VIENNA MODEL UNITED NATIONS CLUB



Similar documents
Cybersecurity & International Relations. Assist. Prof. D. ARIKAN AÇAR, Ph.D. Department of International Relations, Yaşar University, Turkey.

Cybersecurity. Canisius College

Harmful Interference into Satellite Telecommunications by Cyber Attack

Cyberterror. Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states.

The main object of my research is :

Research Note Engaging in Cyber Warfare

Cyber defence in the EU Preparing for cyber warfare?

UNCLASSIFIED. Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI. June 15th, 2015

Cyber Diplomacy A New Component of Foreign Policy 6

ESTABLISHING A NATIONAL CYBERSECURITY SYSTEM IN THE CONTEXT OF NATIONAL SECURITY AND DEFENCE SECTOR REFORM

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

Trends Concerning Cyberspace

the Council of Councils initiative

"Cyber War or Electronic Espionage - Active Defense or Hack Back" David Willson Attorney at Law, CISSP Assess & Protect Corporate Information

Offensive capabilities

NATO & Cyber Conflict: Background & Challenges

RUSSIA CHINA NEXUS IN CYBER SPACE

Andrzej Kozłowski Research Fellow Casimir pulaski Foundation. The cyber strikes back the retaliation against the cyberattack

Cyber Security Summit China and Cyber Warfare Desmond Ball 25 July 2011

Confrontation or Collaboration?

Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

The UK cyber security strategy: Landscape review. Cross-government

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

Cyber Security Strategy for Germany

2 Gabi Siboni, 1 Senior Research Fellow and Director,

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28),

New Battlegrounds: The Future of Cyber Security and Cyber Warfare

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

Cyberspace Situational Awarness in National Security System

Cyber Security Strategy of Georgia

WRITTEN TESTIMONY OF

Foreign Affairs and National Security

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

NATIONAL DEFENSE AND SECURITY ECONOMICS

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Inhibition of an Arms Race in Outer Space

CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES

ARI 26/2013 (Translated from Spanish) 17 September Cyber cells: a tool for national cyber security and cyber defence

Estonia 2007 Cyberattakcs

Panel 3: Applicability of International Law to Cyberspace & Characterization of Cyber Incidents

What is Cyber Liability

Cybercrime: risks, penalties and prevention

New York State Energy Planning Board. Cyber Security and the Energy Infrastructure

A Community Position paper on. Law of CyberWar. Paul Shaw. 12 October Author note

Cedric Leighton, Colonel, USAF (Ret) Founder & President, Cedric Leighton Associates

A Reluctant Cyber Security Agreement between the US and China

Question of Cyber security Maria Paek (President)

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

United States Cyber Security in the 21st Century

STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

UN Emergency Summit on Cyber Security Topic Abstract

Session 9 Cyber threats in the EU s and NATO s new strategic context General Kees Homan: Introduction Political cyber attacks

Advanced & Persistent Threat Analysis - I

TLP WHITE. Denial of service attacks: what you need to know

Home Security: Russia s Challenges

ODUMUNC 39. Disarmament and International Security Committee. The Future of Cyber Intelligence. By: Joseph Espinoza

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS

Security concerns and the desire to reduce fossil fuel emissions have led the United Nations to take up the topic of nuclear power.

CYBER WARFARE AN ANALYSIS OF THE MEANS AND MOTIVATIONS OF SELECTED NATION STATES INSTITUTE FOR SECURITY TECHNOLOGY STUDIES AT DARTMOUTH COLLEGE

working group on foreign policy and grand strategy

As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended

Protecting Organizations from Cyber Attack

Public Private Partnerships and National Input to International Cyber Security

Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy

Identifying Cyber Risks and How they Impact Your Business

A Detailed Strategy for Managing Corporation Cyber War Security

Theme: The Growing Role of Private Security Companies in Protecting the Homeland.

