cyber warfare: cyber terrorism
DESCRIPTION
Within the realm of cyber warfare, cyber terrorism is evolving at a very fast pace. It has become a concern of not only Americans but almost every other government. This threat has changed the traditional terrorist way of fighting. No longer do terrorists need to blow up buildings or bomb ships but can now exert control over them in a different way. The use of computers to aid in terrorist attacks has reached a new level since they can now sit safely behind a keyboard and cause havoc. The main threat in the US and abroad is the threat to our critical infrastructures. These systems are what keep governments running smoothly and effectively. They are vital to the operations of many governments and if disrupted can cause chaos as well as a loss of life depending on the system that is attacked. These attacks have the potential to be more deadly than any traditional terrorist attack. The possibility for cyber terrorists to attack along with a traditional attack makes it even more deadly. This is the new landscape of warfare, and it is constantly evolving to become a bigger threat.TRANSCRIPT
2
Cyber Warfare: Cyber Terrorism
The Threat
Cyber terrorism is the world’s newest threat against the United States. The FBI defines
cyber terrorism as "The premeditated, politically motivated attack against information, computer
systems, computer programs, and data which result in violence against noncombatant targets by
sub-national groups or clandestine agents" (Elmusharaf, 2004). This definition provided by the
FBI can be broken down into several layers. The first layer is that of the actors, their motives are
political in nature and are thought out and planned. They are targeting computer systems which
would include vital infrastructures that allow the US to function. Their wanted result is that of
causing panic, mayhem, and even death to innocent civilians as well as US forces. The battle
landscape against the United States has changed from the normal battle fields of sand and dirt to
that of the information super highway. This allows for terrorist attacks that no longer target
physical assets, but instead targets our computer systems, cyber infrastructure, and other
computer based systems. These systems can include municipal systems, nuclear power plants,
hospitals, and financial sectors.
The biggest threat from cyber terrorism is to the United States critical infrastructures
(Piggin, 2010). These infrastructures include power grids, nuclear power plants,
communications systems, water, food production, health care, financial and transportation
(Piggin, 2010). Each one of these systems has its own vulnerabilities and own consequences if
they are exploited.
Power grids are an obvious target; they provide power to the US and allow us to function
normally throughout our day. Many people take this luxury for granted however once it fails it
can throw an entire city into chaos. Such as the incident in August of 2003 in New York City
and much of the New England area when the power grid failed leaving millions without power
3
Cyber Warfare: Cyber Terrorism
and entire cities gridlocked with traffic unable to move. Power grids as of 2009 were considered
to be extremely vulnerable and needed to be updated with better cyber security (Neil, 2009). The
failure of these grids was said by President Obama to be the same as a nuclear or biological
attack (Piggin, 2010). This is now considered a top fix for the nation’s cyber security industry.
With power grids comes both a physical and cyber asset that can be extremely deadly in both
forms if attacked, nuclear power plants. These plants when working properly create electricity
for millions of Americans. However, these plants pose both a concern for a physical attack as
well as a cyber-attack. With many of these plants being automated the risk for a cyber-terrorist
attack that causes a meltdown would be not only catastrophic but also exactly what a terrorist
organization would want. Nuclear power plants rely heavily on systems that automate the entire
plant. These systems are vulnerable to viruses, malware, and traditional hacking methods (Neil,
2009)(Piggin, 2010).
Communication infrastructures are another valuable asset that is susceptible to cyber
terrorism. This target if attacked could cause major problems for our emergency management as
well as personal communication. Since the systems that run many of the SCADA networks do
not use any security or adequate security to fend off an attack they are open to being targets for
cyber terrorists (Patel, Bhatt, Graham, 2009). SCADA networks consist of a master terminal,
remote terminals or intelligent electronic devices designed to capture data around the network.
The communication between these different terminals is not up to the security standards that they
should be. Their security that is used is easily cracked and thus makes for an easy target (Patel
ET all, 2009). These networks often communicate over the normal network and do not have a
separate independent network to operate on. If cyber terrorists attacked our communication
4
Cyber Warfare: Cyber Terrorism
networks it would make it very difficult for 911 centers to dispatch both police and ambulances.
