It's Evident

Back


Let's Take a Hard Look at Cyberterrorism
Susan Zucker, Ph.D., Director of Technology & Distance Education

Cyberterrorism Defined

Cyberterrorism is premeditated terrorism implemented via cyberspace and constitutes unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives.1 Cyberterrorist attacks result in violence against persons or property, or at least cause enough harm to generate fear. Examples include: attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, serious attacks against critical infrastructures such as the power grid, or severe economic loss.2 Attacks that disrupt nonessential services or that are mainly a costly nuisance would not.3

What is the impact?

The "LoveBug" virus crippled government and business computers in Asia, Europe, and the United States costing nearly $10 billion in May, 2000 when it arrived in email inboxes with the subject of "ILOVEYOU" and an attachment "LOVE-LETTER-FOR-YOU.TXT.vbs".4 Every day corporations in the U.S. and abroad spend tens (if not hundreds) of billions of dollars combating the threats of cyber attacks and cyber terrorism.5 The attacks from professional cyber warriors are more frequent and more complex, and corporations increasingly seek help from governments globally to thwart these attacks and curb the financial bleeding.

Direct cost implications include: loss of sales during the disruption; staff time, network delays, intermittent access for business users; increased insurance costs due to litigation; loss of intellectual property - research, pricing, etc.; costs of forensics for recovery and litigation; loss of critical communications in time of emergency. There are also significant indirect cost implications: loss of confidence and credibility in our financial systems; tarnished relationships and public image globally; strained business partner relationships - domestic and internationally; loss of future customer revenues for an individual or group of companies; loss of trust in the government and computer industry.6

The Threat

Despite significant investment in technology and infrastructure, cyberterrorism represents one of the greatest challenges in combating terrorism.7 Cyberterrorist attacks are increasing both in frequency and complexity and every day the Internet and countless other computer systems are under attack. The Cyberterrorism Defense Analysis Center (CDAC) reports that the threat of cyberterrorism to our technical infrastructure is real and immediate. Computers and servers in the United States are the most aggressively targeted information systems in the world, with attacks increasing in severity, frequency, and sophistication each year. As our nation’s critical infrastructure grows more reliant on information technologies, it also becomes more exposed to attackers, both foreign and domestic. These attacks can threaten our nation’s economy, public works, communication systems, and computer networks “Even if the technology is armor plated, insiders acting alone or in concert with other terrorists may be able to exploit their access capabilities to wreak considerable harm.”8 As terrorists learn what works and what doesn’t, where the vulnerabilities are, how we respond, and the methods we use to detect these attacks, they gain the knowledge that will increase their odds for success.9 James Lewis, Director and Senior Fellow, Technology and Public Policy Program, Center for Strategic and International Studies, directs the technology and public policy program. He says that the Internet’s connectivity creates “endless opportunities for mischief”.10 Mr. Lewis co-authored the report “Security Cyberspace in the 44th Presidency,” which was written for the Commission on Cyber Security. The report explains that though the U.S. has unequaled offensive cyberwar capability, it is clear, from the recent breaches at Google and the Department of Defense, that the U.S. is unprepared to fend off a massive attack.11 This report was given to President Obama after his inauguration.

Kinds of attacks

The Internet has changed greatly in the past thirty years and is invaluable for its interconnectivity. The uptake rate is high as millions of new users access data from the net each year. This connectivity continues to reshape business, global affairs, and warfare. The problem with easy connectivity is that it is bad at identifying who is who. Though we have not experienced a Cyber Pearl Harbor, or better stated an intelligence Pearl Harbor, there have been significant breaches in governmental and corporate security where secrets were stolen from databases in 1998, 2003, 2007, 2008, and 2009. Unknown foreign intruders made off with terabytes of information in 2007.12 Many people wonder whether the northeast black out in 2003 was the first cyber attack. The Departments of State, Commerce, Energy, and Defense, as well as NASA, where our most recent rocket designs were stolen, were compromised as many terabytes of information were lost in 2007. As a point of reference, the Library of Congress, with its millions of volumes, contains 20 terabytes of information.13 In 2008, the Department of Defense classified networks were broken into and the attackers could not be ousted from the system for a few days. Favorite suspects are Russia and China.

We need to be concerned about attacks that not only come from governments, but also well-funded terrorist groups such as Hezebollah, and disaffected youth. Hezebollah is more dangerous than Al Qaeda because it has solid funding streams. James Lewis predicts that Al Qaeda will develop capabilities to carry out attacks on the web within the next decade but notes that terrorists may not bring down the entire Internet because they also realize the benefits of having it operational.

