twice to even three times the amount on offense on defense.”

CON’s source compares general “defense” spending by the DoD (literally all military spending) to general “intelligence” spending by all US agencies combined (this means anything from an analyst to James Bond to a hacker) and only compares the RATE of spending increase as a percentage. It doesn’t at all note total spending amounts (the DoD spends about 1 trillion vs. the measly 70ish billion noted by CON’s source on intelligence agencies.)

I’m not sure how many more layers of wrongness this claim can have. 

CON gives some random example of our defenses failing which is basically the same deal as the Equifax case: this just shows that human error and lack of enforcement plague efforts of cyber defense. The regulations to prevent it were in place, just not followed.

“At the cost of our security, we try to gain an information advantage.”

CON simply implies this is a bad thing but never shows why. These backdoors allow intelligence organizations to fight criminal organizations as noted in PRO’s 1st Contention.

“Yes, the US must enforce a cyber norm. But why is retaliating against attacks the norm?”

This isn’t at all the norm the US is trying to uphold. The US’ literal stated intention is to form a faction of states that use offensive operations as a means to punish those who attack them first, leading to a cyber culture of restraint. When opposing states stop attacking, the US will stop retaliating. Simple as that, really.

Back to you, Undefeatable. 





Con
#6
Pro’s dichotomy

Pro thinks that investing the vast majority of budget on defense is somehow not a counterplan. Not only so, but he continues falsely accusing me of desiring zero offense. Let’s continue with the gambling analogy. US’s use of COO is similar to Uncle Sam investing 2.5x amount into the offense as defense into his bet. Now the other players at the table are getting angry, threatening violence, and we waste vast amount of money.

Pro says that since this gambler lost billions of dollars, we should never gamble. Ever. We are not talking in an ideal world where Uncle Sam hits the sweet spot by investing 50-50 with an Offense/Defense split, or even a more extreme reversal with 2.5x put into defense. My world with regulated and careful betting is far more beneficial than pro’s case. Pro thinks that the Con case is investing 0$ into offense, but there is nothing that says this. Remember that this is a practical debate talking of the US’s current budget and actions. Not a moral debate where we consider if any offense was required at all.

Think about it this way. Assuming the US budget is only 100$, and only required 50$ for offense, yet we invested 70$, we unnecessarily lost 20% of our budget on the spot, which is a net detriment. In addition, we had only invested 30$ for defense, further losing 20% of the potential budget that could’ve been allocated there. Does this mean we should invest 0$ in the offense? Surely not. In the Con world, we invest less than 50% of the budget on offense, balancing things out and producing a satisfactory result economically. My argument looks forward in the long term. We should cut the offense budget and bolster the defense budget to save our economy and our cyber operations overall. 

So Pro’s fallacy of false dichotomy falls through.

China

“ We had the security regulations in place ... Equifax spent hundreds of millions on security a year. … RECALL & EXTEND: “The entire appeal to cyberattacks is that they are so cheap to create and use that it doesn’t matter how good a nation’s cyberdefenses are: one breach yields a net profit.”

Firstly, note that Pro’s source does not address the problems that occurred in 2015, and rather our investment of money into Equifax that had come too late (*after* the incident). Pro cleverly tries to turn my argument against me, but completely drops US’s corruption and inside allowance of this attack in the first place.

Recall: officials involved in commerce with China said hacking and theft were an open secret for almost two decades....

Recall: Equifax "had no formal method for validating the successful installation of patches". Not only so, "CISO did not regularly attend the “global threats and vulnerability management” meetings where security vulnerabilities were discussed (like Apache Struts) and Equifax had no policy regarding mandatory attendance." 

Pro says no defenses are enough. But I see little logic to that statement. The officers in commerce were part of our internal issue. Equifax did not enforce its security by visiting the CDO related meaning. Pro thinks Equifax’s defenses were excellent, but I’d say they abused the budget by refusing to fix the 8,500 vulnerabilities in place. His source links to the 2017 Equifax failure and admits that proactive security measures would’ve fixed the problem.

“A lack of accountability and no clear lines of authority in Equifax’s IT management structure meant key security protocols were neglected, the House panel found: Equifax allowed over 300 security certificates to expire, including 79 for monitoring “business-critical” domains.” 

Can he show me that we tried our best and made no progress? And if they did, why didn’t they work together with other companies and mandate security? They failed to regulate cyber operation security. Is Pro saying we’ll just abandon defense altogether by his logic? Come now, let’s be reasonable. Both our experts have agreed that something close to a 50-50 split would be superior, and as such US’s extreme focus on offense has only resulted in our recklessness. 

