Question of Cyber security Maria Paek (President)

Transcription

1 Question of Cyber security Maria Paek (President) Introduction The words cyber terrorism and cyber security have been floating around media headlines, recently thrust into heavy attention as large-scale hacker activities became increasingly frequent and widely publicized. Surely, when so much of our lives are dependent on the scopes of cyberspace, the mere notion of terrorist-induced internet meltdowns can be quite unnerving. And yet, the establishment of such terms as cyber terrorism and cybercrime is relatively recent, and there lacks a solid consensus on the definition of cyber security and cyber terrorism. Thus, it is necessary to fully address the fundamental, conceptual aspects of this issue and lay the groundwork for global cooperation in strengthening cyber security. Background Cyber security has recently garnered much global attention, especially due to increasing activities by hacker groups. Most notably, a group called Anonymous has been launching majorly publicized attacks on government sites of various countries, including Greece, US, Uganda, Israel, and etc. While Anonymous is hailed by some as freedom fighters and revolutionaries, it is at the same time denounced by some as a lynch mob. Also, in March 2013, banks and broadcast companies in South Korea were hacked, resulting in severe loss of data. The South Korean government claimed that North Korea was responsible, while the latter denies the accusation. Some of the earliest records of cyber-attacks date back to the 1990s. In 1996, a Massachusetts ISP (Internet Service Provider) was attacked by a self-proclaimed white supremacist who threatened to use the hacked ISP to send out worldwide messages containing racism. Since then, the internet has been used as a platform to wage attacks against various government sites, corporations, and individuals. Cyber security can involve a great range of topics, ranging from scams to An unofficial logo of the group Anonymous transnational cyber espionage. However, for the effectiveness of the debate and for the purposes of the committee, the Security Council of MUNiSC 2014 will examine cyber security in the following two areas: 1. Use of cyberspace for terrorist purposes, and 2. Cyber warfare. The first subtopic involves how terrorists use the internet extensively to promote their goals; the cyberspace can be an extremely useful tool either to spread their ideologies and incite violence, or to actually execute cyber-attacks targeted at governments and individuals. The second subtopic, Cyber warfare, has a larger scope and deals with governments and states engaging in cyber-attacks. Although these two topics focus on

2 different aspects of cyber security, they are not mutually exclusive; for example, when a state engages in cyber warfare against terrorists, both of these issues are involved. Thus, cyber warfare and use of cyberspace for terrorist purposes are two interrelated aspects of cyber security that should not be held separately. Use of cyberspace for terrorist purposes The Internet is a prime example of how terrorists can behave in a truly transnational way; in response, States need to think and function in an equally transnational manner -Ban Ki-moon, UN Secretary General There have been many incidents throughout history when terrorist groups as well as individual hackers have imposed threats to several countries national security through cyberattacks. The 2007 cyber terrorism on the government of Estonia is an important example of how cyber-attacks can inflict damage to sovereign nations. During this attack, Estonia s government websites and public services were taken by a massive wave of cyber-attacks led by a group of pro-kremlin activists. Regarding this incident, the Estonian Ministry of Defense stated: We've been lucky to survive this. If an airport, bank or state infrastructure is attacked by a missile, it's clear war. But if the same result is done by computers, then what do you call it? Is it a state of war? These questions must be addressed. The United Nations has been aware of the dangers and vulnerabilities of cyberspace, especially in the hands of terrorists, and the United Nations Office on Drugs and Crime (UNODC) published a report titled The Use of the Internet for Terrorist Purposes in September The publication identified several ways in which terrorists use the internet to promote their purposes. To start with, distribution of propaganda via the internet is a practical method used by terrorists to spread extremist ideology and recruit members. Because the internet by nature is not limited by place and time, it can make terrorist-sponsored multimedia contents accessible to a wide audience of potential and actual supporters. These contents include ideological justifications, images, videos, and messages through designated websites, SNS, and virtual chat forums. However, despite the obvious intention of such propaganda, it is hard to combat because spreading propaganda in itself is not against the law, in accordance to international law regarding the right to freedom of speech and expression. Even though exceptions to this right exist (such as when the content may threaten national security or promote violence against certain groups of people), differentiating between ill-willed propaganda and expression of a An issue of the Inspire magazine

