disec - imunimun.ca/.../uploads/2015/10/disec-2015-background-guide.pdfisland model united nations...

Island Model United Nations DISEC

DISEC Background Guide

ISLAND MODEL UNITED NATIONS


Table of Contents

1. OPENING LETTER................................................................................................................................................................. 3

2. COMMITTEE BACKGROUND........................................................................................................................................... 4

3. TOPIC OVERVIEW: RISE OF INTERNATIONAL CYBER WARFARE ............................................................. 4

4. TIMELINE .................................................................................................................................................................................. 5

5. KEY POWERS .......................................................................................................................................................................... 6

6. CASE STUDY: IRAN AND STUXNET ............................................................................................................................. 7

7. COMMENTS AND CONCERNS.......................................................................................................................................... 8

8. GUIDING QUESTIONS ......................................................................................................................................................... 9

9. ADDITIONAL RESOURCES ............................................................................................................................................ 10


Disarmament and International Security Committee

1. Opening Letter

Dear Delegates,

My name is Maxwell Quackenbush, and I welcome you to Island Model United Nations’

Disarmament and International Security Committee. I will be acting as your Director fo r the

entirety of the conference, with assistance from my Chair, Kavi Grewal. I wish you all an

exciting and engaging experience, whether you are a beginner or an experienced delegate.

Here at IMUN, we attempt to create unique and innovative committees for our

delegates, and I strongly feel that the rise of international cyber warfare will provide an

intriguing and distinct conference that will be remembered for the rest of your MUN careers.

Our topic is unique, new, can regularly be found in headlines today, and should not be overly

difficult.

Cyber warfare has not yet been the subject of a UN Resolution, but has been discussed

in UN Sessions. As developed states are the most vulnerable, cyberwarfare and cybersecurity

will undoubtedly continue to be a central issue in the coming years.

Best of luck,

Maxwell Quackenbush, Director of DISEC


2. Committee Background

The Disarmament and International Security Committee deals with global challenges

and threats to peace that affect the international community and seeks out solutions to the

challenges in the international security regime. It considers all disarmament and

international security matters within the scope of the Charter or relating to the powers and

functions of any other organ of the United Nations; the general principles of cooperation in

the maintenance of international peace and security, as well as principles governing

disarmament and the regulation of arms; promotion of cooperative arrangements and

measures aimed at strengthening stability through lower levels of armaments. Founded in

1945, DISEC has been involved with security threats, nuclear weapons, and arms deals for

over 70 years. Today, it continues to make the world safer, in spite of the growing security

concerns in the modern age.

3. Topic Overview: Rise of International Cyber warfare

There is some debate as to the validity of the term cyber warfare. An act of cyber war

would, according to some, have to be lethal, political, and instrumental to be considered war.

Currently, what we refer to as cyber warfare could be classified as spying, subversion, and

sabotage. For the purposes of this committee, it is recommended that delegates include spying,

subversion, and sabotage within the admittedly loose definition of cyber war.

Historically, DISEC has been committed to removing stockpiles of weapons of mass

destruction, preventing states from developing said weapons of mass destruction, and

ensuring that those who possess these weapons slowly shrink their stockpiles. While cyber

warfare is nowhere near as destructive, this threat is a unique and difficult one to diffuse. States

do not need a facility full of centrifuges to create electronic attacks; a country’s stockpile can

fit in someone’s pocket, and once a weapon is made, there is no way to be sure a state has truly

destroyed the last copy.

Some feel cyber warfare shows promise, as it is a method countries can use to attack

each other with significantly fewer casualties. In response to this, others feel that the lives lost

will primarily be citizens who are not engaged in conflict, while casualties of traditional wars

include soldiers. An example of how electronic warfare may affect citizens more is remote

interference with a modern cars’ computers, transferring control of the vehicle.

Other uses for cyberwarfare are more intriguing. If, for example, a foreign power were

to shut down interact in Canada, many people will not have the ability to buy food, gasoline,

and other necessities. This will not only displease citizens and create dissent for the

government, but will also stunt the economic growth needed to keep a war functioning.

Citizens are not the only ones at risk: a breach in security may reveal troop placements in

traditional war, and may result in immense casualties. A similar breach in a military’ s logistics


and finance may prevent them from purchasing more vital supplies, such as ammunition or

food, and could also disrupt delivery, resulting in supplies being dumped in the middle of a

desert instead of a military base.

