A Brief History and Notable Breaches
Since the creation of the Internet, there have been those who have sought to manipulate it for their own personal advantages.55 Even before the development of the personal computer, computerized phone systems were subject to attacks by those labeled “phone freaks.”56 These individuals would find loopholes in the system where they would proceed to make unlimited free phone calls and disrupt the entire system.57
Cyber warfare essentially dates back to the development of the tapeworm program in the 1970s by engineer and inventor of the Ethernet, John Shoch.58 The program was accidentally leaked and released network worms across the globe seeking to gain information and control.59 These original network worms still partially exist and evolved into more sophisticated and advanced cyber weapons. This has contributed to illegal botnets (a network of compromised internet connected computers that can be controlled by a remote user and is used for malicious purposes) that are specifically engaged to run malicious attacks.60 However, it was the Morris worm that was the first recognized to have been a threat. It spread around computers largely in the United States and slowed computers down to the point where they were ineffectual.61 Hackers in 2006 found wormholes (a vulnerability which opens up a system to worms that operate or infect a computer system) in Microsoft’s system, which allowed them to create zombie computers, which remote hackers could control.
The first series of coordinated attacks and APTs (advanced persisted threats), later called Titan Rain, occurred in 2003 against the United State’s national government systems and sensitive networks of Lockheed Martin. These attacks that continued for at least three years are speculated to be of Chinese origin, most likely the result of Chinese military hackers seeking to gain information on the U.S.62 In April 2007, Estonia, following a feud with Russia, found its government networks disrupted and online banking was halted after harassment from unknown foreign entities.63 (See Figure 2.1 at the end for a list of additional notable breaches in cyber security composed by NATO Review Magazine.)64
Additionally, in the last decade, there has been an increase in the number of information leaks. WikiLeaks, an online non-profit international organization whose self-proclaimed goal is “to bring important news and information to the public” and serve as an “uncensorable system for untraceable mass document leaking" has caused controversy through its release of sensitive information.65 Reactions to the leaks range from condemnation (mainly from those who the leaks directly relate to) and a global financial blockade by major finance companies to praise for increasing transparency and championing the democratic ideal of free speech. The organization’s leaking of the Afghan War logs, Guantanamo Bay procedures, Iraq War logs, and Syria files are some of its most significant leaks. In June 2014, former NSA employee Edward Snowden leaked classified details of several top-secret United States and British government mass surveillance programs to the British Paper The Guardian. Like the WikiLeaks organization, his actions have been the subject of praise while others condemn him as a traitor who exposed confidential national secrets. The issue of leaking confidential information raises the question whether this violates international law, national law, or whether this is an inherent right of free speech.
Past U.N. Action
General Assembly I Meeting on Environment 2007
Photo Credit: http://en.wikipedia.org/wiki/File:UN_meeting_on_environment_at_General_Assembly.jpg
The United Nations Economic and Social Council (ECOSOC), the U.N. Department of Economic and Social Affairs (DESA), and the U.N. agency International Telecommunications Union (ITU) are the leaders in addressing issues of cyber security and its international protection. These groups have worked to influence international policy makers, increase international awareness, fight cybercrime, and increase child online protection. The ITU was a leading facilitator of the World Summit on the Information Society in Geneva in 2003 and Tunis in 2005.66 The ITU, which is made up of 193 member nations and 700 private sector institutions, again rose to the forefront as the facilitator of the World Conference on International Telecommunications 2012 in Dubai, United Arab Emirates.67 Although the conference was not held to specifically address cyber crime, it did address international rules for telecommunications and creation of a global coalition to monitor cyber activity.68 However, only 89 of 152 voting nations signed the amendments to the ITU’s proposal, with many viewing these proposals as a negative threat to the freedom of the Internet.
One of the most significant actions taken by the U.N. on cyber security came on December 21, 2009 when the UN’s General Assembly adopted Resolution 64/211: creation of a global culture of cyber security and taking stock of national efforts to protect critical information infrastructures at their 64th session.69 It suggested each nation work on protecting vital digital infrastructures, emphasized the cooperation between governmental and non-governmental organizations, and recommended initiatives regarding the investigation and prosecution of cyber related attacks.70 Additionally, the U.N.’s significant strides to hosting a cyber weapons convention as well as the U.N. Congress on Crime Prevention and Criminal Justice’s establishment of an intergovernmental expert group on cyber security in 2010 are just a few of the necessary first steps to combat the escalating threat of cybercrime.
Questions to Consider
-
What action can be taken to strengthen international infrastructure to secure it from potential cyber attacks?
-
What can be done to prevent terrorists and insurgent groups from acquiring the technological means to commit cyber attacks?
-
What can be done to stop the escalation of cyber attacks to all out cyber warfare?
-
Has your country been a victim of a cyber attack? What means do you have to thwart future attacks?
-
Should an international agency be created under the U.N. whose sole purpose is to monitor global cyber security? What would be its provisions?
