GA1 - The Issue of Cyber Attacks With Regard to the Protection of States' Infrastructure as Well as...
-
Upload
quang-dao-vu -
Category
Documents
-
view
212 -
download
0
description
Transcript of GA1 - The Issue of Cyber Attacks With Regard to the Protection of States' Infrastructure as Well as...
1
Forum: 1st Committee (Disarmament and International Security)
Issue: The issue of cyber attacks with regard to the protection of
states’ infrastructure as well as state secrets
Student Officer: Isabelle Wachsmann ([email protected])
Position: Main Chair of the 1st Committee
1. Introduction to the Issue
Cyber attacks pose an escalating threat on national and private servers throughout
the world due to the international connectivity and the domination of computer-
controlled systems. Therefore the nations’ infrastructure is more vulnerable especially
in the areas of communication, transportation and power. Nations may have
developed and financed well-organized cyber-warfare programs to intervene in other
nations’ computer systems to gain states’ secrets or harm their infrastructure.
Governments and companies have been attacked by a rising number of cyber
aggressions from criminals, nation states and terrorist, who are seeking economic or
military advantage. Cyber-warfare is definitely as serious as the other spheres of
warfare (land, sea, air and space), since the origin of the cyber attacks are hard to
detect and its consequences can be severe, such as a complete breakdown of a
nation’s infrastructure. Those attacks can also lead to disruptions into daily lives of
civilians. “As computer networks collapse, factories and chemical plants explode,
satellites spin out of control and the financial and power grids fail.“1
2. Definitions of Key Terms
Cyber-warfare
There is no international definition of cyber-warfare, some experts even argue that
there is no such thing as cyber-warfare, but the commonly accepted definition
created by Clarke, a U.S. Government security expert is: “actions by nation-states to
penetrate another nation’s computers or networks for the purposes of causing
damage or disruption."2 This is mostly done by espionage and, sabotage in terms of
worms, viruses or Trojans.
Espionage
Cyber spying is the first step of a cyber attack to gain secrets without any permission.
It is also done by certain Trojans or spyware that infiltrate another network causing it,
1http://www.economist.com/node/16481504?story_id=16481504&source=features_box1
2http://en.wikipedia.org/wiki/Cyberwarfare
MUNDO 2013 Research Report
1st Committee | The issue of cyber attacks with regard to the protection of
states’ infrastructure as well as state secrets
MUNDO 2013
Research Report
2
for example, to be operated by other computers, controlled by the one leading the
cyber attack.
Sabotage
Sabotage is mainly used for disruption or even destruction of certain systems, in this
case computer controlled systems. This term is especially important when talking
about infrastructural damage.
Cyber deterrence
Term used to describe systems that should prevent cyber attacks.
Denial-of-service attack
The attempt to make a machine or network resource temporarily or indefinitely
unavailable to its intended users, such as bank websites or credit card payment
gateways.
SCADA (Supervisory Control and Data Acquisition)
Computer controlled systems that monitor industrial processes.
3. Background Information and UN Involvement
The United Nations actively started to discuss this topic in 1998 and also proposed
certain resolutions concerning this topic, which was also debated on in other
committees. In the following, the UN involvement will be presented.
In 1998 the draft resolution proposed by the Russian Federation was adopted as
resolution 53/70 in January 1999. Its key elements were:
• recognition of the military potential of information and communication technology
for the first time as well as an expression of concern about the use of such
technology – inconsistent with the objectives of maintaining international stability
and security;
• clarifying the need to prevent cyber-crime and cyber terrorism;
• inviting all member states to propose their opinion towards this topic.
Later draft resolutions were also all proposed by the Russian Federation to specify
the rather general resolution from 1999. In 2005 the proposed resolution3 was
adopted by many more votes, the USA being the only one voting against the
resolution. Furthermore the draft resolution was now not sponsored by Russia alone,
but also by the People‘s Republic of China as well as Armenia, Belarus, Kazakhstan,
Kyrgyzstan, Myanmar, Tajikistan, and Uzbekistan. This shows that there is a general
attitude to discuss this topic and raise awareness. Yet those nations all belong to the
Shanghai Cooperation Organisation which also proposed an "International code of
conduct for information security” to the Secretary-General of the UN to protect
against anything "harmful to the spiritual, moral and cultural spheres of other states"4.
