Topic: Cyber Security

Transcription

1 1st DISEC Topic: October 24, 2015

2 Claire Jacobs Chairs Hello delegates, welcome to your first conference; Interclass. My name is Claire Jacobs and I am so excited to be one of your chairs for your first Model U.N. conference! I am a sophomore here at Huntington and am involved in Fellowship of Christian Athletes, Horizons club, National Honor Society, and Model United Nations along with club rowing outside of school. On any given weeknight I am most likely watching Netflix and petting my dog, and on any given weekend I am probably still watching Netflix and petting my dog. When I have free time I like to get outside and be active as well as hike whenever I can. I am looking forward to helping you all refine your diplomatic prowess and seeing outstanding performance in committee. Cassie Moan Hi delegates! My name is Cassie Moan and I will be one of your chairs for your first Model U.N. conference! I am a junior and have been apart of the M.U.N. program here at Huntington since freshman year. Besides for being involved in M.U.N., I play club volleyball at Seal Beach Volleyball Club, am a leader for ASL Honor Society, participate in charity events through National Honor Society and with my church, and am a member in clubs at Huntington like Homeless Club, American Cancer Society, and Architects and Engineers of the Future. During the week I spend most time doing homework or at practice for volleyball. My weekends are filled with going to the beach, doing more homework, or spending whatever time I can outside with my friends or family. Good luck delegates! I am excited to see you all achieve at your first Model United Nations Conference. interclass1stdisec@gmail.com Position Papers are due to your chairs on October 18th at 11:59 PM.

3 Background C yber security protects computers, private files, programs, data, and networks from unauthorized personnel, who may misuse, expose, or alter this information. Each year, there is about 556 million victims of cyber attacks.(i) Although details about almost anything can be found on the internet today, cyber security prevents private governmental, medical, corporate, military, and financial data from being shared. The two main types of cyber attacks are towards individuals/ groups and countries. Due to the many types of cyber attacks, innocent individuals and corporations are often attacked. Most times when average people are attacked, it is when hackers are trying to discover information about their victim, such as unlock passwords to bank accounts and personal data in order to commit identity fraud. In addition, when corporations are struck, hackers also want to expose secrets, destroy progress, or gain access to accounts. Healthcare and medical companies are most commonly hit by cyber attacks than any other industry. In contrast, countries are often attacked by terrorist groups, or by opposing countries, in order to unlock governmental secrets or construct more detrimental violations, like solving passwords in order to set off nuclear weapons. Although only about one to three percent of cyber attacks are indicated for cyber warfare, it is vital to keep in mind that millions of attacks happen each day. Keeping in mind that the United States, China, and Germany are a few of the top countries who originate cyber attacks, it is important for all countries to take cyber security seriously in order to prevent disasters that can result from cyber warfare.(ii) Furthermore, the United States is also the leading country when receiving attacks, thirty six percent of the time. Other countries behind the United States receive less than five percent of the attacks.(iii) Because information is so desired today, new ways getting around cyber security were found. Through computers and transmitters, confidential knowledge is sometimes not shared properly and is channeled unprotected which leads to cyber attacks. (iv) Cyber attacks are defined as unapproved hackers who break into systems and reveal information and use it for things like identity theft, stealing hardware, and uncovering passwords. (v) T hese actions are called cybercrimes and are against the law and punishable under various governments. Three of the most popular types of cyber attacks are malware, Distributed Denial of Service Attacks (DDoS), and Brute Force attacks. Malware, more formally known as malicious software, is most commonly a software that acquires access to your computer and destroys it without the owner s knowledge.(vi) DDoS is defined as who hackers make a program or online service not accessible by filling up the service with multiple sources at once.(vii) Brute Forces can be explained as softwares that unveil passwords to protected programs or computers by creating different combinations with characters.(viii) All of these diverse types of cyber attacks are not only targeted towards individuals, files, or corporations, but also towards clandestine agents and

