Professional Documents
Culture Documents
Forum: Question Of: Student Officer
Forum: Question Of: Student Officer
Introduction
From classified information to the chats in our phone, the roots of technology permeate
modern society at a staggering rate. What started as a device designed to calculate mathematical
equations now control the deepest corners of our society from smart homes, autonomous vehicles
to military computers. In the modern society so dependent on society, it is more important than
ever to maintain the integrity of this medium.
Albeit heated by the technological innovations of the 21st century, the idea of state-
sponsored cyber warfare is not a new phenomenon. The first major event that brought the value
of information to the spotlight was the Cold War. Although there were no recorded direct
cyberattacks between the United States and the Soviet Union, the United States’ ability to
constantly surveil the Soviet Union - by entering Soviet airspace through aircrafts capable of
high altitude flight like the U2 spy planes - proved to be an enormous strategic advantage. The
potential of this invisible aspect of international relations was further elevated by the
introduction of the internet and satellite surveillance systems.
The first so-called state-sponsored “cyber attack” actually dates during the height of the
cold war3. In June of 1982, the CIA discovered that Soviet spies were plotting to intercept a
software used to operate Soviet pipelines systems (described as “shopping list [of software
technology]” by Vladimir Vetrov) through Mr. Vetrov, a KGB agent. The CIA reacted by
intercepting the software and as described by Thomas Reed, US Air For secretary in President
Reagan’s National Security Council at the time, “[the CIA] programmed to reset pump speeds
and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds".
One the Soviet spies intercepted the corrupted program, it caused a series of explosions of Soviet
pipelines4; the explosions were even detectable by the US early-warning satellite system. The
scale of this explosion was truly massive as Mr. Reed said “[the explosions in the pipeline] was
the most monumental non-nuclear explosion and fire ever seen from space.” Similar attacks
involving the corruption of infrastructure management software continued throughout the 21st
century with notable examples in Iranwhere a malicious software (or malware) called a Stuxnet
Worm penetrating approximately ⅙ of the nations centrifuges for nuclear power plants (used to
enrich Uranium to weapons-grade Uranium)5.
Entering the 21st century, technological advancements such as faster computers, more
automation software to manage infrastructures, and a more globally interconnected network of
computers led to a series of cyberattacks in Estonia. Known as aasta küberrünnakud Eesti vastu
in Estonian, the 2007 cyberattacks on Estonia started on April 27th, 2007 when the Estonian
governments were having tensions with the Russian government with the Bronze Soldier of
Tallinn, a Soviet World War II memorial in Tallinn, the capital city of Estonia. As a war
memorial and war grave for Soviet soldiers that fell during the Second World War, it was subject
to constant political controversy6. It symbolized the complex bellicose geopolitical relationships
between the Russian and Estonian government as well as Russian population in Estonia, and in
April of 2007, when the Estonian government relocated the monument. The conflict ignited with
a riot known as the Bronze Night, or the April Unrest7, and later led to a series of cyber attacks
3 "Cyberwar - War in the fifth domain | Briefing | The Economist." 1 Jul. 2010,
https://www.economist.com/briefing/2010/07/01/war-in-the-fifth-domain. Accessed 11 Jul. 2020.
4 "CIA plot led to huge blast in Siberian gas pipeline - Telegraph." 28 Feb. 2004,
https://www.telegraph.co.uk/news/worldnews/northamerica/usa/1455559/CIA-plot-led-to-huge-blast-in-
Siberian-gas-pipeline.html. Accessed 11 Jul. 2020.
5 "Stuxnet Worm Used Against Iran Was Tested in Israel - The ...." 16 Jan. 2011,
https://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html. Accessed 11 Jul. 2020.
