Draft Resolution 1.2 - Cyberterrorism

7/30/2019 Draft Resolution 1.2 - Cyberterrorism

1/8


2/8

1. Resolves the definition of cyber-terrorism as An intentional act by an individual or groupwhich seeks to compromise, attack, or infect a computer system or internet service with

the aims of, retrieving confidential information to which the individual or group would

normally not have access, causing panic, distress, terror or prevent freedom of speech,

infringing upon rights of the people and property, and impending social administration;

2. Declares cyber space is a global domain within the information environment consistingof the interdependent network of information technology infrastructures, including the

internet, telecommunications networks, computer systems, and embedded processors

and controllers;

3. Considers an act of cyber-attack to constitute the following:a. Hacking into the cyber-space of the target state and manipulating it to the targets

disadvantage,

b. Sabotaging a cyber-based program, operation or facility being conducted by thetarget state and shutting it down,

c. Gaining control over the national critical infrastructure of the target state viacyber-space and either distort them or use them against the target,

d. The legitimacy of the cyber-attack is subject to the conditions set above;

4. Takes note ofthe negative impacts of cyber-terrorism on diverse areas of economy of astate as:

a. It hinders the functioning of private corporations and National Stock Exchange

Centres considering the loss of information data,

b. It deteriorates the customer-client relationships that affect the market

negatively;


3/8

5. Further considers cyber-espionage as an act of unauthorized probing into the cyber-spaceof the target state with the intention of obtaining information without the permission of

the holder of this information, with the intention of causing physical damage leading to

the dysfunction of the governmental networks, civil utilities, military defenses and

financial regulators and markets of the target state;

6. Further proclaims cyber defense as an act taken to directly counter/hinder the aggressor

tool of an attacking state;

7. Endorses that any act of cyber-defense is a legitimate form of response to an offencelaunched against the aggressor state which abides by the rules of engagement which are

stated as follows:

a. The member states are called upon to support and adhere to a no-first usepolicy,

b. The cyber-defense response should not harm any civilian entity or organization,including government departments dealing exclusively with civilian affairs,

c. The response must not directly, or indirectly, cause great inconvenience andharm to the civilian population or lead to civilian casualty;

8. Declares that non-state actors or groups conspiring, planning, carrying out, funding oraiding acts of cyber warfare shall be outlawed in/by all member states, and those

member states will commit to prosecute the violators to the fullest extent possible in

their jurisdiction;

9. Calls upon states to constitute cyber-attack as armed conflict only if it causes asubstantial physical damage and loss of human life for which the committee shall refer

to the Laws of Armed Conflict for the purpose of compensation and retribution;


4/8

10.Reaffirms that state-sponsored cyber-terrorism should be dealt with in the same manneras with state-conducted operations;

11.Supports non-proliferation polices and encourages member states to adopt suchmeasures in their policy framework;

12.Emphasizes that attribution of and accountability for a cyber-attack is necessary for aresolution to the problem for which the following recommendations are made:

a. Enhance the involvement of The Working Group on Internet Governance in thisregard,

b. On the national level, strengthen existing institutional and legal frameworks andthe associated law-enforcement agencies, cyber-defense units and departments,

c. On the international level, encourage intelligence sharing between states andregions to form a collective pool of information cyber-attacks and its instigators,

in the form of a Global Joint Venture;

d. The creation of a monitory body of the United Nationscomprising of political,legal and technical experts from P5 nations and a neutral state rotated every three

yearswhich shall perform the following functions:

i. Receive monthly reports from member states cyber-terrorism defense unitson the status of cyber-activity in their respective regions,

ii. Investigate instances of cyber-attacks to derive the patterns and trends ofcyber-attacks and establish a psyche profile of an offender,


5/8

iii. Pursue research and development in different areas of cyber technology tofurther enhance the capabilities of the member states to identify the

perpetrator,

iv. Publish reports on a monthly basis to update the member states of theprogress and new information,

v. Monitors the implementation and adherence of the legislation andframework derived by the proposed ad hoc committee;

