Study Guide: Security Councild284f45nftegze.cloudfront.net/speedlightning/Study Guide SC edited.… · hobbies include, watching YouTube (my favourite YouTubers are “The Sidemen”,

StudyGuide:SecurityCouncil


CyberWarfareAndItsThreatToGlobalSecurity


Letter from the Director Dear Delegates, It’s my utmost pleasure to welcome you to the United Nations Security Council, the most fast paced committee and one of the strongholds in today’s day and age when it comes to deciding solutions of globally prevalent matters that shake the very grounds of humanity. I am looking forward to seeing you debate at high intensity and find a cohesive solution that can pass in the UNSC. My name is Adnan.Bahrainwala and I am currently studying in the 11th grade. When not with academic work, I can be found honing my skills as a football and basketball player. Also, as negative as this may sound I love arguing with anyone about anything, from whether demonetisation is correct to whether brushing your teeth thrice a day is important. I am extremely passionate about debating and I hope to see similar passions in all the delegates participating at SpringMUN 2017. My hobbies include, watching YouTube (my favourite YouTubers are “The Sidemen”, especially KSI.) Also, I love playing any type of sports and I love trying out new adventures. I love scuba diving and visiting different places around the world. My favourite subjects include Mathematics and Global Politics. Having munned for the past 3 years, I have experienced many different MUN’s internationally, nationally as well as locally in Mumbai. I have made so many new friends that stay around the world and I hope each aspiring munner gets the chance to do so.

Although February may seem far, I would urge you to get familiarized with this topic. In order to ensure a meaningful experience in committee I gently advise to plan your research and avoid last minute preparation. The Security Council, will tackle ‘Cyber warfare and its threat to international security’, a globally critical issue. During the conference you will be called upon to demonstrate mandatory skills like critical thinking, innovative ideas, multilateral collaboration and above all a strong diplomatic frontier. Moreover, this topic will require a high degree of negotiating power keeping in mind that your foreign policy may be at stake. Familiarize yourself well with this topic and constantly keep yourself updated with the current situations about cyber warfare. Make good use of those smart phones to track the constantly evolving scenario of cyber warfare. This years SpringMUN is on a whole new level. The world is constantly changing and we are witnessing the great advancements. In my opinion, the biggest advancement the world has faced is the advancement in technology. However, with advancements come many threats. All you need is a laptop, and a person can access information without any restrictions. Cyber warfare can happen on a national or an international level. I hope all the delegates that participate in the Security Council understand the great threat cyber security poses, to each human being in the world. On the other hand, I would like to encourage all delegates to participate


and to not be afraid of speaking in committee. Also, a note to the more experienced delegates: help younger delegates, make everyone feel involved and don’t participate with the aim to win best delegate. Just have a lot of fun. I am going to try my best to make this year’s Security Council one of the best experiences you will ever have. MUN is not about winning an award, it is a learning experience for everyone and it exposes you to current conflicts that our world faces and it gives you the power to come up with strong, innovative and creative solutions. Lastly, I would like to end by saying that sometimes you will win, but you will learn something new every single time. I am here to make sure you have a splendid experience dealing with this globally relevant topic of ‘Cyber warfare and its threat to international security’, and I hope that you delegates can find a cohesive resolution to combat this morally and ethically challenging topic. If any doubts or queries arise in the course of your research, please don’t hesitate to contact me. For now goodbye. See you all, in February. Take care. Good luck!

Regards, Adnan.Bahrainwala Under-Secretary General

About the committee: Dear delegates having chosen the United Nations Security Council you have now entered a very unique committee and hence it is extremely vital to known what this committee is all about. Under the charter the Security Council has primary responsibility for the maintenance of international peace and security. Having 15 members, each has only one vote. The Security Council undoubtedly is the most powerful committee in the UN and hence under the charter, all member states are obligated to comply with the Council decisions. The Security Council takes the lead in determining the existence of a threat to peace or an act of aggression. It calls upon the parties in a dispute to settle it by peaceful means and recommends methods of adjustment or terms of settlement. In some cases, the Security Council can resort to imposing sanctions or even authorize the use of force to maintain or restore international peace and security. According to Article 27 of the Charter each member of the Security Council shall have one vote. Secondly, decisions of the Security Council on procedural matters shall be made by an affirmative vote of nine members. Lastly, decisions of the Security Council on all other matters shall be made by an affirmative vote of nine members including the concurring votes of the permanent members; provided that, in decisions under Chapter VI, and under paragraph 3 of Article 52, a party to a dispute shall abstain from voting. The permanent members of the Security Council, which are the p5, are the only countries to have a veto


