23rd Annual Session of the Seoul Model United Nations

Forum: General Assembly I (DISEC)

Question of: Addressing the issue of state-sponsored cyber
terrorism and warfare
Student Officer: Junho Son, President

Introduction

From classified information to the chats in our phone, the roots of technology permeate
modern society at a staggering rate. What started as a device designed to calculate mathematical
equations now control the deepest corners of our society from smart homes, autonomous vehicles
to military computers. In the modern society so dependent on society, it is more important than
ever to maintain the integrity of this medium.

According to the International Telecommunication Union (ITU), cybersecurity is defined

as “the collection of tools, policies, security concepts, security safeguards, guidelines, risk
management approaches, actions, training, best practices, assurance, and technologies that can be
used to protect the cyber environment and organization and user’s assets”1. Unlike traditional
international conflicts, the territory of cybersecurity is not bound to interactions between one
government and another, but also those involving individuals, states, organized/unorganized
criminal organizations. However, in SEOMUN XXIII, delegates will focus on a specific sector
of cybersecurity: cyber warfare, or a breach in cybersecurity involving “governments, organs of
the state, or state-directed or state-sponsored individuals or groups”2. It is important for delegates
to distinguish the boundaries of cyber security and cyber warfare. According to the UNODC,
cyber warfare “is used to describe cyber acts that compromise and disrupt critical infrastructure
systems, which amount to an armed attack…[a]n armed attack intentionally causes destructive
effects (i.e., death and/or physical injury to living beings and/or destruction of property)”.

Albeit heated by the technological innovations of the 21st century, the idea of state-
sponsored cyber warfare is not a new phenomenon. The first major event that brought the value
of information to the spotlight was the Cold War. Although there were no recorded direct
cyberattacks between the United States and the Soviet Union, the United States’ ability to
constantly surveil the Soviet Union - by entering Soviet airspace through aircrafts capable of
high altitude flight like the U2 spy planes - proved to be an enormous strategic advantage. The

1 "Cybersecurity - ITU." https://www.itu.int/en/ITU-T/studygroups/com17/Pages/cybersecurity.aspx.

Accessed 10 Jul. 2020.
2 "Cybercrime Module 14 Key Issues: Cyberwarfare - unodc."
https://www.unodc.org/e4j/en/cybercrime/module-14/key-issues/cyberwarfare.html. Accessed 10 Jul.
2020.

SEOMUN XXIII Research Report • 1

23rd Annual Session of the Seoul Model United Nations

potential of this invisible aspect of international relations was further elevated by the
introduction of the internet and satellite surveillance systems.

The first so-called state-sponsored “cyber attack” actually dates during the height of the
cold war3. In June of 1982, the CIA discovered that Soviet spies were plotting to intercept a
software used to operate Soviet pipelines systems (described as “shopping list [of software
technology]” by Vladimir Vetrov) through Mr. Vetrov, a KGB agent. The CIA reacted by
intercepting the software and as described by Thomas Reed, US Air For secretary in President
Reagan’s National Security Council at the time, “[the CIA] programmed to reset pump speeds
and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds".
One the Soviet spies intercepted the corrupted program, it caused a series of explosions of Soviet
pipelines4; the explosions were even detectable by the US early-warning satellite system. The
scale of this explosion was truly massive as Mr. Reed said “[the explosions in the pipeline] was
the most monumental non-nuclear explosion and fire ever seen from space.” Similar attacks
involving the corruption of infrastructure management software continued throughout the 21st
century with notable examples in Iranwhere a malicious software (or malware) called a Stuxnet
Worm penetrating approximately ⅙ of the nations centrifuges for nuclear power plants (used to
enrich Uranium to weapons-grade Uranium)5.

Entering the 21st century, technological advancements such as faster computers, more
automation software to manage infrastructures, and a more globally interconnected network of
computers led to a series of cyberattacks in Estonia. Known as aasta küberrünnakud Eesti vastu
in Estonian, the 2007 cyberattacks on Estonia started on April 27th, 2007 when the Estonian
governments were having tensions with the Russian government with the Bronze Soldier of
Tallinn, a Soviet World War II memorial in Tallinn, the capital city of Estonia. As a war
memorial and war grave for Soviet soldiers that fell during the Second World War, it was subject
to constant political controversy6. It symbolized the complex bellicose geopolitical relationships
between the Russian and Estonian government as well as Russian population in Estonia, and in
April of 2007, when the Estonian government relocated the monument. The conflict ignited with
a riot known as the Bronze Night, or the April Unrest7, and later led to a series of cyber attacks

