disec - imunimun.ca/.../uploads/2015/10/disec-2015-background-guide.pdfisland model united nations...
TRANSCRIPT
Island Model United Nations DISEC
Table of Contents
1. OPENING LETTER................................................................................................................................................................. 3
2. COMMITTEE BACKGROUND........................................................................................................................................... 4
3. TOPIC OVERVIEW: RISE OF INTERNATIONAL CYBER WARFARE ............................................................. 4
4. TIMELINE .................................................................................................................................................................................. 5
5. KEY POWERS .......................................................................................................................................................................... 6
6. CASE STUDY: IRAN AND STUXNET ............................................................................................................................. 7
7. COMMENTS AND CONCERNS.......................................................................................................................................... 8
8. GUIDING QUESTIONS ......................................................................................................................................................... 9
9. ADDITIONAL RESOURCES ............................................................................................................................................ 10
Island Model United Nations DISEC
Disarmament and International Security Committee
1. Opening Letter
Dear Delegates,
My name is Maxwell Quackenbush, and I welcome you to Island Model United Nations’
Disarmament and International Security Committee. I will be acting as your Director fo r the
entirety of the conference, with assistance from my Chair, Kavi Grewal. I wish you all an
exciting and engaging experience, whether you are a beginner or an experienced delegate.
Here at IMUN, we attempt to create unique and innovative committees for our
delegates, and I strongly feel that the rise of international cyber warfare will provide an
intriguing and distinct conference that will be remembered for the rest of your MUN careers.
Our topic is unique, new, can regularly be found in headlines today, and should not be overly
difficult.
Cyber warfare has not yet been the subject of a UN Resolution, but has been discussed
in UN Sessions. As developed states are the most vulnerable, cyberwarfare and cybersecurity
will undoubtedly continue to be a central issue in the coming years.
Best of luck,
Maxwell Quackenbush, Director of DISEC
Island Model United Nations DISEC
2. Committee Background
The Disarmament and International Security Committee deals with global challenges
and threats to peace that affect the international community and seeks out solutions to the
challenges in the international security regime. It considers all disarmament and
international security matters within the scope of the Charter or relating to the powers and
functions of any other organ of the United Nations; the general principles of cooperation in
the maintenance of international peace and security, as well as principles governing
disarmament and the regulation of arms; promotion of cooperative arrangements and
measures aimed at strengthening stability through lower levels of armaments. Founded in
1945, DISEC has been involved with security threats, nuclear weapons, and arms deals for
over 70 years. Today, it continues to make the world safer, in spite of the growing security
concerns in the modern age.
3. Topic Overview: Rise of International Cyber warfare
There is some debate as to the validity of the term cyber warfare. An act of cyber war
would, according to some, have to be lethal, political, and instrumental to be considered war.
Currently, what we refer to as cyber warfare could be classified as spying, subversion, and
sabotage. For the purposes of this committee, it is recommended that delegates include spying,
subversion, and sabotage within the admittedly loose definition of cyber war.
Historically, DISEC has been committed to removing stockpiles of weapons of mass
destruction, preventing states from developing said weapons of mass destruction, and
ensuring that those who possess these weapons slowly shrink their stockpiles. While cyber
warfare is nowhere near as destructive, this threat is a unique and difficult one to diffuse. States
do not need a facility full of centrifuges to create electronic attacks; a country’s stockpile can
fit in someone’s pocket, and once a weapon is made, there is no way to be sure a state has truly
destroyed the last copy.
Some feel cyber warfare shows promise, as it is a method countries can use to attack
each other with significantly fewer casualties. In response to this, others feel that the lives lost
will primarily be citizens who are not engaged in conflict, while casualties of traditional wars
include soldiers. An example of how electronic warfare may affect citizens more is remote
interference with a modern cars’ computers, transferring control of the vehicle.
Other uses for cyberwarfare are more intriguing. If, for example, a foreign power were
to shut down interact in Canada, many people will not have the ability to buy food, gasoline,
and other necessities. This will not only displease citizens and create dissent for the
government, but will also stunt the economic growth needed to keep a war functioning.
Citizens are not the only ones at risk: a breach in security may reveal troop placements in
traditional war, and may result in immense casualties. A similar breach in a military’ s logistics
Island Model United Nations DISEC
and finance may prevent them from purchasing more vital supplies, such as ammunition or
food, and could also disrupt delivery, resulting in supplies being dumped in the middle of a
desert instead of a military base.