The Implication of TMD System in Japan to China s Security

Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa

The virtual battle. by Mark Smith. Special to INSCOM 4 INSCOM JOURNAL

Seoul Communiqué 2012 Seoul Nuclear Security Summit

THE CRITICAL ROLE OF EDUCATION IN EVERY CYBER DEFENSE STRATEGY

Cyber Security and the Canadian Nuclear Industry a Canadian Regulatory Perspective

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE;

EU Cybersecurity: Ensuring Trust in the European Digital Economy

Five Principles for Shaping Cybersecurity Norms

Cybersecurity and the Romanian business environment in the regional and European context

Roles and Responsibilities of Cyber Intelligence for Cyber Operations in Cyberspace

Attackers are highly skilled, persistent, and very motivated at finding and exploiting new vectors. Microsoft Confidential for internal use only

Transcription:

VIENNA MODEL UNITED NATIONS CLUB STUDY GUIDE APRIL SESSION 2013 CYBER SECURITYAND CYBER WARFARE 1

INTRODUCTION With anever-increasingnumber of technological improvements and the expansion of online services in the past two decades, the issue of cybersecurity has rapidly moved to the top of the agenda in national and international politics. Nowadays it is an issue not only relevant to the private sector and the individual consumer, but especially to all sorts of state actors. The term cyber security covers everything from cyber crime to cyber warfare; everything from the mischief an adolescent hacker can do to an individual s computer to the risk that skilled individuals could from cyber space critically disrupt or destruct a digital infrastructure. Cyber warfare, cyber terrorism, cyber espionage and cyber activism challenge the existing technological capabilities, the nature of the free internet and the modes of cooperation in the international system. Moreover, they cause huge losses for businesses and the economy as a whole and manage to steal sensitive data of government organisations. Some analysts have labelled cyber attacks as the war in the fifth dimension or fifth domain. Beyond land, sea, air and space the cyber world has become a new hot-spot for a variety of conflicts between companies and between governments. Simultaneously, others have called it the new cold war implying on the one hand the vast potential for serious confrontations between certain countries, most notably China and the U.S., and on the other hand the deliberate omissions to explicitly single out the states responsible for cyber attacks in order to avoid direct confrontations and a diplomatic impasse. Nonetheless, cyber security has certainly become a serious concern in international politics and was addressed at several conferences where lawmakers and key stakeholders from the private sector have become increasingly involved in the debates about how to tackle the threats stemming from malpractice in the digital world. The topic was also an integral part of the Douville G-8 summit agenda in 2011. Still the most important discussions have taken place on a bilateral basis so far. Thus there remains the need to find a solution on a multilateral basis in order to find international agreements that allow to deal with the issue appropriately and that provide the necessary legally binding provisions for state and non-state actors operating in the global cyberspace. The targets of cyber attacks From the government agencies to the International Olympic Committee and news media - nearly anything can or has already fallen prey to cyber attacks.even well protected security infrastructure such as the Pentagon seems to be vulnerable as has been revealed by a massive cyber attack in 2008 and in 2011 when approximately 24,000 files were abstracted. Apart from high profile breaches against industrial, financial and governmental targets, it is small companies, which have increasingly become the victims of targeted cyber attacks due to the fact that their security measures can often be considered rudimentary compared to those of large enterprises. The main goal of attacks against the private sector is to gain intellectual property (industrial espionage), whereas attacks against government agenciesaim for strategic intelligence, sensitive security data or in general the disruption or destruction of private and publicnetworks. Alternatively, cyber attacks in the form of so-called hacktivism (e.g. Anonymous)have also become a new way of protest and civil disobedience. An EU study conducted by the European Network and Information Security Agency analyzed more than 140 reports from the security industry and other organizations. It concluded that the top threats could be categorized in 6 areas: mobile computing, social technology, critical 2

