UN Emergency Summit on Cyber Security Topic Abstract

UN Emergency Summit on Cyber Security – Topic Abstract

Dear Delegates and Moderators,

Welcome to the UN Emergency Summit on Cyber Security! Cyber security is one of the most relevant issues in the international community today. As more individuals use mobile phones and the Internet it is our collective responsibility to ensure these devices are safe for personal use. In a few months delegates will join over 100 other members of the UN Summit on Cyber Security to discuss two pressing issues that the international community faces today: censorship and cyber conflict, and the future of cyber security programs. Delegates will be tasked with keeping in mind both the global and local contexts, and asked to think critically to develop concrete solutions to prevent these issues from threatening the social and economic wellbeing of the planet and its people.

Although this committee is an ECOSOC, not a crisis committee, there will be crisis elements in place during debate, and delegates who wish to exploit their country’s cyber powers are

encouraged to test the limits of their powers during committee. By the end of the weekend, delegates will have come up with a recommended list of best practices for computer security.

These suggested best practices should embody strong security measures, keep national

sovereignty in mind, and consider that in this realm the technology and the available resources and constantly evolving.

In addition, this summit is comprised of both state and non-state actors. As they are not members of the UN, non-state actors participating in this summit will not have voting rights. They are however encouraged to write an agreeing or dissenting opinion to any resolutions they would like and they will be treated as experts in the Cyber Realm and their opinions may be used to sway other nations.

The document included here is a ‘topic abstract’ for the UN Summit on Cyber Security at

NAIMUN LII. Here, you will find information and avenues for further research on the topics we will be discussing during the conference.

The intent of this abstract is so that you may begin research and have an understanding of the

material that will be discussed in this committee before a full background guide is released. Use

these abstracts to help you focus on understanding the issues at play in each topic and the ways

in which they may interact with the programs and goals of the UN Summit on Cyber Security

We hope to assist you in any way possible in the lead-up to NAIMUN, so if you have any questions, comments, or concerns, please contact the Chair, Remi Cohen directly at rjc92@georgetown.edu.

Best,

Andrew and Matthew

Andrew Lyu

Secretary General

Matthew Quallen

Director General

The Topics

Just-in-Time Censorship and Cyber Conflict:

Censorship systems and protocols are typically used as a means to limit individuals’ free access to, and use of, the Internet. They include infrastructure such as the Great Firewall of China, systems to block Tor and other Onion routers, and deep packet inspection (DPI) of various packets traversing the web. In response to this, many anti-censorship and surveillance protocols have been developed and deployed with limited success. Systems or coordinated attacks against websites and the Internet in a particular place are forms of censorship, specifically by denial of service. “These are the kinds of attacks we see in the Russian elections of 2007 and subsequent attacks.” ¹ This is called Just-in-time Censorship, a term adapted from “just-in-time blocking”

used by Ronald Deibert and Rafal Rohozinski to explain a form of censorship that is temporary, occurring when the specific information has particular value, and utilizing techniques differing from traditional censorship mechanisms. Unlike conventional censorship systems such as the Great Firewall of China, these attacks are cheap and easy to execute. They allow for plausible deniability and difficult attribution while effectively silencing enemies.

The Open Net Initiative (ONI) ² has observed this form of censorship since 2003, especially at times of political uncertainty, such as elections or important anniversaries. The ONI documented just-in-time censorship occurring during the March 2005 Kyrgyz parliamentary elections, the March 2006 Belarus presidential elections, and the October 2006 Tajik presidential elections. It has also been alleged in other regions, including Bahrain, Uganda, and Yemen, during the run-up to their 2006 presidential and parliamentary elections. The first ever documented “cyber attack”

occurred in Estonia in 2007. Following that, there were coordinated cyber attacks with a ground conflict in Georgia in 2008. The parallels between the cyber attacks that preceded the Russian invasion of Georgia in 2008 and the cyber attacks that have occurred in the most recent

Ukrainian crisis are striking.

Although just-in-time censorship is a tactic used in times of conflict, traditional censorship techniques are not going away. The interconnected nature of the Internet is a future possibility, making the potential for just-in-time censorship in future conflicts is enormous. If this type of censorship is able to be conducted on a sustained scale and widen its targeting base past just mobile devices and computers, there is no telling what mass confusion may result. This

committee will be discussing the relevance of just-in-time censorship, how (or if) the UN can (or

1

Jose Nazario, “Politically Motivated Denial of Service Attacks.” In The Virtual Battlefield: Perspectives on Cyber Warfare, Christian Czosseck and Kenneth Geers ed. (Amsterdam: IOS Press, 2009) p. 173.

