1

GA1 SJS MUN 24’

Table of Contents
Letter from the Dias 3

Introduction to the Committee 4

Introduction to the Topic 6

Key Terms 7

History 9

Key Issues 19

Major Parties Involved 20

Past Attempts to Solve the Issue 23

Possible Solutions 24

Focusing Questions 25

Recommended Readings 26

Bibliography 26

2
GA1 SJS MUN 24’

Letter from the Dias

Esteemed delegates, It is with great pleasure that we welcome you to the General
Assembly 1(GA-1) at the very first Model United Nations Conference held at St.
Joseph's School, Abu Dhabi We at the GA1 Executive Board are honored to welcome
you all to what we know will be a really dynamic and fascinating committee. This
background guide is intended to provide you with crucial and comprehensive material
to help you during the days of preparation so that you can lead a fantastic debate. It is
with great pleasure and anticipation that we convene here today to address some of
the most pressing issues concerning human rights on a global scale.

We have tried our very best to provide comprehensive and thorough background
information for each of your allocations; but, in order to conduct an informative
session, it is imperative that you do your own research and read between the lines. We
hope that each and every one of you will provide unique knowledge of your country's
stance and legislative procedure to guarantee that the committee operates as
efficiently as possible. However, your knowledge on the issue should not be totally
dependent on this guide; we encourage all delegates to perform their own research for
an insightful debate to take place.

We would like to remind everyone attending this conference that you are all capable
of sparking change and making the world a better place. By engaging in thoughtful
analysis, fervent discussion, and forging partnerships, we can tackle urgent
worldwide concerns and clear the path towards a more promising future. Remember
that this conference is about more than just winning, and we have worked hard to
create an environment where each of you can fully express your inner potential to
ignite passionate and thought-provoking debates, forge lasting friendships, and
improve the world.

As your chairs, we truly hope that we can make every single one of you feel
comfortable and enjoy yourself while debating. We hope the forthcoming conference
goes well for you!

Sincerely,
Chelsea Vaz (Chair)
Neha Farhat (Co-Chair)
Marisa Paul (Co-Chair)
Dias of the GA-1

3
GA1 SJS MUN 24’

Introduction to the Committee

Overview

The General Assembly (GA) of the United Nations (UN) is one of the six principal
organs of the UN, established as part of the UN Charter, which was signed on June
26, 1945.

The Charter came into force on October 24, 1945, after it was ratified by a majority
of the signatory nations, marking the official establishment of the United Nations.
The General Assembly serves as a forum for all member states of the UN to come
together, discuss, and make decisions on a wide range of international issues,
including peace and security, development, human rights, and international law. Each
member state has equal representation in the General Assembly, with each country
having one vote. The inaugural session of the General Assembly took place on
January 10, 1946, at Central Hall in Westminster, London. Since then, the General
Assembly has convened annually in September at the UN Headquarters in New York
City, bringing together world leaders, diplomats, and representatives from member
states to address global challenges and promote international cooperation.

The First Committee of the United Nations General Assembly was established to deal
with disarmament and matters of international security. This committee is an essential
part of the UN's mandate to prevent wars and uphold international stability since it
was formed to promote global peace and security via discussions and coordination of
actions relating to arms control, non-proliferation, and disarmament. The numerous
duties of the General Assembly include deliberative, supervising, financial, and
elective activities, all of which are covered by the UN Charter.and terrorism.

Executive Board

Chair - Chelsea Vaz

Co-chair - Neha Farhat

Format of GA1 Session

1. Opening Session

The session begins with an opening statement from the Committee Chairperson,
introducing the agenda items and setting the tone for the discussions.

Delegates may also deliver opening statements on behalf of their respective countries,
outlining their priorities and perspectives on the agenda topics.
4
2. Roll Call

A roll call is conducted to confirm the presence of delegations. Delegates respond

with "present" or the name of their country when called upon.

3. Adoption of the Agenda

The Committee adopts the agenda for the session. Amendments to the agenda may be
proposed and discussed if necessary.

4. General Debate

A period of general debate follows, during which delegates deliver speeches

addressing the agenda topics. This allows countries to express their positions, present
proposals, and outline their policy objectives. Speeches may cover a wide range of
issues related to disarmament, international security, and other relevant topics.

5. Thematic Discussions

The Committee then moves into thematic discussions on specific agenda items. Each
agenda item is addressed separately, allowing for focused deliberations and
negotiations. Delegates engage in moderated discussions, presenting their views,
sharing proposals, and engaging in dialogue with other member states.

6. Drafting and Negotiation of Resolutions

Delegates work collaboratively to draft resolutions addressing the agenda topics. This
involves negotiating the language of the resolutions, reconciling differences, and
seeking consensus among member states. Amendments to draft resolutions may be
proposed and debated during this phase.

7. Voting on Resolutions

Once draft resolutions have been finalized, they are put to a vote. Member states vote
on each resolution individually. Resolutions may be adopted by a simple majority,
two-thirds majority, or consensus, depending on the rules of procedure and the
significance of the resolution.

8. Closing Session

The session concludes with a closing statement from the Committee Chairperson,
summarizing the outcomes of the session and thanking delegates for their
participation. Delegates may also deliver closing remarks, reflecting on the session
and highlighting key takeaways.
5
9. Adjournment

The session officially adjourns, marking the end of the Committee’s proceedings until
the next scheduled session.

