Academic Guide

Security Council

Cyber ​espionage and intelligence gathering: Case of Russia

and Ukraine
 SECURITY COUNCIL COMMITTEE

INDEX

Content
1. Welcome Letter. 3
2. Introduction to the commission. 4
3. Explanation of the Topic. 5
4. Procedure. 6
5. Glossary. 10
6. Guiding question. 10
7. Conclusion. 10
8. Recommended sources. 11
9. Bibliography. 11
 SECURITY COUNCIL COMMITTEE

1. Welcome Letter.

Honorable delegates,

It is with great excitement and high expectations that we extend our most cordial
welcome to the illustrious Security Council committee of MUNARB IV. We are honored
by your participation in this momentous forum that addresses crucial issues related to
global security.

In this diplomatic context, you assume a fundamental role as an architect of

solutions and negotiator of agreements in a fictional but no less exciting world. As we
embark on this intellectual journey, we trust that your insight, diplomatic skills, and
strategic vision will help enrich the discussions and resolutions we will outline together.

We hope this will be a unique opportunity to explore the complexities of

international security and forge alliances that transcend the fictional borders of our
simulation.

We are committed to providing you with all the support necessary to make your
participation as fruitful as it is educational. Please feel free to contact us with any
questions.

Ultimately, your presence on the Security Council not only enriches this forum, but
also contributes to the collective enrichment of the committee's experience. We look
forward to witnessing the contributions that we are sure will be as impactful as they are
inspiring.

Attentively,

Maria Jose Peralta Luana Camila Hincapie

CEL: 301 2462114 CEL: 315 767 0896
Mail: [email protected] Mail:[email protected]
 SECURITY COUNCIL COMMITTEE

2. Introduction to the commission.

a. Historic Context.
The United Nations Security Council is an organ of the United Nations responsible for
maintaining international peace and security. It was established in 1946, along with the rest of
the United Nations. The Security Council originally consisted of 11 members, five of which were
permanent members (The popular Republic of China, France, the Soviet Union, the United
Kingdom, and the United States) and six non-permanent members elected by the UN General
Assembly for two-year terms. An amendment to the UN Charter in 1965 increased council
membership to 15, including the original five permanent members and 10 non-permanent
members. The presidency is held by each member in rotation for a period of one month.

The composition of the Security Council has been a contentious matter, particularly since
the end of the Cold War. Critics have argued that the Security Council and its five permanent
members reflect the power structure that existed at the end of World War II, when much of the
world was under colonial rule.

The conflict between Russia and Ukraine has been ongoing since 2014, and it has been
accompanied by a significant increase in cyber espionage and intelligence gathering activities.
Russia has been accused of using cyberattacks to interfere with the US elections, poisonings,
and sabotage in Europe. Western countries have been working to identify Russian spies involved
in such activities since 2014. The spy war has intensified as Western countries have sought to hit
back and inflict lasting damage on the ability of Russian intelligence to carry out covert
operations. The recent expulsion of 500 Russian officials from Western capitals is a symbol of
this effort.

The cyber operations during the Russo-Ukrainian War have been a significant part of the
conflict. Russia has used cyber operations as part of a larger campaign or independently as an
instrument of coercion against Ukraine. The use of coded communications had also prompted
several states to mount concerted efforts to divine the secrets of those enciphering machines
and the codes they protected.

Also, the historical context of cyber operations in this conflict includes various incidents
and campaigns, such us:
 SECURITY COUNCIL COMMITTEE

2007 Cyberattacks on Estonia: Though not directly related to the Russia-Ukraine

conflict, the 2007 cyberattacks on Estonia, which is a NATO member neighboring Russia,
demonstrated the potential of cyber warfare. The attacks targeted Estonian government
websites, banks, and media outlets. While Russia denied direct involvement, it raised concerns
about the use of cyber means in geopolitical conflicts.

Annexation of Crimea (2014): Following Russia's annexation of Crimea in 2014, there

were reports of cyber operations targeting Ukrainian government institutions and critical
infrastructure. These attacks included distributed denial-of-service (DDoS) attacks and more
sophisticated APT campaigns. Cyberattacks often accompany military actions as part of a hybrid
warfare strategy.

NotPetya Ransomware (2017): The NotPetya ransomware attack, which initially

targeted Ukraine but quickly spread globally, is widely attributed to Russian hackers. The attack
disrupted various organizations, including critical infrastructure, energy companies, and
government systems. NotPetya was seen as a demonstration of the potential for cyber tools to
be used for destructive purposes.