Remember that, we accused China (or other specific countries) of being solely responsible and only tried to punish them, to no avail. On the detrimental side, our offensive thoughts have caused allowance of weak computer security. You could argue the COO (“we must continue attacking China, don't care about security”) are precisely what caused the loss of billions of dollars of data. 

Notice how pro concedes: “PRO gave that the US will target any actors that are notable threats. Our focus isn’t limited to one country at a time”.

Now think about the Con side. The defense IS only limited to one country at a time -- our own country. It doesn’t seem logical that attacking multiple different countries is cheaper or more efficient than fixing your problems. Remember that divesting resources into multiple potential enemies takes far more resources, and Pro’s admission only furthers this conclusion.

Pro thinks that I have conceded his attack, but notice how I only paraphrased pro’s false ideals. Look carefully into my logic (see previous numbered points under Defense, 3~6). His list of countries continuing to attack the US furthers the failure of our offense, and his unsound argument. Recall that Pro has listed 0 actual examples of successfully deterring foreign threats, while I already have the huge example of Equifax easily deterred by enforcing security and defensive measures (CDO). 

Pro claims that the US actually *hasn’t* been following the strategy that was set forth. Well now, that’s even worse isn’t it? They planned for one thing. And their actual operations were something different. This proves my argument that the US officials do anything to fulfill their selfish goals. They claim they are upholding democracy within their 2018 plan, yet even Pro agrees that our implementation failed. If any of pro’s arguments had hoped on the idealization realm, now it is truly terrible in the practical application. Voters, please ignore Pro’s false framing of “Con world”. Remember that I vouch for at least a balanced budget, or even leaning towards defense. 

I can’t access the article behind a paywall, but even a summary admits that defense -- rather than throwing blood for blood -- is the answer. “The challenge for the incoming administration will be to devise a response to the SolarWinds hack that is in some way proportional but that does not replicate Moscow’s bad behavior.” 

Let me repeat: If Russia’s hacking is bad, why should we do even more bad? It’s as simple as that.

Russia

Pro claims “The US will be throwing away military capabilities that even CON himself recognizes are “necessary,” leading to the US military being both perceived as and reduced to inept. “

I don’t understand what pro is going on about here. Must I repeat that we are only throwing away the unnecessary excess in the offensive side? 

Pro claims: “US hegemony and enforcement of international norms is to be preferred … CON must show specifically why autocracy is to be preferred or their point here is moot.”

Please clarify precisely how this relates to COO. I do not see any linkage between “democracy” and “freedom” along with overspending the budget on the attack. This would be like saying it would be fine to spend 100% on the budget on any one subject because it would be wise and promote international norms. Sure, you could promote Education to be the number 1 priority, but you neglect every single other subject. Similarly, investing too much in COO’s destroys democracy. Why? We allow for a weak cybersecurity system that is easily hacked, claiming that we would be able to deter every potential country.

Pro continues promoting democracy with the fallacy of composition. I do not see how every single allocation of the dollar is just. Nor if every decision made by the government is just. We both admit that the US has to set itself as a leader. But pro just drops everything and says any means to an end will be acceptable to continue our democracy. He might as well be siding with 100% budget on offense. He thinks it is the only way to continue our pressure and our ability to defeat foreign countries. But just as my Moscow critic above notes, our response tells all countries what is acceptable. If we attack in response to others’ attacks, that means Moscow’s attack may have been justified. And I’m certain Pro doesn’t think this way.

Recall: “The disclosures, however, reinforced the view of many states that the United States disproportionately benefits from an open, global, and secure Internet[.] [It] is only committed to these values to the extent that they further U.S. economic, political, and military objectives.”

Indeed, how do we tell the difference between “hack them for democracy!” and “hack them for their personal information”? Pro’s justification based on the virtue of democracy falls apart here. He seems to be begging the question that because democracy is good, whatever is good belongs to democracy. Unless he justifies his stance on something more reasonable, I ask voters to severely doubt this argument. Despite the US’s excellent founding ideals, each policy must be considered on its own, as we do not know if the president/DoD wants to further democracy, or merely further economic/political gain.

Defense Argument

Pro thinks his expert is better than my expert, but his news article cites the analysis during 2010. My source is from 2013, three years later, when you could look back on the actual results. 

Pro has yet to defeat the later idea that “complexity of weaponization makes cyber offense less easy and defense more feasible than generally appreciated”. My article also supports the idea that Iran was further spurred to boost production, which is counter-productive to our desired goals. Other research associates agree, “evidence of the worm’s impact is circumstantial and inconclusive” -- and in fact, may have actually caused a net benefit to Tehran. 

Pro delivers a very generic source that doesn’t tell us precisely what it analyzes or the credentials of the person. It only says “government is constantly reassuring transparency, productivity and development with regards to data security”. 