4. Timeline

April 2007 – Estonian government networks are targeted with a denial of service attack after

a disagreement with Russia over a war memorial. This is barely an attack, as no property was

harmed.

October 2007: China claims that a combination of U.S and Taiwanese hackers stole state

secrets.

November 2007: Stuxnet, a virus targeted toward Iranian nuclear facilities is discovered, and

disrupts development of the Iranian nuclear program.

August 2008: Georgia’s state websites are defaced after a disagreement with Russia. As before,

there is no formal evidence that this was the government and not a private group.

June 2009: Stuxnet, a computer virus designed to disrupt Iranian centrifuges for separating

nuclear isotopes, is discovered in a facility with no access to the internet. Much progress on the

Iranian nuclear program is lost. Most believe the attack was orchestrated by the United States

and Israel, however both states deny these allegations and there is little evidence.

January 2010: Baidu, a Mandarin-based search engine popular in China is temporally taken

offline. This was carried out by a group called the Iranian Cyber Army, and Baidu temporarily

linked to Iranian propaganda (although not officially State-sponsored).

December 2011: A worm found in ~800 government official’s computers creates a method for

external sources to read emails both sent and received.

May 2012: a computer virus aimed at spying on state officials is found with a built-in “kill-

switch”, capable of erasing any trace of infection on a computer.

July 2014: American intelligence claims that the Chinese have been targeting state officials.

April 2015: the United States announces that they believe hackers within Russia have breached

state emails. Although much of the material had been declassified, it still contained “sensitive

information”, a term intentionally vague.

August 2015: A jeep on a highway in the US is remotely shut down by two US hackers, Miller

and Valasek. It is believed that hundreds of thousands of other vehicles are vulnerable to

similar attacks. Large scale incidents have the potential to stop nearly every car on a given

highway.

September 2015: President Barrack Obama demands China ceases economic espionage against

the U.S. and threatens sanctions. Xi Jinping and Obama sign an agreement mutually banning

economic espionage in the next few days, but information related to national security is not

covered.


5. Key Powers

Key powers in cyber warfare are the actors who are playing the major roles. They are

the ones that you as a delegate should keep an eye on, and while they’re in the committee for

diplomacy, they certainly have a firmer agenda and will attempt to further their cause. Keep in

mind that this is not an exclusive or exhaustive list, there are far more countries with an active

interest or program related to cyber warfare.

1. United States The United States of America is the largest military superpower in the world, and will

take any measure necessary to ensure that their dominance is uncontested in any field. In

addition to this, America, as a developed country, some reports have stated the power grid may

be vulnerable to an attack, and while many methods to attack other nations have been created,

attempts to fix any vulnerabilities are extremely common, as evidenced by unending patches

and versions released on operating systems and programs. These established pieces of

infrastructure are not invincible, as there is almost always another way to exploit a system.

One notable policy the United States has adopted is the five pillars, which outlines how America

should prepare itself for internet-based attacks. The main points are recognition, active

defense, defense of critical infrastructure, collective defense, and maintenance of advantage.

2. China

Cyberwarfare in China is a controversial topic. Officials in the United States, India and

other countries have reported numerous occasions when Chinese hackers have allegedly

attacked other countries, but the Chinese government denies this vehemently. The issue is

complicated by private organizations in China, which are dedicated to international espionage.

Overall, China’s main cyberwarfare target is the United States of America, with a reported

61,000 cyber-attacks carried out between the two countries since 2009. This conflict is nearly

unavoidable, as both countries desperately wish to showcase their technological might on the

world stage. Ultimately, although China continues to deny its use of cyberwarfare, it is

abundantly clear that various forms of online espionage are being utilized by the country’s

government and its private organizations on a daily basis.

3. Russia Russia’s program for espionage and cyber warfare is developed, but larger attacks have

remained out of the public’s attention. Allegations against Russia include internet surveillance,

denial of service attacks, spreading propaganda and disinformation, and distribution of

harmful malware. Russia is third in the world in total military spending, and clearly has not

overlooked or underfunded computer-based conflict.


