Security Council Briefing Paper

The Question of Cyber Warfare

As almost the entire world population is now able to access the internet; as most critical infrastructures at both a national and international level depend on computer or network-based systems; and as an increasingly large proportion of the world’s population depends on the internet for both convenience and survival, the scope for cyber crime and the damage it can cause is overwhelming, as the map above demonstrates. In recent years, this has moved beyond isolated acts of (relatively) petty or even organised crime, to the point where governments are now sanctioning cyber attacks against others on a systematic basis. Given that knowledgeable hackers can now (or, at least, in the foreseeable future) execute cyber attacks that could potentially cause an equal if not greater amount of devastation compared to conventional weapons, this is an issue regarding international peace and security the Security Council must address.

Cyber attacks can have far greater malicious intent than mere acts of illegal surveillance and intelligence collection, as programmes

Infected IP addresses on 29 June 2010 over 24 hour period (sources: Team Cymru, Telegeography)

(recently exposed by Edward Snowden) like PRISM, XKeyscore and Tempora of the United States of America’s National Security Agency (NSA) and the United Kingdom’s Government Communications Headquarters (GCHQ) were designed for. The most significant example is the Stuxnet worm, allegedly created by the United States of America and/or Israel, which actively attempted to disrupt the Iranian nuclear programme and managed to physically damage approximately 1000 uranium enrichment centrifuges in Natanz in late 2009 and early 2010. Although this is the only known instance to date of a piece of malware causing physical damage, other cyber attacks have had similarly considerable consequences. Iran, for instance, may also have committed cyber attacks themselves; they are suspected of creating the Shamoon virus in 2012, which was responsible for taking down computers of companies in the oil sectors of Saudi Arabia and Qatar (Saudi Aramco and RasGas respectively). The Russian Federation is alleged to have been responsible for Denial of Service (DoS) attacks on Estonian websites in 2007 and Georgian websites in 2008 (the latter coinciding with their invasion of Georgia), essentially taking entire countries offline for a few weeks. Pakistan and India were engaged with cyber attacks in 2008 and 2009, and pro-Hamas websites have been the target of Israeli-written worms. The People’s Republic of China is considered to use cyberspace for strategic purposes most widely, and is believed to employ the largest and most skilled “cyber army”; they are allegedly responsible for several cyber attacks including GhostNet, which is believed to have accessed sensitive data of governments and embassies of up to 103 different nations.

Cyber warfare is becoming increasingly favourable, and more than 100 countries are believed to have developed cyber warfare units. This has probably happened for three reasons; firstly because some consider it to be the optimum means of confrontation with other nations, being more effective and immediate than sanctions and traditional espionage but not as provocative as an act of war; secondly because achieving anonymity is relatively straightforward, meaning it is essentially impossible to identify beyond reasonable doubt perpetrators of cyber attacks; and thirdly because it is often a low cost alternative (both in terms of monetary cost and in terms of risk of harm to the attacker) to conventional weapons. Such increasing favourability is perhaps worrying, because cyber attacks can potentially have particularly dangerous consequences; collateral damage is likely as the precise

impacts of a cyber attack cannot be predicted easily (malware can easily spread into other systems beyond intended targets - Stuxnet, for example, infected systems other than the intended Iranian targets).

So far, efforts by the international community to respond to cyber warfare have not been substantial. Although the General Assembly has passed numerous resolutions concerning cyber crime in general (delegates should refer to resolution 64/211), which recognise both the military potentials of cyberspace and the need for international collaboration to tackle cyber crime, they do not outline any specific implementable measures which nations can act upon. There have, however, been some independent proposals put forward to this end, most notably the advisory Tallinn Manual on the International Law Applicable to Cyber Warfare, recently published by NATO’s Co-operative Cyber Defence Centre of Excellence. The Tallinn Manual offers a potential suggestion as to how conventional warfare could be related to cyber warfare, and how existent laws of war (such as the Geneva Conventions) can be applied in cyberspace.