Introduction to the Topic

Addressing the growing threat posed by cyberattacks to international peace and
security, and exploring ways to enhance cooperation and establish norms for
responsible behavior in cyberspace to prevent conflict escalation

The growing threat posed by cyberattacks to international peace and security is a

multifaceted concern in our interconnected world. As cyber capabilities evolve and
become more accessible, the international community must prioritize cooperation,
information sharing, and the development of robust cybersecurity measures to
mitigate this pervasive threat to global stability.

Cyberterrorism is the convergence of cyberspace and terrorism. It refers to unlawful

attacks and threats of attacks against computers, networks and the information stored
therein when done to intimidate or coerce a government or its people in furtherance
of political or social objectives.

Further, to qualify as cyberterrorism, an attack should result in violence against

persons or property, or at least cause enough harm to generate fear. Serious attacks
against critical infrastructures could be acts of cyberterrorism, depending on their
impact. The potential threat posed by cyberterrorism has provoked considerable
alarm.

Numerous security experts, politicians, and others have publicized the danger of
cyberterrorists hacking into government and private computer systems and crippling
the military, financial, and service sectors of advanced economies. Promoting
cybersecurity awareness and education at both the national and international levels is
essential for fostering a culture of responsible behavior in cyberspace. This includes
efforts to raise public awareness about the risks and consequences of cyber threats,
encourage the adoption of best practices for securing digital infrastructure, and
empower individuals to be responsible digital citizens.

Such plans would employ the technological, managerial, organizational, legal, and
human competencies in national security strategies for defense. The formation of
partnerships between private and public stakeholders to prevent, investigate, and
respond to threats to critical information infrastructures should be encouraged.
Communications networks should be in place and regularly tested to assure their
effective operation during a crisis situation. Countries should develop adequate
6
domestic laws and policies to allow the investigation and prosecution of cyber crime.
Appropriate international cooperation should take place in accord with properly
crafted domestic laws ensuring that critical information infrastructures are secure.

Key Terms
1. Phishing

Phishing is a type of cyber attack where attackers impersonate legitimate entities,

such as companies, financial institutions, or government agencies, to trick individuals
into providing sensitive information, such as usernames, passwords, credit card
numbers, or other personal data. Phishing attacks commonly occur through email, but
they can also happen via text messages, social media, or phone calls. The goal of
phishing is to deceive recipients into believing that the communication is from a
trusted source, leading them to willingly disclose confidential information or click on
malicious links or attachments.

2. Data Breach

A data breach is an incident where sensitive, confidential, or protected information is

accessed, stolen, or exposed without authorization. This can happen due to various
factors, including cyber attacks, human error, or insider threats. Data breaches can
involve different types of information, such as personal identifiable information (PII),
financial data, health records, intellectual property, or trade secrets.

3. Intrusion Detection System

The consequences of a data breach can be significant and far-reaching. They can lead
to financial loss, repetitional damage, legal and regulatory consequences (such as
fines or lawsuits), and the loss of customer trust.

Organizations invest in various security measures, such as encryption, access

controls, monitoring, and incident response plans, to prevent and mitigate the impact
of data breaches. Additionally, many jurisdictions have data protection laws and
regulations that require organizations to implement security measures and report data
breaches to authorities and affected individuals. An Intrusion Detection System (IDS)
is a security tool or software application designed to monitor network or system
activities for malicious activities or policy violations. The primary function of an IDS
is to detect and respond to unauthorized access or attacks in real-time or near real-
time.

There are two main types of Intrusion Detection Systems:

1) Network-based IDS (NIDS): Network-based IDS monitors network traffic for
suspicious patterns or signatures that indicate potential malicious activity.
7
2) Host-based IDS (HIDS): Host-based IDS operates on individual hosts or
endpoints, monitoring system logs, file integrity, and other host-specific activities
for signs of compromise or unauthorized access..

4. Zero-day Exploit

A zero-day exploit refers to a vulnerability in software, hardware, or

firmware that is unknown to the vendor or developer. This term "zero-day" originates
from the fact that the developers have had zero days to create a fix or patch for the
vulnerability when it is exploited.

Zero-day exploits are particularly dangerous because they can be used by attackers to
launch attacks before the developers even know about the vulnerability, let alone
have time to create and distribute a patch or update to fix it. This means that systems
are vulnerable to exploitation from the moment the vulnerability is discovered by
attackers until a patch is developed and applied.

8
GA1 SJS MUN 24’

History
Cybersecurity is becoming increasingly significant due to the increased reliance on
computer systems, the Internet and wireless network standards such as Bluetooth and
Wi-Fi, and due to the growth of smart devices and the various devices that constitute
the ‘Internet of things’.

Owing to its complexity, both in terms of politics and technology, cybersecurity is

also one of the major challenges in the contemporary world. Where did it all begin?
We take a look at the history of cybersecurity from inception to the present day.

1. The 1940s: The Time Before Cybercrime

Cyberattacks were challenging to execute for about 20 years after the first digital
computer was built in 1943. Small groups of people had access to the enormous
electronic machines, which weren't networked and only a few people knew how to
operate them, making the threat essentially nonexistent.

