Bryan-Disec.2.CyberWarfareedited.docx.docx.docx

CHEMUN 2013 Background Notes (DISEC)

Committee: Disarmament and SecurityTopic: Combatting the emerging threat of cyber-warfare in the international communityStudent Officer: Tae Ryoun Kim

IntroductionFrom the emergence of the first electronic computer in 1950s, humanity has found a new dimension where everything can be created, stored, and destroyed: the internet. After its first publication as the ARPANet, the internet developed dramatically, becoming a crucial element for humans to live in the modern society. This also applies to governments as the internet became the storage for militaristic, governmental, and other private information. However, such reliance on the internet evoked illegal organizations or terrorist groups to hack into other servers and steal or paralyze their targeted network, including governments servers. To counter such actions, governments created elite groups, such as USCYBERCOM and ENISA, to protect ones network. This issue became prominent in United Nations debate as the competition between governments and terrorist organizations or opposing governments to conquer the internet can lead to actual war in the future. According to the Economist, the internet is the fifth domain of warfare which is a dimension as critical as military operations in land, air, sea, and space. Thus, obtaining the control over the internet can lead to the paralysis of an entire country, making it vulnerable to missile assaults or other terrorist activities. As kinetic actions can be taken between nations, the United Nations began to find a peaceful resolution to the issue but currently, there are not any solid international laws restricting cyber warfare. Also, as cyber warfare does not contain conventional weapons during the process, Geneva Convention and UN Charters regarding sanctions over countries provoking war are ignored. Thus, all nations, regardless whether or not they are involved, have to collaborate to create new regulations for cyber warfare and weapons to pursuit cyber peace where civilian threats are decreased to its minimum.

Definition of Key TermsCyber warfareCyber warfare literally means the conduct of warfare in cyberspace through cyber means and methods; in other words, it is an information warfare. According to the U.S. government security expert Richard A. Clarke, in his book Cyber War (May 2010), it is "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption." However, there are no concrete and clear international standards to identify cyber warfare.

Background InformationMajor regions for the center of cyber warfareKorean PeninsulaThe struggle for dominance over the Korean peninsula between democracy and communism dates back to the start of the Korean War in 1950. Even after the armistice, the battle still continues as North Korea constantly attracts attention through nuclear weapons, poverty, and assaults on South Korean ships and territories. Recently, on March 20th 2010, North Korea has changed its strategies and used cyber-attacks, which paralyzed 30,000 computers and servers at the national bank and broadcasters. Six computers were used to access the South Korean server using more than 1,000 IP address in which 13 were traced back to North Korea. Though there were several attempts from North Korea, this cyber assault was very astonishing and powerful to not only South Korea but also the United States, as this attack proved North Koreas cyber warfare capability to rival the United States of Americas. Also, it warned South Korea of the danger and the influences on the Korean society if the assaults were to have targeted the nuclear plants and major infrastructures. This signaled the involvement of other private organizations, such as the Anonymous, to this cyber war which would later determine the victor of the Korean War.

