Committee: General Assembly 3 (Disarmament and Global Security) Issue: Establishing International Methods of Combatting Cyber Warfare Student Officer: Alia ElKattan (President of General Assembly 3)

I. Introduction Cyber warfare is using computers and electronic means to attack other networks and computers worldwide. are generally trained in software programming and knowing the details of computer networks, to form the attacks. The difficulty in combating cyber-attacks lies in the difficulty to identify the source of attacks, making it difficult to trace down the attackers. Hackers often are working under governments or organizations, attacking other governments for the aim of disruption or destroying their networks. It is one of the strongest current weapons, and is influenced by political aims and conflicts. Generally, cyber warfare can be used for both spying and destroying other networks. The most unique aspect of cyber warfare is that cyber space is the only warfare domain that is entirely man-made (unlike land, sea, air, and space). II. Key Vocabulary Stuxnet Trojan: [noun] Said to be one of the most sophisticated cyber weapon yet, developed by the US and Israel, and is used to demolish Iran's nuclear system. Cyber: [prefix] Electronic and technology. Infrastructure: [noun] Organizations and facilities needed for the operation of a society. Electronic Pearl Harbor: [noun] Pearl Harbor is the part that led the US to enter World War II. The term electronic Pearl Harbor is not used in this literal meaning, but to symbolize attacks or how cyber warfare can lead to wars or great losses to society. : [noun] A software that intents to harm and disturb computers and networks.

III. Involved Countries and Organizations Cyber-attacks have been a constant challenge to the Indian government, the greatest external pressures being , Bangladesh, and . Their national security agenda is constantly being attacked and intruded. The government has allowed closer cooperation with industry and government work to enhance India's IT software. As a result, a Defense Intelligence Agency and a National Defense university have been formed. Amongst the DIA (Defense Intelligence Agency)'s work is the establishment of a powerful information warfare agency specialized for cyber war and other technologies.

After nuclear tests in New Delhi,"Milw0rm", an anti-nuclear group hacked into India's Bhaba Atomic Research Center (BARC) on June 7, 1998. Probably India's greatest rival and cause to its cyber warfare capabilities is Pakistan. There have been conflicts between India and Pakistan concerning cyber war. The Indian Home Secretary R.K Singh has commented on it before saying, "Pakistan is trying to create trouble by inciting people… This exposes its attempt at cyber warfare against India." ‘G-force Pakistan’, ‘Death to India’, and ‘Dr. Nuker’ are all Pakistani groups that have been reportedly attacking Indian cyberspace. Due to cyber wars between Pakistan and India, hundreds of websites have been hacked and destroyed on both sides.

1

"The rapid technological developments underway at the same time not only facilitate these events by reducing our reaction time but add entirely new dimensions of threat and challenges, such as the Revolution in Military Affairs (RMA) and offensive/defensive information warfare.", Government of India in a report about National Security, 2001.

United States The is one of the major countries that are involved in cyber warfare on a large scale. It is under great threat from many criminal groups, individuals, and nation states. It is, however, one of the most powerful countries in the world in the cyber world. The United States of America has made numerous attacks previously, most importantly its attacks on Iran. In 2010, Stuxnet Trojan, which is linked with the US, has attacked Iran's nuclear program and the Flame cyber surveillance tool. After Obama won the American presidency, he has decided to continue and speed up the attacks on Iran's nuclear program. The American Air Force was also seeking to enhance its cyber warfare tools and capabilities. According to the Air Force, it is looking and aiming to "disrupt, deny, degrade, destroy, or deceive an adversary's ability to use the cyberspace domain to his advantage," US Marine Corps Lt. General Mills has openly admitted the use of cyber warfare in Afghanistan and its success. He talked about the uses of cyber warfare on August 15th, 2012 saying "I can tell you that as a commander in Afghanistan in the year 2010, I was able to use my cyber operations against my adversary with great impact." According to the U.S Defense Secretary, the country has strongly stated that it is planning on strengthening its cyber warfare unit and significantly increasing its importance in the Pentagon. As Defense Secretary Chuck Hagel said, this was to protect the country against foreign cyber-attacks. When asked about his policies, he stated that while he aimed to show strength, he also wants to “tame” the United States’ image as an aggressor in the field of computer warfare. The United States, Hagel said, does not seek militarizing cyberspace. China China is one of the strongest 'Cyber Powers' in the world, with a unique model for cyber warfare with their national support and the PLA (People's Liberation Army). There is clear development in the Chinese cyber warfare strategies and capabilities, starting from the 1990's. The Chinese government thinks that a great step towards becoming a very powerful nation is to increase its security and cyber warfare capabilities. The PLA has capabilities to test new technologies and increase its sophisticated tools with China's strong economy support. China sees cyber warfare as a tool to defeat a superior military. According to a quote mentioned by the CIA, an unknown Chinese official has expressed the great and powerful capabilities of cyber-attacks and military technology saying, "We can make the enemy's command centers not work by changing their data system. We can cause the enemy's headquarters to make incorrect judgment(s) by sending disinformation. We can dominate the enemy's banking system and even its entire social order." One of China's most powerful cyber-attacks was GhostNet, which succeeded in penetrating 103 countries. Chinese Major General Wang Pufeng has also stated his views concerning information warfare, and China’s wills to become more powerful and superior in the field: "In summary, our warfare methods must adapt to the needs of information warfare. We must use all types, forms, and methods of force, and especially make more use of nonlinear warfare and many types of information warfare methods which combine native and Western elements to use our strengths in order to attack the enemy's weaknesses, avoid being reactive, and strive for being active. In this way, it will be entirely possible for China to achieve comprehensive victory over the enemy even under the conditions of inferiority in information technology."

