1

Forum: 1st Committee (Disarmament and International Security)

Issue: The issue of cyber attacks with regard to the protection of

states’ infrastructure as well as state secrets

Student Officer: Isabelle Wachsmann (isabelle.wachsmann@gmx.de)

Position: Main Chair of the 1st Committee

1. Introduction to the Issue

Cyber attacks pose an escalating threat on national and private servers throughout

the world due to the international connectivity and the domination of computer-

controlled systems. Therefore the nations’ infrastructure is more vulnerable especially

in the areas of communication, transportation and power. Nations may have

developed and financed well-organized cyber-warfare programs to intervene in other

nations’ computer systems to gain states’ secrets or harm their infrastructure.

Governments and companies have been attacked by a rising number of cyber

aggressions from criminals, nation states and terrorist, who are seeking economic or

military advantage. Cyber-warfare is definitely as serious as the other spheres of

warfare (land, sea, air and space), since the origin of the cyber attacks are hard to

detect and its consequences can be severe, such as a complete breakdown of a

nation’s infrastructure. Those attacks can also lead to disruptions into daily lives of

civilians. “As computer networks collapse, factories and chemical plants explode,

satellites spin out of control and the financial and power grids fail.“1

2. Definitions of Key Terms

Cyber-warfare

There is no international definition of cyber-warfare, some experts even argue that

there is no such thing as cyber-warfare, but the commonly accepted definition

created by Clarke, a U.S. Government security expert is: “actions by nation-states to

penetrate another nation’s computers or networks for the purposes of causing

damage or disruption."2 This is mostly done by espionage and, sabotage in terms of

worms, viruses or Trojans.

Espionage

Cyber spying is the first step of a cyber attack to gain secrets without any permission.

It is also done by certain Trojans or spyware that infiltrate another network causing it,

1http://www.economist.com/node/16481504?story_id=16481504&source=features_box1

2http://en.wikipedia.org/wiki/Cyberwarfare

MUNDO 2013 Research Report

1st Committee | The issue of cyber attacks with regard to the protection of

states’ infrastructure as well as state secrets

MUNDO 2013

Research Report

2

for example, to be operated by other computers, controlled by the one leading the

cyber attack.

Sabotage

Sabotage is mainly used for disruption or even destruction of certain systems, in this

case computer controlled systems. This term is especially important when talking

about infrastructural damage.

Cyber deterrence

Term used to describe systems that should prevent cyber attacks.

Denial-of-service attack

The attempt to make a machine or network resource temporarily or indefinitely

unavailable to its intended users, such as bank websites or credit card payment

gateways.

SCADA (Supervisory Control and Data Acquisition)

Computer controlled systems that monitor industrial processes.

3. Background Information and UN Involvement

The United Nations actively started to discuss this topic in 1998 and also proposed

certain resolutions concerning this topic, which was also debated on in other

committees. In the following, the UN involvement will be presented.

In 1998 the draft resolution proposed by the Russian Federation was adopted as

resolution 53/70 in January 1999. Its key elements were:

• recognition of the military potential of information and communication technology

for the first time as well as an expression of concern about the use of such

technology – inconsistent with the objectives of maintaining international stability

and security;

• clarifying the need to prevent cyber-crime and cyber terrorism;

• inviting all member states to propose their opinion towards this topic.

Later draft resolutions were also all proposed by the Russian Federation to specify

the rather general resolution from 1999. In 2005 the proposed resolution3 was

adopted by many more votes, the USA being the only one voting against the

resolution. Furthermore the draft resolution was now not sponsored by Russia alone,

but also by the People‘s Republic of China as well as Armenia, Belarus, Kazakhstan,

Kyrgyzstan, Myanmar, Tajikistan, and Uzbekistan. This shows that there is a general

attitude to discuss this topic and raise awareness. Yet those nations all belong to the

Shanghai Cooperation Organisation which also proposed an "International code of

conduct for information security” to the Secretary-General of the UN to protect

against anything "harmful to the spiritual, moral and cultural spheres of other states"4.

