Computer Networks and Terrorism

Cyber Terrorism: The Greatest Risk in the U.S.

Tremendous technological advancements have been made in the last few decades. Today, humans depend more on computer networks and information technology (IT) systems than on other means for information. From business to government, computer networks are relied upon to store, process, retrieve, and transfer critical information. Increased dependence on computer networks has, however, posed a major threat. Cyber terrorism is now arguably the biggest threat facing the U.S. (Harress, 2014; Thomas, 2016). Attacks against computer networks via computer viruses, worms, malware, and hacking have become increasingly common. The attacks are directed to information systems and infrastructures that support critical processes such as defense, transportation, banking, and energy production. This threatens the country's social, economic, and political stability. Nonetheless, there are often assertions that the risk of cyber terrorism is not as pervasive or substantial as often portrayed. Though there could be some truth in this argument, cyber terrorism has become the most significant national security issue for the U.S. This paper discusses why cyber terrorism is the greatest risk facing the U.S. The paper specifically focuses on what constitutes cyber terrorism, why the threat of cyber terrorism cannot be understated, and the way forward towards deterring cyber terrorism.

Defining Cyber Terrorism

Defining cyber terrorism can be difficult. As per U.S. law, a terrorist act has three aspects: the act is violent and potentially threatens human life; the act is unlawful in light of criminal law; and the act is fueled by ideological reasons (Chen, Jarvis & Macdonald, 2014). This definition, however, largely mirrors the conventional form of terrorism, where predominantly there are physical consequences such as the destruction of property and loss of human life. Today, terrorist acts can be executed without necessarily bombing buildings or killing people. This new form of terrorism is referred to as cyber terrorism. It generally refers to the deliberate and planned disruption of computer networks or IT systems mainly with the aim of causing and spreading fear (Pedersen, 2014). State-sponsored hackers, hired hackers, international cyber syndicates, as well as terrorists may execute the attacks. It is important to note that attacks on computer networks are not a recent happening. As early as the 1990s, when the internet revolution was evolving, defacing websites was a common phenomenon (Weimann, 2004). Nonetheless, such acts were largely driven by ego or economic gain. Today, however, hackers are increasingly driven by ideological reasons. They are more determined to cause fear as well destabilize the government and the economy. Instances of hackers stealing classified information from federal agencies and employees, or targeting information systems that support critical infrastructures and businesses have been on the rise. Such attacks are usually not motivated by egoistic tendencies -- they tend to be driven by a belief in the ideology of creating disorder, terror, and destabilization.

In essence, as the name suggests, cyber terrorism "is the convergence of cyberspace and terrorism" (Weimann, 2004, p. 4). It denotes malfide attacks on computer networks, and information systems aimed at intimidating or coercing the government or its subjects in advancement of ideological or political objectives. Though such attacks may not cause physical violence against property or persons, they can result in substantial harm, enough to cause panic.

The Threat of Cyber Terrorism: Real or Exaggerated?

Rise in Cyber terrorism has been termed as the biggest threat facing the U.S. presently (Harress, 2014; Thomas, 2016). In 2013, a sequence of sophisticated denial-of-service (DOS) attacks against government computer networks as well as hacking attempts on Central Intelligence Agency's (CIA) were reported (Harress, 2014). In addition, BAE systems, the largest defense firm worldwide allegedly encounters cyber-attacks as frequently as twice weekly (Thomas, 2016). This presents a major risk to the government given the firm is one of the largest suppliers of military equipment and systems to the Department of Defense (DOD). Such incidents, which are merely a few of the many reported and unreported attacks, have caused the federal government to pay greater attention to the threat of cyber terrorism in the last few years.

A cyber-attack on government information systems is obviously not an attack that can be ignored. The CIA and the DOD, for instance, are involved in critical activities aimed at guaranteeing national security, including intelligence gathering. Accordingly, cyber-attacks on computer systems and networks that support these agencies can result in the loss of or unauthorized access to highly classified information. Adversaries can use the information to plan catastrophic attacks against the U.S. or counter attacks directed by the U.S. against them.

Whereas attacks on government computer networks cannot be underrated, attacks on energy sector pose an even greater threat. The energy sector is without a doubt the lifeline of the U.S. economy. Without electricity and fuel, economic activity would literally come to a standstill, substantially affecting the day-to-day life of the public. In 2014, internet security firm Kaspersky announced that it had discovered the most sophisticated cyber weapon it had ever encountered (Harress, 2014). The firm said that the attack, which involved taking over IP addresses and stealing personnel emails, had primarily targeted oil and gas companies. A successful attack on the energy sector would have devastating impacts on the economy. Transportation systems, manufacturing and industrial processes, and other economic activities that are crucial for everyday life would be considerably disrupted.

Businesses also face the threat of cyber terrorism. Business organizations rely on trade secrets to build competitive advantage and outsmart their rivals. They also possess a great deal of confidential information relating to consumers, employees, as well as strategy and organizational processes. Further, in an effort to achieve efficiency and optimize operating costs, businesses have become extensively dependent on IT systems. This has, however, increased their vulnerability to cyber-attacks. Attacks on Sony's Playstation network as well as Microsoft's Xbox Live network are two recent examples. Indeed, cyber terrorism has become a perilous reality for businesses that they need to counter.

