Posts: 5,362
Threads: 2,998
Joined: Feb 2011
[attachment=11950]
Abstract
The term cyberterrorism is becoming increasingly common in the popular culture, yet a soliddefinition of the word seems hard to come by. While the phrase is loosely defined, there is a largeamount of subjectivity in what exactly constitutes cyberterrorism. In the aftermath of the September11th attacks, this is somewhat disconcerting. In an attempt to define cyberterrorism more logically, a study is made of definitions and attributes ofterrorism and terrorist events. From these attributes a list of attributes for traditional terrorism isdeveloped. This attribute list is then examined in detail with the addition of the computer and theInternet considered for each attribute. Using this methodology, the online world and terrorism issynthesized to produce a broader but more useful assessment of the potential impact of computersavvy terrorists. Most importantly, the concept of ‘traditional’ cyberterrorism, which features thecomputer as the target or the tool is determined to be only a limited part of the true risk faced. Finally, the authors discuss the impact this new view of cyberterrorism has on the way in which oneshould build one’s defenses. In particular, the breadth of the issue poses significant questions forthose who argue for vertical solutions to what is certainly a horizontal problem. Thus, the validity ofspecial cyberterrorism task forces that are disconnected or loosely connected with other agenciesresponsible for fighting the general problem of terrorism is questioned, and a broader, more inclusivemethod suggested. Keywords: cyberterrorism, terrorism, computer security√ Introduction If you ask 10 people what ‘cyberterrorism’ is, you will get at least nine different answers! When those10 people are computer security experts, whose task it is to create various forms of protection against‘cyberterrorism’, this discrepancy moves from comedic to rather worrisome. When these 10 peoplerepresent varied factions of the governmental agencies tasked with protecting our nationalinfrastructure and assets, it becomes a critical issue. However, given the lack of documentedscientific support to incorporate various aspects of computer-related crime into the genre‘cyberterrorism’, this situation should not be surprising.Despite copious media attention, there is no consensus methodology by which various actions maybe placed under the nomenclature ‘cyberterrorism’, yet the term clearly exists in common usage.The term, first coined in the 1980s by Barry Collin (Collin, 1997), has blossomed in the last severalyears: “Protect yourself from the cyberterrorist”; “Insure yourself against cyberterrorism”; “Fundingforthcoming to fight cyberterrorism” (Hamblen, 1999; Luening, 2000).All of these sound nice, but the reality is that the reader, solution provider, or defender is often left tohis own devices as to what the term actually means and thus what solutions should be created (orimplemented). When a government’s or corporation’s entire infrastructure may be at stake,subjectivity is useful but may not be the best evaluative tool.At the same time, research of this phenomenon shows that cyberterrorism cannot easily be defined.This creates a Catch-22 situation: the thing cannot be defined — yet without defining it, one cannot‘know’ what it is one is fighting and hence come up with a good solution. Furthermore, even whenthere is an operational agreement on terms, if an attack/security event does not fit into one of the(often narrowly defined) categories, funding (and consequently investigation or technical remedy)may not be forthcoming.3Symantec
CYBERTERRORISM?
For example, recently terrorists used a computer in Delray Beach, Florida to make their travel plansand purchase tickets, as well as using public library computers in the same town (Holland, 2001).How large the role computers played in the organization and execution of the attacks is, at this point,unclear, but the conclusion is obvious: computers and, in particular, the Internet, played a key role inthe execution of the September 11th attacks. This concept is critical in evaluating the true problemwe face in the virtual world: the use of computers in terrorist acts. While there are possible technicalsolutions that would have made this particular scenario more difficult, this task does not currently fallunder the auspices of any government agency tasked with fighting cyberterrorism. Furthermore, aseach of the actions cited above was not necessarily illegal prior to the attack, detection andprevention is made all the more difficult.The most widely cited paper on the issue of Cyberterrorism is Denning’s Testimony before the SpecialOversight Panel on Terrorism (Denning, 2000). Here, she makes the following statement:Cyberterrorism is the convergence of terrorism and cyberspace. It is generally understood tomean unlawful attacks and threats of attack against computers, networks, and the informationstored therein when done to intimidate or coerce a government or its people in furtherance ofpolitical or social objectives. Further, to qualify as cyberterrorism, an attack should result inviolence against persons or property, or at least cause enough harm to generate fear. Attacksthat lead to death or bodily injury, explosions, plane crashes, water contamination, or severeeconomic loss would be examples. Serious attacks against critical infrastructures could be actsof cyberterrorism, depending on their impact. Attacks that disrupt nonessential services or thatare mainly a costly nuisance would not.While Denning’s definition is solid, it also raises some interesting issues. First, she points out that thisdefinition is usually limited to issues where the attack is against “computers, networks, and theinformation storied therein”, which we would argue is ‘pure Cyberterrorism’. Indeed, we believe thatthe true impact of her opening statement (“the convergence of terrorism and cyberspace”) isrealized not only when the attack is launched against computers, but when many of the other factorsand abilities of the virtual world are leveraged by the terrorist in order to complete his mission,whatever that may be. Thus, only one aspect of this convergence is generally considered in anydiscussion of cyberterrorism — an oversight that could be costly. Second, it is very different from thedefinition that appears to be operationally held by the media and the public at large.Given the Augean task of attempting to define cyberterrorism, one way we might approach the task ofunderstanding it is to throw away the very idea of defining it at all, and instead begin by breaking itdown into its fundamental elements — each of which can be examined and used as a foundation fordeveloping solutions which may be technical, legal, social, educational, or policy driven. After all, aword is meaningless in and of itself — it is only the relational concepts that the word conveys thatimbue the utterance with meaning. As ‘cyberterrorism’ relates to ‘terrorism’ a logical first step might be to look at the functional elementspresent in some operational definitions of ‘terrorism’1.The United States Federal Bureau of Investigation (FBI) defines terrorism as, “The unlawful use offorce or violence, committed by a group(s) of two or more individuals, against persons or property, tointimidate or coerce a government, the civilian population, or any segment thereof, in furtherance ofpolitical or social objectives.” (FBI, 2002).4Symantec
CYBERTERRORISM?
The United States Department of Defense (DOD) defines terrorism using a slightly broader brush,calling it “the unlawful use of, or threatened use, of force or violence against individuals or property,to coerce and intimidate governments or societies, often to achieve political, religious or ideologicalobjectives” (DOD, 2002).The United States Department of State (DOS) definition states that terrorism is “premeditated,politically motivated violence perpetrated against noncombatant targets by sub national groups orclandestine agents” (DOS, 2002). These varied operational definitions exist as a function of the individual organizational roles and taskswhich are assigned to employees/agents. Thus, as these roles and tasks vary, the concepts ofterrorism continue to vary.√ The terrorism matrixWhen terrorism is examined in view of these definitions, there are some pervasive elements: people(or groups), locations (of perpetrators, facilitators, victims), methods/modes of action; tools, targets,affiliations, and motivations2Examples are shown in Figure 1, using two groups designated as terrorist .groups by