Research Report | Page 1 of 9    

PAMUN XV— DISARMAMENT COMMITTEE— QUESTION OF CYBER-WARFARE    

Introduction of Topic  

The issue of cyber-warfare is a very new one. In fact it is so new, that there are not specific rules

and regulations set for it. As cyber warfare is now being considered the “fifth” domain of war-fighting, the

first four being the domains of land, sea, air and outer space, many wonder if it should follow the

international laws for warfare and, more importantly, if these rules can even apply to cyber warfare. As

cyber warfare is a constantly evolving, any laws or regulations set would have to be capable of evolving

as technology does. Unfortunately, this makes it fairly difficult to set specific regulations pertaining to

cyber warfare.

The first few cyber attacks took place in the late 1980’s and were internal attacks executed by

high profile hackers. Since then the issue has developed beyond solely internal attacks; governments

and independent hackers will not only launch attacks domestically, but also against foreign governments.

Nations are taking advantage of the lack of relevant regulations and are using cyber warfare as weapons

against one other in an unregulated, and potentially unethical manner. This report will outline the current

use of cyber warfare and what decisions and factors have to be taken into account to regulate it.

Definitions of Key Terms  

Cyber warfare  

U.S. government security expert Richard A. Clarke defined the term cyber warfare in his book Cyber

War as "actions by a nation-state to penetrate another nation's computers or networks for the

purposes of causing damage or disruption."  

Cyber terrorism  

Cyber terrorism refers to any deliberate, premeditated or politically motivated use of computers and

information technology designed to cause large-scale disruption or widespread fear often through

the use of computer viruses. According to the U.S. Federal Bureau of Investigation, cyber terrorism

“results in violence against non-combatant targets by sub-national groups or clandestine agents." As

cyber terrorism does not have a universally accepted definition, delegates may want to explore this

issue when drafting their clauses. Cyber terrorism is often confused with cyber warfare or cyber-

attacks and should be used carefully by delegates during debate.  

   

Research Report | Page 2 of 9    

Cyber attack  

Cyber Attack » is a term used to explain any type of aggression by individuals or organizations that

targets computer systems, networks or personal computers. They usually intend to steal, alter, or

destroy information by hacking into a system.  Delegates should generally refer to any particular

aggressive action of cyber warfare as a cyber attack.  

Cyber criminality  

Cyber criminality refers to any criminal act dealing with computers and networks. It either refers to

traditional criminal activity using any computer technology or to criminal activity that targets

computer systems, personal computers and computer networks.  Cyber criminality should be used

sparingly in debate, as it does not yet have a universally accepted definition.  

Botnets  

The term « botnet » is used to describe a network of private computers infected with a hostile or

belligerent virus and controlled as a group without the owners' knowledge,.  

IP spoofing  

IP spoofing or IP address forgery is a hijacking technique in which the hijacker hides his true identity

in order to enter a computer system. This is done by « spoofing » the IP address of a trusted source

in order to gain access to a computer or network in order to do harm.  

Background Information  

Cyberspace is the only domain of war that is entirely man-made, accessible to everyone and is in

a state of constant evolution. Since cyberspace is an interconnected network of digital information and

warfare is considered to be conduct of military hostility, an act such as infecting an adversary’s computer

network with a virus could be considered an act of cyber warfare.  

Cyberwarfare, Cyberterrorism and Cybercrime

Currently there is no general consensus on the difference between cyber warfare and cyber

terrorism and what constitutes a cyber crime. Despite the fact that there is no consensus, cyber crime is

generally regarded as a financially motivated attack while cyber warfare tends to be politically motivated.

A cyber warfare attack- also known as a cyber attack- is considered cyber terrorism when the attack has

lead to the destruction of a critical infrastructure such as power grids, transportation systems,

   

Research Report | Page 3 of 9    

communication systems or stock markets.  Due to the broad and unofficial nature of these definitions

delegates should aim to come to a general consensus on the differences between these terms.  

