Introduction - TIS Eagles · 2018-09-29 · TIANMUN 2018 Advisory Panel – 6 2016 when North...
Transcript of Introduction - TIS Eagles · 2018-09-29 · TIANMUN 2018 Advisory Panel – 6 2016 when North...
TIANMUN 2018 Advisory Panel –
1
This image shows the all the words on the Wikipedia “Cyberterrorism” page with a frequency of being mentioned
for over 10 times.
FORUM: Advisory Panel
ISSUE: Measures to Combat Cyber Terrorism on
Government Database
STUDENT OFFICER: Jessica Wang
POSITION: President of Advisory Panel
Introduction
North Korean hacking groups have
accused to have constantly conducting cyber-
attack to other nations, such as the 2013 South
Korea Cyber-attack. The 2013 South Korea
Cyber-attack started when the network system
of the three main banks and two major
broadcasters were paralyzed. South Korean
residents were unable to withdraw money at
that time due to this attack. Officials from the
Korea Communications Commission informed
the public that this origin of this disruption was
located to a Chinese Internet provider address. However, an official working at the South Korean
science ministry, Lee SeungWon, stated that the malignant codes used by the attackers during this
cyber-attack were similar to the codes that were used by the North previously. This has caused the
responsibility to stay unclear. Imagine these attacks being conducted on government databases,
databases that contain hundreds and thousands of confidential documents. Cyberterrorism on
government database can cause devastating effects and is slightly harder to trace after. This is one
reason why the Deputy Attorney General of Iran, Abdul-Samad Khorramabadi, stressed to
representatives from world to help fight against cyber terrorism used to recruit and finance various
terrorist groups in 2017.
The definition of cyberterrorism is quite controversial. The FBI has a very narrow
explanation of cyberterrorism, whereas many other specialists and organizations believe in a broader
definition, including attacks with relatively less damage (such as cybercrimes). Some believe that the
attack must directly or indirectly cause deaths of victims to be classified as a cyberterrorist attack,
TIANMUN 2018 Advisory Panel –
2
This image shows what would be displayed on the device if an individual or company was targeted by the WannaCry ransomware
attack
and others believe that death is not a crucial factor of determining whether or not the attack is a
cyberterrorist attack. The effects of cyberterrorism can be seen through various examples, such as the
cyberterrorist attack that struck Atlanta, Georgia, in March 2018. This ransomware attack will
require the government to spend approximately 2.6 million US dollars to recover.
Background With the term being
coined by Barry C. Collin in the
1980s, the significance of this
issue exponentially increased as
2000 approached with the Year
2000 problem (also known as the
Millennium bug). Cyberterrorism
gained attention again after the
September 11 attacks conducted
by terrorists, bringing fear to the
Western World about the potential
threats of cyberterrorism. Some
examples of cyberterrorism include
when hackers interrupt networks
that cause public inconveniences or prevent access to certain websites with information that the
hackers oppose; acquire, deactivate, or alter signals in charge of military technology; or disrupting
infrastructure systems. By disrupting infrastructure systems like water treatment plant or a pipeline,
major cities can be thrown into chaos that could endanger public health and public safety. Methods
to cause cyberterrorism can be separated into two main categories: un-targeted attacks and targeted
attacks. An example of un-targeted attacks includes ransomware; target attacks can be in many forms
such as distributed denial of service and phishing attacks. For example, the WannaCry ransomware
includes an application that both encrypts and decrypts data, demanding $300-$600 worth of bitcoin
from the user in order to decrypt the files. The effects of ransomware attacks cannot be ignored; in a
short duration of four days, the WannaCry ransomware attack was able to affect more than 300,000
computers in 150 different countries. The United States and the United Kingdom believe that North
Korea was behind the WannaCry ransomware attack. Thomas Bossert, the former Homeland
TIANMUN 2018 Advisory Panel –
3
This image from Crowd shows how ransomware attacks are conducted.
