How Terrorists Can Produce Financial Disruptions - Research Paper Example

Abstract

Cybercrime has been an issue eliciting much debate in different nations. In fact, a number of scholars have devoted their ink to the investigation of consequences of cybercrime in the local environment and national government. Whereas efforts to scrutinize effects of cybercrime cannot be controverted, it is apparent that delimited attention has concentrated on the economic consequences of the vice. It is against this backdrop that the present research sets out to investigate how terrorists can produce financial disruptions by attacking power grids in USA. Using comparative data in research collected and complied by scholars in various nations, the main objective of this research is to establish the targeted victims of the cybercrime perpetration. Using case studies to reinforce the information in the present research, this chapter identifies, classifies and discusses the consequences of cybercrime with specific attention on financial disruption. The general finding of the paper is that most effects of cybercrime border on financial issues and implications such as piracy, money loss, increased security costs and identity theft. The chapter concludes that this vice is a very crucial on worth all attention by the USA government in averting it. The recommendation of the chapter is that future cyber security leaders should device up to date technologies to prevent fraud and crimes that directly affect the economy of the nation. The findings of this research are useful to policy makers and planners in charge of economic progress of the nation.

How Terrorists can Produce Financial Disruption by Attacking the US Power Grid

Introduction

In this age of technological development, various individuals have taken advantage of the internet to manipulate various sectors of the economy. According to Gandhi et al. (2011), one of the greatest threats to the economy of the world at present is manipulation of the internet to weaken systems of business organizations. They further mention that the design and use of malicious malware is currently the trend in many nations of the world. This echoes the idea by Lewis (2002) that although telecommunication has a number of blessings associated with it, serious drawbacks are registered due to the manipulations by the cyber terrorists. In his research, Lewis (2002) notes that contemporary knowledge is especially dangerous in identifying the target, planning, gaining access, level of sophistication and how nations can be brought to economic flaws. This, therefore, means that the matter is not only urgent but also critical in economic progress.

Appalling statistics reveal that the annual damage to the world economy amounts to about $445 billion. This means that cyber-crime is not only intended to cause inconvenience and malice but to reap economic benefits either directly or indirectly. In a research conducted by Richet (2013), it is revealed that the internet provides a unique opportunity for people to practice deviant behavior that hurts the economy of the nations. This translates to multifaceted forms of crime that will ultimately lead to the loss of about $2.1 trillion in the next two years. Access to servers is a great challenge in present times and it has cost a lot of people millions of shillings. By way of example, Liang et al. (2017) note that the example of the power attack in Ukraine on 23rd December 2015 is an object lesson to nations whose internet security is unsafe. This attack that survived for only six hours cost the nation lots of money to recover. They add that any cybercrime has scientific, professional and economic implications in a nation.

Cybercrime and associated terrorist attacks are often aimed at certain objectives. Dashora (2011) notes that any planned attack often seeks to confirm at least four objectives. First, determining the weakest sector in the economy is done by piloting the devices for future attacks that will be more properly planned. This idea is echoed by Stohl (2006) who mentions that the initial plans to conduct cybercrime often involve a testing period before real attacks can be launched. Therefore, the crime is classified under conventional criminal acts. The second reason for conducting cybercrime resides in Conway’s (2011) opinion that terrorists are often on a perpetual journey to build more dangerous malware with time. Any planned attack could, therefore, be a test of the sophistication of the presently developed malware.

Thirdly, malicious acts and sabotaging the operations could be another aim of the attackers. Writing about this topic, Prichard and MacDonald (2004) observe that various forms of cybercrime such as phishing, hate speech, spreading child pornography, retrieving personal information and making sexual advances to minors are done with the main intention of punishing individual victims. Perhaps the fourth reason is the one with the greatest impact on an individual or country. Colarik (2006) notes that apart from sending a wakeup call to certain economic sectors, most hackers gain access to passwords and servers with the intention of transferring money from different bank accounts to theirs. The implications of this act can directly affect the growth of an economy. The advanced technology involves the retrieval of usernames, passwords, Personal Identification Numbers (PIN), Social security numbers and credit card numbers that are very important for the transfer of funds.