Methods of Cyberwarfare

There are two main methods of cyber warfare: electronic espionage and offensive attacks for

sabotage that generally aims to destroy critical infrastructures mentioned above. The US currently

considers this method of cyber warfare one of their main threats as the U.S. Department of Homeland

Security reports that cyber attacks on the electric grid system are increasing in both frequency and

sophistication. On the other hand cyber espionage focuses on gathering often sensitive or classified

information for military, political or even economic advantages. In order to prevent this, rules and

regulations have to be created and applied to prevent the misuse of cyberwarfare.

Areas of Priority  

Many economically developed nations such as the USA, China, Russia and Israel have highly

developed cyber warfare programs to which they devote a large part of their defense spending. An

example would be the US Defense Advanced Research Projects Agency (DARPA), a $110 million dollar

plan that aiming to “harness computing power “ in order to improve the USA’s offensive and defensive

cyber-capabilities. It is estimated that another 136 countries have developed or are in the process of

developing a cyber weapons program. Though it is often unclear which countries are developing these

programs, it is estimated that those who are, tend to be smaller, less military oriented countries that wish

to have a more prominent cyber presence. According to Amy Chang of the Center for a New American

Security, cyber warfare “is cheaper for and far more accessible to small nation-states”. Furthermore, it

“allows these countries to pull off attacks” with less associated risks and no repercussions were they to

be caught.  

Major Countries and Organizations Involved  

China  

The Chinese government has been using cyber warfare to infiltrate many US companies.

According to the NSA, they have successfully infiltrated more than 600 companies and governmental

agencies in order, “to steal corporate and military secrets and data about America’s critical infrastructure,

particularly the electrical power and telecommunications and internet backbone.” These intrusions aim

to recover a wide range of information, from specification for hybrid cars to details about the US military

to civilian air traffic control systems.  

   

Research Report | Page 4 of 9    

U.S Victims of Chinese Cyber Espionage over the past five years Each red dot is a unique corporate, private, or U.S government victim

Russia

It is suspected that Russian hackers were able to penetrate the Pentagon’s e-mail system. The

US military has publicly acknowledged the attack and has stated that it has reportedly affected 4,000

military and civilian personnel, many of which are involved in the coordination and operation of US

Armed Forces overseas. This is most likely not the first time that Russia has infiltrated confidential

governmental information. Unfortunately, transparency and sufficient evidence of attakcs are rare in the

world of cyberwarfare.

United States of America

In April of 2015 the Pentagon made a public announcement stating that the US government

currently considers Russia, North Korea, Iran and China their biggest cyber threats. It was also

announced that the US would not shy away from using cyber warfare as retaliation if they felt that the

US’s national security was violated. However, it’s also important to note the US has been criticized

several times in the past for infiltrating private records of a number of government officials abroad.

Israel

Israel is currently viewed as having one of the most developed cyberwarfare programs in the

world. In fact Israel is suspected of collecting information on the layout of Iran’s nuclear program and is

supposedly working to dismantle Iran’s Internet restrictions. With the help of the US, Israel has attacked

Iran in the past; it’s not unlikely they would do so again. It is widely believed that in 2006, Israel and the

Robert, Windrem. "Exclusive: Secret NSA Map Shows China Cyber Attacks on U.S. Targets." NBC News. N.p., 30 July 2015. Web.

   

Research Report | Page 5 of 9    

USA launched Operation Olympic Games, aiming to disrupt Iran’s nuclear facilities. Israel is also

suspecting of having had a major role in in the 2010 Stuxnet cyberattack, which was suspected of having

destroyed an estimated fifth of Iran’s nuclear centrifuges.

NATO

The North Atlantic Treaty Organization (NATO) has a special department dedicated to cyber

warfare, the Cooperative Cyber Defense Centre of Excellence, that serves as a “research and training

facility dealing with education, consultation, lessons learned, research and development in the field of

cyber security.” NATO has worked in close collaboration with international law scholars and practitioners

who put together the Tallinn Manual Process, an unofficial rulebook for cyber warfare. An updated

version of the manual, the Tallinn Manual 2.0, is set to be released in 2016.