4. Timeline
April 2007 – Estonian government networks are targeted with a denial of service attack after
a disagreement with Russia over a war memorial. This is barely an attack, as no property was
harmed.
October 2007: China claims that a combination of U.S and Taiwanese hackers stole state
secrets.
November 2007: Stuxnet, a virus targeted toward Iranian nuclear facilities is discovered, and
disrupts development of the Iranian nuclear program.
August 2008: Georgia’s state websites are defaced after a disagreement with Russia. As before,
there is no formal evidence that this was the government and not a private group.
June 2009: Stuxnet, a computer virus designed to disrupt Iranian centrifuges for separating
nuclear isotopes, is discovered in a facility with no access to the internet. Much progress on the
Iranian nuclear program is lost. Most believe the attack was orchestrated by the United States
and Israel, however both states deny these allegations and there is little evidence.
January 2010: Baidu, a Mandarin-based search engine popular in China is temporally taken
offline. This was carried out by a group called the Iranian Cyber Army, and Baidu temporarily
linked to Iranian propaganda (although not officially State-sponsored).
December 2011: A worm found in ~800 government official’s computers creates a method for
external sources to read emails both sent and received.
May 2012: a computer virus aimed at spying on state officials is found with a built-in “kill-
switch”, capable of erasing any trace of infection on a computer.
July 2014: American intelligence claims that the Chinese have been targeting state officials.
April 2015: the United States announces that they believe hackers within Russia have breached
state emails. Although much of the material had been declassified, it still contained “sensitive
information”, a term intentionally vague.
August 2015: A jeep on a highway in the US is remotely shut down by two US hackers, Miller
and Valasek. It is believed that hundreds of thousands of other vehicles are vulnerable to
similar attacks. Large scale incidents have the potential to stop nearly every car on a given
highway.
September 2015: President Barrack Obama demands China ceases economic espionage against
the U.S. and threatens sanctions. Xi Jinping and Obama sign an agreement mutually banning
economic espionage in the next few days, but information related to national security is not
covered.
Island Model United Nations DISEC
5. Key Powers
Key powers in cyber warfare are the actors who are playing the major roles. They are
the ones that you as a delegate should keep an eye on, and while they’re in the committee for
diplomacy, they certainly have a firmer agenda and will attempt to further their cause. Keep in
mind that this is not an exclusive or exhaustive list, there are far more countries with an active
interest or program related to cyber warfare.
1. United States The United States of America is the largest military superpower in the world, and will
take any measure necessary to ensure that their dominance is uncontested in any field. In
addition to this, America, as a developed country, some reports have stated the power grid may
be vulnerable to an attack, and while many methods to attack other nations have been created,
attempts to fix any vulnerabilities are extremely common, as evidenced by unending patches
and versions released on operating systems and programs. These established pieces of
infrastructure are not invincible, as there is almost always another way to exploit a system.
One notable policy the United States has adopted is the five pillars, which outlines how America
should prepare itself for internet-based attacks. The main points are recognition, active
defense, defense of critical infrastructure, collective defense, and maintenance of advantage.
2. China
Cyberwarfare in China is a controversial topic. Officials in the United States, India and
other countries have reported numerous occasions when Chinese hackers have allegedly
attacked other countries, but the Chinese government denies this vehemently. The issue is
complicated by private organizations in China, which are dedicated to international espionage.
Overall, China’s main cyberwarfare target is the United States of America, with a reported
61,000 cyber-attacks carried out between the two countries since 2009. This conflict is nearly
unavoidable, as both countries desperately wish to showcase their technological might on the
world stage. Ultimately, although China continues to deny its use of cyberwarfare, it is
abundantly clear that various forms of online espionage are being utilized by the country’s
government and its private organizations on a daily basis.
3. Russia Russia’s program for espionage and cyber warfare is developed, but larger attacks have
remained out of the public’s attention. Allegations against Russia include internet surveillance,
denial of service attacks, spreading propaganda and disinformation, and distribution of
harmful malware. Russia is third in the world in total military spending, and clearly has not
overlooked or underfunded computer-based conflict.