This could mean the loss of life or other chaotic situations.
Our water and food production systems both are valuable targets to cyber terrorists
(Hayes, 2010). Many of these systems Americans do not worry about and never feel as if they
can be targets. This is due in part to the fact that many of these systems were not only designed
and built way before anyone knew what a cyber-terrorist was but also before many of these
systems were ever automated (Hayes, 2010). Just because these systems were built before the
Internet was around does not mean they are not easy targets for cyber terrorists. Causing
disruptions in food production and water purification and distribution could seriously disrupt
Americans lives.
Health care systems would be a huge target for cyber terrorists. This would include the
making, testing, and distribution of drugs. People assume when they open a bottle of medicine it
is both what they bought as well as safe to take. If a cyber-terrorist gained access to a drug
manufacturing system they could not only change drug ingredients but possibly have wrong
labels placed on drugs. This could put millions of people at risk by simply changing a few
manufacturing commands in a drug labeling system.
Financial firms housing the financial data of millions of Americans are an ideal target for
a terrorist to cause significant damage. An attack on a financial institution if done right could
cause significant down time of that institution (Montgomery, 2003). This would make
purchasing even the most basic good near impossible until the banking institution came back
online. This could cause great hard ships to people that do not carry around cash and rely on
their credit or bank cards.
5
Cyber Warfare: Cyber Terrorism
In the United States we rely heavily on many different modes of transportation. Our vast
networks of roads, rail and air transportation systems move people all over the country. This
type of target for a cyber-terrorist could cause everything from a small traffic jam to mass
casualties from a plane crash. The necessary software and hardware to cause such a disaster is
readily available and also easily obtained (Mann, 2002).
Analysis of Motivation
Cyber terrorism includes several actors, terrorist, defender, and targets. The key actors in
this array are the terrorists themselves. They are the ones targeting both government and non-
government targets. These targets are mentioned prior and are essential to the United States as
well as other major countries running smooth and effective. These actors are new to terrorism,
where they once drove truck bombs into buildings they now unleash viruses into banking
systems (UK 'COULD BE TARGET FOR CYBER-TERRORISTS', 2003). These terrorists
however have the same end goal as their traditional counterpart. They both seek to terrorize and
inflict fear and pain into others for their own political agenda. This is what terrorism is all about
and has been since the beginning of time (Matusiz, 2011). Terrorists whether cyber terrorist or
what are considered more traditional terrorists have similar agendas, they just have different
ways at completing the final result. Cyber terrorists use the power of computers and utilize
tools previously unused by terrorists. Cyber terrorists also do not have to give their own life to
complete a mission unlike some of their traditional counterparts. Their missions are completed
behind a desk under the anonymity of the Internet. Their ultimate goal is to cause disruptions in
or societies to better their cause. The disruption of our critical infrastructures would be an ideal
target to complete these missions. With cyber terrorism they can easily mount several attacks in
a shorter period of time without extensive planning (Hinde, 2001). With airport security
6
Cyber Warfare: Cyber Terrorism
reaching a new high it is harder for terrorists to slip bombs onto planes or even hijack them. But
with cyber terrorism they can simply hack the computer system of these planes or air traffic
controllers and possibly cause an even bigger catastrophe.
On the other side of the terrorists are those employed to protect the United States and
other countries from these threats. Both private and public sectors are joining forces to stop
these attacks and prevent a major incident from happening. One of these joint ventures is the
Information Technology Information Sharing and Analysis Center (IT-ISAC) (Stevens, Jusko,
2001). The mission of IT-ISAC is “to report and exchange information among its industry
members concerning electronic incidents, threats, attacks, vulnerabilities, solutions and
countermeasures, best security practices, and other protective measures; to establish a
mechanism for systematic and protected exchange and coordination of such information; and to
take other appropriate action commensurate with these goals (Stevens, Jusko, 2001)”. This is
just one example where public and private partnerships are helping to curb cyber terrorists.
There are also other types of ISAC’s that respond to specific industries such as power
companies, financial firms, and telecommunications companies (Stevens, Jusko, 2001). Many
government agencies as well as private firms have their own cyber security operations that
operate 24 hours a day 7 days a week to combat this threat.
