Responses to Cyber Terrorism

This article first appeared in the April – June 2009 edition of Terrorism and Political Violence and is reproduced here with their kind permission.

Proceedings of the NATO Advanced Research Workshop on Responses to Cyber Terrorism,   edited by Centre of Excellence  Defence Against Terrorism, Ankara, Turkey; IOS Press 2008.  145 Pages; No Price Stated.  ISBN:  978-1-58603-836-6.

This is the outcome of  a two-day conference in October 2007 on “Responses to Cyber Terrorism”. Experts gathered from a wide range of disciplines  in Ankara, Turkey, to arrive at practical solutions to cyber terrorism, generated through working group meetings following plenary sessions.  The book includes a chapter on each of 10  papers presented, and a three-page summary of working group responses to questions put to them.

Papers review the history of the internet, CIIP (Critical Information Infrastructure Protection), use of the internet by terrorists and Al-Qaeda’s reliance on it, the internet as a tool for intelligence and counter-terrorism, NATO and cyber terrorism, institutionalising a Collective Open Source Intelligent System, the need for international cooperation and the related legal and policy issues, and finally a case study on PKK/Congra-Gel websites.

The problem is succinctly stated.  “It was noted that at present terrorists had not mastered the technology necessary for launching large scale cyber attacks.  However, the services of some ‘techies’ are available for hire on the internet …  Furthermore, it is probably only a matter of time before a new generation of terrorists embrace cyber terrorism”.  (P. 143).

Why is cyber terrorism likely to be used and what are the implications?  Four perspectives map the problem:

  • “The Internet will be a perfect battlefield of the 21st century as countries develop more dependence on the networks, and new generations feel more and more comfortable and skilled in using all the features of ICT”.  (P. 102).
  • “ ‘Economy of effort’ is one of the principles of war, and …  the terrorist can continue to perpetrate crimes time and time again, without the requirement for martyrdom or any risk to themselves.   The funds required …  are minimal”.  (P. 126).
  • “Current technology asymmetrically favours the attackers; it provides them great “non-linear leverage”, and attackers get their innovations into practice more quickly and effectively than defenders”.  (P. 25).
  • “As a force multiplier, cyberterrorism can create more effect if it is executed in concert with other traditional terrorist actions”.  (P. 72).

Attacks on IT systems may take three forms – 1) Hacking attacks on individual systems; 2) Distributed Denial of Service attacks (DDOS) usually by bombarding a computer with messages so that it cannot process anything else; and 3) Hybrid attacks which combine 1) and 2) and conventional attacks.

Hacking may be very serious – “If, for example, vital data, such as the US social security database, financial institutions’ records, or secret military documents, are able to be irreversibly damaged, grave social disorder and long-lasting lack of trust in all government institutions could be the consequence.  Studies … and recent attacks have shown that even top-secret military computers and sensitive nuclear site centers are not immune against all attacks”.  (P. 39)

DDOS attacks use  worldwide networks of computers (called ‘bot-nets’ as they use “robot” software, infected with a virus, which converts them to “zombies” controlled by a ‘bot-master’).  The service of a bot-net can be hired for as little as US $150 per day.  “In 2006, more than 60,000 active bot-infected computers were observed per day.  Furthermore, over 6 million distinct bot-infected computers were detected in six months.  These “zombies” were controlled by less than 5,000 command-and-control servers.  “ … the persons in control of these bot-nets are not hobby hackers, but well experienced and organised groups”.  (P. 40).

Hybrid attacks “against national financial networks (such as Fedwire or Fednet) or against [bank]  transfer networks (such as Swift) could be launched.  It is estimated that such an attack could wreck havoc on the entire global economy”.  (P. 41).

A vulnerability, repeatedly noted, was SCADA (Supervisory Control and Data Acquisition) systems which now frequently use the internet to transmit data and control instructions.  These systems are particularly prevalent in utilities (dams a prime example),   air traffic control systems and other major systems where they are used to measure and control other systems.  A successful attack on them would lead to “real world” consequences, including massive fatalities, significant damage and economic loss.

The conference debated shutting down terror websites or using them for analysis to counter them.  The majority felt  it was impossible to permanently shut them down and the focus should be on understanding the strategy, tactics, ideology, and particularly the weaknesses of the terror groups.

Finally as many security features have been distributed to end-users, even good security at government facilities will not  be adequate. This led to an interesting conclusion,.  Much of the effort will have to be subcontracted from government to academia and the private sector. To  properly defend against this form of warfare will require a much less hierarchical and more networked knowledge-based approach, not now delivered by the traditional state hierarchical organisation.

No index is included and some points are slightly disjointed, but that is more than outweighed by the helpful seven-page preface . This book should be required reading for all IT directors using SCADA systems.  It will interest  those looking for a broad understanding of cyber terrorism.

Tagged , ,