Cyber Terrorism - Case Study Example

Cyber Terrorism Case Study Cyber Terrorism Case Study Introduction With the continuing fast pace of technologicaldevelopment that have spanned during the current century, one is intrigued by the way criminal activities have used technological media to perpetuated havoc. The emergence and widespread use of the Internet globally has made this medium vulnerable to various threats and acts of violations of both personal and organizational privacy and security. Termed as cyber terrorism, the definition of which was revealed to have spurred difficulties in taxonomies, its meaning is hereby quoted by Gordon as: “Cyber terrorism is the convergence of terrorism and cyberspace. It is generally understood to mean unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives. Further, to qualify as cyber terrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination or severe economic loss would be examples” (Denning, 2000, p.1). Two other definitions of the term were created by the U.S. Federal Emergency Management Agency (FEMA) and Coleman whose definitions are as follows: “unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives” (Wilson, 2008); and “the premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives” (Coleman, 2003). All definitions have emphasized the purpose of furthering social, political, or ideological interests or objectives in these terrorist attacks. In this regard, the current case study aims to proffer pertinent issues relative to specific case on cyber terrorism through the Pakistan – India conflict over Kashmir that defaced a considerable number of Indian and Pakistani websites over a period of three years (between 1999 and 2001). Statement of the Purpose The purpose of the current case study is to present details on cyber-attack that had persisted between Pakistan and India over their territorial conflict on Kashmir. According to Vatis (2001), “this conflict illustrates the vulnerability of critical infrastructure systems to cyber attacks and the increasing willingness of groups to target sensitive systems during political conflicts” (p. 5). The case study, therefore, enhances awareness on conflicting parties’ increased vulnerabilities to cyber terrorist attacks and, thus, should focus on installing increased protection and security measures to prevent destructive disruptions. Description of the Subject The case covered the conflict between India and Pakistan over a territory: Kashmir. Historical events have traced the geopolitical dispute after the British occupation in 1947. Armed conflicts were used through the years before 1998 to resolve problems, after that the dispute eventually resorted to electronic warfare ranging from hacking incidents to web defacements that disrupted websites in both private and public sectors of India and Pakistan. Chronology of the Case Study The India – Pakistan conflict over Kashmir could be traced from the end of the British occupation in 1947, when, according to a summarized discourse: “two countries stood where there once was one. Pakistan separated with the intention of being the nation for the Muslims of India. Kashmir, the roots of the boundary dispute between the two nations, was an autonomous state under British rule and remained so post-partition, when initially given a choice between Pakistan and India. Eventually though, in October of 1947, the ruling prince of Kashmir made a decision in favor of India. This decision was viewed as fraudulent, unfair, and completely unrecognized by the Pakistani government” (Summary: India-Pakistan Conflict over Kashmir, n.d., par. 1). From armed conflicts, in 1998, as revealed by Billo and Chang (2004), “the Indian authorities announced a shift in military doctrine in 1998 to embrace electronic warfare and information operations” (p. 8). Therefore, Pakistan and India have resorted to different hacking and web defacement attacks that immobilized both private and public sectors within their domain (Billo & Chang, 2004). From an initial identified number of 45 websites in India being defaced in 1999, the number have escalated to 275 in 2001 without India’s immediate installation of security measure to prevent the attack which caused significant disruptions. Results The article written by Vatis (2001) visually illustrated the number of attacks from 1999 to 2001 through the figure below. As shown, the India – Pakistan territorial conflict have led to innumerous web site defacements in India starting from 45 sites in 1999 to 275 in 2001. This proves that, when left unabated, the number of disruptions could significantly immobilize various private and public organizations. Source: Vatis, 2001, p. 5 On the other hand, on the part of Pakistan, Billo and Chang (2004) cited the report from The Hindu written by Anand (2003) as disclosing that “Earlier this year, newspaper reports had indicated that an unnamed virus launched by a secretive Indian hacker group had rendered 200 Pakistani websites inaccessible for several days and erased the hard disks of scores of computer [sic] in the Pakistani Government as well as the private sector in that country” (Anand, 2003; cited in Billo and Chang, 2004, p. 41). The case results indicate that cyber terrorism attacks, if left unattended and without proper installation of security protocols, could continue to disrupt various sectors of the economy through defacing websites and immobilizing continue operations of affected organizations. Lessons Learned The India – Pakistan conflict over a territorial concern is an appropriate example of how the dispute escalated to electronic warfare due to the availability of opportunities and vulnerabilities posed by the technological developments of the World Wide Web. As initially revealed, one of the purposes of cyber terrorism is to cause severe losses; in this case, due to the dispute over Kashmir. Without arriving at any conclusive agreement over the territory, and with more sophistication being developed to intrude various websites, there would be continued risks and threats that need to be addressed and mitigated. To address the dilemma, both countries must ultimately forge a treaty to end their dispute. Otherwise, both private and public organizations in both countries must enforce more stringent security applications with regular updating, monitoring and installation of “high fidelity intrusion detection systems (IDS) and firewalls” (Vatis, 2001, p. 19). Regular risk assessment and identification of potential critical infrastructures must be part of an incident management system that must be developed and intensified by all private and public organizations in these identified countries. Likewise, their experience should provide lessons for other countries to apply the same depth in focus and in installing the required security measures to prevent cyber-attacks. Conclusion The current case study effectively presented pertinent issues relative to the cyber terrorism attacks exchanged by India and Pakistan due to geopolitical conflict over Kashmir. Through identifying the purpose, description, a chronology of events, the results and lessons learned, one recognizes that vigilance and focus on cyber security must be a continued governmental priority. References Anand, G. (2003). “Indo-Pak hacker war comes here too.” The Hindu. Billo, C., & Chang, W. (2004). Cyber warfare: An analysis of the means and motivations of selected nation states. Institute for Security Technolgy Studies. Retrieved March 15, 2012 from http://www.ists.dartmouth.edu/docs/cyberwarfare.pdf Coleman, K. (2003). Cyber terrorism. Retrieved March 15, 2012, from http://www.directionsmag.com/articles/cyber-terrorism/123840 Denning, D. (2000). Cyberterrorism. Retrieved March 15, 2012, from http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html Gordon, S. (n.d.). Cyberterrorism? Symantec Security Response. Retrieved March 15, 2012, from http://www.symantec.com/avcenter/reference/cyberterrorism.pdf "Summary: India-Pakistan Conflict over Kashmir." (n.d.). Retrieved March 15, 2012, from http://userpages.umbc.edu/~nmiller/POLI388/SUMMARIES/SOMA.htm Vatis, M. (2001). Cyber attacks during the war on terrorism: A predictive analysis. Institute for Security Technology Studies. Retrieved March 15, 2012, from http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA395300 Wilson, C. (2008). Botnets, cybercrime, and cyberterrorism: Vulnerabilities and policy issues for congress. Retrieved March 15, 2012, from http://www.fas.org/sgp/crs/terror/RL32114.pdf Read More