-
To what extent should corporations, such as WikiLeaks, private groups, and even individuals that leak confidential information, be punished or if at all? Does this violate national security or is it a matter of free speech?
-
What defines a malicious cyber attack? Does an international standard for cyber security need to be written? What clarifications need to be made?
-
Under what conditions is it the UN’s responsibility to regulate member nations’ use of the Internet without infringing on their national sovereignty?
Figure 2.1*
Time of Occurrence
|
Description
|
December 2006
|
“NASA was forced to block emails with attachments before shuttle launches out of fear they would be hacked.
Business Week reported that the plans for the latest US space launch vehicles were obtained by unknown foreign intruders.”71
|
June 2007
|
“The US Secretary of Defense’s unclassified email account was hacked by unknown foreign intruders as part of a larger series of attacks to access and exploit the Pentagon's networks.”72
|
October 2007
|
“China’s Ministry of State Security said that foreign hackers, which it claimed 42% came from Taiwan and 25% from the US, had been stealing information from Chinese key areas.
In 2006, when the China Aerospace Science & Industry Corporation (CASIC) intranet network was surveyed, spywares were found in the computers of classified departments and corporate leaders.”73
|
Summer 2008
|
“The databases of both Republican and Democratic presidential campaigns were hacked and downloaded by unknown foreign intruders.”74
|
August 2008
|
“Computer networks in Georgia were hacked by unknown foreign intruders around the time that the country was in conflict with Russia. Graffiti appeared on Georgian government websites. There was little or no disruption of services but the hacks did put political pressure on the Georgian government and appeared to be coordinated with Russian military actions.”75
|
January 2009
|
“Hackers attacked Israel’s internet infrastructure during the January 2009 military offensive in the Gaza Strip. The attack, which focused on government websites, was executed by at least 5,000,000 computers.
Israeli officials believed the attack was carried out by a criminal organisation based in a former Soviet state, and paid for by Hamas or Hezbollah.” 76
|
January 2010
|
“A group named the "Iranian Cyber Army” disrupted the service of the popular Chinese search engine Baidu. Users were redirected to a page showing an Iranian political message.
The same “Iranian Cyber Army” had hacked into Twitter the previous December, with a similar message.”77
|
October 2010
|
“Stuxnet, a complex piece of malware designed to interfere with Siemens industrial control systems, was discovered in Iran, Indonesia, and elsewhere, leading to speculation that it was a government cyber weapon aimed at the Iranian nuclear program”78
|
January 2011
|
“The Canadian government reported a major cyber attack against its agencies, including Defense Research and Development Canada, a research agency for Canada's Department of National Defense. The attack forced the Finance Department and Treasury Board, Canada’s main economic agencies, to disconnect from the Internet.”79
|
July 2011
|
“In a speech unveiling the Department of Defense’s cyber strategy, the US Deputy Secretary of Defense mentioned that a defense contractor was hacked and 24,000 files from the Department of Defense were stolen.”80
|
October 2012
|
“The Russian firm Kaspersky discovered a worldwide cyber-attack dubbed “Red October,” that had been operating since at least 2007.
Hackers gathered information through vulnerabilities in Microsoft’s Word and Excel programs. The primary targets of the attack appear to be countries in Eastern Europe, the former USSR and Central Asia, although Western Europe and North America reported victims as well.
The virus collected information from government embassies, research firms, military installations, energy providers, nuclear and other critical infrastructures.”81
|
March 2013
|
“South Korean financial institutions had their networks infected in an incident said to resemble past cyber efforts by North Korea.”82
|
*Chart taken directly from Nato Review Magazine. “Cyber Timeline.” 2013. http://www.nato.int/docu/review/2013/Cyber/timeline/EN/. See website for further information.
III. Nuclear Proliferation: Iran and North Korea
Introduction
After the signing of the Nuclear Non-Proliferation Treaty in 1970, the spread of nuclear weapons and capabilities has been limited to just a few states, namely, the five permanent members of the Security Council in China, Russia, France, the United Kingdom, and the United States of America. However, since then, the nations of Israel, Pakistan, and India have developed their nuclear capabilities and, with the exception of Israel, have documented nuclear weapons83. In addition to these countries, North Korea and Iran are seeking to develop their nuclear programs with the hope that they can use them for peaceful purposes, or, according to other countries, perhaps something more sinister.8485
North Korea has already produced a nuclear device despite heavy sanctions imposed upon them by both the United States and UN as a whole. The world perceives North Korea as a stable but unpredictable nation that might become even more dangerous with their continued development of a weapons arsenal. The newest “Dear Leader” possesses one of the world’s largest armies and an increasingly stagnant economy86, striking a tenuous balance between civilian and military establishments, fostering a fear in developed countries regarding North Korea’s nuclear program.