4 sub national groups, which would be considered cyber terrorism.(ix) Due to cyber attacks, and cyber terrorism being so prevalent, cyber security is taken seriously at all levels and necessary for all to have. In 1988, the first recognized cyber attack took place after Robert Tapan was innocently trying to see how big the Internet was, and consequently created a virus that slowed down computers, and even made some unusable in the United States. Continuing into the early 21st century, simple viruses were sent internationally causing systems to fail on computers.(x) While the first cyber attack was a mishap and ones in later years were still relatively harmless compared to today, cyber attacks now are too common and frequent to be accidents. Over the years, more developments have been established in ways, such as creating alliances, documents, and holding meetings, to prevent cyber attacks.(xi) As rates of cyber attacks grow, the threats increase, and information continues to be exploited, the need for stronger cyber security is necessary as information internationally becomes more influential and valuable. UN Action In recent year, the threat of cyber terrorism and lack of cyber security has grown exponentially due to the massive influx of technological growth that was seen beginning in the 1980s. The United Nations has taken an active stance to discourage cyber attacks and establish international resolutions to come to consensus. The UN typically drafts and establishes these agreements with the General Assembly body First Committee of Disarmament and International Security (DISEC). the first major draft on the terms of cyber security came through the delegations of Japan and the United States in 2002 with the draft resolution A/C.2/57/L.10. This draft calls for all nations to recognize that effective cybersecurity is not merely a matter of government or law enforcement practices, but must be addressed through prevention and supported throughout society, through nine steps including awareness, responsibility, response, ethics, democracy, risk assessment, security design and implementation, security management, and reassessment.(xiv) Later in 2003, the General Assembly adopted A/RES/57/239 without vote, noting the need for the international community to address and reassess their government to prepare for the new globalized world bridged through cyberspace.(xv) Due to cyber attacks becoming increasingly frequent and powerful since first generated, organizations have been established towards combatting cyber attacks and improving cyber security measures. Since there is a variety of attacks and types of security systems, certain organizations focus on different aspects like information sharing forums and treaty based decision making bodies that are founded by countries.(xvi) For example, Information Systems Security Association (ISSA) is a non profit group who works with security professionals to gain knowledge for the community on cyber security matters like managing technology hazards, preserving information and infrastructure, and further gaining knowledge on cyber security.(xvii) ISSA stresses on reducing cyber attacks and heightening cyber security by working with a range of educated groups, providing all information they have through online newspapers, journals,

5 and more, and creating international conferences. In addition, another association by the name of Open Web Application Security Project (OWASP), has a goal of enhancing security softwares and helping individuals and other organizations make the correct decision on what system to use by making them understandable. Groups like OWASP are beneficial to those who do not comprehend cyber security as well as professionals, and ensure they have the necessities to keep private information safe.(xviii) Case Study: DPRK Threat On November of 2014, Sony headquarters in Los Angeles, California suffered an extensive hack into their system, locking more than 7,000 employees out of the system as their screens all diverted to a gruesome photo of their chief executives severed head. The company then shut down all computer systems internally and oversees leaving the Fortune 500 group without any technology at all. The hack lasted longer than a week and released more than 4,700 unique social security codes of employees. The advanced company was forced to purchase all technology over again revert to manual and outdated protocol and be virtually cut off from the rest of the market for a lengthy period of time before their network could be restored. This was the largest scale cyber attack ever seen on a private companies, with eleven terabytes of data being stolen from the Sony network. Authorities noted the fingerprints of both Iranian and Korean coding styles suggesting that the Democratic People s Republic of Korea could have responded to the creation of Sony s satirical movie The Interview on the assassination of Kim Jong Un with such a threat. Officially, North Korea denied the attack but praised it as a righteous act.(xix) FBI released a technical analysis of the malware. Apparently this malware had been used had been linked to other malware that the FBI knows North Korean actors previously developed. Similarities were found in specific encryption algorithms, data deletion methods, and compromised networks. (xx) Following the devastating attack the United States imposed sanction against the DPRK and those associated with it representatives of states including Russia, Iran, China, Sudan, and Namibia.(xxi) These sanctions are to prohibit 10 individuals and three organizations access to U.S. financial systems, including the DPRK s intelligence agency and a primary arms exporter. (xxii) Officially, this is the United State s first response to the attack however the government was unsuccessful in recovering the thousands of privates s, identities, celebrity aliases, and privates security codes lost from the attack. In 2014 more that 40% of the world had internet access meaning that million and millions of information codes are not only accessed but taken and malware grows to circulate as technology becomes more widespread.(xxiii) The major concern of the cyber attack is that it has the potential to go large scale, as Cory Bennett of The Hill recognizes a concern that now that we ve seen it once at Sony, it could potentially spread...it s not a large leap to go from to targeting Sony to targeting every IP address in the U.S meaning, the ability for this type of