One may readily argue that attacks on business information systems are not fit for classification as acts of cyber terrorism -- they could be seen as more of cyber-crimes as opposed to terrorist attacks. This is, however, not necessarily true. In the case of Sony and Microsoft, for instance, the attacks led to unauthorized access to confidential employee and consumer data. The impact of such an event on a business organization can be overwhelming, particularly with respect to revenue loss, public confidence loss, intellectual property loss, and brand damage. This damage evidently reflects the fundamental motive of terrorism -- to cause panic. More importantly, most attacks on business organizations seen today tend to be obviously tied to geo-political situations, making them even more representative of terrorist attacks. There is, therefore, need for business organizations to priorities IT security more.

While the threat of cyber terrorism appears real by all means, some commentators view it as exaggerated. According to Weimann (2004), most possible attacks on critical information systems are overstated. Weimann's (2004) contention was informed by three reasons. First, at the time the assertion was made, there was no instance of reported, authentic cyber terrorism -- there were only speculations and sensationalized media reports. Second, cybercrimes are often mistaken for terrorist acts. Generally, cybercrimes differ from cyber terrorism in the sense that the former are driven by economic gain or the hacker's ego, while the latter is driven by ideological beliefs. Finally, cyber threat defenses tend to be stronger than is commonly believed. Bypassing these defenses is not as easy as often portrayed.

Whereas there could be validity in Weimann's (2004) argument, the argument should be treated with a great deal of discretion. The assertion was made more than a decade ago, a less technologically advanced or dependent era compared to today. Today, the technological landscape is characterized by a level of sophistication never seen before, and vulnerabilities to cyber-attacks are discovered virtually all the time. Equally, hackers have become more skillful and more ideologically driven. The likelihood of the involvement of terrorists in cyber-attacks cannot be understated. Terrorists can break into computer systems owned by the government and the private sector to destabilize the economy and cause fear amongst the public. Today, terrorists can cause exceedingly more harm with a computer and an internet connection than with an explosive device. They can shut down the power grid or render critical services inaccessible at merely the click of a button.

Indeed, cyber terrorism is much easier to execute than traditional terrorism (Rodden, 2015). Terrorists in the cyberspace do not necessarily have to bypass physical barriers such as checkpoints, borders, and custom authorities. The ease of executing cyber terrorism further stems from the fact that less time and effort is required compared to traditional terrorism, particularly with respect to physical training and psychological preparation. Additionally, cyber terrorist attacks tend to be more anonymous compared to conventional terrorist attacks. It can actually be difficult for security agencies to unravel the real identity and location of cyber terrorists. Furthermore, the cyberspace provides a much broader variety of targets compared to conventional terrorism. Cyber terrorists can readily target more sophisticated computer networks and information systems of the government, businesses, as well as individuals. These factors make cyber terrorism an even greater threat, thereby making the assertion that cyber terrorism is an exaggerated concern, quite weak.

The reality of the threat of cyber terrorism further stems from the government's increased focus on conventional terrorism. In the wake of the 9/11 attack, one of the worst terrorist attacks in the history of the U.S., the government undertook a series of measures to counter the increasing threat of terrorism (Caplan, 2013). Border controls were tightened, immigration systems were enhanced, and institutions specifically committed to preventing terrorism such as the Department of Homeland Security (DHS) were established. Such efforts have significantly minimized the threat of conventional terrorism. Nonetheless, terrorists could now be more inclined towards modern technologies. They are likely to have shifted to the cyberspace as a conduit for executing terrorist attacks. Today, with technological advances, terrorists may have found greater potential and more possibilities in the cyberspace. Indeed, anyone doubting that terrorists are increasingly interested in cyber weapons is out of touch with reality.

In the past one decade or so, terrorist organizations have increased or become more powerful and sophisticated. Al-Qaeda is no longer the major terrorist group the U.S. and the world at large have to grapple with. Other equally powerful groups have emerged, notably the Islamic State of Iraq and Syria (ISIS), Al-Shabab, and Boko Haram. The possibility that these groups are increasingly shifting to the cyberspace to plan and execute terrorists attacks cannot be ignored. The sooner this possibility is accepted the better. Though terrorist groups generally have limited skill and capability as far as bypassing IT security is concerned, they can readily have the most complicated hackers on their payroll. In fact, ISIS has reportedly been said to be enhancing its cyber arsenal in the recent past by recruiting highly skilled hackers.

Addressing Cyber Terrorism

There is enough reason to believe that cyber terrorism poses a significant threat to the U.S. Measures that are more aggressive must be put in place if the threat is to be minimized. First, it is important to enhance IT security measures. Though significant improvements to IT security have been made since the beginning of the 21st century, deficiencies are still evident. The increased scale of cyber-attacks and detection of cyber vulnerabilities proves this. More regrettably, government bodies as well as organizations still portray considerable shortcomings as far as their readiness for terrorist attacks committed via the cyberspace is concerned. On the whole, both public and private sector organizations lack strong security measures, and their employees lack comprehensive knowledge and awareness of cyberspace risks. If the U.S. is to win the war on cyber terrorism, IT security measures must be strengthened.