power. The P5 countries are China, Russia, UK, France, and USA. The next 10 are all rotating members of the Security Council, which are elected by the General Assembly for a two-year term. History of the Problem: At the nineteenth meeting of the sixty-ninth session of the United Nations’ General Assembly in 2014, the First Committee heard that the prospect of cyber warfare weaponry represented a serious threat to the “entire edifice of international security.” Although the accepted definition of the term ‘cyber warfare’ is, like the landscape of relevant international norms, yet to be fully developed, most experts agree that cyber warfare constitutes an action by a nation-state to penetrate another nation-state’s computers or networks that affects the latter in the way a conventional attack would: by way of injury or death to people or damage to or destruction of objects. This definition is further informed by assessment of the North Atlantic Treaty Organisation’s attempts at establishing a threshold for invocation of Article 5 of the Washington Treaty, in the context of cyber warfare through the NATO Cooperative Cyber Defence Centre of Excellence and its Tallinn Manual on the International Law Applicable to Cyber Warfare. One significant reason for this limited definition is the existence of widespread cyber espionage assumed to be carried out by major powers and corporations; such acts fall short of affecting a state in the way a conventional attack would. As a result of this limited definition, there are few historical events that have qualified as cyber attacks, although such events

have spiked in recent years and will be discussed below. The following are but a handful of incidents chosen to demonstrate the variation in targets, alleged perpetrators, and means by which cyber attacks are launched. There are numerous additional reports of probe attacks launched between militaries with functions similar to periodic violations of airspace to test response time. While the scale and frequency of this alleged brinksmanship is largely unknown, what is known is that the profile of cyber warfare is rising in the sphere of threats to international peace and security. As a final note, and to add to the gravity of the situation at hand, experts estimate that as of 2012, at least eleven nations have offensive cyber warfare capabilities and at least another thirty-three possess defensive capabilities. Additionally, states that have publicly announced the existence of specialised cyber warfare units within their own militaries include the United States, China, the Russian Federation, Israel, India, Germany, Iran, South Korea, and the Netherlands, again highlighting the need for the Security Council to address this issue. Cyber Attacks: Cyber warfare, in almost all cases under the above definition, takes the form of attempted sabotage of computer systems such as those tied into power, water, fuel, communications, and transportation infrastructure, military or otherwise, of a given nation. The devices by which this sabotage is carried out include, but are not limited to, Trojans, viruses, worms, denial-of-service attacks, malware, payloads, rootkits, and key


loggers. The aims of cyber attacks vary on a case- by-case basis, which renders useful a brief listing of recent major cases, before turning to the question of what is to be done on the international level. In April 2007, cyber attacks launched from Russian servers targeted Estonian ministries, banks, and media. Considering Estonia’s large investment in online operation of its services, including an e- government with online banking, elections, and taxes, the economic effects of the attack were strongly felt by the Estonian populace. As a consequence, Estonians rioted and caused injury to at least 150 people on the first day alone. In December 2014, a group of experts investigating the 2008 explosion of a section of the Baku- Tbilisi-Ceyhan pipeline in Eastern Turkey found that cyber attackers had shut down alarms, cut off communications, and super-pressurised crude oil in the line to trigger the blast. It is estimated that over $1 billion in losses occurred as a result of the initial blast and the subsequent time the line was shut down, and experts traced the attacks alternately to Russia or China. In September 2010, systems at Iran’s Natanz nuclear enrichment facility were infiltrated by sophisticated malware in the Stuxnet worm, which aimed to hijack control of centrifuge machinery and destroy it. International media have claimed that the cyber attack was the product of a U.S.- Israeli initiative to damage Iran’s nuclear capability.