2

NATO Cyber-attacks have been and are a continuous threat to the North Atlantic Treaty Organization. NATO realizes that with the current cyber warfare attacks, defending its network systems and information is a top priority. NATO defense ministers have approved a policy that sets a clear path and vision on the NATO's cyber defense; the NATO Policy on Cyber Defense. The organization has stated on their official website that cyber defense is one of its main capabilities. They have made several training sessions, where representatives from countries try to fight 'fake' cyber-attacks, and see how they will deal with it if NATO is under attack. As new defense tools will be applied, all structures in the organization will be brought to centralized defense, protecting it from any possible attacks. NATO has established the NATO Communications and Information Agency (NCIA) on the 1st of July, 2012, in efforts of bringing NATO under severe protection and save long-term costs, along with many significant benefits to the organization. INTERPOL The 'International Police for a Safer World' views cybercrime as probably the fastest growing areas of crime, with the fastest growing rate of criminals. Unlike in the past when cybercrime was committed by individuals, nowadays organized associations both in the private sector and governments work together on cyber-attacks. Up to USD 1 trillion was stolen from worldwide businesses using cybercrime, and over USD 8 billion were spent on cybercrime worldwide in the years 2007 and 2008. The INTERPOL sees its role is to form investigations worldwide on cybercrime, develop partnerships with worldwide organizations, and identify the threats. They have also created a contact list of 131 officers by the end of 2011 which are always available and open for cybercrime investigations. IV. Focused Overview of the Issue Cyberspace is considered to be the fourth war domain, not subject to any natural barrier, and the only domain man made. It is the internet, telecommunication, and computer systems. Moreover, cyber space, is made, owned, and operated by private organizations and governments around the globe. The system of computers is very complicated, and therefore makes it extremely hard sometimes to identify the source of cyber-attacks. Many governments and private sectors have the capabilities for cyber warfare, a UNIDIR report showed that 33 countries use cyber warfare and 133 countries using open source information and organizations.

3

Cyber Warfare in the UN Charter Attacks in cyber warfare can be categorized into three types: attack, defense, or exploitation (misuse of the cyber space). Cyber-attack, while examined by the United Nations, could be identified as three things: 1. International threat. 2. Necessary attack for self-defense. 3. "Threat to the peace", a "breach of the peace", or a form of aggression. In this case, the attacks are subject to be discussed by the United Nations Security Council, where there intervention would be necessary. Cyber operations can be general prohibition to article 2(4) of the UN charter, and can also cause international armed conflict. Article 2, number 4 states that:

• "All members shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any state, or in any other manner inconsistent with the Purposes of the United Nations." [Quoted from UN Charter] This is a debatable issue, however, since it could be claimed that the term force is used referring to armed or military attacks. The alternative point of view would state that force is a general word talking about any form of attack causing harm, which would include cyber-attacks. Cyber Attacks About Cyber Attacks Cyber-attacks are a very different kind of war. Though they do not produce any deaths or explosions, they are very effective, and might even result in an electronic Pearl Harbor. Cyber-attacks can cause disruption and can completely destroy a country or organization's information files or cyber space, resulting in massive loss. Many countries around the world are currently involved in cyber warfare, with cyber- attacks being a modern powerful weapon. On top of these countries is the United States, followed by China. Below is a chart of the top twenty countries involved in cyber warfare.

