Abstract

Abstract Cyberterrorism conjures up images of vicious terrorists unleashing catastrophic attacks against computer networks, wreaking havoc, and paralyzing nations. This is a frightening scenario, but how likely is it to occur? Could terrorists cripple critical military, financial, and service computer systems? This article charts the rise of cyberangst and examines the evidence cited by those who predict imminent catastrophe. Psychological, political, and economic forces have combined to promote the fear of cyberterrorism. From a psychological perspective, two of the greatest fears of modern time are combined in the term "cyberterrorism." The fear of random, violent victimization segues well with the distrust and outright fear of computer technology. Many of these fears, the report contends, are exaggerated: not a single case of cyberterrorism has yet been recorded, hackers are regularly mistaken for terrorists, and cyberdefenses are more robust than is commonly supposed. Even so, the potential threat is undeniable and seems likely to increase, making it all the more important to address the danger without inflating or manipulating it. Tomorrow"s terrorist may be able to do more damage with a keyboard than with a bomb. National Research CouncilFootnote1 For the foreseeable future, acts of cyberterrorism, such as the ones usually imagined, will be very difficult to perform, unreliable in their impact, and easy to respond to in relatively short periods of time. Douglas Thomas, statement to the Subcommittee on Government Efficiency, Financial Management and Intergovernmental RelationsFootnote2 Our nation is at grave risk of a cyberattack that could devastate the national psyche and economy more broadly than did the 9/11 attacks. Carnegie Mellon University computer scientist Roy Maxion in a letter to President G. Bush co-signed by 50 computer scientists Terrorists are interested in creating bloodshed and terror. The Internet doesn"t rise to this level of impact in a way that a truck bomb does. George Smith, Co-editor, vmyths.com Acknowledgments This article is an updated and detailed version of a previous special report, Cyberterrorism: How Real Is the Threat?, issued in May 2004 by USIP. Notes 1.National Research Council. Computers at Risk (Washington, DC: National Academy Press, 1991). Cyberterrorism 2.D. Thomas. "Cyber Terrorism and Critical Infrastructure Protection." Statement to the subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations, 24 July 2002. 3. J. Lewis. "Assessing the Risks of Cybertwrrorism, Cyber War, and Other Cyber Threats." Report submitted to the Center for Strategic and International Studies (CSIS), Washington, DC, 2002), p. 1. 4. J. Green. 2002. "The Myth of Cyberterrorism." Washington Monthly, November, also available at (www.washingtonmonthly.com/features/2001/0211/green/html). 5. For example, the downing of a U.S. spy plane in Chinese airspace (April 2001) resulted in an increase in attacks from both Chinese and U.S. hackers (mostly web site defacements). Another example occurred in 1997 when a group aligned with the Liberation Tigers of Tamil Elam (LTTE) reportedly swamped Sri Lankan embassies with 800 e-mails a day over a two-week period. 6. A. Embar-Seddon. "Cyberterrorism." The American Behavioral Scientist 45 (2002), pp. 1033–1043. 7. R. White and S. Sclavos. "Targeting our Computers." The Washington Post, 15 August 2003, p. A27. 8. D. Denning. "Is Cyber Terror Next?" New York: U.S. Social Science Research Council, available at (http://www.ssrc.org/sept11/essays/denning.htm.2001). 9. Green, "The Myth of Cyberterrorism." 10. Cited by Green, ibid. 11. G. Weimann and C. Winn. The theater of terror (New York: Longman Publication, 1994), p. 20. 12. Mullins, W. A Sourcebook on Domestic and International Terrorism, 2nd edition (Springfield, Illinois: Charles Thomas Publisher, 1997), p. 9. 13. Smart, I. "The Power of Terror," in Contemporary Terrorism: Selected Readings, edited by J. D. Elliot and L. K. Gibson (Gaithersburg, MD: IACP, 1978). 14. B. Hoffman. Inside Terrorism (New York: Columbia University Press, 1998). 15. M. Conway. "What is Cyberterrorism? The Story so Far." Journal of Information Warfare, 2(2) (2003), pp. 33–42; M. Conway."Reality Bytes: Cyberterrorism and Terrorist "Use" of the Internet." First Monday,7(11) (2002), available at (http://www.firstmonday.org/issues/issue7_11/conway/index.html). 16. On the use of the Internet for "conventional" purposes by modern terrorists, see Y. Tzfati and G. Weimann. "WWW.Terrorism.com: Terror on the Internet." Studies in Conflict and Terrorism 25(5) (2002), pp. 317–332; G. Weimann. "WWW.Terror.Net: How Modern Terrorism Uses the Internet." Special Report, 116 (Washington DC: United States Institute of Peace, 2004). 17. Cited by Green, ibid. 18. Cited in P. Thibodeau. "US commission eyes cyberterrorism threat ahead," Computerworld, 17 September 2001, available at (http://www.computerworld.com/securitytopics/security/story/0,10801,63965,00.html). 