Cyberterrorism - A Threat Or A Hoax - Essay Example

CYBERTERRORISM A Threat or a Hoax  Introduction       It is the purpose of this paper to asses and explore the concerns prevalent in the topic of cyberterrorism and to identify from this information the most rational perspective on the path to better understanding the topic.  It is the hope of this author, that by the conclusion of this essay a clearer scope will be placed on this topic of which up till now has had a very vague identification in the public circles.  Previous researchers and writers when addressing cyberterrorism have either been in support of one position or the other;  those who deem it to be a threat herald its potential impact on our society, and the opposition tends to view it as a farce propagated by the current presidential administration.  Both sides have their valid points, this author tends to isolate what those points are and then use them against one another identify the most rational and sensible position.  This will first bee done by identifying the most current societal understanding of cyberterrorism, and then the perspectives of the pinnacle players in its discussed arena. Finally, the facts and statistic on the topic will be assessed, before the summary and concluding argument of the author is presented.  The position that this paper proposes is that cyberterrorism is not currently a threat, and used more as a tool to implement fear as a tactic for business and political purposes in this country; however, this does not mean it is not a potential threat. Research shows that there is enough technical capacity and probable cause that as American victories are attained in the war on terror cyberspace will be the next frontier for terrorist activity.       In his Washington Post article Consultant Hacks FBI’s Computer System Martin H. Bosworth reports on a outside consultant hired by the Federal Bureau of Investigations (FBI) who breached the agency’s computer network and gained access to over 38,000 employee’s passwords.  The hacker, known as Joseph Colon claimed he used run-of-the-mill hacker techniques that can be easily found on the internet.  He gained access to such information as the Witness Protection Program       The United States Department of State defines terrorism as premeditated, politically motivated violence perpetrated against noncombatant targets by sub national groups or clandestine agents (Gordon, 2003).  This interpretation of terrorism becomes a very vague one when the internet is merged with this definition.  The product of the two is cyberterrorism, but their have been a wide range of definitions posed since the terms advent in the 1980’s by Barry Collins (Gordon, 2003).  Dorothy Denning is a computer science professor at Georgetown University, and one of the country’s foremost respected cybersecurity experts.  Her views are referred to numerous times in more than a few articles reviewed in this paper.  In Denning’s Testimony before the Special Oversight Panel on Terrorism, the most widely cited paper on Cyberterrorism, she defines the term with the following statement: (Denning, 2000) Denning’s definition is very clarifying because it identifies the difference between a cyberterrorist and a hacker.  Where a cyberterrorist acts with the intent of severely impacting the economy or civil morale of the country, a hacker merely causes nonessential or at the most costly damage. Literature Review       For every publication produced that argues cyber-terrorism is a major threat, there is another that comes out claiming it is a hoax.  Many of these authors who hold this position argue it is a form of presidential propaganda.  In his article, Cyberterrorism: There are many ways terrorists can kill you—computers aren’t one of them, Joshua Green argues that the Bush administration’s infatuation with preaching the dangers of cyberterrorism is one that has become a pattern since September 11th.   None are more exemplary of exploiting the public’s misunderstanding of the term, along with their fears, than Homeland Security Director Tom Ridge, which Green proves with this quote by Ridge: Terrorists can sit at one computer connected to one network and can create worldwide havoc," warned Homeland Security Director Tom Ridge in a representative observation last April. "[They] don't necessarily need a bomb or explosives to cripple a sector of the economy, or shut down a power grid. (Green, 2002)"  Green further points out that Ridge’s propaganda is not without merit considering that a survey of 725 cities conducted by the National League of Cities for the Anniversary of the 9/11 attacks showed that cyberterrorism ranked with biological and chemical weapons at the top of a list made by officials of the single most feared threats (2002).  Despite this, it must be remembered that Green’s article was published in The Washington Monthly a little more than a year after the 9/11 attacks.  At this particular point information was scarce and Bush’s scare tactics were still at the height of their influence; and yet, Green has enough sense to question the motives behind those who use cyberterrorism as a way to instill fear in the fear in the American public.  Green points out that the federal government requested $4.5 billion in cyber investigative security; Bush appointed Richard Clarke to his created position of cybersecurity czar assigning him an office in the White House, and The Washington Post developed a habit of publishing first page headlines like: Cyber-Attacks by Al Qaeda Feared, Terrorists at Threshold of Using Internet as Tool of Bloodshed, Experts Say (Green, 2002).  Green recognizes that all of these actions would be reasonable responses to an actual looming threat, but they fail to muster any sort of rationale considering that, as he states, there is no such thing as cyberterrorism--no instance of anyone ever having been killed by a terrorist (or anyone else) using a computer (2002).       In his article Cyberterrorism: How Real Is the Threat?  Gabriel Weimann acknowledges that the potential threat of cyberterrorism is the cause for its apparent alarm in society; but with not one single recorded instance of authentic cyberterrorism, one is left to wonder if there is really a threat (Weimann, 2004).  