The Canadian government has revealed in news sources that they became a victim of cyber attacks in February 2011 from foreign hackers with IP addresses from China. These hackers were able to infiltrate three departments within the Canadian government and transmitted classified information back to them. Canada eventually cut off the Internet access of the three departments in order to cut off the transmission towards China. India, despite the country reputation for being an IT and software powerhouse, India has reported 13,301 cyber security breaches in 2011. However, the biggest cyber attack that the country has faced occurred on July 12, 2012 where hackers penetrated the email accounts of 12,000 people, which included highly placed officials from the Defence Research and Development Organization (DRDO), the Indo-Tibetan Border Police (ITBP), the Ministry of Home Affairs, and the Ministry of External Affairs. Titan Rain was a series of coordinated attacks aimed at various U.S. and British systems, which lasted from approximately 2003 until 2006. The attacks were most likely Chinese in origin, although their precise nature remains unknown. Some believe the Chinese armed forces were responsible for the series of attacks. Titan Rain was successful in gaining access to many defence contractor computer networks, which were targeted for getting access to sensitive information, including Lockheed Martin, Sandia National Laboratories, NASA and Redstone Arsenal. Additionally the U.S. Defence Intelligence Agency and the United Kingdom’s Ministry of Defence were


attacked, and the computer system of the House of Commons was shut down. No access to classified information has been reported, but the attacks and hackers accessing unclassified information have led to significant friction between the U.S. and Chinese governments. Past Actions: The UN General Assembly, Economic and Social Council, and Security Council often stress the importance of cyber security and regularly call on member nations to combat cybercrimes. These organs usually refer responsibilities to the International Telecommunications Union (ITU) which is a UN agency based in Geneva which is responsible for coordinating efforts on these issues. They study cyber activity and set standards to which various governments are supposed to adhere to. The difficulty with such organizations is these standards are often non-binding and there are not enough mechanisms to force countries to play by the rules. A major difficulty in combating cybercrimes is the sheer amount of data that needs to be monitored in order to catch cybercriminals. Several NGOs have stepped up efforts to monitor cyber activities and report on cyber security issues. The International Association of Cybercrime Prevention “provides information and training about cybercrime prevention. It is also an interdisciplinary research organization bringing together experts, professionals, and individuals involved with the misuse of Information Communications Technology.” The Cyber Peace Foundation is another NGO, which is also involved with raising “awareness, counselling,

education, training and to reach out to the citizens, the governments, law enforcement agencies (LEAs), private enterprises, NGOs working in cyber crimes and cyber security, universities, cyber security experts and bug bounty hunters; to provide a common platform on a global level.” There is also hope that bilateral agreements can help solve these issues. In September 2015, Chinese President Xi Jinping and American President Barack Obama met and discussed issues related to cyber security and came to a tentative agreement. Prior to President Xi’s visit to Washington, the Obama administration officials had warned that disagreements over cyber warfare may lead to sanctions by the US government, and that products might not be able to be sold on international markets. In their meetings, they discussed steps each government should take to curb cyber-spying on both sides and they agreed to disallow any hackers from committing acts of cyber espionage. Annually in September the “Cyber Coalition” exercise is held. During these exercises hundreds of cyber defenders from across NATO test for several days their capabilities to defend their networks from complex security challenges. During “Cyber Coalition 2015” 600 experts took part in the exercise, which was held at NATO’s Cyber Range in Estonia and locations in participating nations. During the exercises scenarios increasing ion complexity are thrown at the cyber defenders, aimed at drilling procedures and coordination between NATO bodies and national institutions.


Besides the “Cyber Coalition” exercises, also other regular cooperation exists. For example, in February 2016 the Technical Arrangement on Cyber Defence was concluded between the NATO Computer Incident Response Capability (NCIRC) and the Computer Emergency Then Response Team of the European Union (CERT-EU) provides an exchange of information framework and the sharing of best practices between the two institution’s emergency response teams. Current Situation: Cyber warfare and Cyber terrorism is growing largely at hand and some action must be taken in order to curb the threat of cyber arms. Cyber warfare involves the actions by a nation-state or international organization to attack and attempt to damage another nation's computers or information networks through, for example, computer viruses or denial-of-service attacks. In the past, we saw the Stuxnet worm, which was a cyber attack conducted by USA and Israel against Iranian Nuclear centrifuges. Another example was the attack against the Estonian government. Recently multiple cyber attacks have taken place, for example the on going conspiracy on whether Russia hacked into the US 2016 Elections. Also, the hacking of over 1 billion Yahoo accounts and the selling of that information on the black market is major topic at hand. Another example of a recent cyber attack, was the attack against Deutsche Telecom, in Berlin where 900,000 Germans lost access to the Internet and telephone services. Germany feared that this was an attack by Moscow in order to destabilise

