The Future of Cyber Terrorism

In this post I would like to discuss a bit about the future of our world and the threats which we may face in near future.
A critical factor in defending against cyber terrorism is thinking towards the future. It is easy to fall into the trap of projecting what terrorists might do in the future to our current technologies. But, we must think about what terrorists might do in the future to our future technologies. This becomes doubly challenging since predicting the future is always difficult and this challenges us to predict the future in two dimensions. Future terrorists will not attack what we have now!
They will attack what we will have in the future. For example, as we evolve more toward virtual worlds, diskless workstations (‘thin client’), and computing capabilities are being deployed at a national-level utility rather than as individual or corporate data systems. We would be wise to extrapolate into the future based on current trends, then to think about how cyber terrorists might attack our future environment and technology infrastructure.

Software, hardware, and data may be provided as a central utility, supplying customers at low cost. This would liberate individuals and corporations to focus on their core missions, rather than maintaining an information technology department, dealing with security, applying updates and patches, managing a ‘help desk’, etc.

With our nation’s cyber landscape destined to change, and cyber terrorism evolving its target of attack, we must channel our thoughts and actions toward the future of both cyber terrorism and technology; we must understand their convergence, and we must address the security requirements of that future.

Regardless of whether cyber terrorism is a misnomer, a serious threat to life, safety, and our critical infrastructures, or just an annoyance, we need to be ever vigilant and forward-thinking to meet future challenges regarding cyber security.

How Real a Threat is in cyber terrorism?

To understand the potential threat of cyber terrorism, two factors must be considered: first, whether there are targets that are vulnerable to attacks that could lead to violence or severe harm; and second, whether there are actors with the capability and motivation to carry them out.
Looking first at vulnerabilities, several studies have shown that vital infrastructures are potentially open to cyber terrorist attack. “Eligible Receiver”, a no-warning exercise conducted by the US Department of Defence in 1997, found that power grid and emergency 911 systems had weaknesses that could be exploited by an adversary using only tools publicly available on the Internet. Although neither of these systems was actually attacked, study members concluded that the services these systems provide could be disrupted

Although many of the weaknesses in computerised systems can be corrected, it is effectively impossible to eliminate all of them. There is always the possibility that insiders, acting alone or in concert with other terrorists, will misuse their access capabilities. For instance, the state-run gas monopoly Gazprom was hit in 1999 by hackers who collaborated with a Gazprom insider. The hackers allegedly used a Trojan horse to gain control of the central switchboard, which controls gas flows in pipelines. Gazprom, the world’s largest natural gas producer and the largest gas supplier to Western Europe, denied the report.

If we assume, then, that vital infrastructures are vulnerable to cyber terrorist attack, the question becomes one of whether there are actors with the capability and motivation to carry out such operations. While many hackers have the knowledge, skills and tools to attack computer systems, they generally lack the motivation to cause violence or severe economic or social harm. Conversely, terrorists who are motivated to cause violence seem to lack the capability or motivation to cause damage in cyberspace.

Effects of Cyber Terrorism on economic & social life

Cyber-terrorism has also become an economical interest. With the heightened fear of cyber-terrorism, an “arms race” for better technological security in defending their equipment against the risk of cyber-terrorism threat. The rise in the number of consultants and also availability of security software and devices has become an economical advantage as the products they offer would be an increasing need with the increased dependancy due to the threat that might appear.

Here I would like to share with you some points regarding different effects of cyber terrorism in social and economical issues:

Direct Cost Implications:
• Loss of sales during the disruption
• Staff time, network delays, intermittent access for business users
• Increased insurance costs due to litigation
• Loss of intellectual property - research, pricing, etc.
• Costs of forensics for recovery and litigation
• Loss of critical communications in time of emergency.

Indirect Cost Implications:
• Loss of confidence and credibility in our financial systems
• Tarnished relationships& public image globally
• Strained business partner relationships - domestic and internationally
• Loss of future customer revenues for an individual or group of companies
• Loss of trust in the government and computer industry

The following cases are notable incidents of cyber terrorism:

During the Kosovo conflict in 1999, NATO computers were blasted with e-mail bombs and hit with denial-of-service attacks by hacktivists protesting the NATO bombings. In addition, businesses, public organizations, and academic institutes received highly politicized virus-laden e-mails from a range of Eastern European countries, according to reports. Web defacements were also common.

In 1998, ethnic Tamil guerrillas swamped Sri Lankan embassies with 800 e-mails a day over a two-week period. The messages read "We are the Internet Black Tigers and we're doing this to disrupt your communications." Intelligence authorities characterized it as the first known attack by terrorists against a country's computer systems