Professional Documents
Culture Documents
Introduction
Information and communication technologies (ICTs) are permeating and transforming every
aspect of our lives in the 21st century. Today, the number of global web users, stands at an
estimated 2.4 billion, just over one third of the world's total population. Over 60% of all
internet users are in developing countries, with 45% of all internet users below the age of 25.
It is estimated that by the year 2017, mobile broadband subscriptions will approach 70% of
the world's total population. By the year 2020, the number of networked devices (the
internet of things) will outnumber people by six to one, transforming current conceptions
of the internet.
As societies transform into information societies, we have witnessed widespread system
interconnection, and increased dependence of individuals, organisations and countries on
digital technologies and information infrastructures. While cyberspace has presented
significant opportunities, our accelerating dependence on ICTs also comes with increasing
security threats and risks. A 2011 Norton Study estimates that threats to cyberspace have
increased dramatically over the past year, afflicting 431 million adult victims globally or
14 adult victims every second, one million cybercrime victims every day. Today, cybercrime
is an over one-trillion dollar a year business in online fraud, identity theft and lost
intellectual property. It affects millions of individuals and countless businesses and
governments worldwide. The challenge lies in the fact that countries are not easily able to
close their borders to incoming cyber threats, nor can they contain those cyber threats
coming from within. Cyber security is thus a complex transnational issue that requires global
cooperation and solutions which are harmonised across borders in order to ensure a safe
internet for all.As the increasing proliferation of ICTs has far outpaced national and
international regulations governing them, international cooperation is required, at the
1
Conference website: psnmun.pathways.in
What is Cyberspace?
What is Cybersecurity?
2
Conference website: psnmun.pathways.in
Cyber Warfare can be defined as politically motivated hacking to conduct sabotage and
espionage. Government security expert Richard A. Clarke defined cyber warfare as actions
by a nation-state to penetrate another nations computers or networks for the purpose of
causing damage or disruption. The most common of these are espionage and national
security breaches, and sabotage. These methods are motivated by specific reasons.
What is Cyberterrorism?
Many people understand cyberterrorism according to the concept offered in the paper on the
issue from the Special Oversight Panel on Terrorism in 2000, which provides the following
explanation: Cyber Terrorism is the convergence of terrorism and cyberspace. It is
3
Conference website: psnmun.pathways.in
The Center for Strategic and International Studies (CSIS) on the other hand, defines cyber
terrorism as, The use of computer network tools to shut down critical national
infrastructures (e.g., energy, transportation, government operations) or to coerce or
intimidate a government or civilian population.
Some argue that definitional problems surrounding cyberterrorism are in part due to the
definitional challenges surrounding terrorism, but also due to the nature of terrorists' use of
the Internet, cyberspace and IT is less well delineated and defined. The basic approach to
cyberterrorism as the convergence of cyberspace and terrorism includes not only
cyberterrorist attacks, but also terrorist use of cyberspace for various activities. Beyond
propaganda, cyberspace allows groups to gather and share information across great distances
with instant ease, and spread particular knowledge in new and innovative ways. What
terrorist groups value from the Internet is much the same as everyone else reliable service,
easy terms and virtual anonymity.
There is also an African regional convention, the African Union Convention on Cyber
Security and Personal Data Protection (2014). Adopted in 2014, this convention promotes
regional cooperation and provides a legal framework for strengthening cyber security and
combatting cyber crime. The convention was drafted to provide a holistic framework to
address the cyber security needs particular to the African continent and to prevent African
states from becoming safe havens for cyber criminals. While more than one year after its
5
Conference website: psnmun.pathways.in
In addition to regional arrangements, several United Nations bodies have also responded to
the increasing threat of cyber warfare and cyber crime. In 1999, the GA adopted resolution
53/70 on information technology and communications in relation to international security,
the first resolution on this topic. In addition to drawing an explicit link between information
and communication technologies (ICTs) and security, the resolution calls on states to outline
definitions and central concerns, and requests the Secretary-General prepare a report on the
topic. Since the resolution was adopted, the Secretary-General has produced several reports
to the GA outlining Member States perspective on the issue to share information and build
consensus on a way forward. In 2003, the GA passed resolution 58/32, which created a
Group of Governmental Experts (GGE) to assist the Secretary-General in drafting a report
on cooperative measures to combat cyber threats and strengthen cyber security measures.
The GGE has been renewed for several terms and is key in providing recommendations and
guiding the work of the General Assembly and the UN Secretariat in addressing this issue.
In 2013, the GA adopted resolution 68/167 on the right to \ privacy in the digital age. The
resolution notes that while states and international organizations should take measures to
combat cyber warfare, cyber crime, and serious informational breaches, these should not be
allowed to violate human rights, particularly ones right to privacy. In 2014, the GA adopted
resolution 69/28, based on the GGEs most recent report on Developments in the field of
information and telecommunications in the context of international security. The resolution
calls on all Member States to consider pressing cyber security threats, and to discuss and
communicate strategies to combat these threats to encourage a collaborative and multilateral
approach.