3 "Cyberwar - War in the fifth domain | Briefing | The Economist." 1 Jul. 2010,
https://www.economist.com/briefing/2010/07/01/war-in-the-fifth-domain. Accessed 11 Jul. 2020.
4 "CIA plot led to huge blast in Siberian gas pipeline - Telegraph." 28 Feb. 2004,
https://www.telegraph.co.uk/news/worldnews/northamerica/usa/1455559/CIA-plot-led-to-huge-blast-in-
Siberian-gas-pipeline.html. Accessed 11 Jul. 2020.
5 "Stuxnet Worm Used Against Iran Was Tested in Israel - The ...." 16 Jan. 2011,
https://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html. Accessed 11 Jul. 2020.
6 "War of words over bronze soldier - Telegraph." 5 Feb. 2007,
https://www.telegraph.co.uk/news/worldnews/1541641/War-of-words-over-bronze-soldier.html. Accessed
6 Aug. 2020.
7 "The Bronze Soldier Explains Why Estonia Prepares ... - Forbes." 7 Jul. 2018,
https://www.forbes.com/sites/francistapon/2018/07/07/the-bronze-soldier-statue-in-tallinn-estonia-give-

SEOMUN XXIII Research Report • 2

23rd Annual Session of the Seoul Model United Nations

that targeted Estonian institutions such as the government, banks, media organizations. These
attacks were the first major attacks that actively used ping flooding techniques such as DDOS to
take down websites and spam news organizations. Skeptics as well as the Estonian Government
originally blamed the Kremlin and the Russian government for these attacks. At first, new
evidence supported these findings - the instructions were in Russian - yet no concrete evidence
connecting the Kremlin with these attacks were found. As a member of NATO, this event almost
led to a third world war as Article Five guarantees the protection of NATO members in the case
of an aggression by a foreign source. Full scale war was narrowly avoided as there was no
casualties from these attacks, yet the 2007 Cyberattacks on Estonia serve as a wakeup call for
Estonia as well as the global community, reminding the perils of interconnectivity and the
vulnerability of even the most trusted online security measures. Liisa Past, a journalist for an
Estonian news organization at the time and now a cyber security expert says: “Cyber aggression
is very different to kinetic warfare… It allows you to create confusion, while staying well below
the level of an armed attack. Such attacks are not specific to tensions between the West and
Russia. All modern societies are vulnerable”8,

Currently, there is no set international guideline regarding state-sponsored cyber warfare.

Part of the reason why is due to how cyber attacks, in their nature, are usually incognito and are
not as ostentatious as other threats. However, there have been some attempts to standardize the
protection of cyberspace on a national or regional scale. One notable example of this is the
Cybersecurity Strategy for the European Union and the US Strategy for Cyber-warfare
introduced in 2016 and 2015 respectively. However, the two guidelines serve a drastically
different purpose9. While the Cybersecurity Strategy for the European Union discusses details
about strategies to combat cyber attacks and measures that could build upon existing
cybersecurity infrastructure (ultimately setting up a EU-wide framework called the Common
Security and Defense Policy (CSDP) which focuses on educating cybersecurity experts), the US
Strategy for Cyber-warfare, being a response to its supposed attack on an Iranian Uranium
enrichment plane (the centrifuges used to enrich Uranium mentioned earlier), focuses on the
national security of the United States, possibly granting a cyber attack sponsored by the United
States10.

baltic-headaches/. Accessed 6 Aug. 2020.

8 "How a cyber attack transformed Estonia - BBC News - BBC.com." 27 Apr. 2017,
https://www.bbc.com/news/39655415. Accessed 6 Aug. 2020.
9 "Cybersecurity | Shaping Europe's digital future - European ...." https://ec.europa.eu/digital-single-
market/en/cyber-security. Accessed 11 Jul. 2020.
10 "Pentagon Announces New Strategy for Cyberwarfare - The ...." 24 Apr. 2015,
https://www.nytimes.com/2015/04/24/us/politics/pentagon-announces-new-cyberwarfare-
strategy.html. Accessed 11 Jul. 2020.

SEOMUN XXIII Research Report • 3

23rd Annual Session of the Seoul Model United Nations

Cyber warfare has grown from the 39th biggest threat in 2006 - as perceived by the CIA
and NSA - to the single biggest threat in 2013. President Obama even called it “one of the most
serious economic and national security challenges we face as a nation."11 Yet, there hasn’t been a
single resolution in the UNSC on this issue specifically. As we enter the so-called “cyberage”, it
is increasingly important for the United Nations First General Assembly (DISEC) to maintain the
integrity of this medium by closely monitoring existing cyberinfrastructure and taking
appropriate measures to stop cyber warfare.