4. India Cyberwarfare first rose to prominence in India in 2004, when the Indian Computer

Emergency Response Team (CERT) was created. This organization was created mainly to defend the country from growing cyber threats. The number of hackings continu e to rise until 2011, when the government reported 13,301 threats to national security. In response to this, the Indian Government created the National Critical Information Protection Center to thwart attacks against banking, telecom, transport and other sensitive areas. Since the creation of this organization, cyber-attacks against India have largely decreased but the country remains wary of threats in the modern age.

5. Iran Iran officially became involved in the realm of cyberwarfare in 2010, when a

government organization called “The Cyber Defense Command” was created in response to a cyber-attack on a nuclear processing facility. This department is a subdivision of the Iranian Military and Armed Forces. In 2012, Iran was accused of cyber-attacks against the United States and their banks. Furthermore, they allegedly caused widespread power outages in Turkey in March of 2015 and significant harm to Israel’s internet infrastructure in August of 2014. Ultimately, Iran’s use of cyberwarfare remains under the radar while they continue to attack countries that are hostile towards them.

6. Private Organizations

Dangerous and unpredictable, private organizations have played a key role in past

conflicts, both orchestrating and receiving attacks. Some delegates may recall an attack on

Sony, a Japanese corporation, allegedly from a foreign government. In addition to this, private

groups may organize attacks of their own against governments. In June of 2015, a group of

loosely affiliated hackers known as “anonymous” brought down Canadian websites in protest

of a newly proposed bill, C-51. Corporations may also

6. Case Study: Iran and Stuxnet While the virus Stuxnet’s origins are disputed, its effects on the political landscape has

been far reaching and historically important. In July of 2010, over 1000 centrifuges were

destroyed in the Natanz nuclear facility in Iran. Initially, it was believed to be an error in either

a failure with the internal mechanisms of the centrifuge,

Stuxnet’s characteristics are fascinating: on most devices, it had little to no performance

impact. Once the program found itself on a new host, it would scan the local network to check

if it met a set of criteria that matches what is believed to be in the Iranian nuclear processing

facility. Once these conditions were met, it was free to carry out its intended purpose: to disrupt

the plant’s operations. The virus could start and stop centrifuges, play with other equipment,

and even supply the centrifuges with a series of commands that would result in mechanical

failure and possible leakage of radioactive isotopes. This was done with slight tweaking of the

speed the cylinders rotate, causing the samples to shake out of place and ultimately break the

device, all while playing back loops of recorded data for the control center. These precise

methods can be known to us easily: the decompiled source code for Stuxnet is available on the


internet. The program that destroyed over 1000 centrifuges and set the Iranian nuclear

program back 2 years can be found by anyone with internet access and 5 minutes of spare time

in a format that is reconfigurable and open-ended.

The origins of the virus are officially uncertain, as all governments deny involvement in

creation of Stuxnet. There is, however, a common consensus that the United States and Israel

worked jointly to create the worm and distribute it, possibly with the aid of a private

organization. In recent years, Edward Snowden has asserted that it was a collaboration

between the Americans and the Israelis. Spurred by frustration with the devastation the U.S.

caused, Iran commenced the development of its own program, the “Cyber Defense Command”.

It has carried out numerous attacks against Israel’s infrastructure, and in March of 2015,

Iranian hackers not officially associated with the state caused a power outage in Turkey

affecting about 40 million people.

7. Comments and Concerns

War is a state of armed conflict, intended to drain, destroy or harm a group or state’s

resources. Cyberwarfare is fascinating, as often the end goal is not to directly harm or destroy

something of value, but rather to gain an advantage from it. In this sense, many acts we would

categorize as cyber war are often not war, as they are not direct attacks. There are exceptions

to this, and they are few in proportion to the other acts in this category, and are likely to grow

in proportion over time. For these reasons, electronic conflict should be seriously taken into

consideration.

A valid point often made is that computer based warfare benefits developed states. This

is due in part to their integration of the internet into their society and culture. As a result of

this, more sophisticated systems have more sophisticated countermeasures against attacks.

This means that, in terms of cyber warfare, developed states are both the ones attacking and

being attacked.


8. Guiding Questions

Guiding questions are key concepts, often presented in the form of questions intended

to steer delegates in a productive direction that allows for inclusive discussion.

