CHAPTER 2 AN EVOLVING CONCEPT

A. INFORMATION AGE TERRORISM Terrorism will change in the 21st century. Information warfare, the current "hot topic" for the military, along with Command and Control Warfare (C2W) are two concepts that some argue will create or accelerate a "Revolution in Military Affairs." These ideas also suggest the possibility of a "Revolution in Terrorism Affairs." Information age terrorism may take on three distinct forms: conventional terrorism, technoterrorism, and cyberterrorism. While conventional terrorism will still rely on physical violence, terrorists acquisition of high technology information warfare capabilities will allow a shift toward tactics focused on disruption rather than destruction. Information age terrorism, while continuing to use "conventional" weapons, will also employ weapons radically different from those used in conventional terrorism. This shift toward disruption in cyberspace, though the use of new weapons and without the use of violence in the physical world, may force a redefinition of the classic conception of terrorism. 1. Information Warfare The definition of Information Warfare has been extensively debated in the open press. The Department of Defense has a classified definition of Information Warfare contained in DOD Directive T$3600.1, but the public debate on the subject will be sufficient for the purposes of this thesis. Drs. John Arquilla and David Ronfeldt capture the broad nature of information warfare in Cyberwar is Coming! In this work, they address the military and civilian, as well as the offensive and defensive components of information warfare. The spectrum of conflict is split into "netwar" and "cyberwar". Netwar refers to information-related conflict at a grand level between nations or societies. It means trying to disrupt, damage or modify what a target population knows or thinks it know about itself and the world around it. A netwar may focus on public or elite opinion, or both, It may involve public diplomacy measures, propaganda and psychological campaigns, political and cultural subversion, deception of or interference with local media, infiltration of computer networks and databases, and efforts to promote dissident or opposition movements across computer networks.6

Cyberwar is the military cousin of netwar. While a diverse group of actors can conduct netwar at a variety of levels, cyberwar exists exclusively in the military realm. Cyberwar refers to conducting, and preparing to conduct, military operations according to information-related principles. It means disrupting, if not destroying, information and communications system, broadly defined to include even military culture, on which an adversary relies in order to know itself: who it is, where it is, what it can do when, why it is fighting, which threats to counter first, and so forth. It means trying to know everything about an adversary while keeping the adversary from knowing much about oneself. 7 Cyberterrorism, while utilizing some cyberwar tactics, lies in the realm of netwar, Through an examination of cyber and netwar, Arquilla and Ronfeldt highlight the increasing importance of information control for military victory in the information age. In the future, information control may also be critical for successful terrorism or counter-terrorism. The National Defense University (NDU) has posited a working definition of Information-Based Warfare that outlines the offensive and defensive components of information warfare. It highlights the applicability of information as both a target and a weapon across the conflict spectrum: Information-based Warfare is an approach to armed conflict focusing on the management and use of information in all its forms and at all levels to achieve a decisive military advantage especially in the joint and combined environment. Information-based Warfare is both offensive and defensive in nature -- ranging from measures that prohibit the enemy from exploiting information to corresponding measures to assure the integrity, availability, and interoperability of friendly information assets. While ultimately military in nature, Information-based Warfare is also waged in political, economic, and social arenas and is applicable over the entire national security continuum from peace to war and from 'tooth to tail.' Finally, Information-based Warfare focuses on the command and control needs of the commander by employing state-of-the-art information technology such as synthetic environments to dominate the battlefield.8 Martin Libicki of NDU has also examined the concept of Information Warfare and its implications for the future. In his Advanced Concepts and Technology paper, "What is Information Warfare?" Libicki outlines seven specific forms of information warfare: command and control warfare, information-based warfare, electronic

One of the tools of information warfare is infrastructure warfare. information must be defended against theft. psychological warfare. your own information must be protected and trusted at all levels. Pleasant as it sounds. it is a fallacy that must be exposed."11 While contradictory. . during distribution of information to other elements. First. the means of transfer must be secure to ensure that information arrives at its destination in an unaltered format." and "not really fighting. the syntactic. Information warfare is not just about computers sending electrons from point A to point B. each of them is applicable to terrorism in the emerging information age. During processing. The goal of information warfare is to accomplish this through the manipulation of the enemy's ability to control information. and availability. and might imagine this is the true goal of the art of war.warfare. "Kind-hearted people might of course think there was some ingenious way to disarm or defeat and enemy without too much bloodshed. The fundamental goal of warfare is to change the mind of the enemy and convince him to do your will. This places information warfare in the camp to Sun Tzu. hacker warfare. The defensive portion of information warfare aims to ensure information confidentiality." This effort to win without fighting runs counter to Clausewitz. processing. The form described as hacker war (warfare against computer networks) is split into three areas by Libicki the physical. It is not only the hardware and software but the "wetware" (computer slang for a human brain) that is critical to information warfare.9 While most of these forms of conflict fall into the military realm. an effort to disrupt the information gathering. destruction and modification. During collection." physical destruction can play an important role in information warfare. Finally. Second. To subdue the enemy without fighting is the acme of skill. and distribution functions of the enemy must be undertaken. and cyber warfare. who believed that combat and bloodshed were an integral part of warfare. "For to win one hundred victories in one hundred battle is not the acme of skill.10 The physical attack of computer networks is classified as technoterrorism by my typology. integrity. The effort to manipulate the information of the enemy while protecting your own takes place on several levels. both quotes apply to terrorism in the information age. Michael Handel captures the essence of information warfare by quoting both Clausewitz and Sun Tzu who states. The attack of computer systems at the syntactic level (attack on the flow of electrons within the network) and at the semantic level (attacks on the veracity of a network's information-fooling the computer into producing an output that is incorrect) are defined as cyberterrorism because they exist exclusively in the realm of cyberspace. in which the infrastructure of an enemy is targeted with both "regular" technology (bombs. economic information warfare. and the semantic. While perceived as "less bloody. the accuracy of the information received must be verified. There are two components of Information Warfare.