So either: 
  1. The previous attacks were negligible on our security as a whole -- we can forgive them. This negates pro’s entire case, and thus, the attack/revenge was not necessary. Pro somehow defeated his argument with a single source.
  2. We have to keep attacking the other countries, even though our data security is excellent. Apparently punishment is Pro’s true goal, rather than protecting our country.
  3. Pro concedes this source and dismisses it for similar reasons I consider it too ambiguous.

Look, Pro’s source doesn’t mention anything about our hacking of foreign countries or gathering of intel. If anything, it only bolsters my own argument. By focusing heavily on our security principles, we avoid causing retaliation or international pressure. 

Pro states: “If Russia and China can attack the US while fixing vulnerabilities, CON needs to demonstrate why the US can’t do the same.”

Because Russia and China are basically *only* attacking the US (stretching only as far as it can successfully execute attacks), while US has its hand full with multiple enemies.

Pro claims that the 70 billion dollar loss is negligible compared to the 1 trillion overall in a budget. I call red herring fallacy. This would be like saying a murderer’s impact is negligible compared to Hitler. You can’t just bring out some bigger picture that’s completely irrelevant. Why should we lose any billions of dollars? 

Pro admits that my examples show lack of enforcement of the cyber defense. This is why supporting Con side will uniquely help the US in the long run. Pro will ignore the defensive side and put the blame on other countries. Pro will continue saying that it is good to have potential future Equifaxes and Einstein 3, because we punish the country that did it. So instead of security we arbitrarily prefer “justice”. Yet this justice comes at the cost of divested resources that favor the enemy countries instead of our own countries. Remember that attack had disadvantage over the advantage.

Pro vouches for our gaining of intel, but does not realize the cost. Let me repeat that it has allowed the enemy to also spy on us. Realize that Pro has dropped the point of the article.

 Extend: “In the interests of surveillance, the NSA has pushed for an insecure cellphone encryption standard and a backdoor in random number generators (important for secure encryption)”.

The writer furthers, “we are simply too vulnerable when we prioritize offense, even if we have to give up the advantage of using those insecurities to spy on others.”

Summary

As the Guardian concludes, “We need to dampen this offensive arms race rather than exacerbate it, and work towards cyber peace. Otherwise, hypocritically criticizing the Russians for doing the same thing we do every day won’t help create the safer world in which we all want to live.” 

Indeed, it’s Gandhi’s famous quote all over again: “eye for an eye makes the whole world blind”. By encouraging everyone to focus mostly on defense, we would allow a vast alliance of countries to improve their security. Pro admits that our offense will be useless when there is no more countries that attack. This proves that Defense will be the true solution in the long term. Even Pro knows offense holds no true power.

I don’t have enough space, but even an analysis of German’s cyber operations bears remarkable similarity and summarizes to highlight the US’s problems. With regards to deterrence, the offense simply doesn’t work well especially if the opponent doesn’t care in the end. One expert paper states: “ Deterrence by punishment is most likely a strategy doomed to fail. If even the more active cyber powers like the US regularly fail with cyber deterrence... As long as Germany has no escalation strategy and is not pre­pared to endure the possible consequences of an COO deterrence policy, this approach should be avoided. Instead, German policy should continue to focus on “deterrence by denial” by hardening systems and building resilience.” This links back to the US making a good example and preventing weaker states from desperately striking at stronger enemies.

In the end, Pro is vouching for further escalation and continued fighting, pouring even more resources into gaining more enemies. This world is detrimental as it is a repeat of the cold war, except on the technological front. If you put 2.5 times into offense as defense, you cannot justify a rational and calm approach. The Con world of balance and reasoning will resolve escalation and prevent the US from neglecting existing problems in defense. 

Pro’s military necessity only applies in two cases. One, if he continues mercilessly attacking, thus provoking enemy responses and causing endless tension. Two, in the short term, if we fear retaliation but still focus mostly on our defenses. In the long run, pro and con agree peace -- enforced by defense -- will cause offense to have no benefits -- and hence unnecessary.

Round 4
Pro
#7
Thx, Undefeatable.

I will now work my way through the CON case and the PRO case, crystallizing the debate as a whole for the VOTER as I go.

The CON Case:

  • Framework:
CON proposed a nonsensical framework called “Paranoid Android” that PRO promptly refuted in R2. CON has dropped all of these refutations. We should prefer a utilitarian framework. 