2

ONI’s goal is to investigate, expose and analyze Internet filtering and surveillance practices in a credible and non-

partisan fashion.

should) have any regulations on this kind of actions. Delegates will need to discuss if this form of censorship infringes on human rights, national sovereignty, or other rights.

The Future of Cyber Security Programs:

In recent years there has been a proliferation of adversaries in the cyber arena as well as a significant increase in government sponsored cyber programs. These criminals are constantly discovering and exploiting known and zero-day vulnerabilities in networks and software protocols. These exploits result from the cybercrime arena, and the advances in cybercrime typically translate to advances in state sponsored capabilities. This in turn has allowed for further growth in cyber espionage programs all over the world. Criminal and espionage networks are also becoming increasingly professional. They are organized, social media and other platforms to network, and share tools, stolen data, and know-how on how to use these capabilities.

In the years to come new intrusion methods, hacking techniques, and other unknowns will need to be faced by individuals and governments at large. In response nations around the world will continue to develop the technical tools and skills to limit the damages they could incur.

The UN has discussed methods by which to deter hackers, state sponsored espionage, and other concerns related to cyber security, however, international policy is now reaching a crossroads.

In 2011 President Nursultan Nazarbayev of Kazakhstan stressed the need for what he called “an international legal framework of the global information space.” ³ The time has come for this international legal framework to take shape. As there are no geographical borders, no

boundaries, and tremendous destructive power in the cyber realm, delegates should contemplate what kinds of state sponsored cyber programs are reasonable. Questions to consider include: to what extent are cyber attacks reasonable? To what extent is espionage legal in an international scope? If there is a difference in the international community how non state cyber actors as opposed to organized state sponsored actors, engaging in espionage should be treated and

prosecuted? How should non-state cyber actors be treated should they commit a crime during an international military incident? Are cyber actors (both state sponsored or non state) civilians or military targets in conflict time?

3

At UN, Kazakhstan calls for global cybersecurity treaty to deter hackers

http://www.un.org/apps/news/story.asp?NewsID=39652&Cr=cyber#.VEa3LUtOjG4

Resources For Further Research

Here, you’ll find links to a number of papers and examples of the ideas discussed in the topics abstracts, organized by topic. Use these as a starting off point for your research. They will allow you to get grounding in these topics prior to the release of a full background guide.

Understanding Cyber Crime in Politics:

“2014 Cyber Attacks Timeline,” Hackmageddoncom, 2014.

http://hackmageddon.com/2014/03/31/1-15-march-2014-cyber-attacks- timeline/.

A timeline of known cyber attacks.

Czosseck, Christian and Kenneth Geers. "Politically Motivated Denial of Service Attacks," The Virtual Battlefield: Perspectives on Cyber Warfare, Amsterdam: 2009.

Discussing political motivations behind cyber attacks

Greenberg, Andy. "When Cyber Terrorism Becomes State Censorship," Forbes, 2008.

http://www.forbes.com/2008/05/14/cyberattacks-terrorism-estonia-tech-security08- cx_ag_0514attacks.html.

Discussing the implications of mass cyber attack and political cyber protest.

Villeneuve, Nart. "Blurring the Boundaries Between Cybercrime and Politically Motivated Attacks," Malware Explorer, 2010. http://www.nartv.org/2010/04/10/blurring-the- boundaries-between-cybercrime-and-politicaly-motivated-attacks/.

Explaining the use of cyber crime in the modern political sphere.

Understanding Government Response to Cyber Crime:

“At UN, Kazakhstan Calls for Global Cybersecurity Treaty to Deter Hackers,” United Nations News Centre, September 2011.

http://www.un.org/apps/news/story.asp?NewsID=39652&Cr=cyber#.VEa3LUtOjG4.

An article regarding a speech made in front of the UN General Assembly on the need for an international response to cyber security threats.

“Budapest Convention on Cybercrime,” Council on Europe, 2012.

http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm.

Current procedure by the Council on Europe dealing with cyber crime.

Ntoko, Alexander. “Global Cybersecurity Agenda (GCA): A Framework for International

Cooperation,” United Nations Office on Drugs and Crime, 2011.

https://www.unodc.org/documents/treaties/organized_crime/EGM_cybercrime_2011/Pres entations/ITU_Cybercrime_EGMJan2011.pdf.

A presentation on international cyber security threats and how to respond internationally.

“Resolution adopted by the General Assembly,” United Nations, 2009.

http://www.un.org/en/ga/search/view_doc.asp?symbol=A/RES/64/211.

UN General Assembly Resolution stating the current methods of limiting and responding to cyber security threats.

Warner, Michael and Michael Good. "Notes on Deterrence in Cyberspace," Georgetown Journal of International Affairs, Special Issue 2013, International Engagement on Cyber III (2014)

Explains deterrence capabilities with regards to cyber security.