infrastructure, trust infrastructure (defined as any information system that provides strong authentication and aims at establishing a trusted, secure connection between two end points. ), cloud computing and big data. Furthermore, it pointed out that particularly the threats to trust infrastructure and mobile computing are on the rise. Typical targets of cyber attacks include electrical grids, telecommunication systems, web servers, enterprise information systems, media corporations and newspapers (lately for instance France 24 and the NYT), banks, corporations in the technology sector but also in the construction sector or even agriculture, satellite systems, pipelines, air traffic control systems, water systems, ministries and other organizations affiliated with governments as well as non-governmental organizations. If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. Bruce Schneier (American computer security specialist) Prominent cyber attacks The Original Logic Bomb:in 1982 a computer control system stolen from a Canadian company by Soviet spies caused a Soviet gas pipeline to explode. The code for the control system had been previously modified by the CIA, which had been tipped off, to include a logic bomb, i.e. a piece of code that changes the workings of a system, which changed the pump speeds to cause the explosion. An air force secretary describe d it as the most monumental non-nuclear explosion and fire ever seen from space. Titan Rain: the name given by the FBI to a series of coordinated attacks on American computer systems since 2003ongoing for at least three years. It was discovered that several sensitive private and public computer networks were infiltrated by the hackers, such as those at Lockheed Martin and NASA. Not only was military intel and classified data stolen, but also thousands of zombified machines, i.e. computers infiltrated by malicious software that can be activated later, were left behind. Titan Rain is considered the largest state-sponsored cyberattacks in history, said to have been organized or supported by the Chinese government. Cyberattacks on Estonia: a series of well-planned cyber attacks began on 27 April 2007 and swamped websites of Estonian organizations, including Estonian parliament, banks, ministries and broadcasters, amid the country s row with Russia about the relocation of a Soviet statue. Due to the sophistication of the attacks it was claimed that the Russian government had assisted in orchestrating the attacks. Among others Nashi, a nominally independent pro- Kremlin youth group, has taken responsibility for the incident. Some argue that it may have been the second-largest instance of state-sponsored cyber attack, following Titan Rain. Stuxnet: in 2010 the Stuxnet worm temporarily knocks out some 1000 centrifuges at Iran s Natanz nuclear facility, causing considerable delay to that country s uranium enrichment programme. Allegedly the highly sophisticated worm was plantedmanually by a flash driver into at least one computer connected to the network. In June 2012, The New York Times reports that the U.S. and Israel developed the worm. Flame: another complex malware responsible for data loss incidents at Iran s oil ministry in 2012. It was allegedly developed by the U.S. and Israeli governments to collect intelligence about Iran s computer networks that would facilitate future cyberattacks on computers used in that country s nuclear fuel enrichment program. It was also planted manually into the network. DDoS attacks on U.S. banks: the U.S. accuses Iran of staging a massive wave of denial-ofservice attacks against U.S. financial institutions in 2012. Defense Secretary Leon Panetta warns of cyber threats against critical infrastructure and calls for new protection standards. Korean cyber war: Already in 2009 and 2011 North Korea has been blamed for cyber raids against South Korean organizations. On 15 March, North Korea s KCNA news agency accused the US and its allies of large-scale hacking attacks on its internet servers. Later in 3

Marcharound 32,000 South Korean computers at banks and broadcasters were affected by a cyber attack. Even though the attack could be traced back to a Chinese IP address officials emphasized that this did not reveal who was behind the attack, as hackers can route their attacks through addresses in other countries to obscure their identities. North Korea is suspected to have staged the attack amid rising tensions on the Korean peninsula. International agreements International law regarding real warfare developed within a 150 years. This raises the question whether these regulations could be used in matters of online-warfare. A genuine legal framework, a jus ad bellum and jus in bello, is still missing for cyber warfare. The Working Group on Internet Governance, established by the United Nations based on a recommendation from the World Summit on the Information Society, was initiated to agree upon the future Internet Governance. Technical, policy, economic, institutional, as well as legal perspectives were taken into consideration. Two different approaches dominated the debates at the summit. Whereas one side argued for the development of genuine cyber-law since speed and volume of Internet cross-border communication hinders the enforcement of existing legal rules, the other side argued that the Internet is in fact not conceptually different from previous telecommunication technologies. Consequently, existing legal rules could be applied to the Internet and as far as global regulation is concerned, the most efficient option would be the harmonization of national laws, resulting in the establishment of one set of equivalent rules at the global level. The Working Group has fulfilled its duty to give recommendations for the next World Summit on the Information Society. But unfortunately a consensus regarding concrete measures could not be found. For the time being, bilateral agreements are the most common solution for cyber security regulations, like the new security pact of the UK with India. A group of international lawyers, working in conjunction with the International Committee of the Red Cross and the US Cyber Command, has now published a book on the subject. The group of experts was invited to draw up the handbook by NATO s Co-operative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, where the centre was established in 2008 following a wave of cyber-attacks on the Baltic state from inside Russia. The experts explained that existing laws broadly apply to cyberspace. The Tallinn manual contains 95 black letter rules. However, it is no official NATO document or policy but an advisory manual. Among other things it stipulates that cyber attacks led by governments must avoid sensitive civilian targets such as hospitals, dams, dykes and nuclear power stations. The manual also states that hacktivists who participate in online attacks during a war can be legitimate targets even though they are civilians. The manual suggests proportionate countermeasures against cyber attacks carried out by a state are permitted. Such measures cannot involve the use of force, however, unless the original cyber-attack resulted in death or significant damage to property. Rule seven of the manual also states that if an online operation originates from a government network, "it is not sufficient evidence for attributing the operation to that state but is an indication that the state in question is associated with the operation". Furthermore, it says that, in accordance with Geneva conventions, attacks on certain key civilian sites are outlawed, for instance hospitals and medical units, which are also protected under rules governing traditional warfare. International Involvement United Nations: At the UN level the International Telecommunication Union, is a specialized agency, is responsible for issues that concern information and communication technologies. Its main task include coordinating the shared global use of the radio spectrum, promoting international 4