  • China:
CON starts by arguing China is innocent and harmless and that we are provoking them into retaliation needlessly. PRO effectively disproved these claims in R2, showing that: 

  1. Chinese hacks cost the US billions and will cost more in the future due to compounding harms.
  2. The PRO strategy is exclusively retaliatory, meaning if China is truly pacifist the US simply won’t attack. 
  3. China is unlikely to stop these attacks even if defense were the focus of all our efforts, because not only has China attacked all throughout our defense-only strategy, their attacks are so cheap to create and use that it doesn’t matter if 99 out of 100 fail. This is an extremely important point that CON has dropped. VOTER, don’t let CON try and address this now, as this is PRO’s final round.
  4. Offensive operations have a deterrence effect, showing enemies of the US that attacking the US is too costly to be profitable and preventing further attack instead of instigating it. 
CON has failed to refute PRO’s arguments here, conceding that China is indeed a threat and won’t stop attacking anytime soon, and that even if he was right and China was pacifist the US wouldn’t attack. Still, he argues, China will only be aggravated by our attacks and we must be focused on defense instead. 

He argues this through his Equifax example, stating that this indicates US defenses as a whole are weak and proves a need for his counterplan. However, PRO annihilates this line of thinking with the following:
  1. The Equifax breach happened when the US was solely focused on defense, illustrating the inefficacy of his own counterplan. His sources demonstrate that much of the cyber defense standards established in the US and in Equifax simply weren’t followed, showing that human error can sabotage even the most focused of defense efforts. CON even reaffirms this in his R3, telling us that “Equifax did not enforce its security.” If the expectations were in place but not followed then the burden of proof is on CON to show why they would be followed now. 
  2. The US owns 60% of cyberdefense firms, and Equifax spends hundreds of millions on cybersecurity a year. RECALL: “Yet China freely breached them. Just one bug, just one improper implementation of protocol, just one vulnerability, and we can be exploited at massive costs.” How much more do we spend before our cyberdefenses are “good enough?” When do we simply admit our strategy is failing?
  3. CON never showed a tradeoff. The US spending more effort in the offensive sector does not necessarily mean less effort in the defensive one. RECALL: “as the importance of cyber security increases, it is basically a given that funding for increased cyber security capabilities will coincide with increased offensive capabilities. There is no reason the two can’t coexist.” CON tries to argue a tradeoff in R3 by saying multiple fronts of attack will be too expensive to maintain, yet CON ignores PRO’s evidence that attacks are ultra cheap and efficient and are getting better as time goes on. CON also ignores PRO’s case evidence that the US will not be in this alone, the entire deterrent force of NATO is on our side.
  4. RECALL & EXTEND PRO’s R2 responses to the Defense CP.
  5. There is no need for increased defense spending if deterrence prevents attacks from happening in the first place. CON concedes all the warrants for this but still says in R3: “Recall that Pro has listed 0 actual examples of successfully deterring foreign threats, while I already have the huge example of Equifax easily deterred by enforcing security and defensive measures (CDO).” CON’s “example” is nonsensical. As for a lack of examples on a PRO side, this is no problem for PRO to address. Again, the US hasn’t actually been following through on its 2018 cyber strategy as of yet. If you affirm, they will actually make use of the strategy as they will now be “using offensive cyber operations.” CON tries to say this reflects the US being evil somehow, PRO says this instead shows that a fundamental, groundbreaking strategy shift takes time to implement. Second, while PRO doesn’t have too many examples to its name, CON doesn’t have any either (and as PRO has been repeatedly saying, CON has hundreds of examples of their strategy failing throughout its reign). VOTER, don’t let CON introduce a new example now, as this is PRO’s final round.
  • Russia:
CON’s original position here is that first, we are no match for Russia’s power so we should avoid retaliations at all costs, second, that the US may be breaking cyber law, and third, that the US is not necessarily to be preferred over Russia as the global hegemon. 

PRO thoroughly cracks this position in R2, arguing that:
  1. The PRO strategy causes a reduction of escalation due to making attacks costlier for the aggressor, meaning we can turn the contention to PRO’s favor. This point is extensively warranted and all warrants are fully dropped by CON. VOTER, don’t let CON try and refute this now, as this is PRO’s final round. This is absolutely critical, as CON’s entire case falls due to this concession. More on this later.
  2. Even if the VOTER didn’t buy the above, escalation is non-unique because “CON allows Russia to attack freely and violate international norms, escalating tensions further as well.”
  3. The Russian attacks easily constitute a breach in international law, warranting a US response. 
  4. PRO can turn CON’s international law point in their favor. RECALL & EXTEND PRO’s Contention 2: China & Russia are eroding international law & norms, and without an enforcement mechanism they will disintegrate. 
  5. Democratic hegemony is to be preferred over authoritarian hegemony on all fronts. 
CON’s only meaningful response from here on is to focus on the faults of the US, essentially implicitly arguing for Russian hegemony, and thus, submission from the US. There’s not much to say here, other than to paste a summary of what’s already been said:
“US hegemony and enforcement of international norms is to be preferred to a CON world where abusive autocratic rule is supreme. CON must show specifically why autocracy is to be preferred or their point here is moot.”