It's interesting to note that computer pioneer John von Neumann first raised the
possibility of computer programs reproducing themselves in 1949, which is when the
theory underpinning computer viruses was first made public.

2. The 1950s: The Phone Phreaks

Computer information gathering was not the original purpose of hacking. It may be
more accurate to say that early telephone use is where computer hacking originated.

This became clear in the 1950s when phone phreaking became popular. Phone
phreaking became popular in the late 1950s. The phrase refers to various techniques
used by "phreaks," or those with a particular interest in how phones function, to
tamper with the protocols that permitted telecom experts to operate on the network
remotely to place free calls and avoid paying long-distance charges. Even though the
practice gradually disappeared in the 1980s, phone providers were powerless to halt
the phreaks.

There are rumors that Apple's co-founders Steve Jobs and Steve Wozniak had a keen
interest in the fan community for mobile devices. Similar ideas would subsequently
be used in digital technology to create the Apple computers.

3. The 1960s: All Quiet On the Western Front

Even by the middle of the 1960s, most computers were massive mainframes kept in
9
temperature-controlled, safe environments. Access remained restricted, even for
programmers, due to the high expense of these bulky devices.

Most of the development of the phrase "hacking" occurred during this decade. It
wasn’t caused by using computers, but rather by certain individuals breaking into
high-tech train sets owned by the MIT Tech Model Railroad Club. They desired
alterations to their functionality. This decade, the idea was transferred to computers.

However, accessing these early systems through hacking didn't seem to be a "big
business." The goal of these early hacking incidents was just to get access to systems.
However, there were no opportunities for political or economic gain. Early hacking
was primarily about making a mess to see if it was possible.

New, quicker, and more effective hacking techniques have emerged throughout time.
1967 saw one of the most significant occurrences in information security history. At
that time, IBM invited some students to check out a freshly created computer in their
offices. The students were given training on this computer system. They got entry to
numerous system components. As a result, IBM gained knowledge about the system's
weaknesses.

As a result, the idea of implementing defensive security measures on computers to

deter hackers began to take hold. It's possible that this was the industry's first instance
of ethical hacking. In the present times, ethical hacking has become a reputed field
that can be learned with a certified Ethical Hacker course online and other learning
options.

Back to the discussion, the development of cybersecurity plans took a big stride
forward with this. In this decade's second half, and significantly in the years that
followed, the use of computers increased. They were also created in smaller sizes.
Due to their affordability, businesses started purchasing them to store data.

It didn't seem feasible or desirable at the time to lock the computers in a room. Too
many workers were needed by the employees. At this time, passwords were widely
used to access - and secure - computers.

4. The 1970s: ARPANET and the Creeper

The 1970s saw the actual start (and need) of cybersecurity. It was an important
decade in the evolution of cyber security. The Advanced Research Projects Agency
Network (ARPANET) was the initial endeavor in this. Before the internet was
created, this connectivity network was constructed.

I'm the creeper; catch me if you can! was printed using a program developed by Bob
Thomas, an ARPANET developer, using PCs connected to the network. For the first

10
time, this program switched from one machine to another by itself. Although the
experiment was harmless, we may presume that this was the first computer worm
recorded in the history of cyber security.

Getting rid of an unlawful program is effectively the first task that the newly born
cybersecurity offered. Ray Tomlinson, an ARPANET researcher who designed the
first networked mail messaging system, created a program called Reaper that used
every tool at its disposal to find and eliminate the Creeper worm.

5. The 1980s: The Birth of Commercial Antivirus

High-profile attacks increased in frequency in the 1980s, including those at National

CSS, AT&T, and Los Alamos National Laboratory. In the 1983 movie War Games, a
malicious computer software commands nuclear missile systems while pretending to
be a game.

The terms "Trojan Horse" and "computer virus" both made their debut in the same
year. Throughout the Cold War, the threat of cyber espionage increased. This decade
is when you can say the history of computer crime took flight.

Cybersecurity first emerged in the year 1987. Although various people claim to have
created the first antivirus program prior to that, 1987 marked the beginning of
commercial antivirus programs with the release of Anti4us and Flushot Plus.

6. The 1990s: The World Goes Online

The internet saw growth and development of mammoth proportions during the whole
decade. Along with it, the cybersecurity sector expanded. Here are a few significant
developments in this decade in the history of computer security:

Concerns regarding polymorphic viruses started. The first code that mutates as it
spreads through computing systems while simultaneously maintaining the
original algorithm was created in 1990. The polymorphic virus was difficult to
detect.

The DiskKiller malware was introduced by PC Today, a magazine for computer

users. Numerous thousand PCs were infected. The DVD was distributed to
magazine subscribers. They said they had no idea there was a risk and claimed
that it was an accident.

To get past security limitations imposed by antivirus programs, cybercriminals

invented new ways. It was a valuable time in the evolution of cyber threats. Over
time, new methods for dealing with escalating problems were developed. Among
them was the Secure Sockets Layer or SSL. It was developed as a method to

11
keep people secure when using the internet. SSL was introduced in 1995. It
helps to secure internet transactions, web browsing, and online data. Netscape
developed the protocol for it. it. Later, it would act as the basis for the HyperText
Transfer Protocol Secure (HTTPS) that we are using today.