Definition of Key Terms

Cybercrime
According to the UNODC, there is no set international definition for cybercrime.
However, cybercrime usually involves breaching computer systems and networks and could be
categorized in three main categories: computer-related offences, content related offenses, and
offences related to infringements of copyright and related right12. Types of cybercrime could also
be categorized in two categories: cyber-dependent crime and cyber-enabled crime. Cyber-
dependent usually involve the use of malware or other forms of malicious software to
compromise a technology infrastructure. Common examples include DDOS attacks, ransomware
and more. Cyber-enabled crime, as the name suggests, is crime conducted by or facilitated
through the digital cyber medium. Common examples include illegal downloading frauds to drug
trafficking in the dark web. Although dependent on the scale of the event, cyber-dependent
crimes have a higher potential to inflict real life damages - for example by infecting software that
manages a water treatment facility.

Cyberwarfare
According to Britania, cyberwarfare is defined as “war conducted in and from computers
and the networks connecting them, waged by states or their proxies against other states”13.
Although similar tactics are used with, unlike cybercrime, cyberespionage, cyberwarfare, or
cyberwar is state sponsored. The term was first coined by John Arquilla and David Ronfeldt,
researchers for the RAND corporation when they wrote: “Cyberwar is coming!” in their article.
Targets of cyberwarfare usually relate to the destruction of critical infrastructure such as dams or
power grids. With these efforts in mind, defense against cyberwarfare is growing as one of the
leading agendas of a defense force.

DoS Attack

11 "Cyberwar Timeline: The roots of this increasingly ... - Infoplease." 13 Feb. 2017,
https://www.infoplease.com/world/cyberwar-timeline. Accessed 11 Jul. 2020.
12 "MUN Cybercrime - United Nations Office on Drugs and Crime."
https://www.unodc.org/e4j/en/mun/crime-prevention/cybercrime.html. Accessed 6 Aug. 2020.
13 "Cyberwar | Britannica." https://www.britannica.com/topic/cyberwar. Accessed 6 Aug. 2020.

SEOMUN XXIII Research Report • 4

23rd Annual Session of the Seoul Model United Nations

DoS attack, or denial-of-service attack is a type of cyber-attack that essentially

incapacitates an internet domain or a server by spamming it with false requests, which then kills
the servers’ ability to respond to legitimate users. First started in 2000, DoS attacks is a widely
used hacking technique thanks to its low maintenance cost and being hard to defend against,
despite being a fairly simple form of attack.

DDoS Attack

DDoS attack, or distributed denial-of-service, is an evolved form of DoS attacks where

the attackers infect multiple users’ computers with a trojan horse, then remotely commands the
infected computer to each launch DoS attacks to the server he or she chooses. With modern
servers being able to handle and distinguish false requests more effectively, DoS attacks’
effectiveness fell as a result. DDoS attacks take advantage of virtual machines to increase the
sheer volume of attacks. DDoS attacks, thanks to its fairly simple network design and
effectiveness, DDOS attacks are used to overwhelm modern servers, even today14.

15

Data VS Datum

Data refers to the collection of information, while - to be specific - datum refers to a

single data point. Delegates are encouraged to distinguish between the two following.

Trojan Horse

A trojan horse, originally adopted from the legend Iliad by Homer, is a nickname for a
malware that conceal themselves in the shell of a legitimate system. Examples of trojan horses
include websites disguised as customer support to steal personal information, or files such as
14 "DoS vs DDoS attacks: The Differences and How To Prevent ...." 9 Jul. 2020,
https://www.comparitech.com/net-admin/dos-vs-ddos-attacks-differences-prevention/. Accessed 6 Aug.
2020.
15 "Ddos Attack Diagram Diagram Base Website Attack Diagram ...." 5 Aug. 2020,
http://eyediagramhomemade.bancadelvecchio.it/diagram/ddos-attack-diagram. Accessed 6 Aug. 2020.

SEOMUN XXIII Research Report • 5

23rd Annual Session of the Seoul Model United Nations

email attachments that secretly take control over a user’s system. Unlike other computer worms,
a trojan horse itself is unable to self replicate16. However, the destructive potential of a trojan
horse is at its apex when combined with a DDoS attacker

Espionage

According to the Merriam Webster, espionage is defined as: “the practice of spying or
using spies to obtain information about the plans and activities especially of a foreign
government or a competing company”. Please be noted that (cyber) espionage is not the
ultimatum of cyberwarfare, but usually only serves as a starting point that leads to further
conflict.

ICT

ICT is the abbreviation of “Information and Communication Technology”, a variant of

the word “Information Technology”. ICT is a term that specifically refers to global online
connectivity as the medium of data.

RFID

An ITI is the abbreviation for “Radio Frequency Identification”17. RFID devices can
automatically identify and even copy the data embedded in electronically non-volatile chips such
as credit cards and password keys. However, unlike other tactics mentioned in this study guide,
RFID requires the attack to be within close proximity of the target18. RFID itself is unlikely to
cause much damage, but used in conjunction with other techniques, it can be deadly.

ITU

The ITU, or the international telecommunications organization is a specialized agency of

the United Nations committed to protecting the integrity of the online medium and ensuring its
security19. Some of its duties include coordinating satellite communications to providing access
and security to the internet.