CON does come in R3 with a repetition of his previously refuted point:
“our response tells all countries what is acceptable. If we attack in response to others’ attacks, that means Moscow’s attack may have been justified.”

But once again it fails. 
RECALL & EXTEND that, far from endorsing instigation in the cyber realm, the US has adopted a purely retaliatory position and has urged for the establishment and enforcement cyber norms in the UN. The US’ express purpose is to “build a group of “like-minded states” to “ensure adversaries understand the consequences of their malicious cyber behavior.” 

  • Target of Innocents:
Comprehensively refuted by PRO and henceforth dropped by CON entirely. VOTER, don’t let CON try and back it up now, as this is PRO’s final round.

  • Defense CP:
The big daddy point of the CON case: a defense-only strategy is to be preferred above a mixture of offense and defense (CON does try and muddy this up a bit later on, arguing that the CON side has offensive elements too. PRO has already refuted this, but more on this later).

Anyway, CON opens up arguing that increased defensive capability will lead to enemies halting their attacks over time.

PRO defeats this claim accordingly in R1:

  1. The US already owns more than half of the world’s cyberdefense firms and we already have been entirely focused on defense for the past 20 years, and we can see the effects. RECALL:“If a defense only strategy was enough, then for the past 20 years the US would’ve had no issues...Hacks cost the US billions a year, and whenever we increase our defensive capabilities China & Russia find workarounds.” CON never addresses this point. VOTER, don’t let CON try and address it now, as this is PRO’s final round.
  2. CON doesn’t give us concrete examples of what could actually be improved in his world, and even if he could, why didn’t the US fix them during the 20 year trial of his CP? RECALL & EXTEND: James Andrew Lewis writes: “All cyber defence usually means is a bigger Computer Emergency Response Team, more technicians, essentially a Maginot line approach”  VOTER, don’t let CON introduce a new example now, as this is PRO’s final round.
  3. A union of defensive capability & offensive operations allow us to gather intel on our opponent’s weapons to then counter them. On the CON side, no such intel is available and the US can only sit and hope enemies don’t find vulnerabilities. 
  4. RECALL: Countries will continue attacking because the cost is negligible to them. 
In response, CON pivots from arguing increased defenses would lead to less attacks, and instead harps on the tradeoff hypothesis that by having an enhanced offensive focus the US is severely sabotaging our defenses.

PRO easily dismantles this argument, extending both the arguments above and adding the following:

  1. RECALL: “CON does not demonstrate any meaningful tradeoff between offensive and defensive capabilities, he only says it exists. The US already has about 60% of cyber defense firms under its belt, and as the importance of cyber security increases, it is basically a given that funding for increased cyber security capabilities will coincide with increased offensive capabilities. There is no reason the two can’t coexist.”
  2. RECALL the human error effect: “just one bug, just one improper implementation of protocol, just one vulnerability, and we can be exploited at massive costs. How much more do we spend before our cyberdefenses are “good enough?” When do we simply admit our strategy is failing?”
  3. The deterrence effect from offensive cyber operations prevents the need of enhanced defensive capability in the first place, as foreign actors realize attacking the US is too costly and are deterred from even hacking to begin with. Again, this absolutely critical point is dropped by CON completely. And once again, VOTER, don’t let CON try and address this now, as this is PRO’s final round.
The PRO Case:

CON’s main strategy throughout the debate is to pretend the PRO case doesn’t exist, hoping the VOTER will forget. Don’t be fooled. 

  • Dichotomy:
PRO argues that the resolution is a dichotomy, but CON disagrees. His disagreements are in vain. 

If CON’s position is the blanket statement that the harms of using offensive cyber operations outweigh the benefits, then he can not argue for the use of offensive cyber operations in any capacity. He can acknowledge there are some benefits, but he must argue that the harms outweigh them, thus meaning we shouldn’t use them as a whole. 

Think of it this way: his argument here is literally saying “the harms of using cyberweapons far outweigh the benefits, but let’s keep using them because I agree that using them is better than not using them!”

By not arguing this, and by conceding that the benefits of using offensive capabilities outweigh the harms they cause, (Direct quotes from CON: 
  • “COO's are necessary for this day and age. (Pro and Con both agree with this).”
  • “Must I repeat that we are only throwing away the unnecessary excess in the offensive side?”
  • “Con's world is one where the US carefully decides [whether to use OCOs]”)
CON is literally conceding the debate inadvertently. This is case closed, the VOTER can justifiably vote PRO based off of this alone. Even if the VOTER doesn’t do this, they should at least refuse to entertain CON’s Special Pleading.

