The problems posed by cyber terrorism have received a great deal of attention by the security community, the IT industry, and the mass media in the United States and around the globe. Cyber terrorists who have even a minimal degree of expertise have been able to electronically break into computers that are responsible for controlling air traffic control systems, transportation systems, and dams. These activities have the potential to create havoc as well as threatening the lives of millions of people and national security. Hackers have been able to show that average citizens who are knowledgeable about computers are able to access information that is classified and sensitive, with the potential result of disrupting the operations of critical services. This paper will examine the issue of cyber terrorism, describing an incident of an attack on a major company in the US, and discussing the debate over whether such attacks should even be labeled “cyber terrorism.”
Because most societies in the West operate their critical infrastructures using computers, the possible threat coming from cyber terrorism is alarming (Weimann, 2004.) Hackers may not be motivated by the same objectives that have inspired terrorists, but by breaking into computer systems belonging to governments and security departments, they may be able to paralyze or at least disrupt military, financial, and service sectors of the economies of advanced nations. Societies have become increasingly dependent on the information and technology sectors, making them vulnerable to attacks, and providing terrorists with opportunities to pinpoint targets that would previously have been impervious to attacks; for example, the air traffic control system and national defense agencies are prime targets for such attacks. Countries that are the most technologically advanced are the most vulnerable to intrusions by cyber terrorists that are directed against its infrastructure. Although the actions of hackers have usually been relatively harmless, the threat of cyber terrorism conducted by enemies of the state poses a much greater danger.
Internationally, recent events have raised concerns about whether and when a cyber attack should be regarded as an act of war as well as what types of responses should be directed at perpetrators. These attacks are viewed by some as being equivalent to a use of force occurring in cyberspace that could potentially precipitate a military response with a proportionate use of force (Rollins, 2015.) Cyber terrorism is largely considered to be premeditated and includes the acts of disrupting services or making threats that target computers and/or networks. They are designed to result in harm, or to advance religious, ideological, political, or social goals as well as intimidating people or individuals in the pursuit of these objectives. Crimes involving cyber terrorism may involve unauthorized breaches of networks as well as theft of intellectual property and other information; in addition, the motivation may be financial gain.
One example of a cyber attack that demonstrated how difficult it is to categorize attacks as well is formulate appropriate responsive policies involved an attack on Sony Entertainment in November, 2014. That large company experienced a cyber attack that disabled its information technology systems, destroyed information, and workstations, and was followed by the release of internal emails and other materials (Rollins, 2015.) In addition, it was followed by warnings threatening terrorist attacks in the style of 9/11 and involving theaters that were scheduled to show a film, “The Interview”, that involved a storyline poking fun at North Korea. These warnings resulted in some theaters canceling screenings and Sony ended up canceling its wide release despite the fact that officials in the United States did not have any specific or credible intelligence regarding this type of plot.
Afterwards, the FBI and the Director of National Intelligence attributed the cyber attacks to the government of North Korea (Rollins, 2015.) That country denied its involvement, but praised a group of activists known as the “Guardians of Peace” for having committed the deed that they described as “righteous.” The following month, President Obama vowed to respond in a proportionate way to these attacks by North Korea at some point of the choosing of the US. The attack demonstrated the challenges involved in categorizing cyber attacks and cyber terrorism; the incident was extremely difficult to respond to because the people involved, their motivations, and where they were located were not know definitively. It was simultaneously viewed as an act of cyber terror, a cybercrime, and an act of cyber vandalism (Rollins, 2015.) In addition, it was unclear what form of retaliation would be regarded as proportional, and exactly who should be targeted since North Korea denied its involvement.
Nevertheless, there is tremendous disagreement within the research community of academics in regards to cyber terrorism. That is because there is actually no consensus regarding the degree to which this problem presents an actual security threat, the identity of potential targets of these attacks and indeed, whether these incidents pose a real security threat and whether these attacks have actually occurred (Jarvis, 2014.) There is disagreement about whether or not to consider breaking into computer systems and disrupting operations should be regarded as cyber crimes, cyber attacks, or cyber terrorism. For some parties around the globe, if there was no physical violence or death from attacks coming from cyberspace, they are not viewed as “cyber terrorism.” Others define the attacks as cyber terrorism because of the degree of fear that they inspire and the damage that is done. In any event, the threat of cyber terrorism poses a risk of significant disruption to the lives of ordinary citizens, and as such it is a phenomenon that presents grave concerns to security personnel as well as citizens all over the world.
- Jarvis, L., MacDonald, S., & Nouri, L. (2014 ). The cyber terrorism threat: findings from a survey of researchers. Studies in Conflict and Terror, 68-90.
- Rollins, C. T. (2015, March 27). Cyber warfare and cyber terrorism: in brief. Retrieved from Congressional Research Service: https://fas.org/sgp/crs/natsec/R43955.pd
- Weimann, G. (2004). Cyber Terrorism: How Real Is the Threat? Washington DC: United States Institute of Peace.