Mr. Lewis outlines several ways that have been used to launch major cyber attacks. He states that an attack can be simple and crude: malicious software placed on a thumb drive and left in the parking lot of a desirable target can wreak havoc on a computer system when the drive is put into a computer attached to a network. That is how CENTCOM and the Department of Defense were hacked in 2008. Botnets, or robot networks, are the tools du jour of cyber crime. Botnets are pieces of code which can be rented and can be launched to remotely connect to computers. Another favorite way to launch an attack is through social engineering whereby you know some information about someone and an email is sent to all your friends as if were from you. The email contains a malicious message. Presto, you’ve got em.14

The Level of Threat Today

Director of the National Security Agency and Chief of Central Security Service, Lieutenant General Keith Alexander, suggests the United States should fight fire with fire if there is a cyber attack.15 He advocates that the government should swiftly and strongly stop or disable the threat -- even if the attacker's identity isn't known – if someone attacks the Internet or computer based systems.16 Lieutenant Alexander also says “the U.S. shouldn't shrink back from taking action against countries like Iran and North Korea just because they might launch cyber attacks.”17 Congress was warned by the Director of National Intelligence, Dennis Blair, at an intelligence meeting last month, that the nation’s computer networks are particularly vulnerable to terrorist attacks. "Malicious cyber-activity is occurring on an unprecedented scale with extraordinary sophistication;"18 he further noted that a December security breach at Google was a "major wake up call" for U.S. officials.19 Every single day, Blair said, sensitive information is "stolen from both government and private sector networks" as criminals become increasingly more sophisticated.20 Mr. Blair stated that terrorists are increasingly interested in cyber attacks. Al Qaeda and affiliates have made it a priority to develop capabilities to launch a crippling attack on telecommunications and systems in the U.S. He predicts that we should expect one in less than a decade from governmental representatives, cybercriminals who act in behest of the state, where there has been political discord between the U.S. and them; i.e., Georgia. Anyplace that is dependent on a computer network that is connected to the Internet is vulnerable; the biggest worry is the electrical grid because it is possible to disrupt it remotely. It is possible to rapidly implant something to cripple these systems.21 Dorothy Denning, Professor in the Department of Defense Analysis at the Naval Postgraduate School, writes in “CYBERTERRORISM, Testimony before the Special Oversight Panel on Terrorism Committee on Armed Services U.S. House of Representatives” about a report issued by the Center for the Study of Terrorism and Irregular Warfare at the Naval Postgraduate School in Monterey, California, entitled "Cyberterror: Prospects and Implications". This report concluded that the barrier to engage in cyberterrorism is very high in that it would take upwards of six years to reach the most advanced level – “complex-coordinated” – outlined below. “… systems are complex so it may be harder to control an attack and achieve a desired level of damage than using physical weapons.”22 Terrorists are also not inclined to try new methods when they are unconvinced “that their old ones are inadequate, particularly when the new methods require considerable knowledge and skill to use effectively.”23 The report goes on to say that “terrorists generally lack the wherewithal and human capital needed to mount a meaningful operation.”24 Therefore, it is argued by the Monterey Group that cyberterrorism is a thing of the future, not imminent, but to be expected within the decade.25

    Three levels of cyberterrorism were identified by the group:
  • Simple-Unstructured: The capability to conduct basic hacks against individual systems using tools created by someone else. The organization possesses little target analysis, command and control, or learning capability.
  • Advanced-Structured: The capability to conduct more sophisticated attacks against multiple systems or networks and possibly, to modify or create basic hacking tools. The organization possesses an elementary target analysis, command and control, and learning capability.
  • Complex-Coordinated: The capability for a coordinated attack capable of causing mass-disruption against integrated, heterogeneous defenses (including cryptography). Ability to create sophisticated hacking tools. Highly capable target analysis, command and control, and organization learning capability.”26
Five terrorist group types were also examined by the Monterey Group: religious, New Age, ethno-nationalist separatist, revolutionary, and far-right extremists.27 It is expected that the religious groups will achieve the most damaging or advanced level.28 “New Age or single issue terrorists, such as the Animal Liberation Front, pose the most immediate threat, however, such groups are likely to accept disruption as a substitute for destruction.”29 Both the revolutionary and ethno-nationalist separatists are likely to seek an advanced-structured capability. The far-right extremists are likely to settle for a simple-unstructured capability, as cyberterror offers neither the intimacy nor cathartic effects that are central to the psychology of far-right terror. The study also determined that hacker groups are psychologically and organizationally ill-suited to cyberterrorism, and that it would be against their interests to cause mass disruption of the information infrastructure.30