1. Should Cyberwarfare be embraced as a part of war or should it be discouraged?

2. How are cyber-attacks to be handled by the international community?

3. How should states act towards private organizations engaging in cyberwarfare abroad?

4. Should DISEC prevent countries from developing their cyberwarfare programs?

1. How can DISEC prevent countries from developing their cyber warfare programs?

5. Can an attack of this nature be considered an act of aggression?

1. How should this act be handled if it is anonymous?

6. Should cyberwarfare be accepted as a component of modern conflict or is it to be discouraged?


9. Additional Resources This section provides additional resources that may be useful in writing position

papers. Some of these resources are in the bibliography, some are not. It is recommended that

you investigate these publications and how they pertain to you. One of these contains a list of

countries and their current policies relating to cyberwarfare.

Lewis, J. A., & Timlin, K. (2011). Cybersecurity and Cyberwarfare. UNIDIR Resources, Poverty &

the Environment (Vol. 6, No. 1, Special Issue: Transportation & Social Justice), 50-52.

Retrieved October 9, 2015, from

http://unidir.org/files/publications/pdfs/cybersecurity-and-cyberwarfare-

preliminary-assessment-of-national-doctrine-and-organization-380.pdf

Gartzke, E. (2014, January 1). "Making Sense of Cyberwar" Retrieved from

http://belfercenter.ksg.harvard.edu/publication/23796/making_sense_of_cyberwar.h

tml

NOVA: Rise of the Hackers. Dir. Kate Dart. Prod. Zoe Heron. Perf. Eric Chien, Mat Honan,

Patrick Lincon, Seth Lloyd, Erik Lucero, James Lyne, Sean McGurk, Liam O'murchu,

Daniel Sanchez. Public Broadcasting Service, 2015. Documentary.*

*This film is available on Netflix.


References

Albright, D., Brannan, P., & Walrond, C. (2010). Did Stuxnet take out 1,000 centrifuges

at the Natanz Enrichment plant? Institute for Science and International Security,

40(08). doi:10.5860/choice.40-4

"'Anonymous' Says It Cyberattacked Federal Government to Protest Bill C-51." CBC

News. Canadian Broadcasting Corporatoin, 18 June 2015. Web.

Cyberwarfare. (2015, September 22). Retrieved from https 884

://en.wikipedia.org/wiki/Cyberwarfare

Cyberwarfare in China. (2015, September 29). Retrieved October 1, 2015, from

https://en.wikipedia.org/wiki/Cyberwarfare_in_China

Cyberwarfare in Iran. (2015, August 23). Retrieved from

https://en.wikipedia.org/wiki/Cyberwarfare_in_Iran

Gartzke, E. (2014, January 1). "Making Sense of Cyberwar" Retrieved from

http://belfercenter.ksg.harvard.edu/publication/23796/making_sense_of_cyb

erwar.html

Gross, G. (2015, March 20). China discloses cyberwarfare unit, no one surprised .

Retrieved from http://www.computerworld.com/article/2899048/china-

discloses-cyberwarfare-unit-no-one-surprised.html

The history of cyber-attacks - a timeline. (n.d.). Retrieved from

http://www.nato.int/docu/review/2013/cyber/timeline/EN/index.htm

Nanjappa, V. (2015, August 10). Pakistan wants to launch cyber war on India.

Retrieved October 6, 2015, from http://www.oneindia.com/india/pakistan-

wants-to-launch-cyber-war-on-india-1831947.html


Nye, J. S. (2015, April 10). "Cyber War and Peace" Retrieved from

http://belfercenter.hks.harvard.edu/publication/21937/cyber_war_and_peac

e.html?breadcrumb=%2Fexperts%2F2698%2Fryan_ellis

Rowen, B. (2015, July 1). Cyberwar Timeline. Retrieved from

http://www.infoplease.com/world/events/cyberwar-timeline.html

Sanger, D. E. (2015, April 23). Pentagon Announces New Strategy for Cyberwarfare.

Retrieved from http://www.nytimes.com/2015/04/24/us/politics/pentagon-

announces-new-cyberwarfare-strategy.html?_r=0

Zetter, K. (14, November 3). An unprecedented look at Stuxnet. Retrieved from

http://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/

Zetter, K. (2011, July 11). How digital detectives deciphered Stuxnet, the most

menacing malware in history. Retrieved from http://arstechnica.com/tech-

policy/2011/07/how-digital-detectives-deciphered-stuxnet-the-most-

menacing-malware-in-history/

disec - imunimun.ca/.../uploads/2015/10/disec-2015-background-guide.pdfisland model united nations...

Documents