GRU Indictments (2018): In 2018, the United States indicted members of Russia's
military intelligence agency, the GRU, for various cyber operations, including interference in the
2016 U.S. elections and targeting of anti-doping organizations. Some individuals were linked to
cyber activities against Ukraine.

Cyber Operations in Eastern Ukraine (Ongoing): The ongoing conflict in Eastern

Ukraine has seen continuous cyber operations. These include disinformation campaigns, the
spread of propaganda, and targeted attacks against Ukrainian military and government entities.
The goal is often to gain intelligence, disrupt communications, and sow confusion.

Election Interference: Both during the Ukrainian presidential elections and local
elections, there have been concerns about foreign interference, including cyber activities. This
interference has taken the form of disinformation campaigns, hacking attempts, and efforts to
manipulate public opinion.

Energy Sector Targeting: The energy sector in Ukraine has been a frequent target of
cyberattacks. Incidents, such as the 2015 attack on Ukraine's power grid, highlighted the
vulnerability of critical infrastructure to cyber threats. Such attacks can have significant real-world
consequences.
 SECURITY COUNCIL COMMITTEE

b. Commission objectives.
The Security Council Committee, also known as the United Nations Security Council
Committee, plays a crucial role in maintaining international peace and security. The specific
objectives of the Security Council Committee can vary based on the issues it addresses, but
generally include:

Maintenance of International Peace and Security:

● The primary objective is to contribute to the maintenance of international peace

and security, as mandated by the United Nations Charter.

Implementation of Security Council Resolutions:

● The committee is responsible for overseeing and ensuring the implementation of

resolutions adopted by the Security Council.

Monitoring Sanctions:

● In cases where the Security Council has imposed sanctions on a country or entity,
the committee monitors and assesses the implementation of these sanctions.

Conflict Prevention and Resolution:

● The committee may work on strategies and initiatives aimed at preventing

conflicts and facilitating the resolution of existing conflicts.

Counterterrorism Measures:

● Addressing and combating terrorism is often a key objective. The committee may
focus on implementing measures to counteract terrorism, such as sanctions or
other actions.

Non-Proliferation of Weapons of Mass Destruction:

● The committee may address issues related to the non-proliferation of nuclear,

chemical, and biological weapons, working towards preventing their spread.
​ Humanitarian Concerns.
 SECURITY COUNCIL COMMITTEE

● In conflict situations, the committee may address humanitarian concerns,

including the protection of civilians, access to humanitarian aid, and human rights
issues.

Peacekeeping Operations:

● Supporting and overseeing peacekeeping operations authorized by the Security

Council is another important objective. This may involve coordination with UN
peacekeeping missions.

Dialogue and Diplomacy:

● Promoting dialogue and diplomatic efforts to resolve conflicts peacefully is a

fundamental aspect of the committee's work.

International Cooperation:

● Fostering international cooperation and collaboration among member states and

regional organizations to address security challenges is a key objective.

The Security Council Committee adapts its focus and objectives based on the evolving
international security landscape and specific issues on its agenda. The committee's work is
guided by the principles of the United Nations Charter and aims to prevent and address threats
to global peace and security.

3. Explanation of the topic.

The case of cyber espionage and intelligence gathering between Russia and Ukraine is complex
and multifaceted, involving various incidents and strategies.

Hybrid Warfare Strategy:

● Russia has been accused of employing a hybrid warfare strategy, which combines
conventional military tactics with non-military tools such as cyber operations,
disinformation, and economic coercion.
 SECURITY COUNCIL COMMITTEE
● Cyber espionage and intelligence gathering are integral components of this
strategy, aiming to gain a strategic advantage, disrupt communication, and gather
information about military and political developments.

Political and Military Objectives:

● Cyber operations serve political and military objectives in the conflict. This includes
gaining insights into the opponent's plans, capabilities, and intentions.
● Intelligence gathered through cyber means can inform military strategies, influence
decision-making processes, and provide a competitive edge in the geopolitical arena.

Targeted Attacks:

● Both Russia and Ukraine have been involved in targeted cyberattacks against each other.
These attacks may focus on government institutions, military organizations, critical
infrastructure, and other strategic targets.
● Techniques such as spear-phishing, malware deployment, and exploiting vulnerabilities in
software or hardware are commonly employed to gain unauthorized access to systems.

Disinformation Campaigns:

● Beyond traditional cyber espionage, both sides engage in disinformation campaigns

using social media platforms and other online channels. These campaigns aim to
manipulate public opinion, create confusion, and influence the narrative surrounding the
conflict.
● False narratives and misleading information are disseminated to shape perceptions both
domestically and internationally.