7. The 2000s: Threats Diversify and Multiply

The internet's growth during this time was amazing. The majority of homes and
businesses now had computers. There were numerous benefits, but, unfortunately,
cybercriminals also got new opportunities. A brand-new infection type that didn't
require file downloads appeared at the beginning of this decade in the history of
computer security.

Just going to a website with a virus on it was enough. This type of covert infection
posed a serious threat. Additionally, instant messaging systems were compromised.

The number of credit card hacks also increased in the 2000s. There have been
massive credit card data leaks. There were additional Yahoo assaults during this time.
In 2013 and 2014, these were found. In one incident, hackers gained access to the
Yahoo accounts of over 3 billion users.

The Biggest Moments in Cyber Security History for the Last 10 Years
2011: Sony’s PlayStation Network and Sony Pictures Suffers Multiple
Attacks

Hackers broke into Sony's PlayStation network in 2011 and stole the personal
information of millions of PlayStation users, taking the network offline for several
weeks. Anger over Sony suing an American hacker who tried to reverse-engineer the
PlayStation 3 to enable customers to play unofficial third-party games was the driving
force behind this attack.

The 2011 PlayStation Network outage (also known as the PSN Hack) was caused by
an "external intrusion" on Sony's PlayStation Network and Qriocity services, which
compromised the personal information of about 77 million accounts and rendered the
service unavailable to users of PS 3 and PlayStation Portable consoles.

Sony was forced to shut down the PlayStation Network on April 20 because of the
attack, which took place between April 17 and April 19, 2011. Clearly, it was one of
the biggest events in the history of cybercrime and issues.

With 77 million PSN accounts registered at the time of the outage, it was not just one
of the biggest data breaches but also the longest PS Network downtime in history. It
outperformed the TJX breach from 2007, which had a 45 million customer impact.
Concern was expressed by government representatives from numerous nations on the
12
theft and Sony's one-week delay in issuing a warning to its users.

2012: Global Payment Systems Data Breach

The Union Savings Bank, situated in Danbury, Connecticut, saw an odd pattern of
fraud on about a dozen of the debit cards it had issued at the beginning of March
2012. It also noticed that many of the cards had recently been used at a cafe at a
neighboring private school.

The Breach was limited to a small number of people, and it was made clear to the
card holders that they wouldn't be responsible for any fraudulent card use. The first
company to act against Global Payments was Visa, which did so by removing the
latter from its list of authorized service providers.

2013:

A) Cyber Attacks on the Singaporean Government: The hacktivist group

Anonymous launched the 2013 Singapore cyberattacks, which were a series of
assaults in part in retaliation for Singapore's web censorship laws. An Anonymous
member going by the online alias "The Messiah" claimed leadership of the attacks.

The People's Action Party Community Foundation website was the first target of the
cyberattacks launched on October 28, 2013, and then the Ang Mo Kio Town Council
website was targeted. After that, site administrators shut the site and filed a police
report.

B) #OpIsrael Coordinate Yearly Cyber Attack

Hacktivists target Israeli government and even private websites during OpIsrael
(#OpIsrael), an annual coordinated cyberattack, using DDoS attacks and other
methods. On the night before Holocaust Remembrance Day in 2013, Anonymous
hackers started the first campaign. Since then, the campaign has been held yearly.

C) Adobe: The 21st century saw 17 big data breaches, and one of them was
targeted towards the American multinational computer software company Adobe Inc.

In October 2013, hackers were able to retrieve login information and almost 3 million
credit card numbers of Adobe users. The total number of affected users was 38
million.

D) Edward Snowden Leaks Classified NSA Documents: NSA is no stranger to

cyber-attacks. In 2013, Edward Joseph Snowden, a former computer intelligence
consultant, leaked highly classified information from the National Security Agency.
He was an employee and subcontractor at that time at NSA.
13
The leaked NSA documents were passed on to The Guardian, who published them.
It was yet another major point in the timeline of cybersecurity and cybercrimes.

2013 and 2014: Target and Home Depot Credit Card Data Stolen
56 million customers of Home Depot had their credit card information stolen between
April and September 2014 in one of the greatest data breaches since the origin of
cyber security thanks to specially crafted malware.

To install malware on Home Depot's self-checkout machines in the US and Canada,

hackers had to breach the retailer's network using credentials stolen from a third-party
vendor. As a result, credit card information was exposed.

The hack happened at a time when government and commercial targets were
frequently targeted by hackers. Globally, there were over 1,500 data breaches in
2014, about 50% more than in 2013.

Home Depot's theft was comparable to a security lapse at rival retailer Target in 2013
that resulted in the exposure of the personal information of an additional 70 million
consumers as well as the credit card information of 40 million Target shoppers.

2013 and 2014: Yahoo! Suffers a Massive Data Breach

Yahoo's user database was directly attacked by hackers in 2014, affecting around 500
million people. According to reports, the fraudsters obtained account information
including names, email addresses, passwords, phone numbers, and birthdays.

Ineffective security procedures contributed to the Yahoo data breach's severity. By

employing a phishing method, hackers were able to infiltrate Yahoo's network. A
hacker may have entered the system with just one person who had access to the
network clicking on a dangerous link.

