By Victoria Baranetsky, The Harvard Law Record
Published: Thursday, November 5, 2009
No Consensus on a Definition
- “We even lack a unified definition of cyberterrorism and that makes discourse on the subject difficult.”
- “The FBI alone has published three distinct definitions of cyber-terrorism: “Terrorism that initiates…attack[s] on information” in 1999, to “the use of Cyber tools” in 2000 and “a criminal act perpetrated by the use of computers” in 2004.”
- Two explanations on why it is difficult to agree on a definition:
- “The interest in cyber issues only started in the nineties so the terms are still nascent.”
- “The meaning [of cyberterrorism] depends on differing interests.”
- Some believe that “terrorists will use any strategic tool they can” so “cyber” terrorism is no more important then other forms.
What is the goal and who is affected by cyberterrorism?
- Like any form of terrorism, cyberterrorism aims to “cause severe disruption through widespread fear in society.” Because we are so dependent on digital material and systems, we are very vulnerable to this type of terrorism.
- The U.S. is particularly dependent on online systems. Countries that don’t depend so strongly on digital systems have an opportunity to attack without the risk of suffering from similar counterattacks.
From Fresh Air on NPR
April 19, 2010
Richard Clarke served as a counterterrorism adviser to Presidents Bill Clinton and George W. Bush. Clarke predicted the 9/11 attacks but was not taken seriously. Now he is focusing on the possibilities of computer-based terrorism attacks.
What kind of harm could a cyberattack cause?
According to Clarke, here are a few examples:
- Disable trains all over the country
- Blow up pipelines
- Cause blackouts and damage electrical power grids so that the blackouts would go on for a long time
- Wipe out and confuse financial records so that we would not know who owned what
- Disrupt traffic in urban areas by knocking out control computers
- Wipe out medical records
Where can attacks come from and how are they executed?
Cyberattacks are not limited by national boundaries, and just one person can cause much harm. A large team is not necessary to successfully complete this type of attack. “Malicious code may infect a computer via a security flaw in a Web browser, or it could be distributed through secret back doors built into computer hardware.”
The government does have security set up to protect military and intelligence networks, but Clarke “worries not enough is being done to protect the private sector — which includes the electrical grid, the banking system and our health care records.”
“One common attack is for hackers to take over a series of home computers through backdoor security exploits. For example, malicious software can be downloaded onto a hard drive after you accidentally visit a compromised website. Your computer can then be used in conjunction with other compromised computers to engage in a large-scale attack. The average computer user may not realize when their computer has been drafted into a cyberattack.”
Clarke’s recommendations on how to reduce your risk of an attack
- Never use your work computer at home, where it may be unintentionally compromised by another member of your family.
- Make sure your online banks have more than just a password for security protection.
- If you’re going to buy things online, have a credit card for that purpose with a low credit limit.
- Don’t do banking or stockbrokering online and have a lot of money at risk — unless your stockbroker gives you a two-step process for getting in.
From Fresh Air on NPR
February 10, 2010
James Lewis is a senior fellow at the Center for Strategic and International Studies and the co-author of the report “Security Cyberspace in the 44th Presidency.” He predicts that within a decade, Al Qaeda will develop capabilities to carry out attacks on the web.
“Every single day, sensitive information is stolen from both government and private sector networks as criminals become increasingly more sophisticated…
Recent breaches at Google and the Department of Defense have illustrated that the United States is not yet ready to deal with a large scale cyber-attack.”
By John Blau, Network World
November 29, 2004
The Good News
Experts “don’t think [would-be terrorists] have the technical ability yet – in other words, the combined IT and control system skills needed to penetrate a utility network.
The Bad News
Hackers “are beginning to acquire some of these skills… and in many parts of the world [people] are willing to peddle their expertise for the right price or political cause.”
The Worse News
- “Few, if any, of the industrial control systems used today were designed with cybersecurity in mind because hardly any of them were connected to the Internet.”
- “Many of the “private” networks now are built with the help of competitively priced fiber-optic connections and transmission services provided by telecom companies, which have become the frequent target of cyberattacks.”
- Moreover, security isn’t necessarily related to a country’s wealth. Levels of protection vary from country to country.