History of Cyber-Terrorism - Research Paper Example

The Impact of cyber-Terrorism on the US Economy Abstract The paper purpose is to evaluate the possible effects of cyber-terrorism on the US economy. For this purpose, the historical background of cyber-terrorism has been evaluated which highlighted that the effects of cyber-terrorism could result in loss of confidential information, availability of information, information integrity and physical destruction as well. The deterrents include strong virtual security measures taken by the related security agencies working in the country. However, more international cooperation should be pursued for monitoring and preventing the cyber-attacks. History of Cyber-Terrorism History of cyber terrorism is not very old. In the early years of 1990s when the Internet saw a massive rise in its growth and use and the concept of “information society” emerged and practiced, numerous theories and studies highlighted the potential risks attached with this kind of society particularly in the United States of America (Weimann, 2004). Weimann (2004) further highlights that the National Academy of Sciences, in 1990, highlighted the gravity of cyber terrorism and clearly mentioned the term “electronic Pearl Harbor.” Based on this historical development on the issue of cyber terrorism, it can be extracted that with the emergence of the Internet there were only studies, theories, observations and possibilities of cyber threats but there was no concrete and solid evidence or study reflecting the occurrence of cyber terrorism across the United States of America. However, despite the fact that the cyber terrorism only exists at the perception level, still the possibility of such terrorist attack have not been undermined. The threat and fear of cyber terrorism received fresh overhaul after the terrorist attack of 9/11. The magnitude of this terrorist attack was so colossal that the entire nation and the global community vehemently condemned the attack and planned to restrict terrorist from using any other means to harming civilians. In this regard, Weismann (2004) points out that electronic and print media overplayed the threat of cyber-terrorism particularly after the events and he quotes that the Washington Post in June 2003 mentioned in its headlines: “Cyber-attacks by Al Qaeda Feared, Terrorists at Threshold of Using Internet as Tool of Bloodshed, Experts Say.” A closer analysis of this headline is reflecting nothing but spreading the fear of cyber attacks. It is worth arguable that such headlines were only benefiting the terrorist agendas who always wanted to spread fear in common civilians and they are fully aware of that it is the power of that fear through which they can harm ordinary Americans easily. Additionally, instead of maintaining and demonstrating media ethics by behaving responsibly, both electronic and print media only spread panic not only in the United States but also across the world as well. Cyber-terrorism is an act of terror through cyber space (McIver and Elmagarmid, 2002, p.132). Based on this definition, it can be highlighted that cyber terrorism is different from the conventional terrorism but it is an illicit activity which is carried out on the land of the Internet (Bennett, 2007.p. 45). Additionally, it has also be pointed out that it has same sort of effects, intentions of terrorists and terror groups who use the source of the Internet for carrying out the act of terrorism. Effects on the US economy Cyber-terrorism will leave devastating effects on the US economy. In this regard, Rollins and Wilson (2007) have mentioned four major but substantial effects on the US economy: loss of integrity, loss of confidentiality, loss of availability and physical destruction. Each effect has its own dimension and subsequent effects. Rollins and Wilson (2007) highlights that the loss of integrity means that information could be amended or blurred improperly in which the original objective of information and mode of using that particular information would be lost and the new user or existing user would not be able even to detect that deviation. Based on this major effect, it can be deduced that the cyber-attacks would not physically or virtually harm the functional systems and operations but they would only include something new and exclude the previous information in which the users would not be in a position to avail the original objective by operating the system. Additionally, this would also consume more time and energy of users and they would be frustrated by the improper function of the systems. Loss of confidential information would wreck havoc throughout the users. In the recent Internet history, more reliance have been placed on the use of passwords and other confidential measures for accessing and using the computer systems for carrying out their routine personal or professional transactions and activities. In case of losing confidentiality, it would be very difficult for the related organization and for the user to quickly fix the problem and avoid any loss that could be caused by that activity of theft through the use of cyber-terrorism. In other words, first both the organization and the users would be required to figure out the reason behind the dysfunction and during this time the terrorists would have done the work of harm until the affected organization investigate the reason. Loss of availability would bring numerous of problems for users and other organizations affected by the terrorist attack. For example, a company works in a retail industry and uses electronic selling for advertisement and marketing of its products, and for this purpose, it uses its web pages for displaying the product pictures and their prices as well. After the cyber-attack, the customers of the company would not be able to see the products and their prices on the company websites and only that information is