3 controversial opinion can be very subjective. Members of a terrorist group, or aspiring members, can receive practical training through internet platforms, which distribute information containing specific technical knowledge regarding explosives, weapons, executing an attack, joining a terrorist organization, and etc. These learning materials can also cover instructions on how to encrypt messages and strengthen anonymity to avoid detection. Online magazines, such as the reportedly-al-qaeda-backed Inspire, can add to these training purposes. The Inspire magazine contains detailed instructions about devising terror attacks, such as How to make a bomb in the kitchen of your mom, and also offered translated messages from Osama bin Laden. The suspects of the deadly Boston marathon bombing in April 2012 were reported to have gained knowledge and information from the magazine to plan and execute their act. Besides from training, the actual planning of terrorist attacks also heavily depends on the internet. Since members of a terrorist cell are often geographically scattered, it is crucial for terrorists to communicate with each other via the internet and organize their agenda. The 9/11 attacks, for instance, involved a great deal of preparation and communication on the web. Mohamed Atta, the leader of the 19 hijackers involved in the terror, sent his final message to the rest of the group through a shared, anonymous account, which read: The semester begins in three more weeks. We ve obtained 19 confirmations for the studies in the faculty of law, the faculty of urban planning, the faculty of fine arts, and the faculty of engineering. 19 confirmations meant 19 participants, and each faculty indicated each of the four targets of the attack. Cyber Warfare Cyber-terrorism and cyber warfare are similar in that both involve cyber-attacks motivated by political intentions. However, cyber warfare exceeds the scope of cyber-terrorism since it involves operations initiated by governments and nation-states. The United States, Russia, China, Iran, and North Korea are some of the active players in today s cyberspace, and cyberattacks are becoming increasingly frequent on a transnational level. One of the biggest instances of cyber warfare so far was the Stuxnet worm attack against Iran in % of the infected computers worldwide were in Iran, and Iran s nuclear program was set back at least two years. Due to the enormous scale and complexity of the virus, major international digital security firms such as Kaspersky Lab suggested that the attack was coordinated by a state, or at least with state support. The United States and Israel have long been suspected of co-creating the Stuxnet worm code in order to deter the progress of Iranian nuclear facilities, although both states deny the accusation. Also, in 1998, infiltration of computer systems was detected at Pentagon, NASA, US Department of Energy, and other research institutions in the United States. Sensitive information on troop arrangements, military maps, and missile systems was leaked, and the source of the attacks was traced back to Russia, which denies any involvement in the attack. In order to launch countermeasures against cyber offensives, nations have also resorted to cyber-attacks against other states. Another notable example is the explosion of Siberian gas pipelines during the Cold War in When the United States discovered that the Soviet Union had been stealing technology from the West, the CIA came up with an operation and planted a

4 Trojan virus program in a software which was later stolen by the Soviet Union that was unaware of the virus. The Trojan program tweaked the operating logics of the Siberian pipeline and led to a colossal explosion that was even able to be seen from the space. Highly successful and yet involving no casualties, this operation was kept secret by the United States until the CIA approved public disclosure in As demonstrated in the above examples, nations have already been engaged in cyberattacks which could possibly be considered as cyber warfare. Cyber warfare is attractive to nation-states because it is extremely cost-effective and is not limited to geography; thus, cyber capacity has become a key aspect of a country s military power. However, because of the lack of universal agreements and laws on cyber warfare, what constitutes as cyber warfare and whether a cyber-attack can justify retaliation with force are still debated. International Responses The Tallinn Manual As cyber security is becoming a critical aspect of international peace and security, nations around the world have stepped up measures to enhance cyber security and promote global cooperation regarding the issue. In May 2013, NATO has published the Tallinn Manual, a guideline on the application of existing international laws to cyber security. Although it is an unofficial document of experts opinion, the Tallinn Manual establishes that highly destructive cyber-attacks aimed at a particular state is tantamount to an armed attack and thus, under qualifications, can justify the victim state to resort to self-defense that utilizes cyber and/or military attacks. The Tallinn Manual has generally been well-received by Western countries such as the United States and the United Kingdom. On the other hand, Russia is more reluctant, concerned that the manual may be a step in legitimizing cyber warfare. Trends in cyber-attack countermeasures

