Printer Friendly

Understanding cyberterrorism.

THE THREAT IS UNDOUBTEDLY REAL. But cyberterrorism has yet to truly disrupt our lives in a way that galvanizes government, utilities and companies around investing in better safeguards. As we continue to debate the semantics of its definition and look for concrete examples of how cyberterrorists might bring down a business or a nation, perhaps the most pressing matter is to understand the nature of the threat.

Without a doubt, cyberterrorism poses a real threat to governments, organizations and individuals around the globe. In today's high-tech world, all types of computer networks are logical targets for all sorts of adversaries. In fact, according to a figure from U.S. officials, an astounding 60,000 new malicious computer programs are identified every day.

But how does one exactly define cyberterrorism? In a 2000 testimony before the Armed Services Committee of the U.S. Representatives, Dorothy Denning of Georgetown University coined a still-popular definition of cyberterrorism: "the convergence of terrorism and cyberspace ... generally understood to mean unlawful attack and threats of attack against computers, networks and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives."

While that may be a mouthful, it does seem to sum it up. Depending on who you ask, however, cyberterrorism can have a somewhat surprising variety of meanings. Why this ambiguity? Well, since cyberterrorism is a relatively new term and is a product of the technological age in which we currently live, its definition is naturally still evolving. And as the technology surrounding cyberterrorism itself changes, the definition of the term will continue to change as well.

"It's hard to define something that's so intangible, so shifty, so below the radar of an otherwise taw-abiding society," said Carmi Levy, an independent technology analyst and journalist. "It's also hard to define something most of us would rather shunt out of sight. This is typical behavior, and nothing we haven't seen with earlier forms of anomalous technology-related threats, such as viruses and malware."

[ILLUSTRATION OMITTED]

The other hurdle he sees is our collective unfamiliarity with the threat. "It's hard to define something until the majority of society agrees it's a problem and has seen enough of it to merit actual recognition," said Levy. "Unfortunately, we're not there yet. Until it touches more of us in a more direct manner, expect it to remain difficult to pin down."

Perhaps the thorniest issue is that the term's root word is something society still struggles to define. "The simpler term 'terrorism' itself can have a variety of definitions, and 'cyber' just adds layers of complexity and misunderstanding to the issue," said Kurt Baumgartner, a senior security researcher at Kaspersky Lab, a Moscow-based computer security company.

As the terms "terrorist" and "freedom fighter" have been debated in the past, when it comes to cyberattacks, there can be a fine line between activism and terrorism. And which side of that line an event falls on often varies depending on your perspective. In today's digital world, some see the progression from activist to "hacktivist" as a natural one.

"It's pretty easy to imagine past activist heroes might well have engaged in some type of hacktivism depending if they'd had access to the technology," said John Kindervag, a security expert and principal analyst at Forrester, a research company in Cambridge, Massachusetts.

Kindervag also wonders if defacing a website or bringing down an ecommerce portal, like the 2011 disruption of Sony's PlayStation Network, an online video game platform, is actually terrifying or merely inconvenient. "For me, the issue is if individual lives are in jeopardy at the moment of the action," said Kindervag. "Disrupting the air-traffic control system to make planes crash would definitely be cyberterrorism. The Sony PlayStation Network attack would not be."

What Kind of Damage Can Cyberterrorism Do?

Since cyberterrorism is such a new brand of crime, we as a society do tend to be somewhat complacent when it comes to cybersecurity. However, in the near future, we can only expect to hear more about both cyberterrorism threats and actual incidents.

"The threat will only grow with the passage of time," said Levy. "And it's up to everyone to begin treating it as it deserves to be treated: with respect."

Currently, the most frightening potential attacks are those that come from all angles. Baumgartner envisions a scenario in which cyberterrorists simultaneously disrupt communications systems, infrastructure controls and financial markets. Such a wide-net strike would be difficult to pull off, but the resources may exist--for the right price.

"It somewhat depends on the attackers' goals and capabilities," he said, "but capabilities are for sale."

In terms of actually inciting terror, most rightfully fear bombings and explosions more than anything else. But the damage caused by cyberterrorism attacks can induce a different brand of fear since they are orchestrated by a faceless evildoer.

"Tangibly, we can all relate: a power plant could be taken offline, a company's finances could be wrecked and a region's ability to communicate wiped out," said Levy. "Intangibly, the psychological impact could be even greater and longer-lasting, as cyberterrorism strikes at the very heart of what makes us feel safe in a supposedly safe society."

This can lead to a feeling of helplessness. "It allows enemies to easily bypass the traditional barriers of military and geography, and it allows them to get at the soft underbelly of day-to-day society," said Levy. "Fear of these types of attacks, in many respects, is just as debilitating as the overt effects might be."

While definitive, public accounts of large-scale acts of cyberterrorism can be difficult to come by, there have been some comparatively smaller-scale examples of cyberattacks in the recent past. The hacker group Anonymous, for example, has launched multiple attacks against authorities. Founded in 2003, this group of loosely associated hackers is extremely opposed to any type of internet surveillance and censorship.

"These attacks illustrate the broadly disruptive impact of a distributed, focused campaign to take down resources controlled by forces they deem the enemy," said Levy. "Chicago's police department, for example, was taken down earlier this year, and law enforcement agencies in Ontario had usernames and passwords published by hackers claiming to be affiliated with Anonymous."

While groups with agendas similar to Anonymous will likely continue to carry out attacks regardless of the day's political climate, social factors have driven other hacktivists to action. "The Occupy movement as well as the Arab Spring spawned an upsurge in this type of activity," said Levy.