Western Democracies, however Russia denies any such acts. Cyber terrorism: “The electronic war has not yet begun.” That was one message released in a video on Monday, May 11, 2015, from a hacker group that claimed to be affiliated with the Islamic State. The video showed a digitized, hooded and faceless figures, akin to the symbol of the hacker collective Anonymous, reading out a prepared speech in Arabic with English subtitles. A group calling itself the “Islamic State’s Defenders in the Internet,” reportedly released the video, although there is no evidence that it is connected to leaders of the group also known as ISIS or ISIL in Iraq and Syria. Last month, the Obama administration issued an Executive Order, which invested U.S. government with the authority to better respond to the most significant of these online threats, particularly in situations where malicious cyber actors may operate beyond the reach of existing authorities. But how serious of an online threat is ISIS and those who claim to work with or for the Islamic State? Could these groups unleash cyber terrorism and successfully bring down critical infrastructure in the U.S. and/or around the world? Where do these cyber threats rank, if we compare them to other cyber attacks from cyber criminals or cyber attacks originating from Russia or China?


There is no doubt that ISIS has learned to use the Internet successfully to attract new recruits through the use of social media. Stories of men and women who travel to the Middle East from all over the world has been major topic of global discussion in 2014 and 2015. So could more dangerous cyber terrorism be coming from the self-proclaimed “cyber caliphate?” In June 2014, the Islamic State of Iraq and Al-Sham (ISIS) declared the territory that it captured in Iraq and Syria to be an Islamic state, or caliphate. Meanwhile, a group of hackers who claim to be affiliated with ISIS has declared a "cyber caliphate" and made headlines over the past six months for a series of online incidents that have received worldwide news coverage. In a meeting this past week at Camp David, leaders and delegates from the Gulf Cooperation Council (GCC) — which includes Bahrain, Kuwait, Oman, Qatar, Saudi Arabia and the United Arab Emirates — discussed numerous ways to collaborate in fighting ISIS and other regional threats. Possible Solutions: One of the major problems with guaranteeing cyber security is the sheer amount of data that makes up cyberspace and, coincidentally, the difficulty in monitoring it all. The United States has been better able to monitor cyberspace than many other nation, but this has created some difficulties within the international

system. Some nations have viewed America as the greatest protector of cyberspace while others view it as its greatest threat. Increasingly, individuals have become more worried about privacy issues and leaks of government information. Also, since most of the servers, which contain the Internet, reside within the United States, there is concern that the US has an unfair monopoly in cyberspace ownership. Increasingly, it has been argued that the Internet needs to be governed by an international agency which is responsible for answering to the international system as a whole and not individual parties. The Non Aligned Movement has expressly stated the need for independent control of some parts of their Internet to guarantee the protection of defence secrets as well as the ability to guarantee Internet use for the growth of their economy. However, the makeup of such a body is still being debated. Another major problem with guaranteeing cyber security is the issue concerning how to hold nations and international actors accountable for their actions. Nations like Russia and China believe cyberspace should be controlled locally by various national governments and should respect cultural norms and national policy agenda if a state determines the need for this. In much of the West, people believe in a free Internet, but in less democratic countries leaders may feel threatened by a free Internet and wish to control it directly. Coincidentally, this has sparked debate around the world about how much freedom individuals are willing to give


up in order to maintain security online. Originally, the Internet was a completely free place where individuals could express themselves and feel free to come up with applications never thought of before. As the technology has become more widespread and available, dangers have arisen. There is a large debate concerning how much freedom should be allowed in cyberspace. If governments took more control over cyberspace, they could be more effective in improving cyber security, but there is a risk they would also decrease the level of freedom permissible on the Internet. This debate is especially pertinent in the European Union where individuals are asking where to draw the line between security and freedom of expression. There are many challenges to creating an international framework for cyber security. Though the challenges are great, the potential danger of not doing anything is far greater. The problems posed by cybercrime are serious, but they are solvable. It is hoped the international community can put aside their differences and create a free and open Internet, which is safe from cybercrime. Bloc Positions: United States of America The United States has taken a pivotal role in bringing the issue of cyber security and cyber warfare to the international agenda in recent years. To that effect, the Office of the Coordinator for Cyber Issues (S/CCI) was established in February 2011, with an agenda that includes the full spectrum of cyber-related issues, from security, economic issues, freedom of