cooperation in assigning satellite orbits, improving telecommunication infrastructure and assisting in the development and coordination of worldwide technical standards. Following an initiative by the Malaysian Prime Minister a comprehensive public-private partnership against cyber threat led to the creation of the International Multilateral Partnership Against Cyber Threats, the first United Nations-backed cybersecurity alliance. Since 2011, after signing a cooperation agreement at the World Summit on the Information Society, IMPACT serves as the cybersecurity executing arm of the International Telecommunication Union. IMPACT is tasked with the responsibility of providing cyber security assistance and support to ITU s 193 Member States and also to other organisations within the UN system. IMPACT was massively supported with resources coming from the industry giants such as Kaspersky Lab and Symantec Corporation. United States of America: The new United States military strategy makes explicit that a cyber attack is a casus belli for a traditional act of war. William J. Lynn, former U.S. Deputy Secretary of Defense, states that as a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain in warfare which has become just as critical to military operations as land, sea, air, and space. In 2012 the then Secretary of Defense Leon E. Panetta warned of the possibility of a cyber- Pearl Harbor. Furthermore, he stressed that the US won t succeed in preventing a cyberattack through improved defenses alone. The new Secretary of Defense Chuck Hagel has promised to prioritise cyber security at the Pentagon. President Barack Obama declared America's digital infrastructure to be a strategic national asset. Therefore in May 2010 the Pentagon established the US Cyber Command (USCYBERCOM) to defend American military networks and built up capabilities for offensive moves against other networks. In June 2012 the New York Times reported that President Obama had ordered the cyber attack on Iranian nuclear enrichment facilities. President Obama last fall signed a classified directive that requires an imminent or ongoing threat of an attack that could result in death or damage to national security before a military cyber-action can be taken to thwart it. Senior administration officials stress that under the new Obama directive, they would use law enforcement or diplomatic means before turning to military cyber warfare. The order does not alter the rules for intelligence agencies covert use of cyber-operations. The United States has already used cyber attacks for tactical advantage in Afghanistan. There have also been lots of other cyber warfare activities regarding the US. For example in 1982, a computer control system stolen from a Canadian company by Soviet spies caused a Soviet gas pipeline to explode. The code for the control system had been modified by the CIA to include a logic bomb which changed the pump speeds to cause the explosion. According to the NYT the US was also involved in developing Stuxnet to attack Iran. Currently, the main opponent in cyber warfare are said to be Chinese state and non-state actors where most attacks on American systems originate from. An American computer security company reported in March 2009 that it had detected 128 acts of cyberagression per minute coming from Internet addresses in China. The Department of Defense was the main target of these attacks. United Kingdom: In February the UK signed a new security pact with India as a countermeasure against the Chinese cyber-threat. The United Kingdom has also set up a cyber-security and operations centre based in Government Communications Headquarters (GCHQ). The UK government's National Security Strategy of 2010 is titled A Strong Britain in an Age of Uncertainty. It outlines threats facing the United Kingdom, and defences against these threats. It also emphasizes the risks posed by cyber warfare. There are also lots of cyber 5