6
Conference website: psnmun.pathways.in
The ITU also hosts the World Summit on Information Societies (WSIS), an
intergovernmental forum established in 2001.139 While the fundamental goal of WSIS is to
universalize access to ICTs, it also notes that to build a global information society, there
must be a global culture of cybersecurity to protect users and encourage broader use and
applications. In 2005, WSIS agreed to a set of outcome goals contained within the Tunis
Agenda for the Information Society. The goals include expanding access to information
technologies, encouraging international and regional cooperation, including capacitybuilding and information-sharing, and building confidence and enhancing security measures
in the use of ICTs. In December 2015, the GA will hold the WSIS+10 Review to evaluate
the implementation and achievement of these goals on a national and international level.
In addition to the ITU, the United Nations Office for Disarmament Affairs (UNODA) and
the United Nations Institute for Disarmament Research (UNIDIR) have made important
contributions towards understanding current security threats and identifying gaps in national
and international security and legislation. UNIDIR has written numerous reports on the
relationship between information technology and international peace and security,
8
Conference website: psnmun.pathways.in
Individual Member States have also made important contributions in strengthening cyber
security mechanisms. Many states, including the United Kingdom and the United States,
have dedicated domestic offices and initiatives for cyber security. Internationally, many
developed states are investing in technical support and capacity building projects aimed at
strengthening developing states ability to respond to cyber threats. States have also signed
regional and bilateral partnerships, such as the one between the United States and Canada, to
increase cooperation, but these are generally with close regional partners and have not
expanded to include a wider international context.150 Additionally multilateral programs are
playing a larger role in international cooperation, such as the Commonwealth Cybercrime
Initiative (CCI), which was created at a multilateral forum of Commonwealth states in 2011.
The CCI aims to increase cooperation and information-sharing between Commonwealth
states, as well as various international and regional organizations, to reduce cyber crime and
strengthen accountability and enforcement mechanisms.
Cyber security and cybercrime also have important implications for civil society, and many
international organizations are taking steps which include private sector businesses and civil
society organizations as key stakeholders in their programs and discussions.153 Some civil
society organizations, such as the Global Information Society Watch (GISWatch), monitor
and interact with states to ensure equal access to ICTs; GISWatch also publishes reports on
states progress in reaching the WSIS goals.154 Human rights organizations, including
9
Conference website: psnmun.pathways.in
Timeline
1941 - Because of its usefulness in World War II to decode Japanese transmissions, the
SIGINT cooperation is finalized and establishes its importance in the world.
1942 - The Central Bureau of the Allied Intelligence Bureau for the Pacific is instated in
Melbourne, maintained by a US Chief and an Australian Deputy Chief.
1982 - Soviet gas pipeline explodes due to logic bomb, in one of the earliest instances of
cyber exploitation.
1988 - Mainly in the US, the Morris worm is spread to computers, which slows the machines
down to unusable conditions. It is one of the first worms to affect the emerging global cyber
infrastructure.
1998 - During the Kosovo war, the US hacks into Serbian air force programs.
2001 The Nimda computer virus attacks financial systems, causing major economic
damage.
10
Conference website: psnmun.pathways.in
2006 - NASAs plans for US space launch vehicles are hacked by unknown overseas
intruders. NASA is forced to block all attachments in emails before the launch.
April 2007 - After a disagreement with Russia, Estonia is hacked by foreign intruders.
Online government services and banking are halted. However, the Estonian government
responds immediately and resolves the issue in just a few days.
June 2007 - Unknown infiltrators hack into The US Secretary of Defenses email account in
order to access and utilize the Pentagons network.
October 2007 - After spyware was discovered in the networks of designated departments,
The Peoples Republic of Chinas Ministry of Security states that overseas hackers, with
about 42% of them from Taipei and another 25% of them from the United States, have been
stealing key information from the Chinese network.
2010 - The Iranian Cyber Army disrupts the service of Twitter as well as Baidu, the wellknown Chinese search engine, by redirecting pages to display a political message from Iran.
11
Conference website: psnmun.pathways.in
January 2011 - A major cyber attack forces Canadian major economic agencies, the Finance
Department and Treasury Board, to unplug from the Internet.
July 2011 - The US Deputy Secretary of Defense states that a major defense contractor was
hacked and 24,000 files were taken from the Department of Defense.
2012 - Kaspersky, a Russian cyber security firm, discovers a global cyber attack mechanism
called the Red October that has been used since 2007 to steal critical government embassy
and nuclear infrastructure information through vulnerabilities in Microsoft programs. The
attack is primarily focused in Eastern Europe, Central Asia, and the former USSR.
June 2013 - The first meeting for cyber defense is held. NATO Defense Ministers stated that
cyberdefense should be immediately operational to protect the networks of NATO member
nations.
October 2013 - The NATO Computer Incident Response Capability (NCIRC) project is
completed to help NATO combat the increasing number of cyber-attacks in its member
states.
2014 - NATO adopts a new policy, which states that cyber defense is part of the Alliances
key collective defense and ensures that international law is applicable in cyberspace.