Island Model United Nations DISEC
4. India Cyberwarfare first rose to prominence in India in 2004, when the Indian Computer
Emergency Response Team (CERT) was created. This organization was created mainly to defend the country from growing cyber threats. The number of hackings continu e to rise until 2011, when the government reported 13,301 threats to national security. In response to this, the Indian Government created the National Critical Information Protection Center to thwart attacks against banking, telecom, transport and other sensitive areas. Since the creation of this organization, cyber-attacks against India have largely decreased but the country remains wary of threats in the modern age.
5. Iran Iran officially became involved in the realm of cyberwarfare in 2010, when a
government organization called “The Cyber Defense Command” was created in response to a cyber-attack on a nuclear processing facility. This department is a subdivision of the Iranian Military and Armed Forces. In 2012, Iran was accused of cyber-attacks against the United States and their banks. Furthermore, they allegedly caused widespread power outages in Turkey in March of 2015 and significant harm to Israel’s internet infrastructure in August of 2014. Ultimately, Iran’s use of cyberwarfare remains under the radar while they continue to attack countries that are hostile towards them.
6. Private Organizations
Dangerous and unpredictable, private organizations have played a key role in past
conflicts, both orchestrating and receiving attacks. Some delegates may recall an attack on
Sony, a Japanese corporation, allegedly from a foreign government. In addition to this, private
groups may organize attacks of their own against governments. In June of 2015, a group of
loosely affiliated hackers known as “anonymous” brought down Canadian websites in protest
of a newly proposed bill, C-51. Corporations may also
6. Case Study: Iran and Stuxnet While the virus Stuxnet’s origins are disputed, its effects on the political landscape has
been far reaching and historically important. In July of 2010, over 1000 centrifuges were
destroyed in the Natanz nuclear facility in Iran. Initially, it was believed to be an error in either
a failure with the internal mechanisms of the centrifuge,
Stuxnet’s characteristics are fascinating: on most devices, it had little to no performance
impact. Once the program found itself on a new host, it would scan the local network to check
if it met a set of criteria that matches what is believed to be in the Iranian nuclear processing
facility. Once these conditions were met, it was free to carry out its intended purpose: to disrupt
the plant’s operations. The virus could start and stop centrifuges, play with other equipment,
and even supply the centrifuges with a series of commands that would result in mechanical
failure and possible leakage of radioactive isotopes. This was done with slight tweaking of the
speed the cylinders rotate, causing the samples to shake out of place and ultimately break the
device, all while playing back loops of recorded data for the control center. These precise
methods can be known to us easily: the decompiled source code for Stuxnet is available on the
Island Model United Nations DISEC
internet. The program that destroyed over 1000 centrifuges and set the Iranian nuclear
program back 2 years can be found by anyone with internet access and 5 minutes of spare time
in a format that is reconfigurable and open-ended.
The origins of the virus are officially uncertain, as all governments deny involvement in
creation of Stuxnet. There is, however, a common consensus that the United States and Israel
worked jointly to create the worm and distribute it, possibly with the aid of a private
organization. In recent years, Edward Snowden has asserted that it was a collaboration
between the Americans and the Israelis. Spurred by frustration with the devastation the U.S.
caused, Iran commenced the development of its own program, the “Cyber Defense Command”.
It has carried out numerous attacks against Israel’s infrastructure, and in March of 2015,
Iranian hackers not officially associated with the state caused a power outage in Turkey
affecting about 40 million people.
7. Comments and Concerns
War is a state of armed conflict, intended to drain, destroy or harm a group or state’s
resources. Cyberwarfare is fascinating, as often the end goal is not to directly harm or destroy
something of value, but rather to gain an advantage from it. In this sense, many acts we would
categorize as cyber war are often not war, as they are not direct attacks. There are exceptions
to this, and they are few in proportion to the other acts in this category, and are likely to grow
in proportion over time. For these reasons, electronic conflict should be seriously taken into
consideration.
A valid point often made is that computer based warfare benefits developed states. This
is due in part to their integration of the internet into their society and culture. As a result of
this, more sophisticated systems have more sophisticated countermeasures against attacks.
This means that, in terms of cyber warfare, developed states are both the ones attacking and
being attacked.
Island Model United Nations DISEC
8. Guiding Questions
Guiding questions are key concepts, often presented in the form of questions intended
to steer delegates in a productive direction that allows for inclusive discussion.