3http://www.undemocracy.com/A-61-389.pdf

4Extract of the international code of conduct for information security

1st Committee | The issue of cyber attacks with regard to the protection of

states’ infrastructure as well as state secrets

MUNDO 2013

Research Report

3

Most important resolutions and conventions issued on this topic

53/70; 64/211; 55/63; 56/121; 62/17

World Summit on the Information Society in Geneva/Tunis in 2003/2005

Two widely accepted positions became visible when analyzing the topic. The US and

other Western states feared that the resolutions will constrain the freedom of the

internet by implementing censorship on certain website to protect national security.

The other position argues that censorship will be the only solution for protection.

Those two opinions clashed during debates.

4. Relevant events (there are more incidents than those listed):

2007: cyber attack on Estonia after the removal of a Russian WWII memorial,

ministry networks and two major bank networks were shut down, a letter of apology

was posted on the website of the Prime Minister of Estonia. The origin of this attack

was not found, even though the Russian Federation was accused.

Resulting from that NATO established a Cooperative Cyber Defence Centre of

Excellence (CCD CoE) in Tallinn, Estonia, in order to enhance the organisation’s

cyber defence capability. The centre was formally established on 14 May 2008, and it

received full accreditation by NATO and attained the status of International Military

Organisation on 28 October 2008. 5

2010: The Indian Cyber Army attacked Pakistani army network; Pakistani Cyber army

attacked India’s top investigating agency.

In September 2010: Iran was attacked by the Stuxnet worm, was suspected to be

specifically targeting its Natanz nuclear enrichment facility. The worm is said to be

the most advanced piece of malware ever discovered and significantly increases the

profile of cyber-warfare. Stuxnet is a great example to examine the consequences of

a worm, since Stuxnet did not just attack Iran’s nuclear program but also infiltrated

computers all around the world, since the consequences of cyber attacks are hard to

control.

5. Possible Solutions

As a first attempt, it can be proposed that a universal definition of cyber attack, cyber-

warfare is adopted by all member states to classify and properly deal with these

issues.

Organisations could be established to monitor international computer systems to

better control cyber attacks and achieve more transparency. Some nations will be in

favour of those controls and some will feel too supervised. Those organisations could

consist of IT experts, who are able to help those nations who do not have an

advanced cyber deterrence program. This program could also be funded by the UN

budget, including back-ups in case of attacks and for the hiring of experts. There

5http://en.wikipedia.org/wiki/Cyberwarfare

1st Committee | The issue of cyber attacks with regard to the protection of

states’ infrastructure as well as state secrets

MUNDO 2013

Research Report

4

could be a better international oversight of the internet, possibly leading to a feeling

of surveillance, at the personal, national as well as international level.

6. Helpful Links and Bibliography

For a general overview: http://en.wikipedia.org/wiki/Cyberwarfare

http://www.economist.com/node/16481504?story_id=16481504&source=features_

box1

http://www.guardsmark.com/files/computer_security/TLR_Oct_10.pdf

http://www.ists.dartmouth.edu/docs/cyberwarfare.pdf

http://www.un.org/documents/ga/docs/56/a56164.pdf

http://www.un.org/en/ecosoc/cybersecurity/maurer-cyber-norm-dp-2011-11.pdf

http://www.undemocracy.com/A-53-576.pdf

http://87.253.140.15/thimun/images/stories/downloads/HAGRESOLUTIONS/dis%2

02011.pdf

http://scholarship.law.duke.edu/cgi/viewcontent.cgi?article=1198&context=dltr&sei-

redir=1&referer=http%3A%2F%2Fwww.google.de%2Furl%3Fsa%3Dt%26rct%3Dj

%26q%3Dcyber%2520warfare%2520resolutions%26source%3Dweb%26cd%3D2

%26ved%3D0CEUQFjAB%26url%3Dhttp%253A%252F%252Fscholarship.law.du

ke.edu%252Fcgi%252Fviewcontent.cgi%253Farticle%253D1198%2526context%2

53Ddltr%26ei%3DZyjXUM39KJGL4gTQ-

YCIAw%26usg%3DAFQjCNFbYTXdOjcW735QNCNxZ5obHpR2rg%26bvm%3Db

v.1355534169%2Cd.bGE#search=%22cyber%20warfare%20resolutions%22

http://www.unidir.org/pdf/ouvrages/pdf-1-92-9045-011-J-en.pdf

http://belfercenter.ksg.harvard.edu/files/maurer-cyber-norm-dp-2011-11-final.pdf