5 United States of America The US government recognizes the importance of cyber security and the need for setting international norms upon the matter. The United States Cyber Command, subunit of the United Nations Strategic Command, is in charge of US cyberspace operations and defending US military networks. Cyber security is a sensitive topic between the United States and China since both of them have allegedly led cyber-attacks against each other, and so is the case for US and Russia. GCHQ, Britain s security agency Public attention over cyber security in the US is also on the rise. A recent exposé by Edward Snowden, a former NSA (National Security Agency an intelligence agency under the US government) worker, claimed that the US government has extensive hacking operations worldwide, especially in mainland China. Snowden also revealed that the US government has been monitoring civilians phone and internet usage. This not only caused widespread public alarm, but also brought up the important question: Should privacy be sacrificed to achieve cyber security? If so, to what extent? United Kingdom The United Kingdom has also been trying to strengthen its cyber power and the ability to defend itself against cyber-attacks and cyber-terrorism. UK s Government Communications Headquarters (GCHQ) announced that Britain encounters at least 70 sophisticated cyber-attacks per month, with the government being the most frequent target. Security Service MI5, Britain s national security agency, states that many of the attacks are identified to have originated from foreign states, whose names remain undisclosed. Regarding the threat of cyber-attacks on a national scale, GCHQ director Sir Iain Lobban stated that In the near future, some Western country is likely to face a catastrophic and deliberate cyber-attack mounted against its critical infrastructure and this will result in include human casualties and that governments must pursue a suitable balance between offensive and defensive policies. Britain is also a pioneer in combatting terrorist activities in cyberspace; it passed legislation that specifically deals with the use of the internet by terrorists. The Terrorism Act enacted in 2006 criminalizes the act of supporting and assisting terrorism through the internet. Russia Along with the United States, Russia also has a long tradition of extensive state-led cyber operations. Russia has a high cyber warfare capacity, and it recognizes the importance of developing both defensive and offensive measures. Russia s intelligence services are heavily involved in the nation s cyber security, and the government has not been hesitant to launch cyber-attacks against other nations in the past. Russia and the US have been cyber-threats to each other since the Cold War era; both countries have sought to extract information from each other in the past through cyber-attacks and cyber espionage. Although relations between Russia and

6 the US have improved since the Cold War, cyber-security still remains a sensitive issue between these two nations. China China s Defense Ministry established the Cyber Blue Team to strengthen internet security and protect the military from external cyber-attacks. While China enforces its domestic cyber security through rigid internet censoring and is relatively strict about deterring internet activities that may threaten internal peace, it is at the same time accused of hacking operations against other countries, especially the United States. The US accuses China of stealing classified industrial as well as military information. North Korea North Korea has long been accused of various cyber-attacks especially targeted at South Korea, although it denies any involvement. In 2009, a massive wave of cyber-attacks was launched against major government agencies in South Korea and the United States. North Korea was suspected, but there was not enough evidence to conclusively determine the culprit. Additional attacks against South Korea in 2011 and 2013 are also believed to have been caused by North Korea or its sympathizers. UN Involvement The United Nations Security Council Counter-Terrorism Committee, which was established in 2001 in response to the 9/11 terror attacks, recognizes that the internet can be a platform for terrorists to achieve their goals. In a report titled Countering the Use of the Internet for Terrorist Purposes, the committee emphasized the transnational nature of cyberterrorism and recommended member states to work towards a common approach in dealing with cybercrime and adopt existing regional legislations such as the Commonwealth Model Law on Cybercrime and the Council of Europe Convention on Cybercrime. Another notable attempt in addressing the issue of cyber security was directed by the United Nations Institute for Disarmament Research, which published an assessment of national doctrines regarding cyber security. The report, titled Cybersecurity and Cyberwarfare, identifies specific countries with highly developed military doctrines regarding cyber warfare and discusses the countries stances on cyber warfare. Regarding cybercrimes and cyber security on a broad sense, resolutions (64/211, 58/199, etc.) have previously been adopted by the General Assembly and ECOSOC, but these resolutions are very general and incomprehensive, as they merely encourage member-states to foster a global culture of cyber security. Thus, in reality, the United Nations has yet to be actively involved with the issue of cyber security and cyber-terrorism. The United Nations does, however, condemn terrorism in all its forms, which would include the use of internet to promote terrorism. Security Council resolution 1963 shows concern at the increased use, in a globalized society, by terrorists of new information and communications technologies, in particular the Internet, for the purposes of the recruitment and incitement as well as for the financing, planning and preparation of their activities. Also, resolution 1624 adopted by the Security Council in 2005 strongly condemns the justification and