  • Crime & Terror:
This is by far the most potent contention of the debate, and it is completely dropped by CON. Even if the VOTER bought all of CON’s case, including his argument on using just a few OCOs but not many, you could still outweigh in PRO’s favor.

The magnitude of the impact here is unmatched by CON: Without hacking, wiretapping, and other offensive cyber operations, our ability to address literally all criminal activity and terrorism is severely handicapped. 

Crime and terrorism has such a wide scope in impact that its incomparable: trillions of dollars and hundreds of thousands of deaths over the course of decades. 

The only CON response that comes even close to addressing this point is the idea that insecure phone lines somehow outweighs the free fall of crime that this technology change has caused.

VOTER, don’t let CON try and address this point now. Freely extend.

  • Enforcing Cyber Norms:
While CON and PRO disagreed on the details regarding China and Russia, nearly all of the warrants to this contention was dropped by CON. The deterrence effect of cyber operations is not engaged with by CON in the least, and this comes back to bite him hard.

If we extend this point on the PRO side, CON doesn’t achieve any of his impacts, not even on his counterplan. (If deterrence can prevent attacks from happening in the first place, there is no need for the US to cripple themselves militarily and law enforcement-wise for the sake of CON’s CP)

This point also prevents CON from making headway with his international relations argument he brings up in R2-R3 (that the US will alienate allies and advertise free violation of cyber norms).

RECALL & EXTEND that, far from endorsing instigation in the cyber realm, the US has adopted a purely retaliatory position and has urged for the establishment and enforcement cyber norms in the UN. The US’ express purpose is to “build a group of “like-minded states” to “ensure adversaries understand the consequences of their malicious cyber behavior.” 

VOTER, don’t let CON try and address these points now. Freely extend.

  • Military Necessity:
Another point that CON completely fails to engage with, although he tries. 

Freely extend, including the laundry list of problems CON presents for the US. 

  • CON makes our soldiers more vulnerable to attack
  • CON makes the US have to rely on primitive, kinetic means that infuriate enemies and make combat bloodier
  • CON would allow terrorist organizations to evade military action and attack their targets more efficiently, yielding economic destruction and death in their wake.
  • The US won't be taken seriously as a world power when it comes to diplomacy due to their military ineptitude. 
  • Increased nuclear proliferation, even despite CON’s protest on Stuxnet OCOs are a useful tool to deal with troublesome nuclear programs.
  • Many others….
In sum, CON makes the US an international laughing stock. 

Conclusion:

There’s really not much more to be said. VOTER, even if you bought all of CON’s case, it still wouldn’t earn CON the win. 

Your only decision left is to VOTE PRO.

Thank you.










Con
#8
Let's wrap this up. Apologies ahead of time in case I didn't rebut sufficiently, I didn't want to be affected too much by Con's final round.

This may look like I dropped China and Russia, but this is not the case. Voters should consider this crystallizing the two examples as a whole. What it means when the US attacks its enemies in general, including countries we didn't go into more depth, especially Iran. 

Overview

I started with Paranoid Android, and I'll end with Paranoid Android.
 
The US is like a machine that is overheating, overcharging on energy. 
It is divesting limited resources majorly on their attacks. 
Unfortunately, it also draws away from the defense when it does so.
This does not mean the US should use zero energy at all.
 
It is causing catastrophes by encouraging all countries to be at war and tense with each other.

Pro keeps thinking that the escalation will be stopped, but notice how he has little to no support for this point. It seems far more likely that the attack will be met by further attack -- as Pro's Offensive logic goes.

[2018, US: we won't stop until you stop! Russia: No you!
2019, US: No you! Russia: No you!
2020, US: No you! Russia: No you!
2021+?: US: No you! Russia: No you!
repeat ad infinitum or until one country collapses]

VS

[2021, US: Hey, let's take a break. Russia: No I will continue attacking!
2022, US: Let's continue improving our security and strengthen our alliance. Russia: *begins sweating* I ... will... continue attacking?
2023, US: We will not sacrifice our citizens' safety and create holes in wiretapping just to get to you. Russia: I..... I... damnit, now I'm the bad guy...]

Escalation is the primary worry and the biggest impact of this debate. Combined with the loss of innocents previously dropped by Pro, this bolsters escalation to the next level. We would ultimately end up with World War III, something I'm sure nobody wants.

Remember I said that we would just keep attacking with a greater and greater amount of forces and finances until there's nothing left. And this means that Pro is effectively arguing for the same idea as 100% offense.

But pro's biggest flaw is assuming that my world will immediately turn into a 100% defense plan. While it is true in the long run, we seem to have the dichotomy of pure offense and pure defense; I will only gradually reduce the budget. It will become an acceptable balance, and then move the budget to defense. Once things begin to cool down and our security matches standards, we will no longer need the offense anyways, and hence Pro would have lost even more lives and budget than he had gained through his long-winded plan. 