Critical Infrastructure Targeting:

● Cyberattacks on critical infrastructure, such as the energy sector, have been a notable
feature. These attacks can disrupt essential services, sow fear, and create economic
instability.
● Ukraine, in particular, has experienced cyberattacks on its power grid, demonstrating the
potential real-world impact of cyber operations on critical infrastructure.

Attribution Challenges:
 SECURITY COUNCIL COMMITTEE
● Attribution in the cyber domain is often challenging. While there may be strong
indicators of state-sponsored activities, proving direct involvement by a specific
government or organization can be difficult.

● Cyber operations often involve the use of proxies and tactics to mask the identity of the
perpetrators.

International Implications:

● The use of cyber tools in the Russia-Ukraine conflict has international implications. It
raises concerns about the blurring lines between conventional warfare and cyber warfare,
as well as the potential for escalation in conflicts.

Counterintelligence Measures:

● Both Russia and Ukraine invest in counterintelligence measures to protect their own
networks and information. This includes improving cybersecurity, conducting threat
assessments, and actively monitoring for signs of intrusion.

4. Procedure.

MUNARB MOTIONS

Motion: Motions are the tools that the delegate has to carry out an action within the
committee. They should only be proposed when the committee is open to them (this
moment is identified with the phrase “the floor is open to motions” stated by the
chairperson). Motions must be voted on by the committee; however, the chairperson has
the authority to introduce motions on their own initiative.

Opening Motions

Call to order: This is the first motion that arises in the model, indicating the start of
activities
within the UN format.
 SECURITY COUNCIL COMMITTEE

Roll call: (not voted on) In the roll call, the chairperson will name the delegations that
must
be present in the committee in alphabetical order. Each delegate will respond to the call

with present or present and voting. The difference is that in the second option (present
and
voting), the delegate waives their right to abstain during a vote.

Open agenda: Indicates the theme of the debate. When there are two topics in the
committee, the agenda is opened with topic A or B, but MUNARB only handles one topic
per committee.

Read opening speeches: Each delegate will come forward to read their previously
prepared
opening speech.

Debate Motions

Formal debate: In formal debate, after the motion has been formulated and voted
on, the chairperson will ask the delegates who want to be part of a list of speakers
with a specific time per speaker (“delegates who wish to join the list of speakers”).
Delegates who join may request a personal point of privilege to speak first or last
without being abusive or hindering the work of the chairperson. (The time per
speaker is determined by the delegate when presenting the motion, but if the
chairperson considers a different time, they can modify the motion). Delegates
cannot be on a list of speakers twice, but it will be up to the chairperson's discretion,
considering the disposition of time, to allow a possible second intervention through
the use of a personal point of privilege. If the delegate has time left after their
intervention, they have two options indicated by the chair: to yield the time to the
next speaker (the time of the next intervention is added), or to yield the time to the
chair. At the end of the intervention, any delegate in the committee can request a
point of information from the speaker, and the chairpersons will handle this
procedure when the occasion arises.

Informal debate: Informal debate is the most usual type of debate; the delegate
determines the time for it when presenting the motion, however, for time reasons,
the chairperson may modify it. The debate works like this: the delegate who
presents the motion will be the first to speak (this is a UN tradition), and when they
 SECURITY COUNCIL COMMITTEE
finish their intervention, the floor will be open to further interventions (“delegates
who wishes to speak”), at this point, the delegates will raise their placards, and the
chairperson will decide who to give the floor to.

Lobby time: Lobby time is considered for establishing relationships and clarifying
specific points between delegates, and it is important to continue using
parliamentary language and respect between delegates.

● Extend debate / lobby time: The time must be specified, which can be modified by
the chair.
● Extraordinary questioning session: (not voted on) It can be given within an
informal debate, the chairperson will ask the delegates who want to be part of the
session, and it will be carried out, and the debate will continue.
● Adding to the record: (not voted on) The president will keep a record of the
statements made during the meeting, which delegates can refer to when citing or
adding a statement. The process for adding a statement will be as follows: at the
end of a speech, a motion will be made to add it to the record. The president will
ask for the statement, which will be given, and then ask the delegate who made
the speech if it is correct, needs to be corrected, or is not correct. The statement
will be added if it is correct or corrected, and will not be added if it is not correct.
● Dividing the agenda: This is used when a topic has many aspects to be
discussed, to address them in a specific order. The delegate must formulate this
motion very clearly, with the topics to be addressed and their respective time
limits, considering the previously established debate time.

Motion to introduce a press release or directive:

What is it about? It is done to inform the committee about the content of the press
release or directive.

How is it voted? Simple majority, meaning more than half.

Additional information: After the press release or directive has been presented
and debated, it can be opened for amendment.

Motion for working papers.