6 "War of words over bronze soldier - Telegraph." 5 Feb. 2007,
https://www.telegraph.co.uk/news/worldnews/1541641/War-of-words-over-bronze-soldier.html. Accessed
6 Aug. 2020.
7 "The Bronze Soldier Explains Why Estonia Prepares ... - Forbes." 7 Jul. 2018,
https://www.forbes.com/sites/francistapon/2018/07/07/the-bronze-soldier-statue-in-tallinn-estonia-give-
that targeted Estonian institutions such as the government, banks, media organizations. These
attacks were the first major attacks that actively used ping flooding techniques such as DDOS to
take down websites and spam news organizations. Skeptics as well as the Estonian Government
originally blamed the Kremlin and the Russian government for these attacks. At first, new
evidence supported these findings - the instructions were in Russian - yet no concrete evidence
connecting the Kremlin with these attacks were found. As a member of NATO, this event almost
led to a third world war as Article Five guarantees the protection of NATO members in the case
of an aggression by a foreign source. Full scale war was narrowly avoided as there was no
casualties from these attacks, yet the 2007 Cyberattacks on Estonia serve as a wakeup call for
Estonia as well as the global community, reminding the perils of interconnectivity and the
vulnerability of even the most trusted online security measures. Liisa Past, a journalist for an
Estonian news organization at the time and now a cyber security expert says: “Cyber aggression
is very different to kinetic warfare… It allows you to create confusion, while staying well below
the level of an armed attack. Such attacks are not specific to tensions between the West and
Russia. All modern societies are vulnerable”8,
Cyber warfare has grown from the 39th biggest threat in 2006 - as perceived by the CIA
and NSA - to the single biggest threat in 2013. President Obama even called it “one of the most
serious economic and national security challenges we face as a nation."11 Yet, there hasn’t been a
single resolution in the UNSC on this issue specifically. As we enter the so-called “cyberage”, it
is increasingly important for the United Nations First General Assembly (DISEC) to maintain the
integrity of this medium by closely monitoring existing cyberinfrastructure and taking
appropriate measures to stop cyber warfare.
Cybercrime
According to the UNODC, there is no set international definition for cybercrime.
However, cybercrime usually involves breaching computer systems and networks and could be
categorized in three main categories: computer-related offences, content related offenses, and
offences related to infringements of copyright and related right12. Types of cybercrime could also
be categorized in two categories: cyber-dependent crime and cyber-enabled crime. Cyber-
dependent usually involve the use of malware or other forms of malicious software to
compromise a technology infrastructure. Common examples include DDOS attacks, ransomware
and more. Cyber-enabled crime, as the name suggests, is crime conducted by or facilitated
through the digital cyber medium. Common examples include illegal downloading frauds to drug
trafficking in the dark web. Although dependent on the scale of the event, cyber-dependent
crimes have a higher potential to inflict real life damages - for example by infecting software that
manages a water treatment facility.
Cyberwarfare
According to Britania, cyberwarfare is defined as “war conducted in and from computers
and the networks connecting them, waged by states or their proxies against other states”13.
Although similar tactics are used with, unlike cybercrime, cyberespionage, cyberwarfare, or
cyberwar is state sponsored. The term was first coined by John Arquilla and David Ronfeldt,
researchers for the RAND corporation when they wrote: “Cyberwar is coming!” in their article.
Targets of cyberwarfare usually relate to the destruction of critical infrastructure such as dams or
power grids. With these efforts in mind, defense against cyberwarfare is growing as one of the
leading agendas of a defense force.
DoS Attack
11 "Cyberwar Timeline: The roots of this increasingly ... - Infoplease." 13 Feb. 2017,
https://www.infoplease.com/world/cyberwar-timeline. Accessed 11 Jul. 2020.
12 "MUN Cybercrime - United Nations Office on Drugs and Crime."
https://www.unodc.org/e4j/en/mun/crime-prevention/cybercrime.html. Accessed 6 Aug. 2020.
13 "Cyberwar | Britannica." https://www.britannica.com/topic/cyberwar. Accessed 6 Aug. 2020.
DDoS Attack
15
Data VS Datum
Trojan Horse
A trojan horse, originally adopted from the legend Iliad by Homer, is a nickname for a
malware that conceal themselves in the shell of a legitimate system. Examples of trojan horses
include websites disguised as customer support to steal personal information, or files such as
14 "DoS vs DDoS attacks: The Differences and How To Prevent ...." 9 Jul. 2020,
https://www.comparitech.com/net-admin/dos-vs-ddos-attacks-differences-prevention/. Accessed 6 Aug.
2020.