US Standards

“The challenge for the incoming administration will be to devise a response to the SolarWinds hack that is in some way proportional but that does not replicate Moscow’s bad behavior.” 

We need to dampen this offensive arms race rather than exacerbate it and work towards cyber peace. Otherwise, hypocritically criticizing the Russians for doing the same thing we do every day won’t help create the safer world in which we all want to live.” 

Pro keeps on being the paranoid war-like android who repeats the mantra that the opponents will stop their attacks because the US is attacking them. But he also says that the US is raising the standard and showing what is right, what is democracy. So he infers that any non-democratic country ought to be attacked. Or any country that might be a remote threat should be treated as a danger. Yet the US is already stepping lines and being the enemy as well. Pro says that Russia's attacks are a bad standard because it shows they are a power-hungry territory grabber. They are bad, but that doesn't mean we should give them an eye for an eye. Remember that Pro has completely dropped my idea that the US resolving its defenses and keeping a solid grasp on security. They can leave the war threats and country scrutinizing job to their alliances. Remember that if the US attacks, we say it's okay to attack, which means all Russia/China has to do is to say "no, this is the right government", and we blur the line between us and them.

instead of security we arbitrarily prefer “justice”. Yet this justice comes at the cost of divested resources that favor the enemy countries instead of our own countries. Remember that attack has a disadvantage overall. 

Pro repeats that our pure focus on defense is what caused this problem, yet he fails to notice that the companies failed to follow these defensive standards. Tell me, if a school has high test standards but fails to enforce them, what good are these standards? He asks why we would begin following them now; this is because the con's world has enough resources diverted to Defense to allocate people to test and monitor these security systems. Recall that Pro continues to fail to tell us how the offense budget doesn't drain the defense budget. Recall that pro has dropped the idea that we wanted to spy on enemies for information. Through our dubious decision, we sacrificed our own citizens' security and privacy. It's unclear who the real enemy is now, and our paranoid attitude gets in the way of our citizens' very rights. 

Now, what has pro gotten right, and what has he gotten wrong?

We both agree on the best of both worlds. For the present time, it is a balance of offense and defensive capabilities. Perhaps a 50-50 or 40-60 split. NOT a 2.5 times investment into offensive cyber operations. Notice how I continue being rational to contrast against Pro's paranoid argument. He thinks taking away a million is taking away it all. He thinks that being more careful is equal to not trying anything. And so Pro treats this as a moral debate. Of course, our use of offensive cyber operations can be just and moral in cases where you prevent terrorists. But notice how he tries to use our innate philosophy of "US homogony" to swindle voters and pretend that everything that the US does is incredible. He pretends that every time we strike, it is for the sake of US democracy. Imagine I had framed the Pro world as the one where we *only* have offensive capabilities and zero defenses. Our entire structure would collapse instantly and be far worse than even the "no offense" world. We would prevent only major countries from attacking, and we would be forced to fight at many fronts -- China, Russia, Iran, our own country, so on and so forth. This distribution of resources is absurd, to say the least. At least we can protect the majority of the US currently. While Pro drains severe resources to battle countless enemies. 

"As long as Germany has no escalation strategy and is not pre­pared to endure the possible consequences of a COO deterrence policy, this approach should be avoided."

As Pro and con both agree that attack is incredibly cheap, it seems illogical that it would take one country fewer resources to attack multiple countries, than for all those other countries to work together and attack the US. Remember what I said about defense being focused on the US itself for the most part.

The problem with the pro's assumptions is that he thinks that we have tried our best at defense and failed when this was not the case. We had not sufficiently enforced the rules necessary to fix vulnerabilities and help cybersecurity. Recall that even his link highlighted that the US has grown more transparent in upholding cybersecurity, and is trying to show itself as a benevolent and forgiving leader. The US cannot be the one to initiate attacks. Not only have we invested far too much money inside the cyber offensive operations, but we also encourage other countries who are unprepared for escalation to attack. 

Just in case voter's don't buy this, I will repeat and hammer in some more dropped points:

Notice how pro concedes: “PRO gave that the US will target any actors that are notable threats. Our focus isn’t limited to one country at a time”.

Now think about the Con side. The defense IS only limited to one country at a time -- our own country. It doesn’t seem logical that attacking multiple different countries is cheaper or more efficient than fixing your problems. Remember that divesting resources into multiple potential enemies takes far more resources, and Pro’s admission only furthers this conclusion.
By investing more in defense we can group finances and focus on our people's rights, rather than looking for other trouble. We can't accept the risk of additional retaliation and problems in other sectors. Remember that Pro has dropped China's economic trade sanction due to the US's operations.