It is noteworthy to mention that cybercrime is not a preserve of only terrorists. According to Ahmad and Yunos (2012), criminal acts often implicate persons ranging from children to organized hackers and professional hackers. It is interesting to note that professional hackers may be employed by competitor companies to identify the loopholes in the job market. All these activities bring the financial standards of a company to an unwarranted standstill and ultimate flop. As Talihärm (2010) reports, employers should be wary of discontented and frustrated employees who may hack the system as a way of either punishing the employer or gaining material benefits from the process.

Presently, the United States of America leads in the cases of cyber-crime by approximately 23% followed closely by nations such as China, Germany, Brazil, Spain, Italy, France and Turkey among other nations. In the words of Liang et al. (2017), if any investigation should be done to scrutinize consequences of this crime, United States of America should come first in such studies. This is because the economic consequences of the cybercrime are more than meet the eye. Against this background, the present research purposes to investigate the effect of disruption of power grid on the US economy.

Cyber Attack on the United States of America

The immense effects of the US power grid attack cannot be overlooked. In fact, Knake (2017) warns that the consequences of the terrorist attack could perhaps have cost the nation more than has been formally documented. This is a perfect example of the use of cybercrime to cause malicious acts as well as sabotage the economy of the country. This research reveals the effects of the attack on various sectors of the US economy that ultimately affected the entire country. From the attack, it is evident that disruptions to cellphones were one of the greatest dangers done by the attackers. According to Knake (2017), power grid attacks are not theoretical in the nation. He gives the example of the Ukraine case in 2015 where for just six hours, the immense danger had been caused. This is the idea stressed by Abrahms (2009) who mentions that what terrorists really want could be a more substantial economic disruption through several tactics.

The suggested Russian involvement through geopolitical forensic audit reveals that the state of cybersecurity is indeed very insecure. Commenting on this, Wang and Rong (2009) point out that it is believed the attack on the grid must have been engineered by some military forces to punish the states. However, they advise that the incident was adequate enough in its consequences to warrant remedial measures. It is equally noteworthy to mention that the evolution of Us electric supply around 200,000 high voltage transmission to around 55000 substations extending to about 5.5 distribution lines would be a strong reason to attract hackers. An analysis conducted by the Idaho National Laboratory (2015) shows that the terrorist attack was an economic affair with at least three reasons behind it. First, the attack could have been meant to discredit operations by undermining the administration of the country at a politically sensitive time. In the opinion of Sullivan and Kamensk (2017), the second reason for this attack could border on disruption of the intended diplomatic steps that the United States of America would take towards some of the enemy states. This would turn out to be a punitive measure crafted to delay the governance functions.

The cyber-attack on the US power grid is equally reported to have been engineered as a retaliatory event following certain economic sanctions. According to Begos (2016), before one contemplates the prevention of future attacks on the US, it is imperative to understand the technological advantage that hackers and cyberterrorists have over the US. Further, it should be understood that the attack was a message against economic sanctions. Perhaps the criminals were communicating portended danger to be conducted in future. One important point to note is that the planned disruption of any sector of the economy involves major interruptions of related sectors as well. As Cerrudo (2015) notes, interruption of cell phones is one key aspect that characterized the US power attack. It is aimed at totally cutting all the communication links so that the malicious act becomes a success. In a comparative study involving the 2015 Ukraine case, it is proved that attackers target one sector but go ahead and destabilize several other interconnected subsets of the economy.