1. Should Cyberwarfare be embraced as a part of war or should it be discouraged?
2. How are cyber-attacks to be handled by the international community?
3. How should states act towards private organizations engaging in cyberwarfare abroad?
4. Should DISEC prevent countries from developing their cyberwarfare programs?
1. How can DISEC prevent countries from developing their cyber warfare programs?
5. Can an attack of this nature be considered an act of aggression?
1. How should this act be handled if it is anonymous?
6. Should cyberwarfare be accepted as a component of modern conflict or is it to be discouraged?
Island Model United Nations DISEC
9. Additional Resources This section provides additional resources that may be useful in writing position
papers. Some of these resources are in the bibliography, some are not. It is recommended that
you investigate these publications and how they pertain to you. One of these contains a list of
countries and their current policies relating to cyberwarfare.
Lewis, J. A., & Timlin, K. (2011). Cybersecurity and Cyberwarfare. UNIDIR Resources, Poverty &
the Environment (Vol. 6, No. 1, Special Issue: Transportation & Social Justice), 50-52.
Retrieved October 9, 2015, from
http://unidir.org/files/publications/pdfs/cybersecurity-and-cyberwarfare-
preliminary-assessment-of-national-doctrine-and-organization-380.pdf
Gartzke, E. (2014, January 1). "Making Sense of Cyberwar" Retrieved from
http://belfercenter.ksg.harvard.edu/publication/23796/making_sense_of_cyberwar.h
tml
NOVA: Rise of the Hackers. Dir. Kate Dart. Prod. Zoe Heron. Perf. Eric Chien, Mat Honan,
Patrick Lincon, Seth Lloyd, Erik Lucero, James Lyne, Sean McGurk, Liam O'murchu,
Daniel Sanchez. Public Broadcasting Service, 2015. Documentary.*
*This film is available on Netflix.
Island Model United Nations DISEC
References
Albright, D., Brannan, P., & Walrond, C. (2010). Did Stuxnet take out 1,000 centrifuges
at the Natanz Enrichment plant? Institute for Science and International Security,
40(08). doi:10.5860/choice.40-4
"'Anonymous' Says It Cyberattacked Federal Government to Protest Bill C-51." CBC
News. Canadian Broadcasting Corporatoin, 18 June 2015. Web.
Cyberwarfare. (2015, September 22). Retrieved from https 884
://en.wikipedia.org/wiki/Cyberwarfare
Cyberwarfare in China. (2015, September 29). Retrieved October 1, 2015, from
https://en.wikipedia.org/wiki/Cyberwarfare_in_China
Cyberwarfare in Iran. (2015, August 23). Retrieved from
https://en.wikipedia.org/wiki/Cyberwarfare_in_Iran
Gartzke, E. (2014, January 1). "Making Sense of Cyberwar" Retrieved from
http://belfercenter.ksg.harvard.edu/publication/23796/making_sense_of_cyb
erwar.html
Gross, G. (2015, March 20). China discloses cyberwarfare unit, no one surprised .
Retrieved from http://www.computerworld.com/article/2899048/china-
discloses-cyberwarfare-unit-no-one-surprised.html
The history of cyber-attacks - a timeline. (n.d.). Retrieved from
http://www.nato.int/docu/review/2013/cyber/timeline/EN/index.htm
Nanjappa, V. (2015, August 10). Pakistan wants to launch cyber war on India.
Retrieved October 6, 2015, from http://www.oneindia.com/india/pakistan-
wants-to-launch-cyber-war-on-india-1831947.html
Island Model United Nations DISEC
Nye, J. S. (2015, April 10). "Cyber War and Peace" Retrieved from
http://belfercenter.hks.harvard.edu/publication/21937/cyber_war_and_peac
e.html?breadcrumb=%2Fexperts%2F2698%2Fryan_ellis
Rowen, B. (2015, July 1). Cyberwar Timeline. Retrieved from
http://www.infoplease.com/world/events/cyberwar-timeline.html
Sanger, D. E. (2015, April 23). Pentagon Announces New Strategy for Cyberwarfare.
Retrieved from http://www.nytimes.com/2015/04/24/us/politics/pentagon-
announces-new-cyberwarfare-strategy.html?_r=0
Zetter, K. (14, November 3). An unprecedented look at Stuxnet. Retrieved from
http://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/
Zetter, K. (2011, July 11). How digital detectives deciphered Stuxnet, the most
menacing malware in history. Retrieved from http://arstechnica.com/tech-
policy/2011/07/how-digital-detectives-deciphered-stuxnet-the-most-
menacing-malware-in-history/