Timeline of Events  

Date Description of event

November 1988

The Morris worm, one of the world’s first computer viruses, begins

spreading in computers throughout the US

October 2007

China’s Ministry of State Security claimed that foreign hackers coming from

the US and Taiwan were stealing information from the Chinese government.

January 2009

Hackers attacked Israel’s internet infrastructure during a military offensive in

the Gaza Strip, The attack was executed by at least 5,000,000 computers.

October 2012

The Russian firm Kaspersky discovered a worldwide cyber-attack that had

been operating since 2007.The virus collected information from government

embassies, research firms, military installation, energy providers and many

more important infrastructures

June 2013

NATO Defence Ministers agreed that their cyber-defence capability should

be fully operational by the autumn, which would ensure the protection of all

networks owned and operated by the Alliance.

 

Relevant UN Treaties and Events  

• Tallin Manual, launched in 2009

   

Research Report | Page 6 of 9    

The Tallin Manual was written by practitioners of international law along with support from NATO.

It sets rules and regulations for cyber warfare though is not considered an official rulebook.

• Resolution 68/167, December 2013

“Recalls, international human rights law provides the universal framework against which any

interference in individual privacy rights must be assessed. The International Covenant on Civil

and Political Rights, to date ratified by 167 States, provides that no one shall be subjected to

arbitrary or unlawful interference with his or her privacy, family, home or correspondence, nor to

unlawful attacks on his or her honor and reputation”

Main Issues and Possible Solutions  

Cyberspace is not limited to any geopolitical or natural boundaries, but rather information can be

deployed from its origin and arrive to its destination in a matter of seconds. Because cyberspace is

readily accessible to anyone and due to programs such as IP spoofing and the use of botnets, it is often

difficult to identify the true origins of an operation, thus rendering the identification and attribution of

cyber-attacks very difficult.  

Furthermore, due to cyber warfare’s difficulty to track it is difficult to know which country or

organization has launched a specific cyberattack. This means that very often, countries accusing one

other of a cyberattack is merely speculation or a biased conclusion. This section will outline the main

roadblocks to solving the issue of cyberwarfare, namely a number of international laws and a lack of

transparency.

International Laws  

Jus Ad Bellum

Article 2(4) of the UN Charter states that “all Members shall refrain in their international relations

from the threat or use of force against the territorial integrity or political independence of any

State, or in any other manner inconsistent with the Purposes of the United Nations”. The only

two exceptions to this article are self-defense and UN authorized missions. The UN has not yet

determined if the use of cyber-warfare qualifies as the “use of force”. If they did take such a

decision, cyber warfare would fall under the aforementioned article and the UN would have to

determine which instances of cyberwarfare would qualify as a use of force and which would not.

Additionally the UN would have to come to a consensus on a generalized course of action when

faced with an instance of cyberwarfare that has not been considered a use of force.  

   

Research Report | Page 7 of 9    

Use of self-defense

Article 51 of the UN Charter declares that “nothing in the present Charter shall impair the inherent

right of individual or collective self-defense if an armed attack occurs against a Member of the

United Nations, until the Security Council has taken measures necessary to maintain

international peace and security”.  The UN also needs to determine if acts of cyber-warfare count

as “armed attacks” making the self-defense article applicable to cyber warfare. They would also

have to determine whether acts of cyber warfare that are considered use of force should be seen

as armed attacks as well.  

More good than harm

According to the Just War Theory a state should only wage war if more good than harm will come

out of it. In other words, the state in question needs to consider the universal goods against the

universal evils that would come of the war. Generally universal evils are measured in casualties

or destroyed physical objects. In cyber- warfare there tend to be no casualties or destroyed

physical objects. Nevertheless, certain actions in cyber-warfare are unethical and things such as

digital databases, or digital archives containing important historical records can be destroyed.

This is why there is a desperate need to quickly and accordingly adapt this law.

Jus in Bello

According to Protocol 1 of Jus in Bello, attacks are defined as “acts of violence against the

adversary, whether in offence or in defense”. Despite the lack of direct violence law practitioners

and writers of the Tallinn Manual have chosen to make the terms cyber offense and cyber-attack

synonymous. However, Jus in Bello has rules in regards to these attacks that do not necessarily

apply to cyber warfare. The UN would have to choose which laws and regulations should apply

and which should not.  