The shocking revelation that the US power grid gets attacks at least one in every four days is a serious cause for worry. Dashora (2011) warns that this is a threatening situation due to its interconnectedness to the internet. In the latest attack, for instance, there was a total disruption of the internet so that no communication could be sent to the various departments of the US economy. This idea is buttressed by Richet (2013) who notes that the power attack had immense effects on the lives of patients in the hospitals. In fact, Liang et al. (2017) the situation can be best described as a nightmare scenario with significant challenged posed to human lives in various hospitals. Liang et al. (2017) mention that as the power went out, hospitals were forced to run on generators whose fuel was also running out. The complexity of this issue warrants thorough scrutiny because it directly affects the lives of citizens.

Perhaps a good question one would ask is why cybercrime targets the US energy sector and not any other. Onyeji, Bazilian, and Bronk (2014) reveal in their seminal paper that there is proof beyond doubt that the US power attack was purely done for economic reasons. This, they support the fact that the criminals had intended to cut the supply chains so that the economy is thoroughly frustrated. Reinforcing this point, Sullivan and Kamensky (2017) report that the critical infrastructure had at least three mechanisms employed in the attack. First, supply chain members have been targeted through spear phishing in the attack. It is also revealed that as the power attack is on, malware is sent to targeted companies to retrieve the intended information. Lastly, Sullivan and Kamensky (2017) say that there exists a perfect correlation between internet and electricity. Therefore, attackers took their time and installed Trojan horses aimed at disabling various companies and their chain management.

The attack on US Power has serious lessons that should be learned. Wilson (2015) notes that the nation should learn a number of lessons that could help prevent future attacks. For instance, it is now apparent that the need to protect data through phishing simulations is now needed more than ever. Additionally, US has learned its lesson that sandboxing solutions should be reemphasized in any business organization as a preventive measure against future hacking. It is equally important to mention that the power grid attack has taught the United States of America to reevaluate the role of cybersecurity personnel in developing secure software to guard their systems.

Financial Implications of Power disruptions in the US

Wilson’s (2015) research entitled “Strategic Implications of a Vulnerable Electric Power Grid” is a perfect illustration of how the power attack affected the nation financially. In his publication, he investigates the sectors that were sabotaged and attempts to quantify the damage caused in each sector. Wilson (2015) mentions that electricity is the lifeblood of the United States and any attempt to disrupt it either intentionally or unintentionally has dire consequences on the general economy of the land. One notable effect of the attack is the decline in daily business transactions through power interruptions. Cushioning this point, Richet (2013) observes that the supply of water, food, and fuel greatly affect the daily business transactions. Richet (2013) adds that the social unrest makes it difficult for the business activities to thrive after the cybercrime attacks disrupt electricity supply. The fact that local official was consulted to devise remedial measures that would install temporary power means that operations were brought to a standstill for quite some time. Knake (2017) stresses that in the US many businesses operate on electricity. In fact, Wilson (2015) notes that prior to 2005, the united economy has over-relied on electricity supply. However, when the interruption was done by the terrorists, business transactions are seriously hampered.

Interruptions of electricity produce financial disruption by putting the economy at the advantage of looters and criminals who are opportunists. It is reported that a number of looters were arrested within the period of the blackout. A deeper perusal of the American power attack history reveals that businesses were looted, some set ablaze and a number of criminals arrested. This is what Curvin and Porter (1979) stress that any power disruption places a nation on a risky ground where opportunist citizens take advantage to unduly enrich themselves. This is, therefore, a deliberate attempt to sabotage business thus directly leading to national financial disruption. Further illustrations show that when the power goes out, critical information in the chain management is cut hence the supply of goods and services is compromised. Wilson (2015, p. 5) reports that in 1977, “when the lights go out, some people will take advantage of the rare opportunities to loot businesses and set a fire.”

The reliance on electricity in America has been used by terrorists to cause immense financial disruptions. According to Begos (2016), at least six sectors that experienced the sabotage show the consequences of the attack. First, industrial disruption is ranked highly sensitive and held responsible for national economic problems. Begos (2016) reports that in the industries, every time an attack is done on the power supply, immense effects are experienced especially in spoilage of raw materials. Additionally, as the supply of clean water to the industries is also cut, lost productivity is the end result. This is a direct consequence that the country faces thus causing financial disruption. Industrial development in the US gives significant benefits to the GDP. Therefore, interruptions of electricity lead to flopped industrial operations which are undesirable for economic growth even for just an hour.