Security Advisor to U.S. President Donald Trump, later added that Australia, Canada, and New
Zealand agree with the conclusion that the WannaCry ransomware attack was under control of North
Korea. Europol, the European Union’s law enforcement agency, is an organization that aims for a
safer Europe to benefit all European Union citizens. “Ransomware has widened the range of
potential malware victims, impacting victims indiscriminately across multiple industries in both the
private and public sectors,” Europol warns the public about the development of ransomware attacks.
Problems Raised Losing Important Confidential Documents Some hackers attack with an economic purpose and some hack for a political purpose, like
the ones who participated in the 2016 incident in which 235 gigabits of confidential documents were
stolen by North Korean hackers. Some documents that were hacked address issues such as “how to
identify movements of members of the North Korean leadership” and “how to seal off their hiding
locations.” A member of the South Korean National Assembly’s committee for national defense, Mr.
Rhee, claims even though 80 percent of the hacked data reminds unclear, it is impossible for North
Korea to have hacked and gotten information about the operation plans with the United States since
it was not fully uploaded yet. However, Moon Sang-gyun, a Defense Ministry spokesman, declined
to make any comment on the claims made by Mr. Rhee. Moon Sang-gyun simply stated that “It is
assumed that this was the work of North Korea” about this cyberterrorism attack. Since the South
Korean ministry believes that releasing more information about this incident would benefit North
Korea, this attack mainly remains ambiguous with minimum officially confirmed information.
Ransomware Fines (Blackmail) Often times, after a group of hackers, or
one hacker, successfully causes damage, the
ones causing the ransomware attack will
demand a fine to be paid before everything can
go back to normal. For instance, this is exactly
what happened during the cyberterrorist attack
that struck Atlanta, Georgia, in March 2018.
The city publicly claimed this attack as a
TIANMUN 2018 Advisory Panel –
4
This is how the FIDO alliance provides stronger security.
ransomware cyberattack which affected various applications and client devices, which caused public
inconveniences. This attack caused many city services to be inaccessible, including online-bill
paying services. This inaccessibility for more than six days for a technology-dependent society
caused many employees of different fields, such as police officers, to write reports by hand until the
computer systems start to function properly again. There is no official verification of a ransom
amount; however, Mayor Keisha Lance Bottoms stated that the hackers demanded for $51,000 with
an estimation of $2.6 million to fully recover from the attack.
International Actions National Protections Against Cyberterrorism Most, if not all, nations have realized the importance of having a department or departments
focusing on protection against cyberterrorism. For instance, in May 2011, the Chinese Defense
Ministry has confirmed the existence of an online defense unit called the “Cyber Blue Team,” or
“Blue Army.” Sometimes, emergency groupings of people are formed right after a region faces
cyberterrorism. For example, after the 2018 Atlanta Ransomware Cyberattack, a multi-functional
team was created in response to the attack with representatives from both the public and private
division, which includes those from “city officials, […] law enforcement, the FBI, Department of
Homeland Security, the Secret Service and independent forensic experts.” This response team was
established not only to investigate what has happened during the 2018 Atlanta Ransomware
Cyberattack, but also to improve the protection against cyberterrorism for the whole country.
The FIDO (“Fast IDentity Online”) Alliance The main focus of this organization is to
“address the lack of interoperability among strong
authentication devices and the problems users face
creating and remembering multiple usernames and
passwords.” Although this was implemented by
many top companies such as Google, Alibaba,
American Express, and Bank of America, this
alliance does not have cooperation with governments
to enhance the government’s cybersecurity. By encouraging individual members states to collaborate
with the FIDO alliance could possibly help combat cyberterrorism on government data.
TIANMUN 2018 Advisory Panel –
5
This is an article written on the newspaper in December 2016 about Russia’s influence on the 2016 U.S.
Presidential Election.