The lack of substantial international agreement regarding cyber warfare may initially seem both surprising and worrying, given the increasingly widespread use and potentially catastrophic nature of cyber warfare. Contrary to popular opinion, the inherent practical difficulties of regulating cyberspace are not the primary impediments to progress (although there may be differences on exact technicalities, there is agreement on what the general idea of cyber warfare is); the primary impediments are mainly political. Many nations are themselves actively performing cyber attacks on others, with success, so it would be illogical for them to want to place any sort of restraint on such activity. Furthermore, some nations have significant reservations about any sort of regulation or governance of cyberspace (the trade off between security and privacy/freedom of use of the internet is inevitably invoked). Delegates are asked to find ways to circumvent these two difficulties in order to achieve international consensus on this issue.

Delegates should also consider other deterrents against future cyber attacks (cyber deterrents) beyond international regulation. Increased resilience and strengthening of cyber defences is an obvious starting point, though this is an effective deterrent only to a degree; worldwide,

cyber warfare units are constantly searching for new ways to evade such defences. More valuable, perhaps, would be to facilitate stronger international collaboration between nations regarding cyber defences. Other suggestions worth considering include the idea of retaliation with conventional force or the application of the concept of mutually assured destruction to cyberspace.

As yet, cyber attacks have not directly caused any human casualties. However, there is no guarantee that future cyber attacks will not have such capabilities, and competition between nations means it is increasingly likely they will. Current international consensus on cyber warfare is not meaningful; delegates should be looking to find ways to formulate a more substantial international response to cyber warfare, in order to produce the most effective resolution.

Delegates may want to consider issues such as:

An exact definition of cyber warfare; what constitutes an act of war or an attack analogous with conventional force? Is cyber espionage a form of cyber warfare?

The ways in which the Security Council or the United Nations as a whole is able to assist international collaboration in increasing resilience, establishing stronger defences against cyber attacks and strengthening cyber deterrence;

Whether any form of regulation of cyber warfare is feasible, and (if so) how the Security Council or the United Nations as a whole is able to assist in devising and enforcing such regulation;

The possibility that non-state actors may utilise cyberspace in future acts of terrorism and organised crime;

How best to overcome current disagreements between nations in order to address the above issues;

How best to approach this issue without infringing on nations’ national sovereignty and individuals’ freedoms.

Further reference:

http://www.infosectoday.com/Articles/Cyber-Warfare.htm

http://www.unidir.org/files/publications/pdfs/cyberwarfare-and-international-law-382.pdf

http://www.usnews.com/debate-club/should-there-be-an-international-treaty-on-cyberwarfare

The Question of the Democratic People’s Republic of Korea

Over the past two decades, the international community (including the Security Council) has attempted to alleviate the situation regarding the Democratic People’s Republic of Korea (DPRK), especially with respect to its open pursuance of a nuclear weapons programme; but the defiant continuation of prohibited nuclear tests would plausibly suggest such attempts have failed to achieve their ultimate objectives. As a result of recent bellicose rhetoric emanating from the country, significant regional and international tensions are emerging, so the Security Council is asked to devise a solution to combat this considerable threat to international peace and security.

After the Second World War, as a result of the division of Korea along the 38th parallel, the Republic of Korea (South Korea) was established south of the 38th parallel, and the DPRK was established north of the 38th parallel, with Kim Il-Sung installed as the latter’s leader. Both nations attempted to control the wider peninsula, and the disputes escalated to the DPRK’s invasion of the South in 1950, beginning the Korean War. With encouragement from the Security Council, nations

Map of the DPRK within the immediate Asian region

(led by the United States of America) militarily intervened in the conflict to resist the invasion, which resulted in the People’s Republic of China sending its own military support to the DPRK. With no clear victor, the conflict ended in 1953 when the Armistice was signed, which created a Demilitarised Zone between the two countries. To this day, the United States maintains a military presence in South Korea (it even deployed its own nuclear weapons to the country in 1956, in contravention of the Armistice), and China remains the DPRK’s closest ally.

Mutual hostility between the two countries materialised as a result of the War. The North pursued a strictly communist “Juche” regime, based around a Kim Il-Sung personality cult, whilst the South became a liberal democracy. Although both nations made similar economic progress until the 1970s, the North Korean economy began to stagnate as it gradually lost economic support from China and the USSR, exacerbated by frequent famines and natural disasters; the DPRK has since relied heavily on international humanitarian aid for basic supplies.