2014: Sony Dealt Another Blow with Attack on Sony Pictures

Entertainment

A hacker group leaked confidential data from Sony Pictures Entertainment (SPE) on
November 24, 2014. The hacker group identified itself as Guardians of Peace.
Information about executive salaries at SPE, employee details, emails between them,
plans of future Sony films, and scripts for certain films were part of the data leak.

The hacker group also used a variant of Shamoon wiper, a malware, to erase Sony’s
computer infrastructure. Based on evaluating the network sources, software, and
techniques used in the hack, the US Intelligence concluded that the attack was
sponsored by the government of North Korea.

14
2015:

A. Experian Data Breach Compromises 15 Million Records: This data breach

was a result of a user error in the verification process of confirming customer identity.
The Experian data was handed over to a cybercriminal pretending to be one of
Experian’s clients.

B. Snapchat Users Personal Information Leaked: The usernames and phone

numbers of an estimated 4.6 million Snapchat users were reportedly posted online
for free by an unnamed hacker or organization.

It's not the entire Snapchat database, according to Wired Magazine's Kevin Poulsen.
"Only a small percentage of Snapchat users are impacted." Although it was an
enormous number.

All but the final two digits of Snapchat phone numbers were posted by hackers to a
website named snapchatDB. They invited people who desired the whole numbers to
contact the website for the uncensored database.

C. Office of Personnel Management (OPM) Suffers Significant Data

Breach:
OPM announced being a target of a data breach that targeted personnel records in
June 2015. It affected about 22 million records.

D. Ashley Madison Hackers Publish Users’ Email Addresses: It was one of

the most widely covered hacks that shook the world. The Ashley Madison case is one
of the most notable events in studying the history of cybercrime and issues related to
it.

It happened in July 2015, when a hacking group identifying itself as The Impact
Team stole more than 60 gigabytes of company data that included user details.

E. 2015 to 2016: WikiLeaks and the Democratic National Committee:

Carried out by the Russian intelligence agencies, two groups of Russian computer
hackers - Cozy Bear and Fancy Bear - infiltrated the DNC computer network that led
to a data breach.

The case received wide media coverage as it was alleged that Russia did this to
support Donald Trump during the 2016 U.S. election. It is a topic that is usually
covered in the brief history of cybercrime in politics.

2016: General Data Protection Regulation (GDPR) Adopted by the EU

GDPR is a legislative framework that establishes standards for the gathering and use
of personal data from people living outside of the European Union (EU). It enables
15
people to have more control over their personal data. Additionally, it updates and
harmonizes regulations, enabling firms to cut back on bureaucracy and gain better
consumer confidence.

One of the EU's greatest accomplishments in recent years was the adoption of the
General Data Protection Regulation act in 2016. It is the replacement for the 1995
Data Protection Directive, which was passed when the internet was just getting
started.

2017:

● Equifax Breach Results in Compromised Data for Nearly 150 Million:

The American credit reporting agency Equifax was subjected to a data breach in
September of 2017 that exposed the personal details of about 147 million people.

● Shadow Brokers Leaks NSA Hacking Tools: Another leak for NSA happened
in 2017, when a hacker group going by the pseudonym TSB or The Shadow
Brokers leaked hacking tools used by the National Security Agency.

● The World’s First Ransom worm: WannaCry: WannaCry is probably the

most infamous ransomware attack. It happened in May 2017 and was caused by
WannaCry ransomware crypto-worm. The attack targeted systems running
Windows across the globe.

● NotPetya: Also known as the 2017 Ukraine ransomware attacks, Petya and
NotPetya are a line of encrypting malware. NotPetya was used in June 2017 for
a global cyberattack, especially Ukraine.

● Bad Rabbit Masquerades as an Adobe Flash Update: This is yet another

major cyberattack that is an important case study for students interested in
computer security background. Bad Rabbit is ransomware that spreads through
drive-by attacks. In 2017, it appeared as an update for Adobe Flash that fooled
users into downloading it. It asked for $280 in Bitcoin and gave a 40-hour
deadline.

● Uber Suffers Breach Impacting 57 Million Customer Data Points: In

2016, hackers stole information from 57 million Uber accounts, which included both
drivers and passengers. The company kept it a secret for over a year. When the
event occurred, Uber was in negotiations with American regulators looking into
many allegations of privacy infractions.

Uber now claims that it was legally required to notify authorities about the attack as
well as the drivers whose license numbers were stolen. Instead, to hide the incident

16
and the data, the corporation hired hackers. While refusing to reveal the identity of
the attackers, Uber stated that it believes the information was never used.

2018:

● Facebook Plagued by Privacy Concerns: In a "security update" published in

September 2018, Facebook claimed that a compromise had resulted in the
exposure of personal data of around 50 million users. The theft of "access
tokens" used by hackers to access the accounts of around 30 million individuals
was ultimately made public.

● 92 million MyHeritage Users’ Account Details Compromised: 92 million

members of the genetic genealogy and family tree website MyHeritage had their
passwords scrambled and emails stolen by unidentified hackers in 2018. No
credit card information, nor (more unsettlingly) genetic information appears to
have been gathered.

MyHeritage announced that it will work with an independent cybersecurity

company to help investigate the breach and offer suggestions on how to guard
against security lapses in the future. The business announced that it is
accelerating its efforts to provide users with two-factor authentication. MyHeritage
advised all users to change their passwords in the interim.