The telecommunications sector is yet another department that highly suffered the consequences of the power attack thus disrupting the financial development of the nation. The relationship between telecommunication as infrastructure and development should be underscored so that the link with financial development can be established. According to Markova (2009), although investment in telecommunication in itself does not lead to economic development, this facility is an avenue for increased demand for goods and services transacted online. Markova (2009) continues to reiterate that the US is one of the leading nations with admirable digital business platforms and that some of the most expensive transactions depend on just the click of a button in a second. This therefore means that when terrorists target the energy department in the nation, a direct consequence is felt on the financial stability as most businesses are thoroughly compromised.

A report by the US Congress (1990) decries the effect of a terrorist attack on the banks. It comes out clearly that all banks rely on electricity to conduct their daily operations. Therefore, the e-statements and other bank account documents cannot be accessed. As Wilson (2015) notes, during power interruption, there is limited cash flow into the market as many commands cannot be executed without electricity. It is due to this reason that many have been advised to stash some money in the homes so that should the banks fail, they are not stranded. This point clearly illustrates how the terrorist attack has a direct effect on the economy of a nation through that banking sector. A group of Trojan hoses runs on the website of an electricity supply company is very dangerous as it can not only cause malfunction but also cause the whole system to catch fire. This is rather tragic. Therefore, by attacking US power, terrorists have a great influence in causing financial disruption in the US.

Further evidence that terrorist attack can cause financial sabotage is revealed in sectors such as transportation, emergency services, and public utilities. Ten, Manimaran, and Liu (2010) note that although at the time of hacking and terror, terrorists may not have deliberately visualized the extent of damage in a number of sectors, it is undeniable that financial crisis is often the result in several sectors of the economy. This is tragic because it leads to an automatic disruption. By way of example, US Congress (1990) notes that series of attack have highly compromised the emergency services and other sectors thus increased costs of production. For instance, the police are often confused by high volumes as they seek to offer emergency services. These are examples of actions that involve serious financial implications. As stated earlier, some experienced attackers are often sponsored to maliciously harm the economy of a nation. This has taken a toll on the American nation where electricity dependent is brought to a standstill thus forcing the managers to seek expensive alternatives to continue with the production of goods and services. Through all these systems, financial disruption is caused in the nation.

Preventing and Mitigating Future Attacks

From the literature reviewed in this research, a number of preventive and mitigation issues are proposed by scholars. These proposals affect both the electricity grid and cybersecurity at large. Knake (2017) observes that as a protective measure, the installation of electricity stations should embrace a new approach that integrates security measures as a way of enhancing the security of the stations. Knake (2017, p. 6) reveals that in the past, the electricity portals and websites have been “accessible from the public internet and use weak authentication mechanisms” that are easily tampered with by the terrorists. Because a number of attacks have conducted their reconnaissance on the power grid, future preventive measures are mandatory. In addressing this issue, Parfomak (2014) notes that regulatory management should be passed to allow the integration of cybersecurity in the installation of electricity stations. This will immensely monitor the cases of attempted hacking and remedial actions taken before saboteurs accomplish their mission.

Another remedial measure that could be taken to address this issue involves conducting pre-attack measures. Because the nation survives on high electrical voltages, the company should conduct operations that could assist in case there is a power blackout. The main objective of this program is to sustain economic development even in a crisis. Gandhi et al. (2011) observe that crises teach people to realize the need for proactivity rather than reactivity in economic affairs. In this regard, therefore, future plans should be initiated to put in place manual operations and recovery options in case the power is tampered with. It is also proposed that the power should be continually distributed so that risk is minimized if not all stations are disrupted. Ten, Manimaran and Liu (2010) opine that all these measures are geared at minimizing the economic loss due to power interruptions.