13.Proposes the following exit strategy for the policy of combating cyber-terrorismglobally:

a. Establishment of Disaster Recovery and Backup Plans in order to restore theinitial security systems in case of any cyber-attack,

b. High-alert security to be provided to the cyber-defense units,c. Creation of more Data Centres to ensure that critical information is not at the risk

of being leaked from one location,

d. Making a reserve force, comprising of technical and cyber experts, that willremain in standby until an attack of magnitude that renders the primary system

ineffective, is experienced;

14.Draws attention to international humanitarian law enshrined in AP I article 48, whichwill be referred to, in order to ensure respect for and protection of the civilian

population and civilian objects, when dealing with state sponsored cyber-attacks;

15.Supports the formation of an ad-hoc committee for a period of six months which shallreport to the United Nations Security Council for the required legislation and

institutional framework to deal with the deliverance of justice to the affected country by

cyber-terrorism:


6/8

a. Member states should be required to adopt this general framework into theirrespective cyber-departments, institutions and authorities to strengthen the

respective departments,

b. These laws should act as universal precedence and principles to ensure effective,transparent and timely justice,

c. Further in case of attack, the affected country shall retaliate in accordance to thelaws and framework established by this committee,

16.Encourages cyber-defense units to be strengthened and to be established where securitymeasures need to be taken as follows:

a. Deployment of vital security applications including Intrusion Detection Systemsand firewalls in instate security systems,

b. Regular monitoring to be carried out in order to ensure maximum security ofthese system;

17.Emphasizes that when dealing with non-state actors, legislature and plan of action tobe adopted shall slightly different with regards to state actors:

a. First, the perpetrators must be identified with regards to attribution clause eight,b. The host state of these cyber offenders is expected to locate the perpetrators,

trial and prosecute them,

c.

If it is unable to trial a suspect then it is the responsibility of bodies such as theInternational Court of Justice to perform the stated tasks;

18.Takes note ofthe security concerns that come along with Cloud Computing Service andencourages to have checks and balances on verification of access controls and


7/8

monitoring of data and encourages the formulation of a Privacy Legislature to consider

the following:

a. The service consumer must be well informed whenever his or her personal data isaccessed to prevent identity theft by terrorist to promote terrorism,

b. Service providers must provide the users with to report compliance;19.Encourages private IT firms to be incorporated into cyber development programs of

member states:

a. Firstly, collaboration with the private sector for the purpose of development incyber security brings about greater expendable funds,

b. Secondly, the effectiveness of the security systems shall be more dependent onresult based results increasing their effectiveness,

c. Thirdly, confidence building measures to be taken to bring back the lostconfidence of the private corporations in the government, that adversely

affected by cyber-attacks;

20.Emphasizingupon the need to have local security training programs to be carried outby state so as to train locals with skills to protect their computer systems and prevent

them by getting hacked by cyber terrorists;

21.Requests member states of the developed world to provide funds for the developmentand sustenance of the cyber defense units and to look into the aspect of cyber research,

under the following framework:

a. Technical training shall be provided to states with their consent in order toenhance their security control systems by providing:

i. Setting up training camps for the officials of underdeveloped nations byexperts of the developed nations,

ii. Skills on securing a large database,iii. Skills on finding and securing leaks in an information store,


8/8

iv. Skills on resisting cyber-attacks through means of anti-hacking anddefense software,

v. Knowledge on creating their own unique software/defense through usingprogramming languages;

b. States would be encouraged to provide financial aid if there are limitedresources to combat cyber-terrorism, where its channelizing would take place

under Transparency International;

22.Expressesthe need to promote existing organizations built to counter cyber-terrorism,such as the Convention on Cyber Crime of Europe which is the only organization that

lays down the guidelines for all governments wishing to develop legislation against

cyber-crime, in order to avoid complexities involved in making new organizations;

23.Decides to remain actively seized of all matters.

Documents

Draft Resolution 1.2 - Cyberterrorism