Iran is also seeking to create a nuclear weapon and have publicly stated that they wish to see Israel “wiped off of the map”87. While Iran has said many times that their nuclear ambitions are purely peaceful in nature, the US and several other major powers have blocked their attempts at nuclear power through heavy economic sanctions. However, with a recent change of president, there might be a change in tone in regards to nuclear negotiations.
Past UN Action
The UN has already placed massive economic sanctions on both Iran and North Korea, with the former having already successfully detonated a nuclear device in 2009. In both instances, the UN quickly passed measures condemning their actions88 89. These actions were consistent with a pattern of North Korean aggression followed by world condemnation and sanctions. North Korea often took action during periods of political transition, with the test in 2009 following Kim Jong-Il's stroke and issues surrounding the naming of his son, Kim Jong-Un, as his successor90. Two tests occurred in 2012, one in April and another in December, in what is believed to be an attempt for Kim-Jong Un to consolidate power.91
North Korea’s ally, China, has often hampered UN sanctions against North Korea, but yet, the most recent round of sanctions was drafted by the United States with assistance from China, further illustrating North Korea's increasing isolation in the international community92. In the past, only sanctions that can be directly attributed to the development of nuclear and ballistic capabilities passed against North Korea93. China has blocked stricter sanctions, as they have been hesitant to economically shackle their neighbor through energy and economic sanctions; however, these hesitations haven't stopped the United States from both cutting off aid to the country and increasing sanctions of their own94.
Photo Credit: http://i3.mirror.co.uk/incoming/article1792941.ece/ALTERNATES/s927b/CS37691523TO-GO-WITH-NKorea-1792941.jpg
The UN has taken a significantly larger role in sanctions imposed against Iran. The United States has pushed through stiff sanctions that severely limit the sale of any items that might be used for nuclear production. Russia and China, both longtime supporters of the Iranian government, have begun to back away from Iran as it became more belligerent and aggressive with their pursuit of nuclear technology. However, the effect of sanctions are being called into question as they are increasingly affecting the average citizen and appear to have little effect on the production capabilities of the government95.
Iran’s Nuclear Past
In February 2003, Iran revealed their first nuclear development site, compliant with the Nuclear Non-Proliferation Treaty, claiming that the site would only be used for peaceful purposes, but the United States believed that Iran was using this site as a cover for developing nuclear weapons96. Iran proceeded to open up these sites to IAEA inspections; however this didn't prevent the UNSC from passing sanctions. In 2006, the UNSC passed a resolution demanding that Iran suspend all nuclear related activities within two months. This resolution promised increased sanctions for non-compliance, and when Iran failed to submit, the sanctions went into full effect97.
While there have been multiple attempts at negotiations between Iran and the West, they have previously stalled due to disagreements in the scope and purpose of Iranian production. Negotiations have also stalled due to a history of conflict between the United States and Iran. Iranians trace their grievances back to the 1953 CIA sponsored coup of democratically elected Prime Minister Mohammed Mossadegh and the CIA-installed government of the Shah. For the United States, the 1979 capture of the American embassy in Tehran and holding the embassy workers there for 444 days is still one of the biggest problems in relations with Iran98.
With the election of a new moderate President in Iran, this may represent a new direction for negotiations. President Hassan Rouhani has already made significant strides with the international community by both acknowledging the Holocaust and wishing the Jews a happy and safe Rosh Hashanah99. Immediately following this, a phone call took place between the two Presidents and a meeting between the two foreign ministers, these actions representing a significant improvement in relations between Iran and the United States100.
North Korea’s Nuclear Past
The North Korean desire for nuclear weapons has existed for far longer in North Korea than it has in Iran. After North Korea withdrew from the Nuclear Non-Proliferation Treaty in 1993, the global community has been dealing with Korean ambitions and has largely responded with near unanimous condemnation of their actions. With missile tests occurring initially in 1993 and continuing every few years afterward, most recently in 2012, the North Korean government has increasingly cut itself off from the rest of the world, both willingly and unwillingly101102.
The world saw the assent of Kim Jong-Un to the Presidency after his father’s death as an opportunity for a potential improvement in relations with the Koreans103. However, his actions proved otherwise with a drastic increase in weapons testing and nuclear saber rattling104. North Korea has also begun to pass some of the thresholds needed for launching a nuclear weapon at another state; among them the ability to launch ICBMs105 and the successful use of domestically produced tools for nuclear production106. These successful tests have created many problems for the international community as they are beginning to indicate the sanctions might not have worked in deterring the North Korean government from pursuing nuclear weapons.
While these gains mark significant strides in the development capacity of North Korea, they've come at the expense of the citizens of North Korea, with the country still experiencing famines on a semi-regular basis.
Questions to Consider
-
In a threatening international environment, why should North Korea and Iran be forced to disarm?
-
With extensive sanctions already in place and pressure on the North Korean and Iranian governments from all sides, what other measures can the UN take in order ensure disarmament compliance?
-
If defense and peaceful purposes are the reasons cited for nuclear development, what approaches should the international community take?
Share with your friends: |