12
Conference website: psnmun.pathways.in
Historical Context
In a world where the population is becoming ever more reliant on computers for day-to-day
life, digital attacks have the potential to be devastating. The currently underdeveloped
system of rules and regulations in cyberspace and the relatively low cost building a cyberweapon can mean that small groups, and even individuals, could use computer technology to
wage war against entire continents. To illustrate the historical context of cybersecurity, we
consider multiple case studies of cyberwarfare in the past.
A logic bomb is malicious software that, when activated causes widespread damage of
computer systems. In the early days of cyberwarfare, logic bombs were rarely used (the
pipeline explosion is the only example). However, throughout the Cold War, Soviet and
American spies used information technology to extract information and compromise enemy
13
Conference website: psnmun.pathways.in
The first instance of widespread cyber attack on a nation occurred in April 2007. After the
Estonian government decided to move a Soviet war memorial away from its capital city of
Tallinn, the government, bank and media servers of Estonia were hit with a massive cyber
attack. Known as Web War I, groups of hackers (suspected to be working for Russia) used
computers around the globe to launch a denial of service attacks to bring down the internet
in Estonia. Denial of service attacks flood a website with fake requests and cause an
information overload. The attack on Estonia was more of a cyber-riot than a war but
effectively cut Estonia off from the internet and showed the potential for a more serious
attack in the future. Merely a year later, there was once again a major cyber attack in the
Caucasus region. In August 2008, Russia physically invaded Georgia. The physical attack
was accompanied by a sophisticated cyber attack that denied Georgians access to news cash
and transportation tickets. The Georgian government found it difficult to communicate with
its citizens and the outside world and Georgian websites were defaced with Russian
propaganda. Russia denied any state sponsored cyber attack on Georgia and claimed it was
the work of radical Russian nationalists around the world. While Russia has been active in
cyber activity, it is by no means the only country to be accused of cyber-warfare. In 2009,
two major attacks were launched from computer servers based in China; Ghost Net and
15
Conference website: psnmun.pathways.in
16
Conference website: psnmun.pathways.in
Cyber Espionage
Cyber espionage is the infiltration of secure systems in order to steal information. It is the
first step in the cyber warfare process. Traditional spies risk arrest by trying to smuggle
information out of hostile countries, in cyberspace there are none of these risks. Cyber spies,
if given enough time and resources will almost always be able to penetrate a targeted
system. Adding to the problem is the fact that cyber spies can steal vast amounts of
information, more than traditional spies ever dreamt of stealing. A spy might once have
been able to take a few books worth of materialnow they can take the whole library, a
senior American official said. Recently, China has come under fire for wholesale espionage.
Governments and corporation are worried that the loss of information could damage their
economic advantages, or, in the case of governments, affect their military capability. Jim
Lewis, of the Centre for Strategic and International Studies says Cyber espionage is the
biggest intelligence disaster since the loss of nuclear secrets. Stolen information can be
used for nefarious purposes. In order to ensure the safety of people around the world, Cyberespionage needs to be brought under control.
Conclusion
The increasing use of ICTs to carry out criminal activities, threats, and attacks make it a
critical issue in the maintenance of international peace and security. While some regions and
many states have adopted treaties on cyber crime and cyber security, reducing the threat of
cyber warfare requires a unified global response. The technological innovation broadening
access to global financial activity presents a catalyst for many forms of cyber warfare, and
the anonymity of online networks thwarts many efforts to reduce financing and prosecute
those responsible. The infiltration and disruption of military intelligence and weapons
systems poses risks to innocent lives and at worst, risks a global catastrophe. Many states
secrecy and competitiveness regarding military security has prevented fruitful discussions on
information-sharing and best practices for security measures. Finally, attributing
accountability and prosecuting individuals and/or groups responsible for acts of cyber
warfare remains difficult as state approaches vary significantly. The nature of cyber
18
Conference website: psnmun.pathways.in
Further Research
In preparing for this topic, delegates should consider how the General Assembly can address
these challenges and build towards a more unified approach on cyber security. Specifically,
delegates should consider: What legal frameworks would be helpful in drafting legislation
on this topic? Delegates may also want to consider alternatives to legislation, such as
capacity-building, CBMs, and the implementation of existing and new legislation. How can
key challenges, including lack of coordination, multiple points of enforcement, and
challenges of jurisdiction be overcome? Which UN organs and agencies would be wellsuited to assist in strengthening cyber-security measures?
Sources:
1. (http://www.huffingtonpost.com/lia-petridis/between-doom-and-hesitantoptimism_b_3424313.html)
2. (http://www.itu.int/ITU-D/cyb/publications/2009/cgdc-2009-e.pdf)
3. (http://www.huffingtonpost.com/lia-petridis/between-doom-and-hesitantoptimism_b_3424313.html)
4. UNODC, Comprehensive Study on Cybercrime, 2013, p. xi.
5. Council of Europe, Convention on Cybercrime, 2001.
19
Conference website: psnmun.pathways.in
General
Assembly,
Developments
in
the
field
of
information
and
Report
on
Cybersecurity
http://www.cfr.org/publication/9161/un_report.html
20
Conference website: psnmun.pathways.in