Key Players Russia In 2013, Barack Obama, Vladimir
Putin, and Xi Jinping have joined together to
discuss about the ways to improve
cybersecurity to combat cyberterrorism. The
FBI and Department of Homeland Security
have joined together in 2018 March and
released a report about cyberterrorism
conducted by Russian hacker that has
continued from at least March 2016. The FBI
and the Department of Homeland Security say
that the Russian government has “targeted U.S. government entities and multiple U.S. critical
infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and
critical manufacturing sectors.” It is said that often times, Russian hackers would start by hacking
groups with less secure networks than their main targets and then get to their ultimate target after
collecting important information. The United States Treasury Department has announced sanctions
on various Russian groups and individuals who have participated in altering the results of the United
States Presidential Election 2016.
North Korea North Korea has been conducting numerous cyberattacks, some attacks were counted as
cyberterrorism. For example, during the 2016 Korean Ministry of Defense cyber-attack incident,
North Korean hackers stole 235 gigabytes of confidential documents from the military database of
the Republic of Korea; rumors spread that the documents include ones about United States-South
Korean military plans. North Korea actually denies responsibility for this cyber-attack and declares
that South Korea is behind this, forging claims about cyber-attacks.
Republic of Korea Based on the 2016 Deloitte Asia-Pacific Defense Outlook, South Korea is the most
vulnerable Asia-Pacific country to cyber-attacks. One of the most notable recent issues was during
TIANMUN 2018 Advisory Panel –
6
2016 when North Korean hackers allegedly broke into Korea’s governmental (military) database to
steal United States-South Korean military plan and the hackers were successful. They were able to
steal numerous confidential documents, including a ‘decapitation’ plan, through a spam of a year.
This ‘decapitation’ plan was a plan to remove the North Korean leader, Kim Jong-un, in response to
North Korea conducting its sixth nuclear test that month. The Republic of Korea recognizes North
Korean hacks have stolen three-hundred lower-classification confidential documents beyond any
doubt; however, they still have eighty percent of the total 235 gigabytes of stolen data unidentified.
Korea was able to develop contemporary technology, but Korea’s cybersecurity was not developed
as impregnable as its trendiness.
United States The United States, like all other nations, recognizes the importance of cybersecurity.
According to Government Computing, the US Department of Homeland Security (DHS) has
revealed their new cybersecurity strategy for the government. The DHS has set one of their focus of
this strategy on “increasing security and resilience across government networks and critical
infrastructure.” The five fundamental aspects of this new strategy include risk identification,
vulnerability reduction, threat reduction, consequence mitigation, and enable cybersecurity outcomes.
The two aspects that are focused on cybersecurity for the government includes vulnerability
reduction and threat reduction. Vulnerability reduction specifically targets to “protect federal
government information systems by reducing the vulnerabilities of federal agencies to ensure they
achieve an adequate level of cybersecurity”; threat reduction, on the other hand, reduces national
cyber threats by countering transnational criminal organizations and sophisticated cyber criminals.
Possible Solutions Multi-Factor Authentication Multi-factor authentication adds a second level of authentication to an account log-in; it is
like adding an extra lock to the door. Many websites like LinkedIn, Twitter, Microsoft, Apple, and
Google have implemented the two-factor authentication. The government databases can do the same:
set up multi-factor authentications for the limited privileged ones who can access confidential
documents on the government’s database.
International Cooperation
TIANMUN 2018 Advisory Panel –
7
This image shows Europol’s attempt to combat ransomware attacks.
Europol’s call for more coordination between
law enforcement agencies to combat cyberterrorism
and cyberattacks together is not a coincidence. By
promoting information exchange between countries
about cyberterrorism, such as practices and lessons
learned from previous cyberterrorism attacks, the
defence level against cyberterrorism can improve on a
global scale.
Glossary Cyberterrorism “The FBI definesterrorism as a premeditated,
politically motivated attack against information,
computer systems, computer programs and data which
results in violence against non-combatant targets by
subnational groups or clandestine agents.” A NATO
(2008) document defined cyberterrorism as “a cyber-
attack using or exploiting computer or communication
networks to cause sufficient destruction to generate
fear or intimidate a society into an ideological goal.” The Center for Strategic and International
Studies (CSIS) defines cyberterrorism as “the use of computer network tools to shut down critical
national infrastructures (e.g., energy, transportation, government operations) or to coerce or
intimidate a government or civilian population.” The term cyberterrorism is quite controversial,
additional definitions are added for reference.