Advanced Encryption Standards

Advanced encryption standards or AES for short is the encryption method developed by
the United States government. Although there are other standards such as the ISO/IEC standards,
16 "What is a Trojan Virus | Trojan Virus Definition | Kaspersky." https://www.kaspersky.com/resource-
center/threats/trojans. Accessed 6 Aug. 2020.
17 "What is RFID and How Does RFID Work? - AB&R®." https://www.abr.com/what-is-rfid-how-does-rfid-
work/. Accessed 6 Aug. 2020.
18 "Defining RFID - AB&R (American Barcode and RFID)." https://www.abr.com/rfid/. Accessed 6 Aug.
2020.
19 "About ITU." https://www.itu.int/en/about/Pages/default.aspx. Accessed 6 Aug. 2020.

SEOMUN XXIII Research Report • 6

23rd Annual Session of the Seoul Model United Nations

the AES standard is the most commonly used tool to encrypt data, most specifically the AES-256
bit encryption method that relies on a key with the complexity of 2²⁵⁶, more than what any
supercomputer in the world could break in using raw computing power.

Timeline of Key Events

1989 - Coinage of the term “Cyber-”

In 1989, the prefix “cyber-” as well as words including this prefix such as
“cybersecurity”, “cyberwarfare” and “cybercommunity”. This marked the beginning of the
digital era and the age of information.

February 7, 2000 - First Documented DoS Attack

The first documented DDoS attack was initiated by a 15-year-old Canadian hacker called
“mafiaboy,” who attacked e-commerce sites such as Amazon and eBay20. “mafiaboy” essentially
abused the limited traffic load the World Wide Web (WWW) system could handle and inundated
the system with false traffic.

December 18, 2003 - Establishment of the GGE

In 2004, the United Nations General Assembly created a body called the Group of
Governmental Experts (GGE) to monitor the online medium and evaluate the treat it poems in an
international scale21. The GGE, as the name suggests is the collection of cyber security experts
tasked with the job of making recommendations to the Secretary-General of the UN regarding
cybersecurity affairs. Details are outlined in resolution A/RES/58/3222.

April 27 2007 - January 2008 - Cyberattacks on Estonia

As mentioned in the introduction section, the world experienced a series of cyberattacks

in 2007 when Estonian infrastructure such as dams, banks and government websites were
hacked. As

July 22, 2015 - International Laws’ Application in the Cyberspace

Since its creation in 2004, the GGE served the UN to deliver better methods and clearer
standards for online security. In 2015, the GGE published a report outlining its interpretation on
how international should also apply in the digital cyberspace23. This report served as the general
international framework for maintaining the integrity of the global cyberspace.
20 "denial of service attack | Definition & Facts | Britannica."
https://www.britannica.com/technology/denial-of-service-attack. Accessed 6 Aug. 2020.
21 "UN GGE and OEWG | GIP Digital Watch observatory for ...." https://dig.watch/processes/un-gge.
Accessed 6 Aug. 2020.
22 https://undocs.org/A/RES/58/32
23 https://undocs.org/A/70/174

SEOMUN XXIII Research Report • 7

23rd Annual Session of the Seoul Model United Nations

December, 2015 - Establishment of the Open-Ended Working Group (OEWG)

In December of 2015, the United Nations General Assembly assembled the Open-Ended
Working Group (OEWG)24. The OEWG is tasked with the build on the discussion of
cybersecurity by developing rules outlining the boundaries of sovereign countries and the role of
the United Nations in a macro scale. Their agendas of discussion include: existing and potential
threats, international law, rules, norms and principles, regular institutional dialogue, confidence
building measures and capacity building25.

Position of Key Member Nations and Other Bodies

United States of America

The United States of America has been at the forefront

Country 2
Please be reminded that SPT and SC reports must explain the position of all nations
present in the forum (6, 15, respectively) and other bodies that are crucial to the question. For
other committees, you are recommended to have at least 10 key member nations/other bodies.
We do understand that this number may vary depending on your committee, but please try to
reach our recommended number.

Suggested Solutions

Propose a general course of action that the international community should take to
resolve this issue. Make sure that your ideas are suggestions, not detailed step-by-step guidelines
that delegates can follow. Do not write in bullet points, and please write all solutions in full-
length paragraphs. You are recommended to write around 1500 words for this section.

Bibliography

Your bibliography should follow the Modern Language Association (MLA) style. If you
do not know the specific demands for this notation, please check out the link attached above.

Good luck on writing your chair reports! We are excited to work with you throughout this
process!

24 https://www.un.org/disarmament/open-ended-working-group/
25 "UN GGE and OEWG | GIP Digital Watch observatory for ...." https://dig.watch/processes/un-gge.
Accessed 6 Aug. 2020.

SEOMUN XXIII Research Report • 8