Reading of working papers: The reading of working papers refers to the moment
when the delegates who have formed a block present the written working paper. A
delegate (head of the block) will present it, but if they so choose, they may request a
point of personal privilege to present it along with another delegate (the author).
 SECURITY COUNCIL COMMITTEE

Stabling a working paper: The purpose of this motion is to discard a working

paper due to many grammatical, formatting, or writing errors. However, the motion is
unacceptable when used for political or personal differences.

Proceed to a voting process: The voting process will be used for papers and
amendments. For it to take place correctly, after the motion has been voted on, the
president will present the following conditions: “The committee is in the voting process,
no one enters or leaves, delegates who declared themselves present and voting in the
roll call do not have the right to abstain, and the voting will take place in order of the roll
call: delegate 1, delegate 2…” Delegates have the right to declare their reasons for being
in favor or against the motion, usually when a delegate considers the current state of the
vote to be irrational up to the point at which they vote. When this happens, the president
immediately concludes the voting, the delegate has two and a half minutes to explain the
reasons, and a new vote is
scheduled. This will only happen once per vote.

Motions to end the format.

Resuming the session: After a break or at the beginning of the second day.

Closing the agenda: To end the topic of discussion.

Suspending the session: To take a break or at the end of the first day.

Ending the session: To end the established debate times in the entire model.

5. Glossary.

Cyber Espionage: The covert and unauthorized acquisition of classified or sensitive information
from computer systems and networks.

Intelligence Gathering: The systematic process of collecting, analyzing, and disseminating

information to gain a strategic advantage or insight into the activities of other entities.

APT (Advanced Persistent Threat):A sophisticated and long-term cyberattack orchestrated by

a well-funded and organized group with specific objectives, often associated with nation-states.
 SECURITY COUNCIL COMMITTEE

Zero-Day Exploit:A cyberattack exploiting a software vulnerability that is unknown to the

software vendor, making it difficult to defend against.

Social Engineering:Manipulating individuals to divulge confidential information or perform

actions that compromise security.

Malware:Malicious software designed to disrupt, damage, or gain unauthorized access to

computer systems.

Phishing:A deceptive technique to obtain sensitive information by masquerading as a

trustworthy entity in electronic communication.

DDoS (Distributed Denial of Service):Overloading a network or website with excessive traffic,

rendering it unavailable to users.

Cryptography:The practice and study of techniques for secure communication in the presence
of third parties, safeguarding information through encryption.

Cybersecurity Framework:A set of guidelines, best practices, and standards designed to

manage and enhance an organization's cybersecurity posture.

Attribution: The process of identifying the entity responsible for a cyberattack, often a
challenging task due to the use of false flags and anonymous techniques.

Nation-State Cyber Actor:A government-sponsored or government-affiliated entity engaged in

cyber activities for intelligence gathering, disruption, or strategic advantage.

Cyber Sovereignty:The concept that states have the right to govern and control the flow of
information within their borders, including the cyber domain.

Security Council:A principal organ of the United Nations responsible for maintaining
international peace and security.
 SECURITY COUNCIL COMMITTEE
Bilateral Relations:The diplomatic and political interactions between two nations,
which can influence the dynamics of cyber relations.

Non-State Actors:Entities other than nation-states, such as hacktivist groups or private

organizations, involved in cyber activities.

Incident Response:The coordinated effort to manage and mitigate the impact of a cybersecurity
incident, including investigation and recovery.

Stuxnet:A notorious computer worm discovered in 2010, believed to be a cyberweapon

designed to target Iran's nuclear program.

Cyber Diplomacy:The use of diplomatic channels and negotiations to address issues and
conflicts arising in the cyber domain.

Critical Infrastructure:Systems and assets, whether physical or virtual, that are essential to the
functioning of a society, economy, or government.

6. Guiding Questions.

● What is the current state of cyber threats and activities in the Russia-Ukraine conflict?

● How challenging is it to attribute cyber operations to specific state actors in the

Russia-Ukraine conflict?

● How do cyber espionage and intelligence gathering fit into the broader strategy of hybrid

warfare employed by the involved parties?

● What impact do cyber operations, including espionage and intelligence gathering, have

on the national security of both Russia and Ukraine?

● To what extent do cyber operations impact the civilian population in terms of privacy,

human rights, and access to essential services?

● What are the potential future trends in cyber warfare in the Russia-Ukraine conflict?
 SECURITY COUNCIL COMMITTEE

7. Conclusion.

The conflict between Russia and Ukraine has been a long-standing one, with espionage
and intelligence gathering being a significant part of it. According to a report by the BBC,
Russia’s intelligence services have been suspected of carrying out various activities, including
interfering with the US elections using cyberattacks, poisonings, and sabotage in Europe. The
spy war has intensified in recent months, with Western countries seeking to hit back and inflict
lasting damage on the ability of Russian intelligence to carry out covert operations. The report
also highlights the unprecedented expulsion of 500 Russian officials from Western capitals, who
are believed to be undercover intelligence officers.