With respect to governmental organizations, Stuxnet, a malicious computer "worm" designed to interfere with the nuclear program in Iran, was accidentally discovered in 2010 when the virus left the digital perimeter of Iran's Natanz plant and reached the wider internet. According to the New York Times, this malicious code was developed by both the United States and Israel. Since then, two new versions of this worm have been discovered.

In May 2012, another piece of malware, a virus called Flame, was uncovered. This virus infiltrated the computers of high-ranking officials in Iran with the goal of collecting information. Flame appeared to be approximately five years old when it is was found, and the Washington Post has reported that it was designed by the United States; publicly, U.S. officials have not stated that they were responsible for creating this particular virus.

During April and May of 2007, Estonia was the victim of violence, riots and cyberattacks after officials moved a memorial commemorating the Soviet liberation of Estonia from the Nazis during World War II. Hackers shut down government ministry websites, two important banking websites and political party websites. They even disabled the email server for the Estonian parliament. Officials in Estonia accused the Russian government of orchestrating the denial-of-service attacks, but NATO and the European Commission were unable to find concrete evidence to prove these allegations.

In 2011, researchers from various high-tech companies uncovered a Trojan horse called Sykipot. This cyberweapon attempted to obtain documents from high-ranking executives, mainly those in the defense field at companies that developed unmanned drone planes. Officials believe that these attacks are coming from an established group located in China.

While we all like to hope that our government infrastructure is infallible, such attacks show that 100% protection is likely impossible. "Every system has areas of vulnerability, and there is no such thing as an inviolable or impenetrable solution," said Levy. "Like conventional crime, military and quasi-military threats, it's foolish to think we'll ever be 100% safe. The world has simply never worked that way, and it isn't about to start now."

How Do We Stop Cyberterrorists?

While no amount of improvement will ever ensure society is cyberattack-free, experts say that governments and organizations should be proactive when it comes to investing in preventative measures. As technology continues to move forward at an alarming rate, so too must the laws regarding cyberactivities. Because currently, neither civilian nor government officials are truly able to combat this new and ever-changing threat. "Traditional law enforcement tools and processes need to be updated or replaced entirely," said Levy.

Baumgarmer feels similarly. "It is important to get past the short-term political gimmicks and silliness that we have seen and get down to business," he said. "Addressing the problem effectively is a complex and difficult task, and overburdening defenders with ineffective tasks that waste time instead of necessary solutions is a difficult balance."

To reach the proper balance, Levy recommends that law enforcement officials and business leaders strive for improved task forces, specialized training, and a re-prioritization of resources toward this class of crime. This, he believes, will greatly reduce the risk of attack and lower the severity and impact if an attack does occur.

"They can raise the vulnerability bar sufficiently high to discourage the lesser-skilled and motivated attackers, and make life sufficiently difficult on the true pros," said Levy.

Unfortunately, in his view, those who built the last-generation standards of policing the digital world may not be up to the task without extensive and expensive retraining. And even then, they may not be able to adapt their capabilities to this new reality.

"The existing culture within law enforcement may be inadequate," said Levy. "No one project or initiative will be enough to adapt. Nothing short of a wholesale rebuild of government and law enforcement best practices will do."

FBI DIRECTOR SAYS CYBERTHREATS WILL SOMEDAY BE THE "NUMBER ONE THREAT TO THE COUNTRY"

In January, several federal government department leaders gathered for a Senate intelligence committee hearing on worldwide threats to the United States. The following comments were presented by FBI Director Robert Mueller

Down the road, the cyberthreat--which cuts across all programs--will be the number one threat to the country. We look at it in three different perspectives.

The first is, inside the FBI, we have to change our organizational structure. In the same way we changed to address terrorism, we have to change to address cybercrime. We have to recruit and hire and bring on the persons who are capable of doing it. We have to understand that our role is to investigate intrusions and to thwart: further intrusions.

And secondly, in the same way we had to share intelligence in the wake of September 11th, we have to share information and intelligence between the various entities who address this particular threat. At the time of intrusion, you do not know whether it is a state actor: a Russia or a China. You don't know whether it's an O.C.--organized crime entity--or the high school student down the street. Consequently, you can't allocate [responsibility] to a particular agency, which is why we developed the national cyber investigative task force will the FBI, CIA. [Defense Intelligence Agency], NSA, Secret Service: all of those who have a role to address this kind of threat. We have to build up the collective addressing of that threat, in the same way that we did so ... in the wake of September 11th.

Lastly, in terms of legislation, we have pushed in the legislation two areas that are of concern to us. One is a national data breach requirement. There are 47 states that have different requirements for reporting data breaches. There has to be a national data breach requirement for reporting, and we should be recipients of that reporting.

And ... there has to be, in the statute, in my mind, the ability to share the information indicative of a crime with the Bureau and others who have that responsibility. But it is something that we as an organization are focusing on as the next substantial threat.

Larisa Redins is a full-time writer and editor. She writes about business, technology and other topics for a variety of international organizations, magazines, websites and related clients.
COPYRIGHT 2012 Risk Management Society Publishing, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2012 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Redins, Larisa
Publication:Risk Management
Geographic Code:1USA
Date:Oct 1, 2012
Words:2124
Previous Article:"Like" it or not: how social media can lead to litigation.
Next Article:How UMass Memorial Hospital cut claims costs with a new RMIS: one of Massachusetts' largest hospitals invested its money and time into building a...
Topics:

Terms of use | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters