How to Watch and Read this Chapter
The main objective of this chapter is to give you an overview of the current threat posed by “cyber terrorists” to Critical National Infrastructures (CNI) and what measures can be put in place to mitigate their actions.
Cyber Terrorism: a Working Definition
To date, there are no universally accepted definitions of cyber terrorism, as the concept of terrorism in itself is highly disputed at the international level. For example a rebel group targeting police forces in the context of an escalating civil conflict might be labelled as a “terrorist group” or a “liberation army” depending on the stakeholder’s perspective in the conflict.
There are however some dictionary definitions:
Merriam Webster defines cyber terrorism as: “terrorist activities intended to damage or disrupt vital computer systems”.
Similarly, the Cambridge Dictionary defines it as: “the use of the internet to damage or destroy computer systems for political or other reasons”.
There are also more elaborate definitions as the one put forward by Luiijf, 2014, where the author considers relevant:
“The use, making preparations for, or threat of action designed to cause a social order change, to create a climate of fear or intimidation …”
made with the intention to achieve any goal (political, religious, racial)
“… by affecting the integrity, confidentiality, and/or availability of information, information systems and networks, or by unauthorized actions …”
which should involve violence, serious injuries, damage to properties, risk to health and a serious breach of the social and political stability and cohesion of a country.
This chapter uses the definition as proposed by the National Conference of State Legislatures:
The use of information technology by terrorist groups and individuals to further their agenda. This can include use of information technology to organize and execute attacks against networks, computer systems and telecommunications infrastructures, or for exchanging information or making threats electronically.”
Rather than defining the act this definition has the merit to restrict the concept of cyber terrorism to the actors (i.e. terrorist groups and individuals) who perform online actions to reach their goals.
This allows to achieve better conceptual clarity as a list of individuals and entities associated with terrorist activities is updated by the United Nations.
Terrorist Groups Using ICT: The Major Players
This video explains the strategic goals and tactics of major terrorist groups using ICT, including:
- ISIL (Da’esh)
- al-Qaeda
Assessing the Evidence: Is There a Threat to CNI Posed By Terrorist Groups?
A study by Gross, Canetti and Vashdi (2017) has shown that exposure (in the form of video clips) to lethal and non-lethal cyber terrorism generate a “stress-based cyber terrorism effect”.
Exposure to cyber terrorism is not harmless and leads to reactions similar to conventional terrorism, such as:
- stress
- anxiety
- insecurity, a preference for security over liberty
- a re-evaluation of confidence in public institutions
- a heightened perception of risk and support for forceful government policies
This leads into support for internet surveillance, regulation of the internet and kinetic responses to terrorism.
However, what is the current assessment of the threat posed by cyber terrorists?
According to the Worldwide Threat Assessment of the US Intelligence Community:
Terrorists could obtain and disclose compromising or personally identifiable information through cyber operations, and they may use such disclosures to coerce, extort, or to inspire and enable physical attacks against their victims. Terrorist groups could cause some disruptive effects—defacing websites or executing denial-of-service attacks against poorly protected networks—with little to no warning.”
p. 6
Generally speaking, there is a consensus among experts that terrorist groups’ ability to launch major and large scale cyber attacks is lower compared to that of state actors.
There are two main reasons for this assessment:
- Terrorists seem unable to develop new malware. Rather, they resort to what is already available.
- Perpetrating a major attack against a CNI would require not only advanced network operations skills, but also engineering expertise. These forms of expertise and skills could be hard to assemble for terrorist organizations.
However, because of the fast changes in technology and the possibility to acquire complex exploits from more sophisticated actors, cyber terrorists need continuous monitoring.
Tackling Terrorism Online: How the US Cyber Command Disrupted the ISIL Online Network
In the context of the international military intervention against the Islamic State of Iraq and the Levant (ISIL), the US military launched a cyber operation to dismantle the terrorist organization’s ability to operate in cyberspace.
The task assigned to task force JTF-ARES was to curb ISIL activities in cyberspace. Instead, Operation Glowing Symphony tried to curb ISIL social media and internet propaganda.
Today, it is unknown whether Glowing Symphony is still ongoing, although it is known that JTF-ARES still operates.
Glowing Symphony and JTF-ARES activities are seen as a demonstration of the nation’s offensive cyber capability and a model describing the “American way” of conducting cyber warfare.
Operation Glowing Symphony: An Assessment
The National Security Archive (NAS) obtained documents assessing the first phase of Operation Glowing Symphony.
Outcome of the operation:
- The operation is assessed to have “imposed time and resource costs” by disrupting activities, leading USCYBERCOM to assess “that OGS successfully contested ISIL in the information domain.”
However challenges were also highlighted:
- shortcomings in data exploitation capabilities, mostly related to storage of the data itself
- problems in targeting procedures (clearing targets for engagement)
- coordination with other US agencies and departments