expression and the free flow of information on the Internet. Perhaps one of the most complex issues of the U.S policy in regards to cyber security is U.S- Chinese relation. The Chinese government has been continuously been accused of a large number of cyber-attacks against U.S and foreign companies and government agencies. The current administration has taken initiative with the creation of the Cyber Threat Intelligence Integration Centre (CTIIC), which “provides analysis and support to U.S. government agencies in response to cyber threats”. The most notable development in the field of Cyber Security has been the US-China agreement, which was announced at the end of September 2015. The agreement includes, among other issues, the cooperation between the two countries via information sharing in regards to cyber activities, the mutual commitment not to conduct or support cyber attacks for the purpose of “providing competitive advantages to companies or commercial sectors” along with the creation of a high-level joint dialogue mechanism for the purpose of fighting cybercrime and related issues. United Kingdom The United Kingdom has been vocal about the economic and social value of a secure cyberspace as well as the severe consequences of cyber attacks for international peace and security. Since 2011, the government has launched a National Cyber Security Program that has been designated a total of 860 million pounds for the protection of the U.K until 2015. In accordance with that, as a member of the European Union, the country has


been complying with the Union’s Digital Agenda that calls for 14 actions for the advancement of cyber security, which include the establishment of a network of CERTs (Computer Emergency Response Teams). People’s Republic of China China has turned into a key actor on cyber security, especially after having been pointed at as the perpetrator of numerous cyber attacks primarily against US companies and government agencies. The Chinese government has repeatedly denied these allegations stating that it “opposes and forbids any cyber crimes including “hacking” while attributing these accusations to “the dark mentality of certain people who always regard China as a threat.” In addition to that, China said that it was the victim of U.S cyber attacks, which the U.S has denied. The official policy reaffirms the People’s Republic’s willingness to enhance communication and collaboration in the field of cyber security based on mutual respect and objectivity. In particular, in May 2015, China signed an agreement with Russia in the field of information security, which emphasises the commitment to close cooperation to respond to cyber-threats and attacks. France Cyber security has been placed as a priority to the national security agenda of France since 2008. In 2009, the French government created the French Network and Information Security Agency (ANSSI), which have the responsibility of addressing the challenges of cyber attacks. At the same time, France’s main policy goal in regard to cyber security is the

development and further enhancement of international cooperation through bilateral relations, as well as active participation of international organisations to design more comprehensive cyber security policies. In particular, as a EU member-state, France supports the implementation of the cyber security strategy by the European Commission and the European External Action Service, launched in 2013. Russian Federation Russia’s policy on cyber security presents significant differences from the common view of the Western countries. Even in terms of language, Russia does not use the term “cyber warfare” in its analysis, but opts for the phrase “information war”. Having said that, the government signed the Russia-U.S cyber-security confidence-building agreement in 2013, which laid the ground for cooperation on the field of information/cyber security, before Russia-U.S relations became strained with the geopolitical developments in Ukraine. In 2015, Russia signed an agreement with China on the field of international information security, providing a base for future close collaboration between the two countries. NATO Cyber security and cyber defence are in the centre of NATO’s collective defence. The Alliance first introduced a cyber policy defence package in 2008, after the cyber attacks in Estonia took place. The same year, the Cooperative Cyber Defence Centre of Excellence (CCD CoE) was established. Although not included in NATO’s official command structure, this organisation


serves as the leading NATO-accredited research and training facility, “dealing with cyber defence education, consultation, lessons learned, research and development.” In order to stay ahead of the ever- changing field of cyber security, NATO has introduced two official cyber defence policies. The first, introduced in 2011, further elaborated on NATO’s operational mechanisms in the event of a cyber attack, and the new enhanced policy, introduced in 2014, establishes “cyber defence as a part of the Alliance’s core task of collective defence, confirms that international law applies in cyberspace and intensifies NATO’s cooperation with industry.” In their core, NATO policies and initiatives aim for the protection of the communications and information systems (CIS) owned and operated by the Alliance QARMA (Questions a resolutions must answer):

1. What measures can be taken to improve the monitoring of cyberspace?

2. How can international actors be held accountable when they are found to have taken part in cybercrimes?

3. To what extent, should the Internet be monitored and by who?

4. How can the international community prevent terrorist organisations such as ISIS and Al-Qaeda from gaining cyber weapons?

