FORUM: General Assembly (1st Committee)

QUESTION OF: Cyber-security and cyber-terrorism

SUBMITTED BY: United Kingdom
CO-SUBMITTED: Italy, Ukraine, Uganda, Peru, Malaysia, Senegal, Lebanon

THE GENERAL ASSEMBLY,

Emphasizing the detrimental effects cyber arms race can have in the word, which are evident
in past incidents, such as cyber attacks on Estonia (attacks started on 7th April 2007),

Recognizing cyber crime undermines the functioning of the economic space, reduces trust in
digital services, and could even end up in loss of lives,

Appreciating the efforts of numerous agencies researching ways to combat a cyber arms race,
by both developing ways to strengthen cyber security and raising awareness, such as the
North Atlantic Treaty Organization (NATO), but still cognizant of the need to do more,

1. Calls upon member states of the United Nations to build a framework that all nations
can agree with as well as reach a common definition of cyber terrorism through ways,
such as but not limited to:
a. acknowledging that there are 3 facets of cyber-terrorism:
i. state by state,
ii. state by organization,
iii. organization by organization,
b. defining which activities on the cyberspace should be recognized as cyber ter-
rorism by ways such as but not limited to:
i. deciding on whether digital political propaganda is cyber terrorism and
choosing the exact boundaries of activities that will count as propa-
ganda,
ii. specifying the types of hacktivism that will be recognized as cyber at-
tack,
iii. deciding the extent to which member states can use cyberspace for
their national defense and international defense,
c. creating a common technical language in terms of cyberspace to create a suc-
cessful commencing point between nations;

2. Expresses hope that all member states and official organizations such as the United
Nations Educational, Scientific and Cultural Organization (UNESCO) create aware-
ness and educate people that cyber terrorism can be as detrimental as military ad-
vances in ways such as, but not limited to:
a. informing the types of cyber attacks and its dangerous effects on a nation’s se-
curity and economy by emphasizing established precedents of cyber attacks
such as, but not limited to:
 i. North Korea’s Wannacry ransomware attack on the UK National
Health Service,
ii. 2007 cyberattack on Estonia,
iii. 2016 Democratic National Committee e-mail leak,
b. holding monthly press conference by the government that answers queries re-
garding the actions they take for cyber security;

3. Recommends all member states to strengthen and develop cyber security nationally
by creating a government sector that exclusively deals with cyber attack to strengthen
information security as well as to create a Computer Emergency Response Teams
(CERTs) that prevents cyber attacks targeted on states;

4. Urges all member states and cyber security corporations to develop and invest upon
an intelligence pool and a cyber defense program that can collect and share intelli-
gence simultaneously among nations in ways such as not limited to:
a. analyzing the motives and reasons for precedent cyber attacks committed by
cyber terrorist organizations or state supported cyber attacks,
b. monitoring specific occasions and details of the cyberattacks such as:
i. server that was damaged,
ii. type of information that was taken and spread,
iii. type of cyber attack,
c. utilizing the content of the intelligence pool aforementioned to investigate and
evaluate the trends of the cyber attacks in order to develop a proactive proto-
col and manual against potential incoming cyber attacks,
d. cooperating with organizations such as Cooperative Cyber Defense Centre of
Excellence (NATO-CCD-COE) and Swedish National Defense College
(SNDC) in order to:
i. analyze the victims of cyber attack,
ii. identify and develop the vulnerable areas of the cyber security system,
iii. prevent future cyber attack targeted on the states;

5. Calls upon all member states to supplement national cyber security government sec-
tors so as to ameliorate global cyber security by founding a cyber defense task force
to be deployed internationally at a time of cybersecurity crisis, by using ways such as
but not limited to:
a. increasing the number of quick response teams that governments regulate with
the help of NATO’s Computer Incident Response capability and Cooperative
Cyber Defense Centre of Excellence (NATO-CCD-COE),
b. establishing an international counter cyber attack response training pro-
gramme,
c. requesting cooperation and support from the Computer Emergency Response
Teams (CERTs) that operate within each member state’s jurisdiction;
6. Further recommends North Atlantic Treaty Organization (NATO), European Elec-
tronic Crime Task Force (EECTF), and Brazil-Russia-India-China-South Africa
(BRICS) to effectively combat against cyber terror perpetrators and strengthen cyber
security in ways such as, but not limited to:
a. creating cyber-attack defense shields that can also be used for missile defense
shield,
b. combining the cyber-deterrence abilities under a centralized defense system,
c. developing further NATO’s ability to prevent, detect, defend against and re-
cover from cyber attacks, by using the NATO planning process to enhance and
coordinate national cyber defense capabilities,
d. improving the integration NATO cyber awareness, warning and response with
member nations,
e. putting forth major efforts on increasing the monitoring of NATO’s critical
network and to assess and furnish remedies to any vulnerabilities that are iden-
tified by using methods but not limited to:
i. plan and execute international counter-cyber attack exercise to help na-
tions share their proficiency and experience,
ii. holding cyber defense drills called Locked Shields and Baltic Cyber
Shield (BCS), which were coordinated by Cooperative Cyber Defense
Centre of Excellence (CCDCOE) and Swedish National Defense Col-
lege (SNDC), to learn skills needed to be able to fend off cyber attacks,
f. expanding early warning capabilities in all nations in the form of a NATO
wide network of monitoring nodes and sensors;