4

Examples of Previous Cyber Attacks Recently, and especially throughout the past ten years, there has been a grand increase in the amount of cyber-attacks, as well as them being a lot more sophisticated. Conflicts occurred when Serbian hackers and the NATO attacked back and forth, each trying to control the other's resources, during the peace keeping attempts in Kosovo. Cyber-attacks also occurred during the disagreement over Kashmir between India and Pakistan and the Palestinian-Israeli conflict, as well as many attacks between Chinese and American hackers. These attacks occurred after the bombing of the Chinese Embassy in Belgrade in 1999 accidentally, though there are still many cyber warfare conflicts between China and the US till the current day. Another cyber war that occurred was between the Russian hackers and the Chechen fighters, which originated as a military conflict. There are also very sophisticated and great cyber-attack threats such as the Stuxnet and Flame. According to the Russian Kaspersky Labs, it seems that what is known as Flame had been operating since 2010. It had been targeting countries such as Israel and Iran and collecting private data in a complex cyber-attack. Due to Flame's sophistication and size, it is more probable that it is backed by some strong government work. Other countries were also targeted by Flame including Sudan, Syria, Lebanon, and Egypt. Probably the most dangerous aspect of this malware is its ability to record data through a microphone, and send it back to the attacker. There were other dangerous such as Wiper which deleted data on machines in western Asia and Duqu which also sought to steal data by penetrating networks. Below is a table of cyber-attacks that occurred in 4 days of April, 2012, showing their attack and target categories, target, description, and type of attack. As visible, cyber-attacks are very frequent and abundant, and this is just an example.

5

V. Important Events & Chronology

Date Event (Day/Month/Year) A hacking group hacked into India's BARC as a protest June 7th, 1998 against the nuclear tests in New Delhi. Belgrade was accidentally bombed starting a series of May, 1999 cyber-attacks between Chinese and American government websites. The Security Council passed a resolution about cyber March 5th, 2012 warfare (1113) stating that it will form a committee on international cyber security. President Barack Obama signed an executive order which April 22nd, 2012 authorized government to put people who use technology to track or block individuals into trial.

VI. Past Resolutions and Treaties

• UN General Assembly resolution 58/199 of 30 January 2004 (“Creation of a global culture of cyber security and the protection of critical information infrastructures”) VII. Failed Solution Attempts In the 1990's introduced a treaty to the United Nations about cyber warfare, which has never been put into action. The idea of forming a treaty has been appealing in the General Assembly, however it had never successfully worked. There was strong Western opposition to the idea of a treaty against cyber warfare.

VIII. Possible Solutions 1. Educating the individual citizens of the world of means to protect themselves from cyber threats and attacks. 2. Forming an observational committee to monitor cyber-attacks between nations, while trying to identify the source and propose solutions. 3. Peace treaties between countries that have been known to exchange numerous harmful attacks, with strong consequences to the country that appears to have broken the treaty. 4. Imposing sanctions or other consequences on nations which are found out to be responsible for cyber attacks 5. Using World Bank resources to develop more secure protection systems for cyberspaces and infrastructure

6

IX. Useful Links

• A useful documentary provided by the UNIDIR Resources and written by Dr. Nils Melzer. The research paper will provide valuable information on the topic, and covers it from many different aspects:

o http://www.unidir.ch/pdf/ouvrages/pdf-1-92-9045-011-L-en.pdf

• Detailed report on cyber-crime and security, concentrating on India

o http://www.eurasiareview.com/16022014-cyber-warfare-information-security-india/

X. Works Cited

• "Cybercrime." Interpol. Interpol, n.d. Web. Lee, Dave. "Massive Cyber-attack Discovered." BBC News. BBC, 28 May 2012. Web.

• Melzer, Nils. "Cyber Warfare and International Law." Ideas for Peace and Security (2011):1- 38. UNIDR. Web.

• Moore, Malcolm. "China's Global Cyber-espionage Network GhostNet Penetrates 103 Countries." The Telegraph. The Telegraph, 29 Mar. 2009. Web.

• Nakashima, Ellen .. "U.S. Cyberwarfare Force to Grow Significantly." The Washington Post. The Washington Post, 13 Mar. 2003. Web. 10 July 2014.

• "NATO and Cyber Defense." North Atlantic Treaty Organization. NATO, n.d. Web. • Sanger, David E. "Obama Order Sped Up Wave of Cyberattacks Against Iran." The New York Times. The New York Times, 31 May 2012. Web.

• U.S. May Have Three Previously Unknown Cyberwarfare Viruses: Security Experts." News - National Post. National Post, 17 Sept. 2012. Web.

7