Middle EastStarting from the disagreement between Palestine and Israel regarding the distribution of their territories in the late 19th century, the conflict expanded to the cyber war between Iran and Israel, including the United States who supports Israel. The United States and Israel first launched their attacks on Iran by using a malware called Stuxnet which targeted centrifuges at Iran's nuclear facilities in 2010. This degraded Irans nuclear technologies to its state two years ago. Other malwares, such as the Shamoon and Gauss, and the cyber espionage tool, Flame, sequentially damaged financial institutions and universities in not only in Iran, but also in Lebanon, Saudi Arabia, and Syria. To counter these attacks, Iran joined forces with its neighboring nations to combine cyber warfare tactics and maritime war game in a drill. Also, Iran started to hack infrastructures in Israel such as Sheba and Assuta hospitals. From these conflicts, dreadful computer viruses and sabotages emerged, introducing new combinations of malwares and methods of assaulting through cyberspace. Methods of AssaultsMalwareIt is an abbreviated form of the term malicious software which is used to disrupt computers and steal information through accessing private servers. This program includes computer viruses, ransomware, worms, Trojan horses, spyware, adware, etc. Sometimes malwares disguise themselves as useful or attractive programs attached to official softwares. After malwares start to operate on computers, they defect security and create user errors through malicious Javascript codes. To prevent these programs, anti-malwares, anti-viruses, and firewalls were created to strengthen the security of the operating computers.Denial of Service(DoS)This is a method to disable a server or network by flooding it with a lot information. The traffic created by this method will crash the computer, thus rebooting the whole system to preserve the remaining data. Though this method only prevents legitimate users from accessing the targeted system, an attack on government or news sites can be critical as the paralysis of the system can delay the execution of documents in banks and other institutes responsible for financial matters. Thus, the systems targeted by the DoS method are mostly high-profile web servers such as banks, credit card payment gateways, and even root nameserver. Furthermore, the denial of service becomes an excellent tool for propaganda through the internet by confusing citizens of the afflicted country with accessible information modified by the culprit. This will bring about civil unrest and turmoil within the victimized nation, as it becomes vulnerable to external influences which may include conventional weapons. Relevant UN Documents, Treaties and EventsThe following information is UN resolutions supporting the religious minorities. More Relevant UN resolutions and treaties can be found at http://www.un.org/en/documents/index.shtml. However, this issue does not contain any direct resolutions to combat the cyber warfare but releva Stuxnet Attack (June 2010)An attack believed to be from the United States and Israel to disrupt Irans nuclear facilities and reverse the data and programs to their state two years ago. This attack became prominent as it was the first attack to target and subvert industrial programs.This attack infected the Windows, Step 7, and PLC, which did not cause any damage to their customers except for the nuclear programs secretly developed by Iran. Tallinn Manual on the International Law Applicable to Cyber WarfareThe Tallinn Manual was created by the experts associated by NATO Cooperative Cyber Defence Center of Excellence (NATO CCD COE) to produce a manual on the law governing cyber warfare. By focusing on the principles of jus ad bellum, it stresses on the international law governing the resort to force by States. Also, this manual does not focus on cybersecurity, but rather on the implication of International Laws on cyberspace.

Points to ConsiderConsidering the following points can contribute to creating comprehensive resolutions or treaties. Also, please note that ideal resolutions or treaties can never exist, and keep in mind that the point of resolutions or treaties is to create better solutions to combat the given issue. Do consider that there are no clear and solid definitions for cyber warfare. Thus, creating a clear definition which can distinguish it from other issues such as cyber terrorism can be a start for establishing appropriate resolutions or treaties to combat international conflicts regarding cyber warfare. Also, try to link cyber warfare to not only political conflicts between nations but also to relevant issues such as religious conflicts or manipulations. By referring to such issues, resolutions or treaties considering potential internal conflicts or cases violating the Geneva Convention can be created. Please note that the fundamental goal of creating resolutions or treaties for this issue is to protect civilians from the influences of the cyber warfare. Thus, resolutions or treaties to regulate the strength of the cyber weapons or to prevent civilians involvement in cyber warfare would be effective. If civilians were to be involved, measures to deal with casualties must be included.Bibliographyhttp://www.icrc.org/eng/war-and-law/conduct-hostilities/information-warfare/overview-information-warfare.htmhttp://www.nytimes.com/2013/05/23/opinion/irans-view-of-cyberwarfare.html?_r=0http://www.nytimes.com/2013/05/23/opinion/irans-view-of-cyberwarfare.html?_r=0http://en.wikipedia.org/wiki/Cyber_warfarehttp://www.koreatimes.co.kr/www/news/opinon/2013/04/202_133696.htmlhttp://www.huffingtonpost.co.uk/2013/04/10/north-korea-cyber-war-threatens-real-war_n_3052026.htmlhttp://www.unidir.org/files/publications/pdfs/cyberwarfare-and-international-law-382.pdfhttp://www.stonesoft.com/en/info_center/blogs/2013/20130322.htmlhttp://thediplomat.com/2013/04/19/is-cyber-war-the-new-cold-war/http://en.wikipedia.org/wiki/Stuxnethttp://www.cs.wustl.edu/~jain/cse571-11/ftp/cyberwar/http://en.wikipedia.org/wiki/Malwarehttp://www.thenational.ae/business/industry-insights/technology/cyber-warfare-in-the-middle-east-is-no-gamehttp://www.israelnationalnews.com/News/News.aspx/163733#.UaJMT7XI2Sphttp://www.acus.org/event/tallinn-manual-international-law-applicable-cyber-warfare6