How serious is the threat of cyberterrorism?
1. Do you think that cyber-terrorism is one of the most important security problems of the future or is it just an exaggerated threat?
2. Do you think that tactics of cyber terrorism will be mainly used by non-state actors or do you think that state militaries will embrace it as well excessively?
3. How serious are the attacks nowadays and who are the main perpetrators?
4. Is it possible nowadays to ‘switch off’ or at least seriously cripple one country by cyber-attack as seen for in the last Die Hard movie?
Dorothy Denning, Distinguished Professor of Defense Analysis, Naval Postgraduate School
1. Nobody really knows, because we haven’t experienced it yet. So far, the cyber attacks attributed to known terrorist groups and their supporters have been primarily aimed at websites, including web defacements and modest denial of service attacks. There has also been some online credit card fraud to fund terrorism. None of these have been life threatening or even that damaging, so I’d prefer to not characterize them as cyber terrorism. But cyber threats overall will continue to be a significant problem. Organizations and individuals are losing billions annually because of online fraud and cyber attacks.
2. Terrorists typically target civilians. In interstate conflict, militaries abiding by Geneva Conventions and other law of war principles would not explicitly target civilians, though there could be collateral damage from strikes aimed at military targets. Thus I would expect to see somewhat different tactics, with militaries favoring surgical strikes against other military networks. But some militaries might deploy cyber attacks aimed at creating broad economic harm, much as al-Qa’ida advocates.
3. The cyber attacks today are serious because of their economic impacts. They are conducted to steal money (e.g., through fraud and extortion), protest policies and actions (e.g., the Estonia attacks), and enact revenge. Also, young people conduct them to impress their peers and have fun.
4. I haven’t seen that movie yet. I’m waiting for the DVD, which will include an interview of me and my NPS colleague John Arquilla on cyberterrorism. But I expect it to correspond more to fantasy than reality. After all, it’s fiction, not a documentary.
Sarah Gordon, Senior Research Fellow, Symantec Security Response
The issues related to computers and terrorism are extremely complex – not only can computers be used as the target of terrorists, they can also be used as tools to facilitate any number of terrorist actvities. (please see cyberterrorism paper for more in depth information, it is at http://www.symantec.com/avcenter/reference/cyberterrorism.pdf Also published ISBN: 9780754624264 in “International Library Essays on Terrorism”.
There are all sorts of ‘terrorist activities’ that take place on computers; some are more serious than others. In terms of accomplishing the endgoals of terrorism, i.e. creating fear/panic via some event (generally leading to destabilization of some asset or population) so far the attacks have not been very successful – I suspect that is due in large part to the nature of the overall system. However, in terms of facilitating various terrorism-related activities, technology can be (and is) used quite successfully by those engaged diverse forms of terrorism related activities (ie recruiting, planning, promoting, funding, etc).
I’ve not see Die Hard 4 – sorry – but if its like the other 3, I have some idea of what you mean . Certainly it would be possible to change the dynamics of commerce and communication of any group or country by controlling (in any number of ways) its primary source of public information, or its resources. However, in real life, things are not so simple as they appear in the movies. While some systems can be more brittle than others, technologies that help secure valuable assets (whether static or dynamic), are remarkably resilient.