● Marriott Cyber Attack Goes Unnoticed for Years: In late 2018, Marriott
announced that one of its reservation systems had been compromised. The data
breach went undetected for 4 years, starting in 2014 and impacted 500 million
hotel guests.

● Hundreds of Thousands of Records Breached in British Airways Cyber

Attack: In this case, the attacker is believed to have accessed the personal data
of over 429k accounts, which included both customers and employees.

● California Consumer Privacy Act (CCPA) Signed Into Law: Owing to the
evolution of cyber threats, cyberattacks have become more complex and
sophisticated. To cope with the same, The California Consumer Privacy Act was
signed into law on June 28th, 2018, and it went into effect on January 1st, 2020.
It includes a range of consumer privacy rights and business obligations with
respect to the collection and sale of personal information.

2019: Breaches in Singapore’s Health Sectors

Singapore is one of the worst cyberattack-hit countries in the world. Its healthcare
sector is especially the most vulnerable to cybercriminals. In 2019 alone, there were
35 instances of third-party data breaches. This number increased to 89 in 2020.
17
2020

This year was a challenging year for cybersecurity professionals as it was the year
that introduced COVID-19 to the world. Even in the chaos, cybercriminals continued
their illicit activities. These were some of the most important data breaches of 2020:

● [January] An internal customer support database at Microsoft is accidentally

exposed online.

● [February] Personal information of more than 10.5 million guests of MGM

Resorts Hotels leaked on a hacking forum.

● [April] More than 267 million Facebook profiles went up for sale on the dark web.

● [April] More than 500k Zoom accounts were posted on the dark web for sale.

● [April] The Maze group launched a ransomware attack on Cognizant Technology

Solutions.

● [July] Hacking of celebrity accounts on Twitter.

2021

2021 continued to see many cyberattacks. Ten of the most prominent ones were:

1. Microsoft Exchange Attack from January to March

2. Accellion Supply Chain Attack in January
3. Florida Water Supply in February
4. Australia Channel 9 News Ransomware Attack in March
5. CNA Financial Ransomware in March
6. Quanta Ransomware Attack in April
7. Brenntag Ransomware Attack in April
8. Colonial Pipeline Ransomware Attack in May
9. JBS Foods Ransomware Attack in May
10. Kaseya VSA Ransomware Attack in July

18
GA1 SJS MUN 24’

Key Issues
1. Cyber Attacks

The proliferation of cyber attacks targeting governments, businesses, and critical

infrastructure is a major concern. These attacks can range from data breaches and
ransomware to sophisticated state-sponsored cyber espionage and sabotage.

2. Data Privacy

Protecting personal and sensitive data from unauthorized access and misuse is a
significant challenge. With the increasing digitization of personal information and
online transactions, ensuring data privacy has become a pressing issue for
individuals, businesses, and governments.

3. Cyber Warfare and Deterrence

The use of cyber capabilities for offensive purposes in the context of warfare raises
complex legal, ethical, and strategic questions. Nations are grappling with the
development of norms, rules, and deterrence mechanisms to mitigate the risks of
cyber conflict and escalation.

4. Emerging Technologies

The adoption of emerging technologies such as artificial intelligence (AI), Internet of

Things (IoT), and cloud computing introduces new cybersecurity challenges and
vulnerabilities. Securing these technologies requires proactive measures to address
potential risks and mitigate vulnerabilities.

5. Cybercrime and Fraud

Cybercrime, including financial fraud, identity theft, and online scams, poses
significant risks to individuals, businesses, and governments. Combating cybercrime
requires international cooperation, law enforcement coordination, and efforts to
strengthen cybersecurity awareness and education.

6. Cybersecurity Skills Gap

There is a shortage of skilled cybersecurity professionals globally, exacerbating the

challenge of defending against cyber threats. Addressing this skills gap requires

19
investments in cybersecurity education, training programs, and workforce
development initiatives.

7. The Rise of AI and Machine Learning

AI and machine learning have been hailed as massive technological advancements,

and their effects have already been heavily noticed in the workplace. Sadly, these
concepts have provided a similar acceleration to malicious actors, which tend to
move faster than those with good intentions.AI can be trained to execute hacks faster
and more efficiently, especially in the case of DDoS attacks. Since these algorithms
constantly learn from their mistakes, they can find new and unexpected weak points.

Major Parties Involved

1. Canada

Canada strongly advocates for capacity building on the application of international

law in cyberspace. Canada supports efforts to help other States develop their capacity
to publish their own submissions on how they see international law applying in
cyberspace.Canada also supports capacity-building efforts to increase the resilience
of States to malicious cyber activity. Since 2015, Canada has contributed over $13
million to cyber capacity-building projects around the world. Among other outcomes,
these projects have helped 10 countries in the Americas develop their national cyber
strategies. Canada has also been actively engaged in the shaping of the Tallinn
Mechanism since February 2023. The Mechanism is a multi-State, Foreign Ministries
led initiative. Its intent is to serve as a focal point for Members’ civilian cyber
capacity building support to Ukraine.