As with all terrorist operations the usual target is that of innocent bystanders. These
innocent targets are used because it strikes fear into people. Imagine how many people feared
getting on a plane or going into a high-rise building after 9/11. This is why many times high
profile and symbolic targets are chosen. The twin towers were not chosen simply because they
were tall but they were symbols of an iconic American skyline and also a financial epicenter. In
any type of war there are expected casualties such as soldiers that you rarely hear about, but
7
Cyber Warfare: Cyber Terrorism
when it is innocent people killed it makes the news and horrifies people. A cyber-attack
targeting a large metropolitan area causing sewage being pumped into fresh drinking water could
cause many deaths as well as causing many to fall sick. Innocent bystanders do not exist in the
eyes of the terrorists but are grouped alone side those fighting the physical war as well. So in
cyber terrorism there are three parties, the terrorists, the defenders, and the targets.
Defending the Risk
There are many ways both electronically and physically to defend against cyber
terrorism. The first approach would be to use a strong encryption for both connections as well as
storing of data. Since some terrorists are simply after data storing that data in a secure manor is
ideal. The use of quantum technologies is a big step in keeping our connections and data secure
(Korchenko, Vasiliu, Gnatyuk, 2010). This also includes quantum cryptography, quantum
secure connection, and quantum secret sharing (Korchenko, Vasiliu, Gnatyuk, 2010). Quantum
technologies do not have to be used however but are a very secure method. Since the threat is
constantly changing sometimes a good defense is simply studying and keeping a close eye on
those trying to attack you (Tsuchiya, 2009). Using network analysis terrorists can be tracked
down to a physical location and physically stopped or apprehended (Tsuchiya, 2009). A strong
cyber defense is a must with this new threat in place already. The proper use of security
measures such as firewalls, encryption, digital certificates, and intrusion detection and prevention
systems can almost completely halt an attack. If the networks these infrastructures are operating
on are secure using all the proper technics then cyber terrorists will not stand a chance (Saini,
2007). Protect, detect, respond are the three key elements of protecting our infrastructures of
cyber terrorists (Piggin, 2010). If proper measures are taken ahead of time to protect your
systems then the systems is harder to penetrate and use in a malicious manner. Detecting a
8
Cyber Warfare: Cyber Terrorism
potential problem as well as system penetrations is critical in stopping and minimizing damage.
The last step of responding means bringing the system back online if it does fail as well as
stopping the threat and finding out who was responsible for the attack (Piggin, 2010).
In one incident back in April of 2009 the Virginia State Drug Database was held hostage
for a reported $10M (State Drug Database Held Hostage, 2009). This database held the records
of all the drugs dispensed through all the pharmacies in Virginia. This database was used to
prevent prescription drug abuse, and was used by law enforcement and other government
agencies. The compromised system could have allowed someone to send out false prescriptions
as well as steal patient information (State Drug Database Held Hostage, 2009). Investigators
said they were unaware if they system or its information had actually been compromised.
Conclusion
Within the realm of cyber warfare, cyber terrorism is evolving at a very fast pace. It has
become a concern of not only Americans but almost every other government. This threat has
changed the traditional terrorist way of fighting. No longer do terrorists need to blow up
buildings or bomb ships but can now exert control over them in a different way. The use of
computers to aid in terrorist attacks has reached a new level since they can now sit safely behind
a keyboard and cause havoc. The main threat in the US and abroad is the threat to our critical
infrastructures. These systems are what keep governments running smoothly and effectively.
They are vital to the operations of many governments and if disrupted can cause chaos as well as
a loss of life depending on the system that is attacked. These attacks have the potential to be
more deadly than any traditional terrorist attack. The possibility for cyber terrorists to attack
along with a traditional attack makes it even more deadly. This is the new landscape of warfare,
and it is constantly evolving to become a bigger threat.