In the 1990s, even despite refusal to fully disclose its nuclear facilities to IAEA inspectors, and consequent international suspicions of its nuclear programme, the South sought rapprochement with the DPRK, pursuing its “Sunshine Policy” under its President, Kim Dae Jung. The United States also began to normalise relations with the DPRK, and both nations established the Agreed Framework in 1994, which stipulated changes to the DPRK’s nuclear programme to make nuclear weapons development less feasible, in exchange for $5 billion worth of supplies of oil and full normalisation of diplomatic and economic relations; the Framework was never fully implemented, both sides blaming each other for its eventual break down in 2003, only precipitated by United States President George Bush’s branding of the DPRK as part of an “Axis of Evil”. This, in addition to the DPRK’s withdrawal from the Nuclear Non-Proliferation Treaty and expulsion of IAEA inspectors the same year, resulted in the initiation of the Six Party Talks, involving the DPRK, South Korea, the United States, China, Japan and the Russian Federation, with the primary aim of denuclearising the Korean peninsula.

The Talks made little material progress in its first few years. In 2006, in spite of principled agreements at previous rounds of the Talks, the DPRK undertook its first nuclear test, officially in response to “hostile American policy”, though more likely to eliminate any international scepticism regarding the existence of its nuclear weapons programme. This resulted in the Security Council imposing, for the first time, wide-ranging economic and military sanctions on the DPRK (delegates should refer to resolution 1695 and resolution 1718). Despite initial reservations as a result, the Talks continued. In 2007, the DPRK momentously agreed to shut down its nuclear programme in its entirety in return for aid and security guarantees. The decommissioning of the DPRK’s nuclear plants began, but there remained suspicions that the DPRK had not declared all of its nuclear facilities, so the next round of negotiations were never agreed upon; the Talks were officially discontinued after the DPRK walked out, antagonised by a tightening of sanctions by the Security Council (delegates should refer to resolution 1874) as a result of its (failed) satellite launch in 2009 (suspected to have been an intercontinental ballistic missile test). The DPRK expelled all IAEA inspectors and resumed its nuclear programme; a second nuclear test was undertaken later that year.

In 2010, the Yeonpyeong Incident occurred, which dashed any hopes of the potential resumption of the Six Party Talks; in response to a military naval exercise near the border undertaken by South Korea, DPRK ships fired shells at Yeonpyeong island (the first shelling of South Korean territory since the Korean War), resulting in multiple military and civilian deaths. The incident received widespread condemnation and deepened the hostility between the two nations (the South’s Sunshine Policy had been disregarded for a less conciliatory attitude as a result of the election of a new President), triggering significant international unease. The death of Kim Jong-Il in 2011 exacerbated the state of uncertainty, with both South Korea and the United States at a state of alert; he was succeeded by his son, Kim Jong-Un, who is the DPRK’s current leader.

A “leap day deal” was made between the DPRK and the United States in 2012; a total moratorium on the DPRK’s entire nuclear programme and missile tests, in return for substantial amounts of food aid, was agreed, with a view to allowing IAEA inspectors into the country and

the eventual resumption of the Six Party Talks. After just two months, the DPRK launched a satellite to commemorate Kim Il-Sung’s centenary birthday, causing the agreement to fall apart. The launch was internationally condemned, even by China, and resulted in the passing of Security Council resolutions in January 2013 which tightened sanctions (delegates should refer to resolution 2087 and resolution 2094). The resolutions provoked the DPRK to conduct a further nuclear test. In March, the DPRK declared its withdrawal from all non-aggression pacts with South Korea, including the 1953 Armistice, in response to joint United States-South Korea military exercises; the DPRK declared itself in a “state of war” against South Korea, and began mobilising its nuclear weapons. Several nations were advised to evacuate embassies in the DPRK, while the Kaesong Industrial Zone, an isolated sign of co-operation between the two countries, was shut down. In June, after a period of unprecedented international tension (compared by some analysts to the Cuban Missile Crisis), the DPRK agreed in principle to enter negotiations with the South, effectively defusing the situation.