15 "Ddos Attack Diagram Diagram Base Website Attack Diagram ...." 5 Aug. 2020,
http://eyediagramhomemade.bancadelvecchio.it/diagram/ddos-attack-diagram. Accessed 6 Aug. 2020.
email attachments that secretly take control over a user’s system. Unlike other computer worms,
a trojan horse itself is unable to self replicate16. However, the destructive potential of a trojan
horse is at its apex when combined with a DDoS attacker
Espionage
According to the Merriam Webster, espionage is defined as: “the practice of spying or
using spies to obtain information about the plans and activities especially of a foreign
government or a competing company”. Please be noted that (cyber) espionage is not the
ultimatum of cyberwarfare, but usually only serves as a starting point that leads to further
conflict.
ICT
RFID
An ITI is the abbreviation for “Radio Frequency Identification”17. RFID devices can
automatically identify and even copy the data embedded in electronically non-volatile chips such
as credit cards and password keys. However, unlike other tactics mentioned in this study guide,
RFID requires the attack to be within close proximity of the target18. RFID itself is unlikely to
cause much damage, but used in conjunction with other techniques, it can be deadly.
ITU
Advanced encryption standards or AES for short is the encryption method developed by
the United States government. Although there are other standards such as the ISO/IEC standards,
16 "What is a Trojan Virus | Trojan Virus Definition | Kaspersky." https://www.kaspersky.com/resource-
center/threats/trojans. Accessed 6 Aug. 2020.
17 "What is RFID and How Does RFID Work? - AB&R®." https://www.abr.com/what-is-rfid-how-does-rfid-
work/. Accessed 6 Aug. 2020.
18 "Defining RFID - AB&R (American Barcode and RFID)." https://www.abr.com/rfid/. Accessed 6 Aug.
2020.
19 "About ITU." https://www.itu.int/en/about/Pages/default.aspx. Accessed 6 Aug. 2020.
the AES standard is the most commonly used tool to encrypt data, most specifically the AES-256
bit encryption method that relies on a key with the complexity of 2²⁵⁶, more than what any
supercomputer in the world could break in using raw computing power.
In 2004, the United Nations General Assembly created a body called the Group of
Governmental Experts (GGE) to monitor the online medium and evaluate the treat it poems in an
international scale21. The GGE, as the name suggests is the collection of cyber security experts
tasked with the job of making recommendations to the Secretary-General of the UN regarding
cybersecurity affairs. Details are outlined in resolution A/RES/58/3222.
Since its creation in 2004, the GGE served the UN to deliver better methods and clearer
standards for online security. In 2015, the GGE published a report outlining its interpretation on
how international should also apply in the digital cyberspace23. This report served as the general
international framework for maintaining the integrity of the global cyberspace.
20 "denial of service attack | Definition & Facts | Britannica."
https://www.britannica.com/technology/denial-of-service-attack. Accessed 6 Aug. 2020.
21 "UN GGE and OEWG | GIP Digital Watch observatory for ...." https://dig.watch/processes/un-gge.
Accessed 6 Aug. 2020.
22 https://undocs.org/A/RES/58/32
23 https://undocs.org/A/70/174
In December of 2015, the United Nations General Assembly assembled the Open-Ended
Working Group (OEWG)24. The OEWG is tasked with the build on the discussion of
cybersecurity by developing rules outlining the boundaries of sovereign countries and the role of
the United Nations in a macro scale. Their agendas of discussion include: existing and potential
threats, international law, rules, norms and principles, regular institutional dialogue, confidence
building measures and capacity building25.
Country 2
Please be reminded that SPT and SC reports must explain the position of all nations
present in the forum (6, 15, respectively) and other bodies that are crucial to the question. For
other committees, you are recommended to have at least 10 key member nations/other bodies.
We do understand that this number may vary depending on your committee, but please try to
reach our recommended number.
Suggested Solutions
Propose a general course of action that the international community should take to
resolve this issue. Make sure that your ideas are suggestions, not detailed step-by-step guidelines
that delegates can follow. Do not write in bullet points, and please write all solutions in full-
length paragraphs. You are recommended to write around 1500 words for this section.
Bibliography
Your bibliography should follow the Modern Language Association (MLA) style. If you
do not know the specific demands for this notation, please check out the link attached above.
Good luck on writing your chair reports! We are excited to work with you throughout this
process!
24 https://www.un.org/disarmament/open-ended-working-group/
25 "UN GGE and OEWG | GIP Digital Watch observatory for ...." https://dig.watch/processes/un-gge.
Accessed 6 Aug. 2020.