UN Emergency Summit on Cyber Security – Topic Abstract
Dear Delegates and Moderators,
Welcome to the UN Emergency Summit on Cyber Security! Cyber security is one of the most relevant issues in the international community today. As more individuals use mobile phones and the Internet it is our collective responsibility to ensure these devices are safe for personal use. In a few months delegates will join over 100 other members of the UN Summit on Cyber Security to discuss two pressing issues that the international community faces today: censorship and cyber conflict, and the future of cyber security programs. Delegates will be tasked with keeping in mind both the global and local contexts, and asked to think critically to develop concrete solutions to prevent these issues from threatening the social and economic wellbeing of the planet and its people.
Although this committee is an ECOSOC, not a crisis committee, there will be crisis elements in place during debate, and delegates who wish to exploit their country’s cyber powers are
encouraged to test the limits of their powers during committee. By the end of the weekend, delegates will have come up with a recommended list of best practices for computer security.
These suggested best practices should embody strong security measures, keep national
sovereignty in mind, and consider that in this realm the technology and the available resources and constantly evolving.
In addition, this summit is comprised of both state and non-state actors. As they are not members of the UN, non-state actors participating in this summit will not have voting rights. They are however encouraged to write an agreeing or dissenting opinion to any resolutions they would like and they will be treated as experts in the Cyber Realm and their opinions may be used to sway other nations.
The document included here is a ‘topic abstract’ for the UN Summit on Cyber Security at
NAIMUN LII. Here, you will find information and avenues for further research on the topics we will be discussing during the conference.
The intent of this abstract is so that you may begin research and have an understanding of the
material that will be discussed in this committee before a full background guide is released. Use
these abstracts to help you focus on understanding the issues at play in each topic and the ways
in which they may interact with the programs and goals of the UN Summit on Cyber Security
We hope to assist you in any way possible in the lead-up to NAIMUN, so if you have any questions, comments, or concerns, please contact the Chair, Remi Cohen directly at rjc92@georgetown.edu.
Best,
Andrew and Matthew
Andrew Lyu
Secretary General
Matthew Quallen
Director General
The Topics
Just-in-Time Censorship and Cyber Conflict:
Censorship systems and protocols are typically used as a means to limit individuals’ free access to, and use of, the Internet. They include infrastructure such as the Great Firewall of China, systems to block Tor and other Onion routers, and deep packet inspection (DPI) of various packets traversing the web. In response to this, many anti-censorship and surveillance protocols have been developed and deployed with limited success. Systems or coordinated attacks against websites and the Internet in a particular place are forms of censorship, specifically by denial of service. “These are the kinds of attacks we see in the Russian elections of 2007 and subsequent attacks.” 1 This is called Just-in-time Censorship, a term adapted from “just-in-time blocking”
used by Ronald Deibert and Rafal Rohozinski to explain a form of censorship that is temporary, occurring when the specific information has particular value, and utilizing techniques differing from traditional censorship mechanisms. Unlike conventional censorship systems such as the Great Firewall of China, these attacks are cheap and easy to execute. They allow for plausible deniability and difficult attribution while effectively silencing enemies.
The Open Net Initiative (ONI) 2 has observed this form of censorship since 2003, especially at times of political uncertainty, such as elections or important anniversaries. The ONI documented just-in-time censorship occurring during the March 2005 Kyrgyz parliamentary elections, the March 2006 Belarus presidential elections, and the October 2006 Tajik presidential elections. It has also been alleged in other regions, including Bahrain, Uganda, and Yemen, during the run-up to their 2006 presidential and parliamentary elections. The first ever documented “cyber attack”
occurred in Estonia in 2007. Following that, there were coordinated cyber attacks with a ground conflict in Georgia in 2008. The parallels between the cyber attacks that preceded the Russian invasion of Georgia in 2008 and the cyber attacks that have occurred in the most recent
Ukrainian crisis are striking.
Although just-in-time censorship is a tactic used in times of conflict, traditional censorship techniques are not going away. The interconnected nature of the Internet is a future possibility, making the potential for just-in-time censorship in future conflicts is enormous. If this type of censorship is able to be conducted on a sustained scale and widen its targeting base past just mobile devices and computers, there is no telling what mass confusion may result. This
committee will be discussing the relevance of just-in-time censorship, how (or if) the UN can (or
1
Jose Nazario, “Politically Motivated Denial of Service Attacks.” In The Virtual Battlefield: Perspectives on Cyber Warfare, Christian Czosseck and Kenneth Geers ed. (Amsterdam: IOS Press, 2009) p. 173.
2
ONI’s goal is to investigate, expose and analyze Internet filtering and surveillance practices in a credible and non-
partisan fashion.
should) have any regulations on this kind of actions. Delegates will need to discuss if this form of censorship infringes on human rights, national sovereignty, or other rights.
The Future of Cyber Security Programs:
In recent years there has been a proliferation of adversaries in the cyber arena as well as a significant increase in government sponsored cyber programs. These criminals are constantly discovering and exploiting known and zero-day vulnerabilities in networks and software protocols. These exploits result from the cybercrime arena, and the advances in cybercrime typically translate to advances in state sponsored capabilities. This in turn has allowed for further growth in cyber espionage programs all over the world. Criminal and espionage networks are also becoming increasingly professional. They are organized, social media and other platforms to network, and share tools, stolen data, and know-how on how to use these capabilities.
In the years to come new intrusion methods, hacking techniques, and other unknowns will need to be faced by individuals and governments at large. In response nations around the world will continue to develop the technical tools and skills to limit the damages they could incur.
The UN has discussed methods by which to deter hackers, state sponsored espionage, and other concerns related to cyber security, however, international policy is now reaching a crossroads.
In 2011 President Nursultan Nazarbayev of Kazakhstan stressed the need for what he called “an international legal framework of the global information space.” 3 The time has come for this international legal framework to take shape. As there are no geographical borders, no
boundaries, and tremendous destructive power in the cyber realm, delegates should contemplate what kinds of state sponsored cyber programs are reasonable. Questions to consider include: to what extent are cyber attacks reasonable? To what extent is espionage legal in an international scope? If there is a difference in the international community how non state cyber actors as opposed to organized state sponsored actors, engaging in espionage should be treated and
prosecuted? How should non-state cyber actors be treated should they commit a crime during an international military incident? Are cyber actors (both state sponsored or non state) civilians or military targets in conflict time?
3