Ransomware Attacks Ransomware attacks are defined as “infecting a system by encrypting files and/or locking the
users’ access to said system; then requiring the target to give a ‘ransom’ in order to gain normal
access again.
TIANMUN 2018 Advisory Panel –
8
Sources “Atlanta, GA.” Atlanta, GA: History, www.atlantaga.gov/government/ransomware-cyberattack-
information.
Bicknell, David. “US Department of Homeland Security Reveals New Cybersecurity
Strategy.” Government Computing Network, 16 May 2018,
www.governmentcomputing.com/security/news/us-department-homeland-security-reveals-
new-cybersecurity-strategy.
“Cyber Terror.” FBI, FBI, 1 Nov. 2011, leb.fbi.gov/articles/featured-articles/cyber-terror.
“Cyber-Attack: US and UK Blame North Korea for WannaCry.” BBC News, BBC, 19 Dec. 2017,
www.bbc.com/news/world-us-canada-42407488.
Deere, Stephen. “CONFIDENTIAL REPORT: Atlanta's Cyber Attack Could Cost Taxpayers $17
Million.” Ajc, The Atlanta Journal-Constitution, 2 Aug. 2018,
www.ajc.com/news/confidential-report-atlanta-cyber-attack-could-hit-
million/GAljmndAF3EQdVWlMcXS0K/.
Hutcherson, Kimberly. “Six Days after a Ransomware Cyberattack, Atlanta Officials Are Filling out
Forms by Hand.” CNN, Cable News Network, 28 Mar. 2018,
edition.cnn.com/2018/03/27/us/atlanta-ransomware-computers/index.html.
“Iran Calls for International Cooperation against Cyber Terrorism.” IFP News, 22 Sept. 2018,
ifpnews.com/exclusive/iran-calls-for-international-cooperation-against-cyber-terrorism/.
Kim, Christine. “North Korea Hackers Stole South Korea-U.S. Military Plans to
Wipe...” Reuters, Thomson Reuters, 11 Oct. 2017, www.reuters.com/article/us-
northkorea-cybercrime-southkorea/north-korea-hackers-stole-south-korea-u-s-military-
plans-to-wipe-out-north-korea-leadership-lawmaker-idUSKBN1CF1WT.
Locklear, Mallory. “DHS and FBI Warn Russia Is behind Cyberattacks on US
Infrastructure.” Engadget, 15 Mar. 2018, www.engadget.com/2018/03/15/dhs-fbi-warn-russia-
behind-infrastructure-cyberattacks/.
“Members: Bringing Together an Ecosystem.” FIDO Alliance,
fidoalliance.org/participate/members-bringing-together-ecosystem/.
Pototsky, Dan. “US, Russia, China Meet to Tackle Cyberterrorism.” Russia Beyond, Russia Beyond,
8 June 2013,
TIANMUN 2018 Advisory Panel –
9
www.rbth.com/international/2013/06/07/us_russia_china_meet_to_tackle_cyberterrorism_268
67.html.
SANG-HUN, CHOE. “Cyberattack Hits South Korean Banking Networks.” The New York Times,
The New York Times, 20 Mar. 2013, www.nytimes.com/2013/03/21/world/asia/south-korea-
computer-network-crashes.html.
Sang-hun, Choe. “North Korean Hackers Stole U.S.-South Korean Military Plans, Lawmaker
Says.” The New York Times, The New York Times, 10 Oct. 2017,
www.nytimes.com/2017/10/10/world/asia/north-korea-hack-war-plans.html.
“Significant Cyber Incidents.” Nuclear Stability in a Post-Arms Control World | Center for
Strategic and International Studies, www.csis.org/programs/cybersecurity-and-
governance/technology-policy-program/other-projects-cybersecurity.
“What Is Cyberterrorism? - Definition from WhatIs.com.” SearchSecurity,
searchsecurity.techtarget.com/definition/cyberterrorism.