2. The United States

The Department of Homeland Security and its components play a lead role in
strengthening cybersecurity resilience across the nation and sectors, investigating
malicious cyber activity, and advancing cybersecurity alongside our democratic
values and principles.At the policy level, the USA has developed various
cybersecurity strategies and frameworks to guide its efforts in securing cyberspace.
For instance, the National Cyber Strategy outlines the government's approach to
defending against cyber threats, protecting American innovation and prosperity, and
preserving peace and security through strength in cyberspace. Additionally, the
Cybersecurity and Infrastructure Security Agency (CISA) serves as the nation's risk
advisor, working with government and private sector partners to manage
cybersecurity risks to critical infrastructure.

20
 3. China

China's Ministry of Industry and Information Technology (MIIT) released a new

strategy for improving data security within the nation's industrial sector. The goal of
the plan is to contain "major risks" to threats to the industrial sector by the end of
2026 with the implementation of protective measures that will be applied to more
than 45,000 companies in that vertical. China's new cyber-defense plans come in the
wake of its increasing skepticism of hacking and cyberattacks from foreign countries
through foreign-made hardware and software. The Cybersecurity Law of the People's
Republic of China commonly referred to as the Chinese Cybersecurity Law, was
enacted by the National People's Congress with the aim of increasing data protection,
data localization and cybersecurity ostensibly in the interest of national security.

4. United Kingdom

The National Cyber Strategy 2022 describes the UK's overarching cyber policy. The
strategy takes a 'whole-of-society' approach, arguing that the government must work
in partnership with private sector organisations and cybersecurity professionals to
improve cybersecurity. The NCSC Cyber Assessment Framework (CAF) provides a
systematic and comprehensive approach to assessing the extent to which cyber risks
to essential functions are being managed by the organization responsible. The UK
also places emphasis on international cooperation and collaboration on cybersecurity
issues. It participates in forums such as the Five Eyes intelligence alliance, NATO,
and the European Union Agency for Cybersecurity (ENISA) to share information,
coordinate responses to cyber threats, and promote best practices in cybersecurity.
Furthermore, the UK works closely with allies and partners around the world to
address common cyber challenges and strengthen global cybersecurity governance.

5. South Korea

South Korea seeks to ensure its national interests and security considerations are
reflected in international standards and agreements related to cybersecurity and to
promote discussions between governments and private stakeholders. One of the key
pillars of South Korea’s cybersecurity efforts is the establishment of the Korea
Internet & Security Agency (KISA), which serves as the central authority for
cybersecurity in the country. KISA is responsible for coordinating cybersecurity
policies, conducting threat assessments, and providing technical support and guidance
to both public and private sector entities. South Korea also prioritizes international
cooperation on cybersecurity issues, participating in forums such as the ASEAN
Regional Forum (ARF) and the Global Forum on Cyber Expertise (GFCE). By
engaging with the international community, South Korea aims to exchange best
practices, share threat intelligence, and coordinate responses to global cyber threats.
21
 6. Netherlands

The Dutch government has introduced the Network and Information Systems
Security (NIS) Directive, which mandates cybersecurity requirements for operators of
essential services and digital service providers. Moreover, the Netherlands prioritizes
public-private partnerships in cybersecurity, recognizing the importance of
collaboration between government and industry stakeholders. Initiatives such as the
Joint Cyber Security Centre (JCSC) facilitate information sharing, incident response
coordination, and cybersecurity collaboration between government agencies and
private sector organizations. The Netherlands actively engages in cybersecurity
cooperation and diplomacy, participating in forums such as the European Union
Agency for Cybersecurity (ENISA), the NATO Cooperative Cyber Defence Centre of
Excellence (CCDCOE), and the Global Forum on Cyber Expertise (GFCE).

22
GA1 SJS MUN 24’

Past Attempts to Solve the Issue

Over the years, various initiatives have been launched to address the issue of
cybersecurity at national, regional, and international levels. Some notable past
initiatives
include:

1. National Cybersecurity Strategies

Many countries have developed national cybersecurity strategies to outline their

approach to securing cyberspace. These strategies typically involve a comprehensive
framework encompassing policies, regulations, investments, and capacity-building
efforts to enhance cybersecurity resilience.

2. International Cooperation

Efforts to foster international cooperation on cybersecurity have been pursued

through initiatives such as the United Nations Group of Governmental Experts (UN
GGE) on Developments in the Field of Information and Telecommunications in the
Context of International Security. These initiatives aim to promote dialogue, build
consensus on cybersecurity norms, and enhance collaboration among nations.

Here's a timeline highlighting key past initiatives in cybersecurity:

1. 2007: The International Telecommunication Union (ITU) launches the Global

Cybersecurity Agenda (GCA), a framework for international cooperation on
cybersecurity capacity building, standards development, and policy guidance.

2. 2011: The United Nations Group of Governmental Experts (UN GGE) on

Developments in the Field of Information and Telecommunications in the Context
of International Security issues a report affirming the applicability of international
law to cyberspace and calling for confidence-building measures to reduce the
risk of conflict.

3. 2014: The Cybersecurity Framework is released by the U.S. National Institute of

Standards and Technology (NIST), providing a voluntary framework of standards,
guidelines, and best practices to help organizations manage cybersecurity risks.

