THE CYBER-TERRORISM THREAT: FINDINGS FROM A SURVEY OF RESEARCHERSLee Jarvis, Stuart Macdonald and Lella Nouri (all Swansea University)

Introduction Report on findings from a recent survey on

cyberterrorism 118 researchers, 24 countries Questions: definition, threat and response

Aims: ‘State of the discipline’ stock-taking exercise Explore potential explanations for the diversity of

responses received Chart areas of (dis)continuity with debates on terrorism

more widely

Academic literature Cyberterrorism threat

Much contested In part, a product of definitional differences Debate between ‘the concerned’ and ‘the sceptics’

Concerned: Destructive capacity of cyber- now matches physical. Prospect of anonymity, and lower financial costs Vulnerability of Critical Information Infrastructures Socio-politico-economic dependencies on the Internet

Sceptics: Cyberterrorism as speculative fantasy A substitute for now-outdated paradigms of threat and risk Lack of theatricality and limited destructive capability Other terrorist uses of the Internet more significant.

Our survey Purposive sampling strategy:

Targeted literature review Standing in the field/publication in core journals. Snowballing Mailing lists: BISA and TAPVA

Limitations: Is no (bounded, fixed) (cyber)terrorism ‘research community’ Academic time lags

Responses: 118 from 24 countries (out of 600); but 71% from US, UK, Australia,

Canada. 86% permanent or temporary academic staff, or research student. 50% Politics/IR. Parallels with other surveys of the terrorism literature

In your view, does cyberterrorism constitute a significant threat? If so, against whom or what?

Yes (58%): Governments/states (n=23); Critical Infrastructure/Computer networks

(n=19); Civilians/individuals (n=10); Private sector corporations (n=10)

No (20%) Lack of precedents/empirical evidence Terrorist organisations lack capability to attack CII’s Lack of motivation amongst terrorist groups.

Differences?: Different explanations of threat evident in responses: from ‘paralysis’ to

‘disruption’ Different logics: some hypothetical, others extrapolated from recent events Competing conceptions of cyberterrorism (e.g. for some: obtaining classified

information; ‘online harassment) Different timescales

With reference to your previous responses, do you consider that a cyberterrorism attack has ever taken place?

110 responses: 49% yes and 49% no

Examples (selected): Attacks on Estonia: n=11; Stuxnet, Iran: 6; Attacks on Georgia: 3 India-Pakistan: 2; Anonymous: 2; PKK collapsing the Govt network: 1 Wikileaks: 1

No: Actor-specific definitions exclude state activities Lack of violence: “…no person has ever been killed or injured as the result of

an attack executed by using weaponised computer code” Differentiation between cyberterrorism, hacktivism and cybercrime No production of fear in a wider audience Lack of political or ideological motive for many candidates

Primarily definitional > empirical

What are the most effective countermeasures against cyberterrorism? Are there significant differences to more traditional forms of anti- or counter-terrorism?

Twelve counter-measures identified (including): Target-hardening (38%); Refusing to exaggerate the threat (9%);

Greater international cooperation (8%); Preventing radicalisation (5%); Employing hackers (3%); Greater private sector involvement (3%)

Disciplinary differences No countermeasures restricted to one disciplinary

background, but some trends: Engineering/Computer Science: 57% of those arguing for

enhanced international cooperation Psychology/Anthropology: 67% of those arguing for

employing hackers.

Politics/International Relations – more sceptical? 69% believed a cyberterrorist attack had not taken place 67% of those warning against exaggerating the threat of

cyberterrorism

Conclusion

Considerable disagreement: Threat, occurrence to date, how to respond Frequently a product of definitional issues Also, disciplinary differences

Obvious parallels: Academic literature, and broader debates on terrorism

However: 50/50 split on whether it has occurred: surprising The need for domain-specific responses posited by many

To find out more… Web: http://www.cyberterrorism-project.org/

Email: ctproject@swansea.ac.uk

Twitter: @CTP_Swansea

Facebook: facebook.com/CyberterrorismProject

Thank you for your time!