visible that is left by the cyber terrorist. In other words, the loss of availability of related information would bring numerous challenges and problems for the affected company. For example, the affected company would be required to repair the affected pages and gather all the relevant information and data that have been used in the web pages. For this process, the affected company would incur web repair charges besides uploading the stolen products information. In this regard, it is significant to highlight that the affected company might face some legal cases because the affected customers and users highlight that their credit card information and money have also been stolen. In other words, the affected company would also face legal cases in which the chances of additional litigation cost cannot be ruled out. The subsequent effects of physical destruction can also severely impact on the operational capability and performance of the affected physical infrastructure. In this regard, it is significant to mention that various physical infrastructure works through software configuration (automation) in which commands and subsequent operations and performance and levels are determined and controlled through automation (Snow, 2011). In other words, a total reliance on the use of computer-based activities is normally carried out in physical activities. And these virtual activities are remotely controlled and operated as well by using different latest operational mechanism through the source of the Internet. In this condition, if cyber terrorists attack on the critical and sensitive infrastructure, the physical activities of the affected system would fail to perform its normal routine function and this could lead to massive destruction of physical infrastructure across the nation. Deterrents At the national level, the US government has taken a number of cyber security measures for preempting, detecting, controlling and preventing the cyber attacks (Rollins and Wilson, 2007). For this purpose, they have specifically established departments within the following departments: Department of Homeland Security (DHS), Department of Defense (DOD), Federal Bureau of Investigation (FBI), National Security Agency (NSA), Central Intelligence Agency (CIA) and Inter-Agency Forums (Rollins and Wilson, 2007). In this regard, it is important to mention that each agency has separate mandate and work within the specified boundaries. The role of DHS is very significant for deterring the cyber-attacks. For example, in February 2006, DHS sponsored and participated in exercise Cyber Storm which evaluated and tested the US government ability to counter the cyber terrorist attacks (Rollins and Wilson, 2007). Based on this exercise, it can be further deduced that DHS has been constantly upgrading its virtual capability and relevant skills to understand and thwart any cyber terror attacks on the US government. However, it is and it will be a challenging situation for DHS to preempt such cyber-attacks because in the virtual world it is not possible to estimate or forecast that a cyber-attack from a terrorist group is about to take place. DOD assigned responsibility within DOD for collecting and ensuring coordination with private and public sector for protection of critical defense infrastructure in its Directive no. 3020.40 in August 2005 (Rollins and Wilson, 2007). In other words, the role and coordination between private and public sector companies is highly significant given the nature and magnitude of cyber terror attacks. Consequently, the benefit of this coordination would be that all the concerned departments and organizations would be in a position to share the relevant information within the framework of coordination and cooperation. Moreover, the role of the internet companies, such as Yahoo, Google and other high-tech companies would be of crucial importance for ensuring and retaining a strong coordination among and between the public and private sector firms because these companies have higher professional capability to detect and highlight the possible locations and methods of cyber-attacks. And their coordination with DOD will enable and provide a reasonable and effective deterrent against cyber-terrorism. The role of FBI is also important for deterring cyber-attacks. In this regard, Rollins and Wilson (2007) signify that the FBI Computer Intrusion mechanism for providing operational and administrative guidance and support for detecting and investigating computer intrusions. Based on this information and role of FBI, it can be deduced that FBI fully understand the gravity of cyber-terrorism and has provided a reasonable training and development to the related department personnel for ensuing the cyber security of the nation. Through this technical capability, FBI will be in a position to actively pursue any cyber attack within the country. For example, if a cyber-terror attack is launched within the US, FBI would be quick to hunt down the terrorist because it has strong ground presence which empowers the agency to apprehend the cyber terrorists. However, if the attack is launched from outside the US, it would be chances to coordinate with the external related agencies for detecting and apprehending the culprits. NSA has set up the National Centers of Academic Excellence in Information Assurance Education (CAEIAE) for decreasing national information infrastructure exposure through supporting higher academic support in information assurance (Rollins and Wilson, 2007). Based on this information, it can be extracted that NSA is not working for short term solution instead it has put in place a long term comprehensive strategy in which continuous capability enhancement program is being pursued through incorporating modern technology-based changes and developments taking place in the field of the information technology. As a result of this deterrent, NSA does not