5. To what extent is cyber warfare used in order to please self-interests?

6. Can the international community curb the great threats posed by

the advancements in technology?

Position Paper Requirements: Your position paper should be approximately 750 words with a Times New Roman Font, with your name, grade and topic in the top right corner. The position paper should be highlighted into three distinct paragraphs. The first paragraph should consist of your country’s experience or particular connection to the topic. For instance, how has your country been affected by the above-mentioned problem? Is your nation in a particularly vulnerable position concerning this topic? The second paragraph should discuss your nation’s policy on the issues, as supported by relevant national documents. This differs from the first paragraph because it should also include a short description of agreements, statements, and lessons learned from your history and choices in the past. You should also discuss your current diplomatic arrangements with relevant nations in this paragraph. Research for this paragraph could include speeches given by heads of state or ambassadors, or national studies and policy statements. The third, final, and most important paragraph is your country’s plan going forward. Given your history and your policy going forward, what does your country believe is the best course of action to pursue? This should be a unique mixture of international work and your country’s personal past and experiences. For example, given risk factors and past experiences, what is the most logical and effective way to address these topics? What priorities


does your country assign to different matters, and why? Delegates, you need to understand that this topic is a very complex topic with many dimensions to it. I highly suggest you conduct your research in a very planned and focused way or else your effort will be unproductive. Further, carry out your research with vigour and curiosity. Please cite your sources in endnotes and create a bibliography at the end of the paper as well. For now that’s all. And of course please do not hesitate to contact me for any questions. Suggested Reading: 1. Cyber security and Cyber warfare:

http://unidir.org/files/publications/pdfs/cybersecurity- and-cyberwarfare-preliminary-assessment-of-national-doctrine-and-organization-380.pdf

2. Cyber warfare and International Law: http://www.unidir.org/files/publications/pdfs/cyberwarfare-and-international-law-382.pdf

3. International Strategy for Cyberspace: https://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cy berspace.pdf

4. Chinese Views on Cyber security in Foreign Relations: http://carnegieendowment.org/files/CLM42MS.pdf

5. A Framework for International Cyber Stability: http://www.state.gov/documents/organization/229235.pdf

6. The Quest for Cyber Peace: https://www.itu.int/dms_pub/itu-s/opb/gen/S-GEN-WFS.01-1- 2011-PDF-E.pdf

7. Cyber Norm Emergence at the United Nations: An analysis of the UN’s activities regarding Cyber Security: http://belfercenter.ksg.harvard.edu/files/maurer-cyber-norm-dp-2011-11- final.pdf

8. Cyber terrorism: How real is the threat? http://www.usip.org/sites/default/files/sr119.pdf

9. The Impact of China on Cyber Security: Fact and Friction http://www.mitpressjournals.org/doi/pdf/10.1162/ISEC_a_00189

10. Sovereign Discourse on Cyber Conflict under International Law:

https://www.law.upenn.edu/institutes/cerl/conferences/cyberwar/papers/reading/Kanuck

. Pdf


11. From Nuclear War to Net War: Analogizing Cyber Attacks in International Law:

http://scholarship.law.berkeley.edu/cgi/viewcontent.cgi? Article=1368&context=bjil

12. Globalization’s Security Implications:

https://www.rand.org/content/dam/rand/pubs/issue_papers/2005/IP245.pdf

13. Manual on International Law applicable to Cyber warfare:

http://www.peacepalacelibrary.nl/ebooks/files/356296245.pdf

14. Bosco, David. Five to Rule Them All: The UN Security Council and the Making of the Modern World. New York: Oxford University Press, 2009.

Study Guide: Security Councild284f45nftegze.cloudfront.net/speedlightning/Study Guide SC edited.… · hobbies include, watching YouTube (my favourite YouTubers are “The Sidemen”,

Documents