6 malware to spread on a large scale basis is growing exponentially.(xxiv) Clearly, the issues of cyber security is only growing as the world becomes a larger platform for technological growth. Questions to Consider 1. Has your nation had to respond to any internal cyber attacks? If so, how? 2. As cyberspace lacks true borders, how can they be regulated between nations? 3. What defines an act of cyber warfare and how should cybersecurity be heightened to prevent them? 4. How can the international community lessen collateral damage that goes hand in hand with cyber attacks or acts of cyber terrorism? 5. If any, what are the penalties for cyber terrorism in your country? 6. What actions has your country taken to prevent cyber attacks within your own country? 7. What actions has your country taken to prevent cyber attacks internationally? 8. What is the different procedure when dealing with a individual cyber attacker versus a sovereign state? 9. Should governments have a role in cyber security, and if so what should that role be? 10. What is cyber warfare? How does it affect the international community? 11. As new technology emerges, what are some future security concerns regarding cyber attacks?

7 Works Cited i. Cyber Crime Statistic and Trends. GO GULF. Go Gulf, 17 May Web. 28 Sept. ii. Cyber Crime Statistic and Trends. GO GULF. Go Gulf, 17 May Web. 28 Sept. iii. The Impact Cyber Attacks Have On Us. Utica College. Utica College. Web. 28 Sept. iv.. University of Maryland University College. UMUC, Web. 28 Sept. v. Cyber Attack. Janalta Interactive Inc. Techopedia. Web. 28 Sept. vi. Security News. PC Tools. Symantec, Web. 28 Sept. vii. What is a DDoS Attack? Digital Attack Map. Arbor Networks, Inc., Web. 28 Sept. viii. Khanse, Anand. Brute Force Attacks Definition and Prevention. The Windows Club. The Windows Club. Feb. 26, Web. 28 Sept. ix. Rouse, Maragret. Cyberterrorism Definitions. Tech Target. Tech Target. Web. 28 Sept. x. Julian, Ted. Defining Moments in the History of Cyber Security and the Rise of Incident Response. Info Security. Reed Exhibitions Ltd., 4 Dec Web. 28 Sept. xi. Cyber Timeline. NATO OTAN. NATO Review Magazine,. Web. 28 Sept. xii. Julian, Ted. Defining Moments in the History of Cyber Security and the Rise of Incident Response. Info Security. Reed Exhibitions Ltd., 4 Dec Web. 28 Sept. xiii. Cyber Timeline. NATO OTAN. NATO Review Magazine,. Web. 28 Sept. xiv. United Nations general Assembly. Creation on a Global Culture of., 31 January United Nations. web. 28 September xv.united Nations General Assembly. Creation of a Global Culture of Cybersecurity Draft.,18

8 October United Nations. Web.28 September xvi. Cooney, Michael. Who Really Sets the Global Cybersecurity Standards? Network World. Network World, Inc., 3 August Web. 28 Sept. xvii. About ISSA. ISSA. Information Systems Security Association. Web. 28 Sept. xviii. OWASP. OWASP. Web. 28 Sept. xix. Musil, Steve. "Sony Hack Leaked 47,000 Social Security Numbers, Celebrity Data CNET." CNET. CNET, 4 Dec Web. 28 Sept. xx. "Sony Cyber attack: North Korea Faces New US Sanctions BBC News." BBC News. British Broadcasting Corporation, 3 Jan. Web. 28 Sept. xxi.laughland, Oliver, and Dominic Rushe. "Sony Cyber Attack Linked to North Korean Government Hackers, FBI Says." The Guardian, 19 Dec Web. 28 Sept. xxii. Miller, Zeke J. "U.S. Sanctions North Korea Over Sony Hack." Times Magazine. 2 Jan. 2015: n. pag. Web. 28 Sept. xxiii. "Internet Users." Number of (2015). N.p., n.d. Web. 28 Sept. xxiv. Hacking and Cybersecurity Threats. Prod. Nancy Calo. Perf. Cory Bennett. C NET, 2014.