warfare activities regarding the UK. In the most famous one the MI6 repeatedly infiltrated an Al Qaeda website and replaced the recipe for a pipe bomb with the recipe for making cupcakes. People s Republic of China: Most reports about China s cyber warfare capabilities are not confirmed by the Chinese government. Nevertheless China continues to be held responsible for a string of cyber-attacks on a number of public and private institutions in the United States, India, Russia, Canada, France, Taiwan and Japan. US security experts claim a 12-story office building outside of Shanghai is the headquarters of a hacking unit in China established to attack international computer networks. Beijing has rejected the allegations, calling the reports unreliable. The Chinese government denies any involvement in cyber-spying campaigns. Instead the government maintains the position that China is not the threat but rather the victim of an increasing number of cyber-attacks. Official data showed that more than one million IP addresses were under control by overseas sources. A government report released in March 2011 indicates that more than 4600 Chinese government Web-sites had their content modified by hackers in 2010, an increase of 68 percent over the previous year. A list of the top 100 viruses infecting computers world-wide at the beginning of 2011also revealed that in every single case China was the most affected country. Yet, nearly all these viruses originated in China. The Chinese government has attempted to impose greater control over internal networks, both to suppress domestic opposition and to block penetration from outside the country. It has surrounded the country with a Great Firewall, also referred as the Golden Shield Project, which is an Internet censorship and surveillance project operated by the Ministry of Public Security. It is estimated that between 30,000 and 50,000 Internet police are employed in this project. Russian Federation: Cyber warfare in Russia includes allegations of denial of service attacks, hacker attacks, dissemination of disinformation over the internet, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, and persecution of cyberdissidents. It has been claimed that Russian security services organized a number of denial of service attacks as a part of their cyber-warfare against other countries as Estonia or Georgia. Russia has been accused of attacking Georgian government websites in 2008 to accompany their military bombardment. Russia is also believed to have rapidly advanced its IT sector. Still Russia is often overlooked as a significant player in the global software industry. Russia produces 200,000 scientific and technology graduates each year. This is as many as India, which has five times the population. However, since 2012 Russia has also stepped up its campaign for a globally binding treaty on cyber security. The rather controversial proposal for a U.N. convention to crack down on Internet crime and terrorism should define information warfare as a threat to international security and should urge countries to maintain a balance between fundamental human rights and the effective counteraction of terrorist use of the information space. France: In 2009 France created the French Network and Information Security Agency (FNISA) to provide a national watchdog on the government s sensitive networks that would detect and respond to cyber attacks. Since then, little has been exposed about the disposition of French cyber security until March 2011, when the French finance ministry announced that it had suffered a cyber attack during the Paris G20 summit. The attack targeted documents relating to the summit and other economic issues. In August 2011, France announced its intentions to 6

build network warfare capabilities. Cyber warfare specialists under the General Directorate of Armament (DGA) demonstrated their capabilities in September 2011 using a communications mini-drone to simulate an attack on a national communications satellite. Personnel dedicated to France s cyber warfare capabilities include 130 engineers and researchers with links to French universities, as well as US and UK cyber experts who provide advice to other French departments on improving their organic network securities. The DGA intends to grow these numbers by 30 per year for the next 30 years. A major focus of the DGA is currently to develop secure networks for the French Naval Forces, including Naval Aircraft, by implementing an intranet. Further reading http://hackmageddon.com/category/security/cyber-attacks-timeline/ http://www.bbc.co.uk/news/technology-21954636 http://www.bbc.co.uk/news/magazine-17868789 http://www.nytimes.com/2013/03/12/world/asia/us-demands-that-china-endhacking-and-set-cyber-rules.html?pagewanted=all http://www.youtube.com/watch?v=yjqf9gqclgy [Al Jazeera World : Fighting in the Fifth Dimension] 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information