9
Cyber Warfare: Cyber Terrorism
Cyber terrorism includes several key groups; the terrorists, defenders, and innocent
bystanders or targets. These terrorists target the innocent bystanders to cause chaos, death, and
to get their political ideology out to the masses. The defenders work day and night to not only
defeat these terrorist but also neutralize their efforts and determine who they are. They must
constantly evolve and understand the full scope of their opponent. To be effective they need to
stay one step ahead of their enemy, and be proactive in their search and prevention of their
tactics. The third groups of people are the innocent bystanders that are the final targets of the
terrorists. They are the ones that need to be protected every day from this threat. They do not
possess the means to protect themselves from these attacks. Since these attacks are directed at
critical infrastructures they people are the ones that receive the damages in the end. They cannot
as an individual protect these assets and must rely on the defenders to protect them, whether they
know it or not.
Cyber terrorists are a growing threat and will become an even bigger threat for the US
over the next few years. These actors will need to be hunted down using various methods and
eliminated as a threat. Their potential for harm is huge so we cannot back down or let them get
the upper hand. Using a balanced blend of physical security and cyber security the threat can be
cut down significantly.
10
Cyber Warfare: Cyber Terrorism
References:
Elmusharaf, M. (2004). Cyber Terrorism : The new kind of Terrorism. Computer Crime
Research Center - Daily news about computer crime, internet fraud and cyber terrorism.
Retrieved March 21, 2011, from http://www.crime-
research.org/articles/Cyber_Terrorism_new_kind_Terroris
Fulghum, D. A. (2005). Phone for Help. Aviation Week & Space Technology, 163(16), 50-52.
Retrieved from EBSCOhost.
Hayes, J. J. (2010). The terrors and the errors [cyber-terrorist attack]. Engineering & Technology
(17509637), 5(14), 52-53. doi:10.1049/et.2010.1413
Hinde, S. (2001). Incalculable potential for damage by cyber-terrorism. Computers & Security
20.7: 568+. Computer Database
Korchenko, O., Vasiliu, Y., & Gnatyuk, S. (2010). MODERN QUANTUM TECHNOLOGIES
OF INFORMATION SECURITY AGAINST CYBER-TERRORIST ATTACKS. Aviation
(1648-7788), 14(2), 58-69. Retrieved from EBSCOhost.
Mann, P. (2002). Cyber Security 'Missing' From Travel Defenses. Aviation Week & Space
Technology, 157(2), 41. Retrieved from EBSCOhost.
Matusitz, J. (2011). Social Network Theory: A Comparative Analysis of the Jewish Revolt in
Antiquity and the Cyber Terrorism Incident over Kosovo. Information Security Journal: A
Global Perspective, 20(1), 34-44. doi:10.1080/19393555.2010.544702
Montgomery, G. (2003). Cyberterrorism: ready to explode. Australian Personal Computer,
(292), 26. Retrieved from EBSCOhost.
Neil, S. (2009). NON-PROFIT TARGETS CYBER-SECURITY IN PLANTS. Managing
Automation, 24(9), 10-12. Retrieved from EBSCOhost.
PATEL, S. C., BHATT, G. D., & GRAHAM, J. H. (2009). Improving The Cyber Security of
Scada Communication Networks. Communications of the ACM, 52(7), 139-142. Retrieved from
EBSCOhost
Piggin, R. (2010). The reality of cyber terrorism. Engineering & Technology (17509637), 5(17),
36-38. doi:10.1049/et.2010.1721
Saini, H. H., & Saini, D. D. (2007). Proactive Cyber Defense and Reconfigurable Framework for
Cyber Security. International Review on Computers & Software, 2(2), 89-97. Retrieved from
EBSCOhost.
11
Cyber Warfare: Cyber Terrorism
State Drug Database Held Hostage. (2009). Information Management (15352897), 43(5), 6.
Retrieved from EBSCOhost.
Stevens, T., & Jusko, J. (2001). Cyber-terrorists under attack. Industry Week/IW, 250(2), 11.
Retrieved from EBSCOhost.
Tsuchiya, M. (2009). Defense against Cyber Terrorism: Head War and Body War. Conference
Papers -- International Studies Association, 1-10. Retrieved from EBSCOhost.
UK 'COULD BE TARGET FOR CYBER-TERRORISTS'. (2003). IEE Review, 49(2), 15.
Retrieved from EBSCOhost.