Cyber-terror encompasses many types of acts,
which are defined as unlawful by statutes, regulations or other forums
that dictate acceptable and legal activities. For the purpose of addressing
the cyber-security of protected information cyber-terror includes the
following definition.
Cyber-Terror - is the use of computers and communication
systems to commit or attempt to commit a criminal act which involves
the actual or threatened unauthorized destruction, manipulation,
extraction, or tampering with any information in electronic format,
or any physical equipment or devices, which store, process, access
or distribute information in electronic format, where such acts are,
or are part of, a conspiracy or scheme to bring, or which is likely
to bring, maiming, injury or death to human life or the fear of maiming,
injury or death to human life. It is a criminal act with an extremely
evil intent or an objective that includes at least the potential
of serious maiming, injury or death to human life.
Are cyber-terror attacks
real?
Because cyber-terrorist utilize the
same cyber-crime techniques developed by the multi-national organized
cyber-crime syndicates, it is often difficult to determine whether a
cyber-crime attack is a true cyber-crime attack or an exploratory cyber-terror
attack by an international terrorist organization. In fact, it is quite
likely that some of the actual cyber-crime attacks reported are actually
exploratory cyber-terror attacks.
Cyber-terror is currently not a common event. However, it is a serious and
immediate threat that everyone must consider and diligently provide security
to protect against.
Moscow’s cyber-crime squad’s biggest
nightmare and that of their counterparts in Western Europe and
the U.S. is digital attack. This, unfortunately, is the future face
of terrorism.
Time Magazine, Jun 10, 2002. Underline
added.
A recent survey in the United Kingdom established
that cyber-terrorist have hacked into a third of the country’s
big companies and public sector organizations, including government
offices, causing damage ranging from infiltrating bank accounts to
information theft. The attacks had raided corporate bank accounts,
stolen information and been responsible for investment fraud,
credit card fraud and sales fraud. The foreign secretary warned
that cyber-terror could cripple Britain faster than a military
strike because computers are managing most of the country’s
infrastructure.
The Guardian (London), Apr 3, 2002.
Underline added.
Point: Many experienced counter intelligence
agencies and strategic defense planning experts both in the U. S. and
throughout the world are reporting that it is just a matter of time
before regular cyber-terror attacks begin occurring against U. S. organizations.
The cyber-terror attacks are expected to first be directed at critical
public and private infrastructure components and high terror-impact
targets. These initial waves of cyber-terror attacks will be followed
by repeated cyber-terror attacks on average America organizations to
create what the terrorist hope to be wide spread panic and the ultimate
withdrawal of the America businesses and organizations from the use
of modern computers and modern communication systems.
The Bush Administration's cyber security
chief has long been one of the loudest voices warning of a so-called
digital Pearl Harbor, a surprise attack focusing on the United State's
critical digital infrastructure.
BBC News Online, June 27, 2002. Underline
added.
Information about both public and private
computer systems that control the nation's infrastructure
was found in seized al Qaeda computers.
CNN Washington Bureau, June 27, 2002. Underline
added.
A recent survey of 725 cities by the National
League of Cities (NLC) put biological, chemical and cyber-terrorism
at the top of their list of concerns about terrorist threats. The
survey of cities found that biological terrorism topped the list of current
concerns (mentioned by 82 percent of all cities and 95 percent of large
cities), followed by chemical threats (81 and 92 percent), and cyber-terrorism
(80 and 91 percent).
U.S. Newswire, Sep 4, 2002. Underline added.
Cyber-terrorism is a concern of 80 percent
of all cities but only 26 percent said their plans address cyber-terrorism. Among
large cities, 91 percent are concerned about cyber-terrorism but
only 43 percent have developed strategies that address that threat
in their anti-terrorism plans. The survey was conducted by the
National League of Cities in July and August of 2002. Out of the
725 respondents, 142 were cities with populations of 100,000 or
more.
U.S. Newswire, Sep 4, 2002. Underline
added.
US authorities are said to be reassessing
the cyber threat posed by al-Qaeda in light of recent intelligence
and evidence of attempts to access electronic systems from the
Middle East and South Asia. Until recently, US authorities
considered the main threats of coordinated cyber mischief from
state actors such as China and Russia.
BBC News Online, June 27, 2002. Underline
added.
Questioning of captured al-Qaeda operatives
also found that the terror group was interested in a class of
digital devices involved in distributed control systems (DCS)
and supervisory control and data acquisition (SCADA) systems. DCS
systems have been used for the last 20 years to help operate industrial
operations including oil refineries and power plants. ….The
FBI issued an alert earlier this year that al-Qaeda operatives were
researching SCADA systems on the web with a particular interest
in water supply and wastewater management.
BBC News Online, June 27, 2002. Underline
added.
Americans are a strong and very resourceful group of individuals and this new
potential wave of cyber-terror attacks will not likely succeed in destroying
America. However, to minimize the impact of cyber-terror, American governmental
agencies and American organizations need to prepare sound cyber-security
defenses. These defenses must not only minimize the potential damage from
cyber-terror attacks, but also dilute the terror-fear factors, which are
the key elements to the international terrorist attack strategy.
As one wise and dedicated American businessman while ordering a ppn system
stated:
From my perspective, being in charge of
my company's cyber and network security, it doesn't make any difference
what the motive of an attacker is, whether he's out to deliver a political
message, steal funds from my company, or launch a cyber-attack against
the critical infrastructure of the United States, I'm here to protect
the data, the computer systems and the networks, and I'm going to exercise
the due diligence and provide the security needed to do that regardless
of the motive of the cyber-attacker.
Are You a Target?
If you or your organization receives, processes, stores
or distributes sensitive, confidential or secret information, defined
as protected information, or you or your organization have access rights
to someone who does receive, process, store or distribute protected information,
you are a target.
Protected information includes, but is not limited to, such items as identity
information, credit or debit card account information, banking, retirement
or financial information, of any employee, agent, partner, associate, staff
member, customer, client, patient, beneficiary, vendor, contractor, supplier,
shareholder, or other party.
Your organization is exposed to significant damage losses and liabilities from
a cyber-terror attack. It is very important that all employees and contract
hires are fully aware of this fact. Each should also be aware that a successful
cyber-crime attack could result in your organization being required to pay
large sums of money to each of the individual damaged victims. These damage
payments could drastically impact the financial strength of your organization
and affect its ability to maintain current staffing levels and payroll. In
fact, a very serious cyber-terror attack could result in the bankruptcy of
your organization.