Neutrality Laws

According to international law, a neutral state is obliged to prevent its territory from being used by

belligerents. In turn, belligerents must respect neutral states and “are forbidden to move troops,

or convoys of either munitions of war or supplies across the territory of a neutral Power”.

International law also states that this applies to “whatever type of weapons might be used”. This

means that these laws can apply to cyber warfare as it could be considered a type of weapon.

Targets of cyber operations are generally easily determined whereas their routing are often

   

Research Report | Page 8 of 9    

difficult to control especially if it cannot include neutral zones. For this reason, whether cyber

operations are considered a weapon or not must be carefully determined. This raises the

question: “If a state is neutral, can a belligerent state cyber attack another through the neutral

state or would that be disobeying neutrality laws? “  

Lack of Transparency  

“One of the United Nations’ top human rights officials has warned of the “disturbing lack of

transparency in governmental surveillance policies and practices”. In fact the UN is a major advocate for

increased transparency in the government as UN Human Rights Officials have a very difficult time

determining whether human rights violations occurred. As said by the UN High Commissioner for Human

Rights, this “[lack of transparency] is severely hindering efforts to ensure accountability for any resulting

human rights violations, or even to make us aware that such violations are taking place, despite a clear

international legal framework laying down Governments’ obligations to protect our right to privacy”.  

For now the UN must determine which international laws of warfare apply to cyberwarfare and to

what degree.

Resources to Consider  

http://unidir.org/files/publications/pdfs/cyberwarfare-and-international-law-382.pdf  The UNIDIR published a very extensive report with detailed explanations of each one of the laws of

warfare that could apply to cyber warfare.

http://www.europarl.europa.eu/EPRS/EPRS-Briefing-542143-Cyber-defence-in-the-EU-FINAL.pdf

This source provides a well-researched overview of cyber warfare in Europe.

https://ccdcoe.org/tallinn-manual.html

Access to the full Tallin Manual, manual of unofficial laws and regulations for cyber warfare. Delegates

are encouraged to read a portion of this document before drafting related clauses.

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2538191

A short abstract of the Tallin Manual for those not wanting to read the full document above.

https://ccdcoe.org/publications/ethics/Taddeo.pdf  This source gives a simple overview of the laws of warfare that may apply to cyber warfare.

   

Research Report | Page 9 of 9    

Bibliography  

"Tallinn Manual Process." CCDCOE. N.p., 16 Sept. 2014. Web. 07 Sept. 2015.

<https://ccdcoe.org/tallinn-manual.html>.  

Mezler, Nils. "Cyberwarfare and International Law." (2011): 50-52. Web.

<http://unidir.org/files/publications/pdfs/cyberwarfare-and-international-law-382.pdf>.  

"The History of Cyber Warfare." The History of Cyber Warfare. N.p., n.d. Web. 07 Sept. 2015.

<http://online.lewisu.edu/msis/resources/the-history-of-cyber-warfare>.  

Taddeo, Mariarosaria. "CYBER WARFARE, ETHICS & THE REGULATORY GAP." (n.d.): n. pag. Web.

<https://ccdcoe.org/publications/ethics/Taddeo.pdf>.  

"America's Power Grid Is Vulnerable | Secure the Grid." Secure the Grid. N.p., n.d. Web. 07 Sept. 2015.

<http://securethegrid.com/the-basics-of-grid-security/>.  

"This Map Shows China's Cyber Invasion Of The U.S. Is Well Underway." Fortune This Map Shows

Chinas Cyber Invasion of the US Is Well Underway Comments. N.p., 31 July 2015. Web. 07 Sept. 2015.

<http://fortune.com/2015/07/31/china-cyber-attacks/>.  

Sanger, David E. "Pentagon Announces New Strategy for Cyberwarfare." The New York Times. The

New York Times, 23 Apr. 2015. Web. 07 Sept. 2015.

<http://www.nytimes.com/2015/04/24/us/politics/pentagon-announces-new-cyberwarfare-strategy.html>.