The electricity company could as well conduct post-attack measures to deal with the cybersecurity issue. Comparative effort can be drawn from Ukraine’s case where Xiang, Wang, and Liu (2017) observe that any security system that prevents the malicious malware from terrorists and criminals must conduct post-attack measures. These measures could be successful if the companies affected limit remote access. Of great importance is the concept of conducting technical drills to all departments of the electricity company. Digital knowledge is particularly important is sensitizing all workers who use the internet on the potential threats that could cause serious danger if ignored. Further, remote access to a technique developed by IT experts could be applied to limit the system's servers. This can be achieved through one time codes and passwords that get texted to users once one tries accessing the server. Anytime one attempts a login, notification is sent to the personnel. This quickly curbs hacking. Sophisticated software developers should be contracted to educate IT personnel on control systems and forensic audit. This effort is highly reliable and can save the electricity company against cybercrime.

Data modification and manipulation using malware such as Trojan can be prevented through technological advancement. Gray, Citron, and Rinehart (2013) advise that because most of the cyber-attacks are simply reconnaissance of real future attacks, it is important to respond using a more powerful tool. This means that Cybersecurity education to employees is a mandatory procedure. This sophisticated process should involve all department of an organization. Future hacking and modification of documents can be prevented through locking file permissions and directory of the power grid. Closely linked to this idea is the process of conducting a cleanup after the attack. After cleanup, malware definitions can be reinstalled. These can save against potential hacking by malicious attackers. Gray, Citron, and Rinehart (2013) further observe that updating malware definitions will detect any attempted hacking. When file permissions are restricted, hackers find it difficult to access the servers. These are steps that are possible if the sophisticated software is purchased and used to counter the terrorism.

Recommendations

The present government is mandated with the responsibility of preventing future attacks and economic compromise through a number of ways. This research makes a number of recommendations. First, deterrence policies and increased intelligence are very necessary to ensure that operations continue even during a blackout (Knake, 2017). The government should, therefore, address the issue by involving the intelligence of the military. Secondly, alternative sources of energy that are automatic should be installed. Although Boes and Leukfeldt (2017) caution that this is a very expensive process, they add that the economic benefits of the backup are greater than the remedial actions. The economy of the nation that relies on electricity is, therefore, more important than anything else.

Another effort that could save the situation would be to create an information sharing center where all signals of intended attack can be noticed and addressed immediately. As Etzioni (2017) notes, the US has the best intelligence programs in the world. If this potential is tapped and blended with military surveillance, an information Centre could be created to empower the citizens and make them responsible for their dear economy. Preventive measures are therefore very important for military and Information Technology Experts to support. In the opinion of Boes and Leukfeldt (2017), a forensic audit that brings together major IT companies could save the situation by receiving the signals and redirecting them to the targeted organizations. This can seriously save against blackout and the feared economic flop.

Finally, investments in manual operations could be used together with investing in cybersecurity options in the power grid. The manual options are meant to ensure continued transaction of business while cybersecurity helps in monitoring and securing the system. Comparative strategies could be sourced from India where national security threat and digital infrastructure are the concerns of the entire nation. These recommendations can save the grid as the infrastructural changes are implemented to achieve twofold benefits of financial stability and sustainable operations.

Conclusion

This research has investigated the terrorist attack cases in the United States of Americas. It is revealed in the chapter that cybercrimes take various forms and are perpetrated for various reasons. It is evident that malicious acts to disrupt the power grid of the nation have serious economic consequences. In fact, the most likely target area is the energy department of the economy because the US is an economic giant that poses numerous threats to the competitors. Several sectors of the economy are brought to a standstill thus compromising the economic activities of the nation. The fact that these attacks were made possible communicates a lot on the insecurity of the grid systems that should be addressed urgently. If the recommendations made in this paper can be implemented, the dwindling financial status can be reversed.