The secretive nature of the DPRK government regarding its nuclear programme means that ascertaining its exact nuclear capabilities is difficult; estimates of the country’s nuclear stockpile range from single figures to 50. Although the DPRK’s claims that its nuclear weapons are able to “obliterate the United States” are somewhat dubious, they are likely to be capable of causing extensive damage in the immediate Asian area, especially South Korea.

Regarding other weapons of mass destruction, the DPRK government has not publicly acknowledged that it possesses either biological weapons or chemical weapons, but it is widely believed to have a significant stockpile. Although the DPRK is likely to have scaled back on its development of such weapons in order to concentrate its resources on its nuclear capabilities, the threat from them is still significant, to the point that gas masks

Estimated DPRK missile ranges (sources: Centre for Nonproliferation Studies, Graphic News)

have been distributed in South Korea to safeguard against any potential biological or chemical attack.

Although the DPRK’s possession of weapons of mass destruction is the most apparent threat to international peace and security, and therefore the subject the Security Council should concern itself most with, delegates must be aware of other issues relevant to the DPRK, and should address these in the resolution they seek to produce. Most notably, systematic human rights violations have drawn widespread condemnation; the General Assembly debates a resolution on the matter annually. There are severe limitations on freedom of speech and freedom of movement, and a personality cult is based around the country’s leadership, which is considered totalitarian. Any dissenters are sent to labour camps, where, according to human rights organisations such as Human Rights Watch and Amnesty International, conditions are inhumane and prisoners are tortured and executed. Many are convicted purely because they are relatives of other convicts; due process of law is essentially non-existent in the country, and arbitrary detention is common. The DPRK is not a member of the International Labour Organisation. Nevertheless, any allegations are difficult to verify given that it is illegal for citizens to leave the country, and the activity of foreigners visiting the country is severely restricted. The DPRK government denies committing any human rights atrocities, and claim that the country’s citizens have consented to and are happy to live under the current system of government, and that human rights are superseded by “collective rights”.

The command economy of the DPRK is performing poorly as a result of its failure to modernise; economists have attributed a proneness to natural disasters and poor central planning as the main reasons for this. Despite the government’s strict adherence to the principle of self-reliance, it is dependent on international humanitarian aid. The government’s resistance to modernise the economy has meant agriculture in the country is unproductive due to the lack of advanced technology available. Many are employed by the Korean People’s Army, which is believed to be one of the largest armies in the world in terms of the number of troops; however, it is reported to be poorly equipped. The Kaesong Industrial Zone employs citizens primarily of the DPRK (approximately 50,000) and utilises South Korean capital, and is run by a subsidiary of a South Korean company, Hyundai; it

produces goods such as footwear, watches and clothes for export. It is a significant source of revenue and foreign exchange for the DPRK economy, and is a sign of co-operation between the two nations; however, Kaesong is currently the only sizeable jointly-run industrial zone of its sort, and is susceptible to abrupt closure for purposes of diplomatic leverage, as seen in 2013.

Relations between the DPRK and South Korea are bitter, and mutual resentment has been and remains one of the most significant impediments to achieving diplomatic progress. Delegates must bear in mind that harmonising relations in the Korean peninsula is of equal if not greater importance to any other objective, and should consider it an essential condition of any resolution that is more effective than past attempts to resolve the issue.

Delegates may want to consider issues such as:

How best to eliminate the DPRK’s nuclear weapons programme (and other weapons of mass destruction), and whether the imposition of greater sanctions is both suitable and enforceable;

A response to human rights violations in the DPRK, without infringing upon its national sovereignty;

How to assist in the economic development and humanitarian situation in the DPRK, and whether any conditions for such assistance are necessary;

The facilitation of normalised relations between the DPRK and South Korea, and the diplomatic and economic integration of the DPRK into the international community.

Further reference:

http://www.bbc.co.uk/news/world-asia-pacific-15256929

http://www.nti.org/country-profiles/north-korea/

http://www.hrw.org/world-report/2013/country-chapters/north-korea