7. Encourages member states to reinstate the United Nations Group of Governmental

Experts on Information and Telecommunications in the Context of International Secu-
rity (UN GGE) conferences in order to prevent legal ambiguity and loopholes by es-
tablishing an international legislative framework governing cyber security in ways
such as but not limited to:
a. analyzing and addressing the existing and potential threats in the sphere of in-
formation security,
b. establishing measures to address norms, rules and principles of responsible be-
havior of states, confidence building measures, and capacity-building,
c. accepting the principles of international law being applied to cyberspace, in-
cluding the UN charter that embodies the right of individual or collective self-
defense,
d. understanding that state that are unwilling to affirm the applicability of these
international legal rules and principles are acting through cyberspace to
achieve their political ends with not limits on constraints on their actions,
e. utilizing the Tallinn Manual, an academic study written by the UN CCD COE
and an international group of experts on how international legislations applies
to cyber operations and cyber warfare, as a guideline for the assessment of cy-
berattacks in ways such as, but not limited to:
i. discussing how jus ad bellum applies to cyberspace,
 ii. considering the international humanitarian law’s appliance to cy-
berspace,
f. discussing which intrusion fall within the prohibited category of intrusion or
when the threshold of intrusion is surpassed,
g. emphasizing that all states have an equal and transparent manner in cy-
berspace governance in an international level;

8. Encourages cooperation between the private and public sector in all UN member
states who have the ability to secure cybersecurity firewalls against information leak-
age through means such as, but not limited to:
a. hiring private sector help, specifically data protection companies, to further
safeguard existing protection securing governmental data including but not
limited to:
i. securing voter record and fingerprint data from recent elections from
public data leakage,
ii. protecting and securing private messages on social media in order to
prevent public leakage
b. endorsing all private sector company’s transparency regarding finance security
methods, and potential data hacks towards the government in an attempt to:
i. Provide additional data for lawmakers, creating laws passed down to
these organizations more effective in creating a more secure cyberse-
curity defense,
ii. Allow fluid information flow between government and private sector,
allowing administrative organization to analyze previous hacks to find
patterns and preventions to these cybersecurity weaknesses,
c. coordinating defense systems to minimize the chance of a governmental data
breach through a breach of a private sector company working with the govern-
ment;

9. Strongly encourages nations to further fortify their cybersecurity systems through

methods including, but not limited to:
a. adopting the latest technologies and updating security systems whenever pos-
sible,
b. running hacking diagnostic and simulations of current cybersecurity systems
in order to:
i. Identifying any flaw within defense systems,
ii. Assessing how efficiently response teams are able to counter the cyber-
attack and recover any damage,
iii. Providing preparation and practice for response teams
c. constantly training computer emergency response teams;

10. Recommends member states to create a government department called the Depart-
ment of Cybersecurity which carries out programs such as, but not limited to:
 a. training and utilizing white hat hackers for purposes of analyzing threat model
and identifying possible attack vectors by means such as, but not limited to:
i. endorsing joint public-private partnership for a national cybersecurity
workforce programme with emphasis on local-level employers, com-
munity organization, and educational institutions,
ii. creating national cybersecurity apprenticeship program by providing
course in both two-year community college and four year university
programs,
b. establishing legal frameworks and guidelines for Internet of Things (loT)
products, such as the FDA’s Nutrition Label, in order to create an environment
where consumers can make informed security-related decisions.

11. Recommends the addition of penalties and laws under the ICC and the ICJ to make
prosecution against cyber terrorism an international effort:
a. these laws are to be discussed by members states of the United Nations at Cy-
ber Security Conventions (CSCs)
b. this convention is to take place every 5 years so these laws are continually up-
dated in accordance to technological advancement,
c. the ICJ/ICC must consider cases of Cyberterrorism and present the verdict in
an official statement within 6 months of the crime's occurrence
d. if the guilty party/state does not comply with the ICC/ICJ's jurisdiction, sanc-
tions will be placed on the said party, above sanctions will be discussed and
decided upon by the Security Council;

12. Highly recommends all nations to support cryptocurrency economies in their respec-
tive nations in order to encourage banks to support the flow of cryptocurrency through
ways such as, but not limited to:
a. establishing guidelines for how nations should support cryptocurrency
economies,
b. providing insurance and compensation for banks,
c. recognize cryptocurrencies as official forms of currency that are spendable in
the respective nation: so that people can actually start using the currency for
everyday usage;

13. Strongly suggests the global community to assist in the regulation and stabilization of
cryptocurrency valuations and exchange rates through the creation of a separate UN
body World Cryptocurrency Regulation Committee (CRC). particularly charged with
overseeing cryptocurrency matters through methods such as, but not limited to:
a. quarterly meetings for international banks and the experts on the matter to
meet,
b. encouraging the involvement of the World Bank and the International Mone-
tary Fund (IMF).