SUMMARY [Sorry for copying Oromagi's style, my mind got burnt]
  • con affirms that defense, in the long run, outweighs offense for reasons of escalation, over the distribution of resources, and sacrificing of our defensive capabilities.
  • con affirms that defense enhancement encourages fixing of problems within security, unlike pro who encourages us to ignore enforcing standards and focus more on attacking other countries.
  • con argues that military necessity becomes less and less dependent on offensive measures, thus making the benefits lowered by following a defensive approach
  • con notices that regardless of example, it is impossible to tell who is truly moral and who is not.US hegemony is not a good idea to determine the benefits of a technological policy.
  • politics should be judged on a utilitarian basis and not on a philosophical idea like democracy. Democracy has vague standards and cannot be directly measured unlike lives lost or investing money in a war. 
  • even if voters do not buy the above idea, pro has failed to tackle why weakening our standards of security is more democratic than attacking the enemy. 
  • thus, we should follow what we know is moral -- enhancing computer security for all countries in general.
  • con and pro both realize that a BALANCE of offense and defense is currently desired, defeating US's current over-investment and use of cyber offensive operations
  • con and pro both admit that the us should be the leader on telling countries what is right and what is wrong to do. So con advocates for less bloodshed, careful action, and relying on international law. pro argues we should just become a democratic version of Russia.
  • con has big impacts on the eventual escalation with the continued offense, showing past examples of us ruthlessness in a war that directly counters pro weak argument that the us will act kindly and rationally
  • pro has listed zero examples of actual successful deterrence. His statistics starting from 2018 onwards show that it has not saved us any money, or any secrets prevented from being stolen.
So let's look at Pro's affirmative VS My rebuttals and how they stack up:

Crime and terror: Noted, but not necessarily unique to Pro "World" (As Con advocates for balance, and still certain amount invested). Even if voters don't buy this, retaliation point from other countries and US mercilessness outweighs the people harmed by this.

US Standards: Self-contradictory, ENCOURAGING WAR, REVENGE, and DESTRUCTION are some of the worst ideals possible while enhancing cybersecurity is a morally just policy. Pro's world willingly admits that Russia might be right under certain circumstances. We just don't know what those standards are other than "democracy". Which is absurd to base a technological policy on. Notice how I keep vouching for keeping our security and establishing standards to protect citizens. Pro is just gonna assume every company tried their best and put the responsibility off of them and onto the attackers. Yet the companies also have liabilities to create up-to-standard products as well.

Military Necessity: Due to this necessity, a small portion of the offensive operations will be kept for military operations. However, this argument is less and less necessary in the long run. As PRO provokes enemies more and more we will lose even more soldiers and invest even more resources. So by reducing the military necessity we are creating benefits for society overall.

Final Thoughts

If there is ONE THING Voters should take away. It's that I continuously vouch for a peaceful approach, one that encourages acting similarly to allies. If we treat them as enemies, they will only be angered in response. Pro has failed to target this logical assertion through this debate. Recall that Pro dropped the fact that the offensive operation was met with economic backlash. And recall that Russia's operations have gotten so complex it's hard to say if they violated any international laws. That doesn't mean that the US should be allowed to go through morally ambiguous ideals. Notice how Pro continuously fails to show actual improvement of democracy through the offensive operations. By contrast, the attack on other countries does not necessarily equal freedom, equality, and international regulations. For one of the leaders of the world, it seems rather odd. You admit you would willingly sacrifice your citizens' freedom. That it's fine to target countless enemies, rather than improve your security and set a baseline for other countries. Pro implicitly admits that our transparency and respect of technology users is needless. Pro thinks that all we need is justice and the illusion of deterrence. But where is justice and where is deterrence? And why do we have to invest such an incredible amount on the offensive side, if it is indeed cheaper and better than the defensive side? It simply doesn't make sense.

Framework: Paranoid Android

Pro's paranoid android mindset crashes and burns to the ground. He flails around mindlessly, uncertain of who's good and who's bad. Our direct targets will attack us from countless directions and provoke the US's ruthless mindset. Pro may as well be advocating for World War III. The other players at the table are confused and not certain what to do. Do we join the US to continue pressuring the morally ambiguous? Or do we stay safe and solid, like The United States, World Leader would have done? The retaliation crashes and burns while our defense is weak. Our resources are consumed until there is nothing left.

My smart android recalculates what is needed and what is not. We call back a significant amount of those military attacks, and first establish guidelines for our security. We discuss with other players calmly how to handle Russia and China without going to war. We gradually reduce the operational budget to only what is necessary. And we still stop terrorists, we still save lives, we are still America. We become true leaders with definitive rational events showing our ability to think calmly under pressure. And we raise our status to the next level.

Vote CON, for the smart android.

BEEP BOOP, KABOOM!