Weimann identifies the public concerns over cyberterrorism as the most pinnacle form of trivial propaganda.  He best relays this idea with the argument, Psychological, political, and economic forces have combined to promote the fear of cyberterrorism. From a psychological perspective, two of the greatest fears of modern time are combined in the term "cyberterrorism." The fear of random, violent victimization blends well with the distrust and outright fear of computer technology. (Weimann, 2004) He further points out that this unprecedented type of fear somewhat existed before 9/11, and it was identified through a number of U.S. military exercises which revealed many vulnerabilities in the American network.  After 9/11 cyberterrorism was promoted to contribute to fear tactic propaganda of the president and it was enhanced by those who Weimann refers to as interested actors from the political, business, and security circles (2004). Despite all of this, he does not completely disregard cyberterrorism as just a propaganda scare.        The Symantec Corporation, founded in 1982, is an international corporation known for selling security and information management computer software.  For the companies 2003 security response titled Cyberterrorism? Sarah Gordon and Richard Ford assess all of the facts about cyberterrorism for the purpose of increasing common knowledge about prevention.  In the opening of the publication Gordon acknowledges that the term cyberterrorism has a very abstract identification in society.  She argues that, if you ask 10 people what ‘cyberterrorism’ is. You will get at least nine different answers! When those 10 people are computer security experts, whose task it is to create various forms of protection against ‘cyberterrorism’, this discrepancy moves from comedic to rather worrisome (Gordon, 2003).  She then goes on to point out that this lack of knowledge is even more detrimental in the hands of government agencies assigned with the responsibility of protecting national assets.  Since many have diverging opinions on whether or not cyberterrorism is even a threat, and those who recognize it as one are also in disagreement over the extent of its power, this poses a very serious question.  Is it possible for cyberterrorists to access online accounts?  If so, this would be a very pose a very critical threat to the stability of America. Gordon confronts what is unknown about the nature of cyberterrorism with what is known.  The first example she refers to of cyberterrorism in action is a circumstance in Delray Beach, Florida where terrorists made travel plans online.  They used public library computers to purchase tickets, and this is very similar to the method used during the September 11th attacks. Methodology & Statistics       In their essay Statistics On Cyberterrorism Jimmy Sproles and Will Byars estimated that the majority of the people carrying out illegal activity online are classified as amateur hackers (Sproles & Byars, 1998).  They further found that The Defense Information Security Agency (DISA) carried out a series of its own online based-attacks on government defense computer systems to asses the quality of our government’s security against cyber-terrorist attacks.  They found that of the 3,000 computer systems they attacked 88% were easily penetrable; 96% of their unauthorized entries were not detected, and only 5% of the few detected were investigated (Sproles & Byars, 1998).  The following is a chart used in Sproles and Byars study to display the discrepancies between terrorist and hacker involvement on the internet:  Fig 1 (Sproles & Byars, 1998)            In his predictive analysis of cyber attacks as they relate to the real war on terror, Michael A. Vatis used the following graph in his publication through the Institute for Security Technology Studies at Dartmouth College.  It basically shows the frequency at which cyber attacks occurred in Israel and their relation to actual real life terrorist events over a 13 month span from late 1999 to early 2001.  The graph shows that in comparing the Middle East’s most violent conflicts with the prevalent battle in cyberspace, there is a significant relation:     Fig 2 (Vatis, 2001)   As of May 21st 2001, attrition.org ended its active process of mirroring website activity and defacement, this had made it no longer possible to asses such a connection between real-time physical terror and it influence on cyberspace, or vise versa (Vita, 2001).         The following is the official statement of the methodology used by the Symantec Corporation in constructing a definitive understanding of cyberterrorism:      (Gordon, 2003)  Summary & Conclusion       The influence of the internet on society is undeniable.  Denning, D., (2000) “Cyberterrorism”, Testimony before the Special Oversight Panel of Terrorism Committee on Armed Services, US House of Representatives. (http://www.cs.georgetown.edu/~denning/infosec/cyberter ror.html)  Gordon, S., (2003). Cyberterrorism?   Green, J., (2002). The Myth of Cyberterrorism. The Washington Monthly, November 2002    Vatis A., Michael (2001) Cyber Attacks During The War On Terrorism: A Predictive Analysis. Institute For Security Technology Studies at Dartmouth College, September 22, 2001  Weimann, G., (2004). Cyberterrorism: How Real Is the Threat? United States Institute of Peace, December 2004   Alan Collins (ed), Contemporary Security Studies, Oxford:Oup, 2006 (in particular chapter 4 by David Mutimer om Critical Security Studies p.53-74 and Chapter 7 on Securisation) -David Campbell, Writing ity: United States Foreign Policy and the Politics of Identity, revised edition, Manchester: Manchester University Press, 2001 -David Mutimer, The Weapons State: Proliferation and the framing of Security, London: Lynne Rienner, 2000 -Buzan, Barry, Ole Weaver and Jaap de. Wilde, Security: A new framework for analysis, London: Lynne Rienner Publishers, 1998. -Paul Rogers, Losing Control: Global Security in the Twenty-first century, London: Pluto Press, 2000. -Ken Booth, and Tim Dunne (eds), Worlds in Collision: Terror and the Future of Global Order, Basingstoke, 2002. Read More