4. 2017: The Global Cybersecurity Index (GCI) is launched by the International

Telecommunication Union (ITU) to assess countries' cybersecurity readiness and
track progress over time.

23
5. 2018: The Paris Call for Trust and Security in Cyberspace is launched, bringing
together governments, industry, and civil society to promote international
cooperation, protect citizens and infrastructure from cyber threats, and uphold
digital rights.

6. 2019: The Cybersecurity Tech Accord expands, with over 140 global companies
pledging to protect customers from cyber attacks and ensure the security,
stability, and resilience of cyberspace.

Possible Solutions

The ITU Global Cybersecurity Agenda identifies five strategic pillars: legal,
technical, organizational, capacity-building, and cooperation.

1. Legal Pillar

It focuses on harmonized regulations and laws relating to cybersecurity and cyber-

dependent and cyber-facilitated crimes. Cases in point are cybercrime laws, data
protection laws and regulation, cybersecurity laws, and other related laws.

2. Technical Pillar

Covers existing technical institutions, cybersecurity standards and protocols, and the
measures needed to deal with cybersecurity threats. An example of a technical
institution is a Computer Emergency Response Team (CERT), which is defined as
"an organization or team that provides, to a well-defined constituency, services and
support for both preventing and responding to computer security incidents". CERTs
vary in capabilities depending on the range and combination of reactive, proactive
and/or security quality management services offered.. For example, these services can
include promptly responding to an incident so that the attack can be quickly
contained and investigated, and to facilitate rapid recovery to a pre-incident state.

3. Organizational Pillar

Includes organizational structures and policies on cybersecurity and responsible

agencies for coordinating cybersecurity policy. National cybersecurity strategies and
national cybersecurity frameworks are included in this pillar, as well as the regulatory
bodies that oversee the implementation of these strategies and frameworks.

4. Capacity-Building Pillar

Covers efforts to promote cybersecurity awareness, education and training. Examples

include public awareness campaigns, cybersecurity research and development,

24
professional training, and national education programmes and curricula. For example,
in the Dominican Republic, The National Commission for Information Society and
Knowledge (CNSIC) has an officially recognized national awareness program that
promotes norms, values and social behaviors that contribute to integrity, creativity
and innovation in navigating cyberspace"

5. Cooperation Pillar

Focuses on inter-agency and public-private partnerships, information sharing

networks, and cooperative agreements. A case in point is Australia’s International
Cyber Engagement Strategy to enhance public-private collaboration and
collaboration between countries. Other examples include countries' partnerships and
information exchange with the ITU, European Union Agency for Network and
Information Security (ENISA), Organization for Security and Co-operation in Europe
(OSCE), and North Atlantic Treaty Organization (NATO), and cooperative
agreements, such as the Council of Europe's Convention on Cybercrime of 2001,
Commonwealth of Independent States' Agreement on Cooperation in Combating
Offences related to Computer Information of 2001.

Focusing Questions
1. What are the measures GA1 has in place to protect against cyber threats and
attacks?

2. How frequently are security assessments and audits conducted to identify

vulnerabilities and assess the effectiveness of security controls?

3. What are the technologies used for threat detection and incident response?

4. What partnerships or collaborations does GA1 engage in to enhance

cybersecurity capabilities?

5. Provide examples of recent cybersecurity incidents GA1 has faced and how
they were handled?

6. What strategies does your organization employ to prevent and detect phishing
attacks?

7. How do you handle third-party vendors and contractors in terms of

cybersecurity risk management?

8. What incident response procedures are in place to address cybersecurity

breaches?

25
 9. What are your plans for future cybersecurity enhancements or initiatives?

Recommended Readings
1. What is Cybersecurity?

https://www.checkpoint.com/cyber-hub/cyber-security/what-is-cybersecurity/

2. International Cyber Policy

https://www.international.gc.ca/world-monde/issues_development-
enjeux_developpement/peace_security-paix_securite/cyber_policy-
politique_cyberspace.aspx?lang=eng

3. MUN Guide General Assembly

https://www.un.org/en/model-united-nations/mun-guide-general-assembly

4. AUS MUN Background Guides

https://www.ausmun.com/background-guides

Bibliography

1. Wiki

https://www.usip.org/sites/default/files/sr119.pdf

2. Research

https://media.defense.gov/2017/May/11/2001745613/-1/-1/0
CPP_0001_YANNAKOGE ORGOS_CYBER_TTRIBUTION_CHALLENGE.PDF

https://www.international.gc.ca/world-monde/issues_development
enjeux_developpement/peace_security-paix_securite/cyber_policy-
politique_cyberspace.aspx?lang=eng

https://www.darkreading.com/cybersecurity-operations/china-rolls-out-strategy-to
prevent-hacking-from-foreign-entities

https://researchbriefings.files.parliament.uk/documents/CBP-9821/CBP-9821.pdf

https://commonslibrary.parliament.uk/research-briefings/cbp-9821/

26
https://www.nknews.org/2024/02/south-korea-unveils-new-cyber-strategy-to-counter-
north-korean-threats

https://business.gov.nl/running-your-business/business-management/cyber-security/
cyber-security-management-and-strategy/

https://www.upguard.com/blog/reduce-cybersecurity-risk

https://www.knowledgehut.com/blog/security/history-of-cyber-security

27