Loading...
Please wait, while we are loading the content...
Similar Documents
Defining the threat : what cyber terrorism means today and what it could mean tomorrow
| Content Provider | Semantic Scholar |
|---|---|
| Author | Riglietti, Gianluca |
| Copyright Year | 2016 |
| Abstract | As terrorist organizations have become more resourceful and articulate, they have started to utilise the Internet to expand and improve their operations. This is often referred to as cyber terrorism. While several attempts have been made to clearly define this phenomenon, there is no consensus on one international definition. Looking at the literature so far, this paper tries to highlight those characteristics that best describe cyber terrorism today, while also exploring its possible future developments. In order to maintain a hands-on approach, the analysis will provide real life examples from terrorist organizations such as the Islamic State (IS) or the Taliban that are strongly involved in cyber activities. When it comes to defining cyber terrorism, there is no international agreement. Different sources have described it in different ways, trying to strike a balance between the virtual and physical factors included in it. This combination of old and new has divided experts on the matter, whilst those deemed terrorists have developed increasingly sophisticated cyber skills. The aim of this paper is to compare different definitions of cyber terrorism, trying to find the most appropriate one for current and future threats. In order to do this, it will employ a literature review, providing also an observation ofreal life instances of what is considered as cyber terrorism. The analysis will also examine how this phenomenon might evolve in the future, in line with upcoming technologies and the cyber skills of terrorist groups. Accordingly, there will be three main sections. The first one will discuss the definition of cyber terrorism, while the second and third ones will respectively deal with present and future threats. Defining and describing cyber terrorism. In an age of increasing online attacks and terrorist activity, the fear of cyber terrorism has come to exist. The term was coined in the 1980s by Barry Collin, who pointed out how the physical and virtual words were starting to merge in relation to some aspects of terrorism (FBI, 2011). The term has spread widely and quickly since its creation, with law enforcement, academics and media using it to refer to various instances and not always in an accurate way. For instance, both attacks against IT infrastructure and online bullying have been regarded as cyber terror, while perhaps the latter should be more correctly defined as cyber crime. Confusion usually derives from the fact that methods used by cyber criminals and cyber terrorists can be the same, although the goals might be different (Krasavin). Some experts have expressed scepticism towards the term itself, describing it as “useless”, and saying that the cyber space is nothing but another means for terrorist activity. In this respect, the lack of a clear and unified stance by governments towards the issue is preventing the discussion from clarifying the meaning of cyber terrorism. Conflicting interests have led to a stalemate on an international level, which does not allow for a development of new up-to-date measures to identify this threat appropriately (Baranetsk, 2009). Specialists have highlighted the importance of context when drawing a difference between cyber terrorism and cyber crime. Although similar hacking techniques might be used by both terrorists and criminals, only if the perpetrators aim at causing physical damage for The Business and Management Review, Volume 8 Number 3 November 2016 7th International Trade & Academic Research Conference (ITARC), 7-8 November 2016, London, UK 13 political motives it is possible to talk about terrorism. Differently, cyber crime refers to any givenillicit activity in the web (InfoSec, 2012). Adding to this discussion, a report from Symantec (2003) named “Cyberterrorism?” underlines how the Internet can enhance the potential of a terrorist organization, enlarging its capacity for sustainment and the accomplishment of its goals. For instance, terrorists can expand their influence to wider geographical areas thanks to online communication (email, chats, etc.), while also being able to recruit and finance themselves more easily. Their propaganda can be boosted too, with potential new members being able to read all about a terrorist organization, become familiar with their methods and act in a deregulated way. These are sometimes referred to as “lone wolves”, as they usually have little if any direct connection wit the terrorist group itself. These individuals have a high potential for disruption and are very hard to catch, since they might never be in actual contact with another member of the organization while plotting and carrying out the attack. The report also introduces the concept of pure cyber terrorism, which refers to attacks that have no physical involvement at all but can still cause damage for terrorist purposes. It is still hard to say what this entirely virtual terrorism might look