7 incitement of terrorism and urges nations to take necessary measures prevent such acts. Possible solutions Since terrorist groups in today s digital age depend on the internet more than ever before, detecting and blocking terrorist networks online will serve as one of the most effective, viable solutions in dealing with terrorist activities on cyberspace. However, the transnational scale of terrorist networks presents a challenge to individual nations, since the jurisdiction of terrorist activities online is difficult to determine. Also, a fine line has to be drawn in order to distinguish what constitutes a violation of peace and what constitutes freedom of expression. The UN Counter-Terrorism Committee recommends that member-states promote transnational cooperation in order to combat cyber-terrorism by adopting existing regional legislations. Also, international agreements on the basic definitions of terms regarding cyber security must be established in order for global cooperation to have a lasting effect. The Global Cybersecurity Agenda set forth by the International Telecommunication Union, an agency of the UN that specializes in global IT (information technology) concerns, is an example of how international cooperation may be achieved. The agenda aims to create cybercrime legislation that is globally applicable and to assist developing countries in understanding the importance of cyber security. The International Telecommunication also works closely with the International Multilateral Partnership Against Cyber Threats (IMPACT), a UN-backed alliance with the purpose of strengthening the international community s cyber security and its ability to defend against cyber threats. As can be seen, sprouting efforts are being made to deter the threats of cyber-terrorism by international alliances and organizations. On the other hand, cyber warfare, which directly concerns individual nations, is a more delicate issue and thus should be taken more cautiously. Although it would be very difficult to reach binding international agreements regarding cyber warfare at the current stage, helpful steps in addressing this issue would include elaborating on existing international law regarding conventional war so that it can be effectively applied to cyber warfare. The Tallinn Manual is an example of how cyber warfare may be approached. Although it is an advisory opinion and not an official agreement, the Tallinn Manual suggests that cyberattacks on a nation can qualify as an armed attack if the damages incurred are large enough, which can justify the victim state to resort to self-defense through force. However, this idea must be considered with caution, since it may result in indiscriminate use of force by one state in response to cyber-threats from another state. Timeline 1982 CIA plants a virus in Russia s Siberian pipeline, which causes a massive explosion with no casualties.

8 1996 Massachusetts ISP (Internet service provider) is attacked by a self-proclaimed white supremacist who threatened use the hacked ISP to send out worldwide messages containing racism /11 terror 2006 Britain enacts the Terrorism Act that includes provisions regarding the use of internet for terrorist purposes. July 2007 In the United Kingdom, Younes Tsouli, Waseem Mughal, and Tariq al-daour are sentenced to imprisonment for ten years, seven and a half years, and six and a half years, respectively, for inciting terrorism via the internet South Korea and the US receive cyber-attacks allegedly from North Korea Iran is targeted by a wave of Stuxnet virus attacks which sets back its nuclear program at least 2 years China confirms the existence of its Cyber Blue Team Another set of cyber-attacks, presumably from North Korea, target South Korean government agencies and banks. January 2012 Hacking of Israeli websites release credit card information of thousands of Israeli citizens. Marcy 2013 Banks and broadcast companies in South Korea are hacked by North Korea. May 2013 Experts from NATO publish the Tallinn Manual. June 2013 The US and China hold summit talks which include cyber security as one of the top agendas. Glossary Cyberspace The virtual realm, created by online networks, that enables individuals to interact with each other and create, share, and distribute data. Cybercrime Any illegitimate behavior committed on, or with the help of, cyberspace; this may range anywhere from scams to cyber-attacks on a transnational level. Cyber-terrorism Cyber-terrorism can hold two meanings: 1. the act of manipulating cyberspace and dismantling computer networks to such an extent that actual, physical lives are threatened, or damage is so severe that it generates fear. (ex: a military s cyber network is attacked by an enemy). 2. the use of cyberspace by terrorists to promote their purposes (ex: spread propaganda, distribute instructions, etc.)

9 Cyber espionage Literally spying via online networks, in order to extract valuable information, whether it is commercial or national Cyber Warfare Any action by a nation-state to penetrate another nation s computer networks for the purpose of causing some sort of damage Online acts of espionage and security breaches acts done to obtain national material and information of a sensitive or classified nature through the exploitation of the internet (eg. exploitation of network flaws through malicious software) Sabotage the use of the internet by one nation to disrupt online communications systems and another nation state (eg. military communication networks) with the intent to cause damage and disadvantage Attacks on SCADA (Supervisory Control and Data Acquisition) networks and NCIs (Nuclear Control Institute) Hacker An individual who alters or damages computer programs and networks to gain unauthorized access to information Tallinn Manual A guideline written by experts from the NATO on the application of existing international laws to cyber security Propaganda Spreading an ideology in a biased, often provocative manner in order to gain sympathizers and supporters.