Thwarting Cyberterrorism

The current administration in Washington has placed cyber security on the list of top five priorities. The War on Surveillance program under the Bush administration has been suspended because it didn’t work for many reasons. Instead, cyber security has been made a department and Howard Schmidt has been named its chief. Secretary of State, Hillary Clinton, made a speech this year (2010) on what the United States wants the Internet to look like: that nations should be able to connect in an open and free forum and that there will be consequences for misbehavior on the Net. President Obama’s speech on May 29, 2010 defined cyber security as a critical national asset that the U.S. will defend by using all means and in so doing declared the magnitude of the problem to other nations.31 The Department of Defense has addressed this problem thoroughly because it is the biggest target and is probed millions of times each day. Corporate America must wage an all-out war against cyber terrorism in close collaboration with government and industries specializing in computer and information security, data protection, privacy networking, software, and hardware. Security is not an add-on but is designed as an integral part of a system; the weakest links must be secured to decrease vulnerability. Tougher penalties for cyber crimes must be instituted and law enforcement efforts to fight it must be financed. Close global collaboration is critical is a very difficult task. Encryption is used widely and is essential for several reasons: 1) to protect corporate assets from economic espionage by foreign governments, competitors, and terrorists; 2) so that law enforcement agencies can counter the surveillance activities of organized crime; and 3) so that all organizations and individuals can safeguard sensitive information from criminals and intruders. The Cyberterrorism Defense Initiative (CDI), a national counter-cyberterrorism training program, offers comprehensive, transferable, and free cyberterrorism training to qualifying technical personnel throughout the United States.32 This program was developed for technical personnel and managers who monitor and protect the United States’ critical infrastructures. CDI reaches all levels of public service, including state and local government, law enforcement, firefighting, public utilities, public safety and health, emergency medical services, and colleges and universities. Classes are free of charge to qualified personnel, and are held in easily accessible and centralized locations throughout the United States.33 http://cyberterrorismcenter.org CDI was developed and is administered by the Cyberterrorism Defense Analysis Center (CDAC) of the Criminal Justice Institute (CJI), University of Arkansas System. CDI is funded by a cooperative agreement from the United States Department of Homeland Security (DHS), Federal Emergency Management Agency (FEMA), Training and Exercise Integration/Training Operations (TEI/TO).34

Conclusion

The violent pursuit of political goals using exclusively electronic methods is likely to be at least a few years into the future. However, cybercrime in the form of stalking, death threats, hate messages, theft and fraud are currently abundant.35 Denning writes: “The next generation of terrorists will grow up in a digital world, with ever more powerful and easy-to-use hacking tools at their disposal. They might see greater potential for cyberterrorism than the terrorists of today, and their level of knowledge and skill relating to hacking will be greater. Hackers and insiders might be recruited by terrorists or become self-recruiting cyberterrorists, the Timothy McVeighs of cyberspace. Some might be moved to action by cyber policy issues, making cyberspace an attractive venue for carrying out an attack. Cyberterrorism could also become more attractive as the real and virtual worlds become more closely coupled, with a greater number of physical devices attached to the Internet. Some of these may be remotely controlled. Terrorists, for example, might target robots used in telesurgery. Unless these systems are carefully secured, conducting an operation that physically harms someone may be easy as penetrating a website is today.”36

Up

Sources

1  Cyberterrorism, www.crime-research.org/library/Cyberterrorism.html (accessed April 17, 2010).
2 Id.
3 Id.
4 "I Love You Virus", Wikipedia, http://en.wikipedia.org/wiki/ILOVEYOU (accessed April 17, 2010).
5 "Cyber Terrorism", www.crime-research.org/library/Cyberterrorism.html (accessed April 17, 2010).
6 "Cyber-Terrorism Part 1", www.scribd.com/doc/28661493/Cyber-Terrorism-seminar-part1 (accessed April 17, 2010).
7 IBID. at www.crime-research.org/library/Cyberterrorism.html (accessed April 17, 2010).
8 Id.
9 Id.
10 “Assessing The Threat of Cyberterrorism”, www.npr.org/templates/story/story.php?storyId=123531188 (accessed April 17, 2010).
11 "Cyberattack: U.S. Unready For Future Face Of War", www.npr.org/templates/rss/podlayer.php?id=2100536 (accessed April 17, 2010).
12 "Significant Cyber Incidents Since 2006", csis.org/files/publication/100120_CyberEventsSince2006.pdf (accessed April 17, 2010).
13 Library of Congress, http://en.wikipedia.org/wiki/User:Hemlock_Martinis/LoC (accessed April 17, 2010).
14 “Assessing The Threat of Cyberterrorism”, (http://www.npr.org/templates/story/story.php?storyId=123531188 (accessed April 17, 2010).
15 "NSA Chief Sets Out Rules For Fighting Cyber Terrorism", http://www.digtriad.com/news/national_world/article.aspx?storyid=140582&catid=175 (accessed April 17, 2010).
16 Id.
17 Id.
18 IBID. at http://www.npr.org/templates/story/story.php?storyId=123531188 (accessed April 17, 2010).
19 Id.
20 Id.
21 "Senators Warned of Terror Attack on U.S. by July", www.nytimes.com/2010/02/03/us/politics/03intel.html (accessed April 17, 2010).
22  Denning, D.E., CYBERTERRORISM, Testimony before the Special Oversight Panel on Terrorism, Committee on Armed Services, U.S. House of Representatives May 23, 2000, http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html (accessed April 17, 2010).
23 Id.
24 Id.
25 Id.
26 Id.
27 Id.
28 Id.
29 Id.
30 Id.
31 "The National Security Strategy of the United States of America", http://www.informationclearinghouse.info/article2320.htm (accessed April 17, 2010).
32 "Cyberterrorism Defense Initiative", http://cyberterrorismcenter.org (accessed April 17, 2010).
33 IBID. at http://www.informationclearinghouse.info/article2320.htm (accessed April 17, 2010).
34 IBID. at http://cyberterrorismcenter.org/ (accessed April 17, 2010).
35 IBID. at http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html (accessed April 17, 2010).
36 Id.