The constant threat of terrorism has changed the needs and methods of the intelligence community like few other things before it. During the creation of the massive intelligence community that came to being after the Second World War, the enemies were clear and intelligence operation had clear objectives. With the proliferation of terrorism, many of America’s enemies are more difficult to ascertain, and a group of a few hundred men living in multiple countries can do the kind of damage as done during the September 11, 2001 attacks. This makes intelligence gathering more difficult, along with the added threat of cyberterrorism that can be conducted by any individual with the will to do so, forcing the intelligence community to work together better and focus on more immediate goals.
In the United States, terrorists can choose from a variety of methods to strike fear and chaos into the lives of Americans. Even recently North Korea has been suspected of launching a cyberattack against large corporate and government servers in the US. With the threat of violent terrorism so prevalent, cyberterrorism may seem almost like a diminished threat when compared to the possibility of nuclear and biological attacks, but a cyberterrorist attack has the potential inflict a great amount of damage on the infrastructure of the United States. More than anything else, the increased threat of cyberterrorism is one of the main concerns in a world increasingly dependent upon computers. While violent terrorism is still of concern, the ease and availability of cyber targets make them prime goals for terrorists. With the economies and governments of so many countries dependent on computer networks, the threat of a cyberterrorist attack is something that America must be forced to confront. In a report to Congress by the Congressional Research Service, a definition for cyber terrorism is left as non-specific as it is for terrorism, citing no universally accepted definition.
However, with definition of terrorism as outlined by the National Infrastructure Protection Center (NIPC), a branch of the Department of Homeland Security, a general definition of cyber terrorism is a criminal attack that includes “the politically motivated use of computers as weapons or as targets, by sub-national groups or clandestine agents intent on violence, to influence an audience or cause a government to change its policies” (Wilson, 2003, p. 4). The definition is also expanded to include DOD operations for information warfare, physical attacks on computer facilities and transmission lines, and any small scale computer attack that may lead to death, injury, power outages, plane crashes, or effect the economy. To carry out such attacks, the cyber terrorist needs to be well schooled in information technology, and there is shortage of these individuals today.
Hackers, crackers, and phreakers are the individuals who carry out most cyber terrorist attacks. Not only does the Internet allow them to access sensitive data, it also allows them to transmit it, as well as share their knowledge with other potential hackers, crackers, and phreakers. Hackers are usually non-destructive, expert programmers and systems engineers. While they possess the ability to perpetrate cyber terrorist attacks, they can also help combat them. Crackers are destructive, using their hacking skills and tools to break into or destroy systems through viruses, steal data, rip off application software, along with a number of other illegal operations (Accounting Software Advisor, 2009). Crackers, unlike hackers, are almost always malicious in their intent and pose a significant threat. Phreakers break into telephone systems to call without charges, tap phone lines, break into voicemail, steal information, spy, and cause other damage.
Phreakers, like crackers, pose a significant cyber terrorist threat, and working in conjunction, crackers and phreakers can perpetrate a serious attack on businesses, governments, and private individuals. The best way to counter the hacking abilities of crackers and phreakers is for agencies to employ their own hackers with knowledge of the many tricks and deceptions that information technology allows. However, without knowing the goals and objectives of a particular cyber terrorist attack, it often becomes difficult to track their operations.
One of the reasons cyber terrorism is so difficult to define is that the goals and objectives of cyber attacks are difficult to discern. As noted in the CRS report to Congress, “labeling a computer attack as ‘cyber terrorism’ is problematic, because it is often difficult to determine the intent, identity, or the political motivations of a computer attacker with any certainty until long after the event has occurred” (Wilson, 2003, p. 4). There is a marked difference between a terrorist organization hacking into a government database to obtain sensitive information, a cracker doing the same to steal credit or identification for financial gain, and a teenage hacker who does so simply because he can. Much high security information has been jeopardized by such actions, and with the information community continuously evolving and getting more sophisticated at a breakneck pace, often security lags behind. But, cyber terrorist goals are usually designed at attacking the infrastructure of a country. According to the Federal Bureau of Investigation, a cyber attack to obtain national security information is one of the greatest threats, though even the less serious categories have real consequences and, ultimately, can undermine public confidence in web-based commerce (E-commerce) and violate privacy or property rights (Watson, 2002). The ultimate goal of all terrorism is to achieve political gains through the attack, and by creating fear in the citizens of their targets, it matters little whether it is through a bomb or through the thought of losing all their money.
But, cyber terrorism is by no means limited to government and economic targets. Efforts are currently being made by the United States government and many of its largest corporations to protect against future cyber attacks. Legislation pertaining to cyber security has already been passed and the Cyber Security Research and Development Act, authorized $903 million over five years for new research and training programs by the National Science Foundation and NIST to prevent and respond to terrorist attacks on private and government computers (Wilson, 2003, p. 23). In addition, steps are being taken to further encryption technology to prevent the vulnerability of communication and other information. But, one of the biggest issues facing all counter terrorism, including cyber terrorism, is sharing of information between agencies. The federal and state authorities must be aware of the possible threats and be in communication to prevent a minor situation from become major. In a war of information, the allies must make sure that they are not only informed but also prepared.
One of the main goals of the intelligence community today is to figure out quick and efficient ways to discover and prevent potential terrorist threats of all kinds. However, they are also in need of a cogent definition of what terrorism is, with most definitions making no distinction between states or sub-states, innocents or non-innocents, and could include terrorism against military forces. However, this issue is addressed by the U.S. State Department, in Patterns of Terrorism issued in April 2004: “The term terrorism means the premeditated politically motivated violence perpetrated against non combatant targets by subnational groups or clandestine agents, usually intended to influence an audience” (U.S. State Department, 2005). This definition makes terrorism an act against civilians, as well as an act that cannot be carried out by states, although the term “clandestine agents” leaves room for interpretation.
Preventing cyber terrorism rests with every citizen. Ultimately, while cyber attacks pose less physical threat than violent terrorist attacks, they have the potential to disrupt the lives of citizens. Making sure government officials and the intelligence community take seriously the cyber threat is just one way the individuals can help prevent it. Employing the most talented hackers to figure out new potential attacks could also help the intelligence community greatly reduce the threat. And, finally, being vigilant about online activities, including the information a person gives out over the Internet is one of the best ways to prevent a cyber terrorist from sneaking into the infrastructure undetected. Like violent terrorism, the threat and the ultimate responsibility for prevention come down to the vigilance of everyday citizens.
REFERENCES
Accounting Software Advisor. (2009). Hacking and cracking. Retrieved July 15, 2009, from
http://www.cpaadvisor.us/sub/1_hacking.htm
U.S. Department of State. (2005). 2004 Country Reports on Terrorism. Retrieved July 15, 2009,
from http://www.state.gov/s/ct/rls/crt/c14818.htm
Watson, D. L. (2002). The Terrorist Threat Confronting the United States. Federal Bureau of
Investigation. Retrieved July 15, 2009, from http://www.fbi.gov/congress/congress02/
watson020602.htm
Wilson, C. (2003). Computer Attack and Cyber Terrorism: Vulnerabilities and Policy Issues for
Congress. Federation of American Scientists. Retrieved July 15, 2009, from http://www.fas.org/irp/crs/RL32114.pdf
