Cyber Terrorism

Terrorism – the application of politically-motivated violence to resist or influence the policies of governing regimes – has been a spectre of organised governments for millennia.[1]  Almost by definition, terrorism is ‘asymmetrical’: the state is always more powerful than the antagonists seeking to undermine it. In employing a technique of changing violent tactics, a less well-resourced terror group can use the element of surprise to achieve success against a less agile state security apparatus.

Terror tactics have changed over time as the genus of groups perpetrating the violence and the security measures in place to prevent them has advanced and evolved. This can be seen in the changing terrorist practices of the last hundred years, from political assassination in the early 20th century, to plane hijacking and hostage taking by Middle Eastern terrorist groups in 1970s, attacks on police and army units and mainland car bombs preceded by warnings by the IRA in 1990s, and a shift toward maximising civilian casualties with suicide attacks by jihadists in the past 15 years. Perhaps the most radical innovation in terror tactics in the 21st century to date has been the weaponisation of passenger aircraft by al-Qaeda in 2001.[2]

With this history of advancing tactical techniques; as a 1999 study prepared for the Defense Intelligence Agency and produced at the Naval Postgraduate School began with a disclaimer stating, “cyberterror is not a threat, at least not yet, and not for a while.” Nevertheless, the authors warned, “cyberterror is indeed coming”[3]; spectre of cyber terrorism is increasing day by day. This emergent threat and the potential risks it poses for the UK property insurance market over the next three years, using an analysis of the state of global terrorism and technological vulnerability at the close of 2017.

Hybrid conflicts have replaced the traditional ones, and new threats have emerged in cyberspace, which has become a virtual battlefield. Cyber threats – cybercrimes, cyberterrorism, cyberwarfare. Cyberterrorism is a premeditated criminal act by agents against information systems to inflict terror and panic. It is a threat to national security and a risk to public safety. It is the use of the Internet for terrorism. It is a pressing security issue facing the U.S. and its allies.

Cyberterrorism is the convergence of terrorism and cyberspace.   It  involves  the use  of  the  Internet as  both  enabler  and  support  mechanism.  It has the potential of creating a postmodern state of chaos. It  uses  computer  resources  to  intimidate  or  harm  or  disrupt  critical  infrastructures  such  as  power  grid,  transportation,  oil  and  gas,  banking  and  finance,  water, and emergency  services.[4]

Bruce Hoffman defines terrorism as “the deliberate creation and exploitation of fear through violence or the threat of violence in the pursuit of political change.”[5] The main aim behind cyberterrorism is to cause harm and destruction. Cyberterrorism can be understood as internet terrorism. With the advent of the internet, individuals and groups are misusing the anonymity to threaten individuals, certain groups, religions, ethnicities or beliefs. These can be further divided into different categories as according to the scope and the harm or damages it does like; simple: This consists of basic attacks including the hacking of an individual system, advanced: These are more sophisticated attacks and can involve hacking multiple systems and/or networks, complex: These are coordinated attacks that can have a large-scale impact and make use of sophisticated tools.

However, there are no laws to protect users from cyber attacks. Since attacks can happen any day to anyone, we should have basic preparation to protect ourselves.  Awareness is perhaps the best defense.[6] The key to combating cyberterrorism is prevention; but it is also true that there are no foolproof ways to protect a system. There are few key things to remember to protect yourself from cyber-terrorism like; all accounts should have passwords and the passwords should be unusual, difficult to guess, keep changing the network configuration whenever some defects come in connecting to network, don’t connect to unknown websites or sites of no use, and many more like these steps can be taken.

Cyberterrorism has the potential to create a postmodern state of chaos, which may refer to a state of extreme disorder and confusion. Cyberterrorists could launch an attack on hospitals, destroying lives, their peacemakers and life-support machines. They could also attack the military, destroying their communications systems.[7]

To understand how computer technology could be used purely for psychological manipulation, consider this scenario : On September 11,2001, as planes crashed into the World Trade Center and the Pentagon, millions of Americans watched the events unfold on television; many also used the Internet to try to find out more about what was happening. The CNN site experienced particularly heavy traffic that day. What if, instead of finding CNN-generated content, these visitors had encountered a Web page that announced — in appropriately terrifying graphics — “World War – Nuclear Holocaust in Europe and Australia, Japan Devastated by Chemical Attack”? Since this was 2001, an over-the-top Orson Welles “War of the Worlds” reaction would be unlikely; people obtain their news from several types of media and from various sources within each media type. But the posting of such a falsified page could have acted as a terror multiplier[8], enhancing the unnerving effects of the day’s real-world terrorist events. It could also have left lingering doubts in the public’s mind as to whether “the government” had actually “covered up” the extraterritorial disasters once reported on CNN.

Cyberterrorism has at least four tactical advantages for the attackers. First, using cyber domain makes cyberterrorism less expensive than traditional terrorist tactics.  Second, terrorist organizations increase their profits and develop new types of weapons.    Third, it is difficult to track down the identity of terrorists. It is almost impossible to know where the attack originated. The odds of their being persecuted are low. Fourth, it can be conducted remotely and the number of potential cyber targets is enormous.[9]

More work is needed to understand and assess the risk associated with cyberterrorism—threats, vulnerabilities, and consequences. The cyberterrorism definition proposed here is broad enough to give researchers a wider lens to study the cyber capabilities of terrorists across the full spectrum of cyberspace.

References :-

[1] The history of terrorism, dating back as far as the ‘Zealots’ terror campaign against the Roman regime in AD 66-73, is well described in Hoffman (2006); Inside Terrorism; Columbia University Press

[2] Evan, T.; Leverett, E.; Ruffle, S. J.; Coburn, A. W.; Bourdeau, J.; Gunaratna, R.; Ralph, D.; 2017. Cyber Terrorism: Assessment of the Threat to Insurance; Cambridge Risk Framework series; Centre for Risk Studies, University of Cambridge.

[3] Bill Nelson, Rodney Choi, Michael Iacobucci, Mark Mitchell, and Greg Gagnon, Cyberterror: Prospects and Implications (Monterey, CA: Center for Study of Terrorism and Irregular Warfare, 1999).

[4] J. Matusitz, “Cyberterrorism:  Postmodern  state of  chaos,”  Information  Security  Journal:  A  Global  Perspective, vol. 17, no. 4, 2007, pp. 179-187.

[5] Bruce Hoffman, Inside Terrorism (New York: Columbia University Press, 2006), p. 40.

[6] Y.  Zhang  et  al.,  “A  survey  of  cyber  crimes,”  Security and Communication Networks, vol. 5, 2012,  pp. 422-437.

[7] A.  M.  S.  Parker,  “Cyberterrorism:  the  emerging  worldwide  threat,”  in  D.  Canter (ed.), The Faces of Terrorists: Multidisciplinary Perspectives, John Wiley & Sons, 2009, pp. 245-255.

[8] Susan W. Brenner & Marc D. Go0dman, In Defense of Cyberterrorism : An Argument for Anticipating Cyber-Attacks, 2002 University of Illinois Journal of Law, Technology & Policy 1.

[9] J.  J.  Klein,  “Detering  and  dissuading  cyberterrorism,” Journal of Strategic Security, vol. 8, no. 4, Winter 2015, pp. 23-38.