3http://www.undemocracy.com/A-61-389.pdf
4Extract of the international code of conduct for information security
1st Committee | The issue of cyber attacks with regard to the protection of
states’ infrastructure as well as state secrets
MUNDO 2013
Research Report
3
Most important resolutions and conventions issued on this topic
53/70; 64/211; 55/63; 56/121; 62/17
World Summit on the Information Society in Geneva/Tunis in 2003/2005
Two widely accepted positions became visible when analyzing the topic. The US and
other Western states feared that the resolutions will constrain the freedom of the
internet by implementing censorship on certain website to protect national security.
The other position argues that censorship will be the only solution for protection.
Those two opinions clashed during debates.
4. Relevant events (there are more incidents than those listed):
2007: cyber attack on Estonia after the removal of a Russian WWII memorial,
ministry networks and two major bank networks were shut down, a letter of apology
was posted on the website of the Prime Minister of Estonia. The origin of this attack
was not found, even though the Russian Federation was accused.
Resulting from that NATO established a Cooperative Cyber Defence Centre of
Excellence (CCD CoE) in Tallinn, Estonia, in order to enhance the organisation’s
cyber defence capability. The centre was formally established on 14 May 2008, and it
received full accreditation by NATO and attained the status of International Military
Organisation on 28 October 2008. 5
2010: The Indian Cyber Army attacked Pakistani army network; Pakistani Cyber army
attacked India’s top investigating agency.
In September 2010: Iran was attacked by the Stuxnet worm, was suspected to be
specifically targeting its Natanz nuclear enrichment facility. The worm is said to be
the most advanced piece of malware ever discovered and significantly increases the
profile of cyber-warfare. Stuxnet is a great example to examine the consequences of
a worm, since Stuxnet did not just attack Iran’s nuclear program but also infiltrated
computers all around the world, since the consequences of cyber attacks are hard to
control.
5. Possible Solutions
As a first attempt, it can be proposed that a universal definition of cyber attack, cyber-
warfare is adopted by all member states to classify and properly deal with these
issues.
Organisations could be established to monitor international computer systems to
better control cyber attacks and achieve more transparency. Some nations will be in
favour of those controls and some will feel too supervised. Those organisations could
consist of IT experts, who are able to help those nations who do not have an
advanced cyber deterrence program. This program could also be funded by the UN
budget, including back-ups in case of attacks and for the hiring of experts. There
5http://en.wikipedia.org/wiki/Cyberwarfare
1st Committee | The issue of cyber attacks with regard to the protection of
states’ infrastructure as well as state secrets
MUNDO 2013
Research Report
4
could be a better international oversight of the internet, possibly leading to a feeling
of surveillance, at the personal, national as well as international level.
6. Helpful Links and Bibliography
For a general overview: http://en.wikipedia.org/wiki/Cyberwarfare
http://www.economist.com/node/16481504?story_id=16481504&source=features_
box1
http://www.guardsmark.com/files/computer_security/TLR_Oct_10.pdf
http://www.ists.dartmouth.edu/docs/cyberwarfare.pdf
http://www.un.org/documents/ga/docs/56/a56164.pdf
http://www.un.org/en/ecosoc/cybersecurity/maurer-cyber-norm-dp-2011-11.pdf
http://www.undemocracy.com/A-53-576.pdf
http://87.253.140.15/thimun/images/stories/downloads/HAGRESOLUTIONS/dis%2
02011.pdf
http://scholarship.law.duke.edu/cgi/viewcontent.cgi?article=1198&context=dltr&sei-
redir=1&referer=http%3A%2F%2Fwww.google.de%2Furl%3Fsa%3Dt%26rct%3Dj
%26q%3Dcyber%2520warfare%2520resolutions%26source%3Dweb%26cd%3D2
%26ved%3D0CEUQFjAB%26url%3Dhttp%253A%252F%252Fscholarship.law.du
ke.edu%252Fcgi%252Fviewcontent.cgi%253Farticle%253D1198%2526context%2
53Ddltr%26ei%3DZyjXUM39KJGL4gTQ-
YCIAw%26usg%3DAFQjCNFbYTXdOjcW735QNCNxZ5obHpR2rg%26bvm%3Db
v.1355534169%2Cd.bGE#search=%22cyber%20warfare%20resolutions%22
http://www.unidir.org/pdf/ouvrages/pdf-1-92-9045-011-J-en.pdf
http://belfercenter.ksg.harvard.edu/files/maurer-cyber-norm-dp-2011-11-final.pdf