rely on the external support for hunting down any cyber-terrorism activity but has mainly focused on its own resources and methods for enhancing its professional method for handling and tracking down the attackers involved in the cyber-terrorism. The CIA Information Operations Center plays a key role against cyber-terrorism (Rollins and Wilson, 2007). The main security objective of this Center is to evaluate and detect threats from enemy states and criminal outfits and dangerous hackers (Rollins and Wilson, 2007). In this regard, the role of CIA against cyber-terrorism is of crucial importance because its mandate is more than FBI and has access to a variety of external and internal agencies. Due to its vast reach in the global virtual and physical infrastructures, it has a strong technological, logistical and operational capability to appropriately deal with the threat of cyber-attacks. In addition, it is important to highlight that the CIA has a strong and clear mandate to preserve and protect the national interests and eliminate direct and indirect virtual and physical threats to the stability and security of the United States. As a result, it has a legal responsibility for taking essential virtual security measures and ensuring strong surveillance on the suspects and other terror groups waging war against the United States. Recommendations Types of Cyber Attacks Based on the technological advances rapidly taking place, it is highly recommended that the cyber security personnel should be capable enough to highlight the types of cyber attacks and there should be sub-classification about the possible cyber attacks. This classification would enable the related security agencies to develop and apply relevant counter measures for preventing such attacks in future. In addition, this would also provide an opportunity to assess the type of cyber attacks and its operational mechanism and other technical properties that existed in the highlighted attacks. In other words, the relevant authorities must go deep into the types of attack for grasping the operational mechanism. Methods of Cyber Attacks Some cyber-attackers user proxies while others use fake IDs for carrying out the cyber attacks (Serabian, 2000). In this regard, it is important to mention that such cyber attacks are highly complex and difficult to detect because the attackers use fake IDs and proxies. To prevent and detect such cyber-attacks, it is highly essential that adequate technical and operational understanding of such methods should be understood by the security personnel. By knowing such methods, they will be in a position to thwart any future attacks besides promptly locating the location of the real cyber-attackers. International Coordination for Cyber-Terrorism Moreover, within the context of cyber-terrorism, distinction between common hackers and cyber terrorists must be made. Some hackers carry out hacking for accessing personal information or confidential access. Since their objective is limited to the personal gain, the relevant and according treatment should be meted out to the hacker. On the other hand, cyber-terrorists must be identified separately because their objective is massive destruction of any potential critical infrastructure. In other words, by drawing some lines between a common hacker and a cyber-terrorist, the related cyber security agencies will be in a position to effectively deal with the cyber security threat. Additionally, there should be an international coordination and cooperation among and between different security agencies. Through this coordination, the agencies will be able act promptly and apprehend the terrorist with minimum time waste. Summary Cyber-terrorism has become the biggest security threat to the nation. The main purpose of this paper is to evaluate the impact of cyber-terrorism and to provide deterrents along with practical recommendations for countering cyber-terrorism. Historically, in 1990s, the emergence of the Internet also highlighted the possible inbuilt risks associated with the use of technology. Among them, the cyber-terrorism was the most significant. The possible effects of cyber-terrorism include the loss of availability, confidentiality, integrity and physical destruction. And each effect has devastating effects on the users, companies and other individuals or companies who are associated with the affected companies. To thwart and detect the possible cyber-attacks, the government has mandated different security agencies to perform their role for cyber security in which each security agency is working within its bounds to counter cyber-terrorism. However, it is still recommended that more work on the international coordination and cooperation on cyber terrorism and its methods and types, should be carried out. References Bennett, B.T. (2007). Understanding, Assessing, and Responding To Terrorism: Protecting Critical Infrastructure and Personnel. New Jersey, NJ: Wiley & Sons McIver, W.J., & Elmagarmid, A.K. (Eds.) (2002). Advances in Digital Government: Technology, Human Factors and Policy. Boston: Kluwer Academic Rollins, J., & Wilson, C. (2007, January 22). Terrorist Capabilities for Cyberattack: Overview and Policy Issues. Congressional Research Service. Retrieved: http://fas.org/sgp/crs/terror/RL33123.pdf Serabian, J.A. (2000, February, 23). Cyber Threats and the US Economy. Central Intelligence Agency. Retrieved: https://www.cia.gov/news-information/speeches-testimony/2000/cyberthreats_022300.html Snow, G.M. (2011, April 12). Statement Before the Senate Judiciary Committee, Subcommittee on Crime and Terrorism. Federal Bureau of Investigation. Retrieved: http://www.fbi.gov/news/testimony/cybersecurity-responding-to-the-threat-of-cyber-crime-and-terrorism Weimann, G. (2004). Cyberterrorism: How Real Is the Threat?. United States Institute of Peace. Retrieved: http://www.usip.org/sites/default/files/sr119.pdf Read More