like, and while this is certainly a topic worth exploring in the future, physical elements should remain part of the analysis for now (Gordon, Ford). In this regard, Denning (2000) stresses that there is little evidence of purely virtual attacks that can be classified as cyber terrorism, since these groups are mainly using the Internet to spread their message and carry out their activities on the ground. In order to examine the issue, she quotes a 1997 definition from an FBI special agent that classifies cyber terrorism as the “the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against non-combatant targets by sub national groups or clandestine agents” (Denning, 2000, as in Pollitt, 1997). According to this definition, most of the terrorist activities seen on the web at the time of the article did not fit into the category, being considered only a future scenario (Denning, 2000). While this description might have been accurate in the early 2000s, the perception of cyber terrorism has evolved over the years (although not necessarily in a clearer way). The FBI itself has changed the wording several times (Baranetsky, 2009), and today the Bureau is quoting definitions that embrace larger activities other than the sole targeting of IT infrastructure. For instance, they cite research from the Centre for Strategic and International Studies, defining cyber terrorism as “the intimidation of civilian enterprise through the use of high technology to bring about political, religious, or ideological aims, actions that result in disabling or deleting critical infrastructure data or information” (Tafoya, 2011, as in Lewis, 2010). Furthering this more inclusive idea of cyber terrorism, Awan (2014) compares two different perspectives, the first one considering the computer as the main or exclusive weapon and the second one regarding it as a tool to a larger plot (e.g. radicalisation, guidelines on how to build explosives). The author states that most of the terrorist acts involving the Internet fit the second hypothesis better than the first one. Evidence in support of attacks that caused severe loss of life or serious physical damage through the sole use of a computer is still limited. Nonetheless, this does not exclude the possibility that in the future, as terrorists acquire more sophisticated knowledge, a machine could be used as the only means to a physically disruptive attack (Awan, 2010). However, for the time being, when dealing with the threat of cyber terrorism, it would be perhaps more accurate to refer to it as the malicious use of the Internet by terrorists. The United Nations Office for Drug and Crime (UNODC) (2012) divides this in six main areas, namely propaganda, financing, training, planning, execution and cyber attacks. These categories are briefly discussed below: The Business and Management Review, Volume 8 Number 3 November 2016 7th International Trade & Academic Research Conference (ITARC), 7-8 November 2016, London, UK 14 a. Propaganda:Online platforms have increased dramatically the potential for publicity of terrorist groups, spreading their ideas via any virtual possible means (videos, audio messages, chats, social networks etc.). This also comprehends activities of incitement, recruitment and radicalisation of new affiliates. b. Financing:The search for financial resourcescan be conducted through several channels. These comprise direct approach, e-commerce, online payment systems and the use of apparently legitimate organizations. The possibility of having websites dedicated to these activities helps terrorists in facilitating the flow of money with lower detection rates. c. Training: Over time terrorist groups have developed several ways to train new recruits through the Internet. This involves sharing materials on how to produce rudimental weapons and how to carry out an attack. Online training platforms can boost an organization’s reach-out by a great deal, leading to the creation of well-established journals such as Al-Qaida’s Inspire. d. Planning: Internet resources have also had the effect of making it easier to plan an attack. Gathering intelligence on a given target is easier today thanks to the vast amount of open source information that is available, from social media to geographical information programmes (e.g. Google earth). Furthermore, there is the possibility for plotters to use encryption in order for them not to be detected. e. Execution: All of the above can contribute to the final execution of the attack, with the additional advantage that the parties involved in the preparation of the plot but not in the execution itself will be much harder to catch if they have used the right precautions while sharing information or conducting background research (among others). f. Cyber attacks: These are also mentioned by UNODC, although they are addressed as topic for future research rather than in the immediate discussion. This section has aimed at finding a |
| File Format | PDF HTM / HTML |
| Alternate Webpage(s) | http://www.abrmr.com/myfile/conference_proceedings/Con_Pro_58543/conference_91870.pdf |
| Language | English |
| Access Restriction | Open |
| Content Type | Text |
| Resource Type | Article |