19. From NPR"s Bob Edwards talk with senators Jon Kyl and Dianne Feinstein, 18 March 2004. 20. Cited in R. Bendrath. "The American Cyber-Angst and the Real World." In Robert Latham (Ed.): Bombs and Bandwidth: The Emerging Relationship between IT and Security(New York: The New Press, 2003), pp. 49–73. 21. Green, 2002. 22. A. Gonsalves. "Security Expected to Take a Larger Bite of IT Budgets." TechWeb News,8 June 2004, available at (http://www.crime-research.org/news/08.06.2004/414). 23. Green, 2002. 24. To illustrate the supposed ease with which our enemies could subvert a dam, The Washington Post"s June story on Al Qaeda cyberterrorism related an anecdote about a 12-year-old who hacked into the SCADA system at Arizona"s Theodore Roosevelt Dam in 1998, and was, the article intimated, within mere keystrokes of unleashing millions of gallons of water on helpless downstream communities. But a subsequent investigation by the tech-news site CNet.com revealed the tale to be largely apocryphalthe incident occurred in 1994, the hacker was 27, and, most importantly, investigators concluded that he could not have gained control of the dam and that no lives or property were ever at risk. 25. D. Ronfeldt and J. Arquilla. "Networks, Netwars, and the Fight for the Future." First Monday6(10) (2001); J. Arquilla and D. Ronfeldt. "The Advent of Netwar" (revisited) (2001). In Networks and Netwars,edited by J. Arquilla and D. Ronfeldt (Santa Monica: RAND Corporation), pp. 1–25). 26. D. Denning. 1999. Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy(Washington, DC: Nautilus, 1999), available at (http://www.nautilus.org/info-policy/workshop/papers/denning.html); D. Denning. 2000a. Testimony before the Special Oversight Panel on Terrorism, U.S. House of Representatives, Committee on Armed Services 23 May 2000a, available at (http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html); D. Denning. 2000b. "Cyberterrorism." Global Dialogue (Autumn), (2000b), available at (http://www.cs.georgetown.edu/~denning/infosec/cyberterror-GD.doc); Denning, op. cit. 27. Ibid. 28. C. Nicol. (not dated). "Internet Censorship Case Study: Euskal Herria Journal," The APC European Internet Rights Project, available at (http://europe.rights.apc.org/cases/ehj.html). 29. B. Collin. 1997. "The Future of Cyberterrorism." Crime and Justice International (March issue, 1997), pp. 15–18, available at (http://afgen.com/terrorism1.html). 30. See "Realizing the Potential of C4I: Fundamental Challenges," a report prepared by the Committee to Review DOD C4I Plans and Programs, Commission on Physical Sciences, Mathematics, and Applications, National Research Council, 1999. Available at (http://www.nap.edu/catalog/6457.html). 31. D. Verton. Black Ice: The Invisible Threat of Cyberterrorism (New York: McGraw-Hill Osborne Media, 2003a). 32. Reported at (http://www.computerworld.com/securitytopics/security/story/). 33. D., Denning. 2001."Is Cyber Terror Next?," op. cit.. 34. Reported by B. Krebs. 2003. "Feds Building Internet Monitoring Center." The Washington Post Online, January 31, at: http://www.washingtonpost.com/ac2/wp-dyn/A3409-2003Jan30. 35. Cited in Krebs, ibid. 36. Cited in The Washington Post, 3 September 2003. 37. A. Lake. Six Nightmares (New York: Little, Brown and Company, 2000). 38. K. Coleman. 2003. "Cyber Terrorism." Directions Magazine, 10 October 2003, available at (http://www.directionsmag.com/article.php?article_id=432). 39. M. A. Vatis.. "Cyber Attacks During the War on Terrorism: A Predictive Analysis," 2001. Special Report, Institute for Security and Technology Studies, available at (http://www.ists.dartmouth.edu/ISTS/counterterrorism/cyber_attacks.htm). 40. Thomas, op. cit. 41. Lewis, op. cit. 42. Cited in N. Shachtman. 2002. "Terrorists on the Net? Who cares?" Wired News, 20 December 2002, available at (http://www.wired.com/news/infostructure/0,1377,56935,00.html). 43. Op. cit. 44. See (http://2004.rsaconference.com/). 45. Cited in E. Montalbano. 2004. "Homeland Security Chair likens "Cyber Terrorists" to Al Qaeda." CRN News, available at (http://www.crn.com/sections/BreakingNews/dailyarchives.asp?ArticleID=48215). 46. Green, 2002. 47. Green, op. cit. 48. Ibid. 49. Denning, op. cit. 50. Cited in Green, op. cit. 51. T. Spellman. 2004. "Expert: U.S. At Risk of Cyberterrorism." The Dartmouth Online,19 April 2004, available at (http://www.thedartmouth.com/article.php?aid=2004041901010k/). 52. Cited in Spellman, ibid. 53.Ibid. 54. Verton, 2003a, op. cit., p. 93. 55. Hamid Mir, editor of Ausafnewspaper, cited in Verton 2003a, op. cit., p. 108. 56. Court transcript, U.S. vs. Osama bin Laden, 21 February 2002. 57. Ibid. 58. D. Verton. Cyberterrorism & security: New definitions for new realities, paper presented at the Cato Institute Book Forum, 12 November 2003b, Washington, DC.