Computer Crime Research Center

Putting cyberterrorism into context

Date: October 09, 2004
Source: AusCERT
By: Kathryn Kerr

With the growth of the Internet in both its size and functionality from the 1970s through to the present, we have seen a massive change in both the nature of the threats and the level of malicious attack activity directed against Internet-connected systems.

During the last decade, broad sections of government and industry have embraced the Internet as a generally reliable and cost-effective platform for business critical communication and services. During the same period, with increased exposure to and dependence on Internet connectivity and dependent services, government, media and the public have also increasingly given more attention to the potential threat of cyberterrorism to these Internet-connected systems, particularly for the critical information infrastructures of nation states. In this regard, Australia is no different from most affluent and technology dependent nations.

For sometime now (even dating back to the Gulf War in 1991) there has been a heightened level of interest in the potential threat of cyberterrorism coupled with an unhelpful amount of hype and misinformation surrounding the use of the term.

Part of the problem is one of definition - there are broadly different definitions as to what actually constitutes 'cyberterrorism'. There are a number of well-accepted definitions which share common similarities and are outlined below. But increasingly, there are a number of loose definitions which are promulgated to encourage the purchase of particular computer security products or services or to generate interest in a story by the media. If these definitions are not clearly articulated, an uninformed reader/viewer may rely on their own, possibly misinformed, understanding of the nature of the threat of cyberterrorism. As long as the term 'cyberterrorism' continues to be used loosely and inconsistently, misinformation and hype associated with the threat will remain.

The purpose of this article is to present a legitimate definition of 'cyberterrorism' and identify some common misuses of the term. Once we are clear about accepted uses of the term, we will then provide an assessment of the threat of cyberterrorism for Australian networks and compare this threat with other existing cyber threats.

Definition

Before defining 'cyberterrorism' it is necessary to define and understand what we mean by 'terrorism' - afterall there should be similarities between the usage of the terms. The United States' State Department defines terrorism as politically motivated acts of violence against non-combatants. [3]

In Australia, the recently enacted Security Legislation Amendment (Terrorism) Act 2002 defines a terrorist act to mean:

an action or threat of action where:

(a) the action falls within subsection (2) and does not fall within subsection (2A); and
(b) the action is done or the threat is made with the intention of advancing a political, religious or ideological cause; and
(c) the action is done or the threat is made with the intention of:

(i) coercing, or influencing by intimidation, the government of the Commonwealth or a State, Territory or foreign country, or of part of a State, Territory or foreign country; or
(ii) intimidating the public or a section of the public.

(2) Action falls within this subsection if it:
(a) causes serious harm that is physical harm to a person; or
(b) causes serious damage to property; or
(c) causes a person’s death; or
(d) endangers a person’s life, other than the life of the person taking the action; or
(e) creates a serious risk to the health or safety of the public or a section of the public; or
(f) seriously interferes with, seriously disrupts, or destroys, an electronic system including, but not limited to:

(i) an information system; or
(ii) a telecommunications system; or
(iii) a financial system; or
(iv) a system used for the delivery of essential government services; or
(v) a system used for, or by, an essential public utility; or
(vi) a system used for, or by, a transport system.

(2A) Action falls within this subsection if it:
(a) is advocacy, protest, dissent or industrial action; and
(b) is not intended:

(i) to cause serious harm that is physical harm to a person; or
(ii) to cause a person’s death; or
(iii) to endanger the life of a person, other than the person taking the action; or
(iv) to create a serious risk to the health or safety of the public or a section of the public. [4]

In a study of 109 academic and official definitions of terrorism, three common elements were identified:

* the use of violence
* political objectives
* the purpose of sowing fear within a target population[5]

For cyberterrorism to apply, these same elements should also exist as they do in the following definitions:

1. According to the US Federal Bureau of Investigation:

Cyberterrorism is any premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents. [6]

2. A definition of cyberterrorism proposed by the US National Infrastructure Protection Center is

a criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda. [7]

3. Dorothy Denning defines cyberterrorism as

unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives. Further, to qualify as cyberterrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear. [8]

4. James A. Lewis, Centre for Strategic and International Studies (2002) defined cyberterrorism as

the use of computer network tools to shut down critical national infrastructures (such as energy, transportation, government operations) or to coerce or intimidate a government or civilian population. [9]

Interestingly, two of the definitions (2 and 4) specify that computer systems or telecommunication cababilities are used to conduct cyberterrorist attacks. The other two definitions (1 and 3) only specify that computer and information systems are the targets of cyberterrorist attacks. Arguably both elements should apply. While an information system can be attacked in any number of ways (eg, conventional methods involving bombing, arson, etc), for an act to be classed as cyberterrorism, the attacker must use information systems or other electronic means to launch the attack (as applies to the term 'bioterrorism', where the method of attack is a toxic biological agent).

Cyberterrorism is but one form of cyber attack. Too often the terms cyberterrorism and cyber attack are used interchangeably and may result in a misunderstanding of the cyber threat in general and the threat of cyberterrorism in particular. These definitions demonstrate that for cyberterrorism to be perpetrated there are at least three elements which must be satisfied in order to distingish a cyberterrorist attack from an ordinary cyber attack. Denning notes that politically motivated cyber attacks that lead to death or bodily injury, explosions, or severe economic loss would be examples of cyberterrorism. Serious attacks against critical infrastructures could be acts of cyberterrorism, depending on their impact. Attacks that disrupt non-essential services or that are mainly a costly nuisance would not. [12] Most cyber attacks in Australia, even 'serious' ones, will be offences under the Commonwealth Cybercrime Act 2001 or similar State legislation rather than offences under the Security Legislation Amendment (Terrorism) Act 2002.

To date, there is no known publicly reported incident of cyberterrorism in the world that meets the first three definitions outlined above. The fourth definition, has been met, but only in so far as there have been several serious cyber attacks against critical information infrastructures but these are not assessed to be politically motivated [13].

What cyberterrorism is not
In contrast to the above definitions, cyberterrorism has been used improperly to refer to the use of:

* encryption technologies for secure electronic storage of data and communication by and between supporters/members of known terrorist groups;
* various forms of electronic communications (web sites, email etc) for the purposes of recruiting supporters, organising and communicating the messages (propaganda) of known terrorist groups;
* the occasional use by known terrorist groups of cyber attack techniques which are incapable of causing bodily harm, fear or serious economic damage; and
* the occurrence of port scans from countries considered to sponsor terrorism or which harbour known terrorist groups.

What is the threat of cyberterrorism?Page 1 2 3 Next

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2007-03-10 12:51:02 - my sister s hot friend sex scandal in the... Alex
2007-03-10 08:08:57 - motorola t720 ringtonemotorola razr... Alena
2007-03-10 04:26:57 - free yahoo ringtone nokia monophonic... Roman
2007-03-09 12:14:29 - get now ringtone verizon bollywood... Roman
2007-03-09 10:02:30 - index.html.index1.html.free downloadable... Piter
2007-03-07 04:55:25 - kyocera se47 ringtone cheap ringtone for... Zoli
2007-03-07 04:54:40 - Good site Good site computer download... Zoli
2007-03-06 22:26:24 - download free cingular mp3 ringtone free... Roman
2007-03-06 19:40:28 - ringtone world.comringtone direct.comfree... Alena
2007-03-06 17:33:08 - Good site Good site 6i nokia ringtone... Jon
Total 27 comments
Copyright © 2001-2024 Computer Crime Research Center
CCRC logo