10 Works Cited Chernenko, Elena. "Russia Warns against NATO Document Legitimizing Cyberwars." Russia Beyond The Headlines. N.p., 29 May Web. 19 Aug < mizing_cyberwars_26483.html>. Corera, Gordon. "Britain 'under Attack' in Cyberspace." BBC News. BBC, 01 July Web. 19 Aug < "Cyberwarfare." Cyberwarfare. United Nations Interregional Crime and Justice Research Institute, n.d. Web. 19 Jan Denning, Dorothy E. "CYBERTERRORISM - Testimony before the Special Oversight Panel on Terrorism Committee on Armed Services, U.S. House of Representatives." Georgetown University, 23 Apr Web. 19 Aug < Financial News, Breaking US & International News Reuters.com. Thomson Reuters, 24 Sept Web. 29 Sept < Gordon, Sarah, and Richard Ford. Cyberterrorism? Publication. Cupertino: Symantec Corporation, Web. 19 Aug < HANLON, MICHAEL. "Attack of the cyber terrorists Mail Online." Home Mail Online. Associated Newspapers Ltd, 24 May Web. 29 Sept < "Infosecurity - MI5 and GCHQ: Britain facing 70 advanced cyber attacks per month." Infosecurity - the online magazine dedicated to the strategy and technique of information security. N.p., 2 July Web. 29 Sept < "ITU Activities Related to Cybersecurity." ITU Activities Related to Cybersecurity. International Telecommunication Union, 14 Aug Web. 19 Aug < "Kaspersky Lab provides its insights on Stuxnet worm." Kaspersky Lab US Antivirus & Internet Security Protection Software. Kaspersky Lab, 24 Sept Web. 29 Sept < ights_on_stuxnet_worm>. Lewis, James A. Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats. Rep. CSIS (Center for Strategic & International Studies), Dec Web. 19 Aug

11 < Lewis, James A., and Katrina Kimlin. "Preliminary Assessment of National Doctrine and Organization." Cybersecurity and Cyberwarfare (2011): 36. UNIDIR : Publications. Web. 29 Sept Maclean, William. "UPDATE 2-Cyber attack appears to target Iran-tech firms Reuters." Business & Mundie, Craig. "A Global Response to Cyber-terrorism." The Economist. The Economist Newspaper, 20 Nov Web. 19 Aug < "NATO research team calls Stuxnet attack on Iran an 'act of force'." Home / News. Autonomous Nonprofit Organization TV-Novosti, 26 Mar Web. 29 Sept <rt.com/news/act-force-iran-cyberattack-831/>. Nouri, Lella, and Andrew Whiting. "What Is Cyberterrorism?" Cyberterrorism-project.org. Swansea University, Web. 19 Aug < Pototsky, Dan. "US, Russia, China Meet to Tackle Cyberterrorism." Russia Beyond The Headlines. Russia Beyond the Headlines, 07 June Web. 19 Aug < rism_26867.html>. Russell, Alec. "CIA plot led to huge blast in Siberian gas pipeline - Telegraph." Telegraph.co.uk - Telegraph online, Daily Telegraph, Sunday Telegraph - Telegraph. Telegraph Media Group, 28 Feb Web. 29 Sept < "The Tallinn Manual." CCDCOE.org. NATO, Web. 19 Aug < "Terror on the Internet: Questions and Answers." United States Institute of Peace. USIP, n.d. Web. 19 Aug < "The Warnings? Cyber War! FRONTLINE PBS." PBS: Public Broadcasting Service. WGBH Educational Foundation, 24 Apr Web. 29 Sept < "US-China Cyber Security Working Group Meets." BBC News. BBC, 09 July Web. 19 Aug < Weimann, Gabriel. "The Journal of International Security Affairs How Modern Terrorism

12 Uses the Internet." How Modern Terrorism Uses the Internet Spring (2005): n. pag. The Journal of International Security Affairs How Modern Terrorism Uses the Internet. Securityaffairs.org, Web. 19 Aug < What constitutes a cyber attack? : Information Management : Public Safety NEC." NEC Global. NEC Corporation, n.d. Web. 29 Sept < >. Zheng, Limin. "Defense Ministry Clarifies "Cyber Blue Team"" CCTV News. CCTV, 26 May Web. 19 Aug <