Another report by Dark Reading outlines how attackers have used seven different
families of malware and denial-of-service (DoS) attacks to attack everything from
telecommunications infrastructure to oil and gas firms. The report also suggests that the conflict
holds valuable lessons for cyberwar.

A recent report by CBS News alleges that Russia-based hackers conducted a

sophisticated cyber campaign against American intelligence officials, including contractors at the
State and Defense Departments, as part of an international operation that included NATO
members and Ukraine.

Finally, a report by Stiftung Wissenschaft und Politik provides an overview of the cyber
operations in Russia’s war against Ukraine. The report highlights the use of cyber operations by
Russia in the conflict and the lessons learned so far.

In conclusion, the conflict between Russia and Ukraine has seen a significant escalation
in cyber espionage and intelligence gathering. The conflict holds valuable lessons for cyberwar,
and it is essential to remain vigilant against such attacks in the future.
 SECURITY COUNCIL COMMITTEE

8. Recommended Sources.

Ray, M. (2024, January 27). Russia-Ukraine War | Casualties, Map, Causes, & Significance.

Encyclopedia Britannica. https://www.britannica.com/event/2022-Russian-invasion-of-Ukraine

Masters, J. (2023, February 14). Ukraine: Conflict at the crossroads of Europe and Russia.

Council on Foreign Relations.

https://www.cfr.org/backgrounder/ukraine-conflict-crossroads-europe-and-russia

Topic: Russia-Ukraine war 2022-2023. (2023, December 21). Statista.

https://www.statista.com/topics/9087/russia-ukraine-war-2022/#topicOverview

Jazeera, A. (2023, April 11). History Illustrated: Russia and Ukraine, a history of violence. Al

Jazeera.

https://www.aljazeera.com/amp/gallery/2023/3/27/history-illustrated-russia-and-ukraine-a-histor

y-of-violence

JSTOR Daily. (2023). Ukraine, Russia, and the West: A background reading list. JSTOR Daily.

https://daily.jstor.org/ukraine-russia-and-the-west-a-background-reading-list/

Twelve myths about Russia’s War in Ukraine exposed. (2023, March 8). European Commission

Representation in Cyprus.

https://cyprus.representation.ec.europa.eu/news/twelve-myths-about-russias-war-ukraine-exposed

-2023-03-08_en

Mankoff, J. (2022). Russia’s War in Ukraine: identity, history, and conflict.

https://www.csis.org/analysis/russias-war-ukraine-identity-history-and-conflict
 SECURITY COUNCIL COMMITTEE

9. Bibliography.
The Editors of Encyclopaedia Britannica. (2024, January 26). United Nations Security Council |

History & members. Encyclopedia Britannica.

https://www.britannica.com/topic/United-Nations-Security-Council

Trahan, J. (2020). The origins and history of the veto and its use. In Cambridge University Press

eBooks (pp. 9–52). https://doi.org/10.1017/9781108765251.003

Staff, C. (2023, February 28). The UN Security Council. Council on Foreign Relations.

https://www.cfr.org/backgrounder/un-security-council

Mueller, G. B., Jensen, B., Valeriano, B., Maness, R. C., & Macias, J. M. (2024). Cyber

Operations during the Russo-Ukrainian War.

https://www.csis.org/analysis/cyber-operations-during-russo-ukrainian-war

Russian cyber operations in the invasion of Ukraine on JSTOR. (n.d.). www.jstor.org.

https://www.jstor.org/stable/48703290

Cyber espionage and information warfare in Russia | Small Wars Journal. (n.d.).

https://smallwarsjournal.com/jrnl/art/cyber-espionage-and-information-warfare-russia

Corera, B. G. (2022b, May 14). Ukraine: The spy war within the war. BBC News.

https://www.bbc.com/news/world-61311026

Writer, R. L. C. (2023, December 8). Russia-Ukraine conflict holds Cyberwar lessons.

https://www.darkreading.com/threat-intelligence/russia-ukraine-conflict-holds-cyberwar-lessons
 SECURITY COUNCIL COMMITTEE
Legare, R., & Ott, H. (2023, December 7). Russian hackers accused of targeting U.S.

intelligence community with spear phishing campaign. CBS News.

https://www.cbsnews.com/news/russian-hackers-u-s-intelligence-community-spear-phishing-cam

paign/