Cyberterrorism : future trends and impact

Abstract

As the world enters the information age, countries has undertaken extensive study of the "Revolution in Military Affairs" and information warfare. This thesis examines the implications of information warfare tactics and techniques for terrorism. It explores the possibility that computers may revolutionize terrorism. Two concepts are often embodied in academic definitions of terrorism: violence and terror. By adding information warfare techniques, the definition of terrorism could be expanded to include "cyberviolence," the destruction or manipulation of computer information. The "violence" done to this information, which is becoming increasingly important for security and economic prosperity, should be considered terrorism. Although terrorists might turn from destruction to the creation of mass disruption, the addition of information warfare tactics to the terrorist's arsenal does not imply a less destructive future. Should terrorists choose to target critical computer systems they could create destruction and disruption simultaneously. While there have been many studies in the separate areas of terrorism, cyberterrorism and cyber warfare, it is hoped that by putting them together we can establish the significance of the cyberterrorism threat. We have verified firstly that cyberterrorists are likely to have similar motivations with terrorists in desiring violence and destruction to meet their political or other causes. While there have been no clear acts of cyberterrorism to date, this could be the result of lack of ability to carry out the attacks in cyberspace and not the feasibility. However, this situation is not expected to remain as is, given the advantages offered by cyberterrorism against forces and societies that rely heavily on information technology. Moreover, many terrorist and state sponsored groups are seeing the asymmetrical benefits of information warfare as a means of redressing the conventional military imbalance of the U.S. vis-à.-vis the rest of the world. This thesis reaches several conclusions regarding information age terrorism. First, the definition of terrorism must change to include cyberviolence and disruption. Second, the terrorist threat is likely to become more "demassified," with smaller numbers of individuals able to create disruption via virtual worldwide organizations. Third, the pattern of state sponsorship is likely to change. While old state sponsors will continue to exist, terrorists may turn to poorer states or choose to fund themselves via information warfare crime. Fourth, information warfare techniques may afford terrorists the ability to target their message more effectively. Fifth, the nature of offense and defense in cyberspace does not mirror that of "conventional" offense and defense in the physical world. In light of these conclusions, the best method to counter information age terrorism is a joint government/industry program of defensive measures that will increase the effort required for computer disruption while simultaneously diminishing the potential returns offered by this new form of terrorism. At the same time, a strategy that is based on some form of international cooperation is recommended to counter cyberterrorism. Finally, the lack of actual examples of cyberterrorism (although a blessing) makes it hard to pinpoint specific methods, tools or desired outcomes for policy recommendations. There is much literature available on the methods, motivations and psychology of terrorists, but little is available in comparison for cyberterronsts. What is available tends to be confined to arguments on the nature of the threat, rather than the threat itself. Thus more work will need to be done on studying the vulnerability of critical information systems, their potential exposure to cyberterronsts and the damage they could do if they gained access. However, just as the events of 9/11 caught the world by surprise, so could a major cyberassault. Therefore we can neither deny its threat nor dare to ignore it.