but the fundamentals of both are rooted in the ability to affect the thinking of the enemy. physical attacks on the network's infrastructure are also possible and should always be considered as an option open terrorists. physical destruction. military deception) are designed to help classify a military operation. a. "Command and Control Warfare. If a terrorist organization is seen to have several glaring weaknesses in its C2 structure. target. the only option open to the defender is to establish a defensive strategy in cyberspace whereby the costs of attack are increased. destroy. If one of the areas is weak. the terrorist group will target any perceived weakness of the defending group. While the defending group targets the weakness of a terrorist group. An understanding of C2W is useful in examining both the internal and external working of terrorist organizations. psychological operations. or modify an adversary's information and information systems while simultaneously protecting your own. operations security. the terrorist' C2 networks are hard to identify. Each of these pillars is also applicable to terrorism.12 Both terrorism and information warfare cover a larger spectrum of conflict than simply command and control. Command and Control Warfare (C2W) Chairman of the Joint Chief's of Staff Memorandum of Policy Number 30. the defending group may find it most effective to pursue an offensive strategy in an effort to destroy the terrorist. New technology has affected the C2W "balance of power" between . and attack.missiles." Information warfare is the quest to disrupt. troops on the ground) and "information" technology. however. If. displays how offensive and defensive C2W is viewed in the military. This continual targeting and retargeting of actual and perceived weaknesses is the basis for determining the type of strategy that a defending group will use. it can be exploited by the organization under attack and used to disrupt or destroy a terrorist organization. As a result. While electronic attacks of a network via computer and modem are the "cleanest" means of information warfare. Properly performing in all five areas enhances the ability of a terrorist organization to mount an offensive against its opponent." identifies Command and Control Warfare (C2W) as the military component of information warfare. the attempt to utilize malicious software to disrupt and alter enemy telecommunications without physical destruction and to induce a psychological state in the enemy that will lead him to "do your will. Figure 1. and the benefits reduced.13 The "five pillars" of C2W (electronic warfare. there are several useful parallels between C2W and terrorism in the information age. disable.

can also use increasing computer power and publicly available encryption technology to secure their member's communications. Even if the data is intercepted and copies. terrorists can emerge from the dragonworld. The inability to target and attack small terrorist groups. The ever shifting nature of conventional terrorism causes difficulty for defender states who attempt to pursue an offensive strategy against terrorism. the data that is to be sent through cyberspace. however. In this case.. When one communication path is destroyed or degraded (by accident. Conventional defensive C2W restrictions no longer exist for the information age terrorist. The use of encryption to ensure the confidentiality and integrity of data consists of electronically scrambling. The most effective defense is to isolate a computer or network completely from the rest of cyberspace. who can devote more time to offensive C2W and other acts without constantly worrying about secure communication. Pretty Good Privacy (PGP for E-mail and PGPphone for Internet voice communication encryption). the ability of an enemy to attack all of them successfully decreases. Terrorists. Terrorists. such as the "smart card. Infrastructure Warfare: . and thus armor plating. defending it will be easier. 2. As the data paths increase.e. While "static" passwords that do not change are vulnerable to attack by random guessing.14 With the rise of secure voice and data communications (i." exists to provide a constantly changing set of passwords that are nearly impossible to crack. natural causes. Counter-terror forces now have the capability to more closely monitor communications channels using increasingly sophisticated computers. operated in what J.terrorists and authorities. If there is no access into a computer system because it has been removed from all networks. Defense in cyberspace bears some resemblance to defense in the physical world. Increasing the transmission paths available to data is akin to a defense in depth. The primary concern for such a "stand alone" computer is the possibility of an authorized user inserting some form of malicious software. in the past. data will instantaneously switch to one of the other available paths with no impact to the end user. the computer asks for and verifies the password provided by the user." where they were forced to live in fear of constant government surveillance. technology. Bowyer Bell described as a "dragonworld. The problems associated with trusted individuals "going over" to the enemy camp have existed throughout history and are hardly unique to the information age. plus the myriad of defensive techniques available to both state and substate actors will only increase the problems associated with countering conventional terrorists as the exploit the principles of information warfare. The second form of defense is similar to a point defense with access to a computer system challenged by an authentication and identification procedure. or malicious action). its contents remain unknown to the enemy until they can decrypt it. which may take years.

telecommunications networks. When little Ashley calls Grandmother. As related to information warfare. etc. building. According to John Perry Barlow. Cyberspace is a virtual 5th dimension . These secondary effects of the bombing. rail lines. Cyberspace is the ethereal reality. which may only destroy equipment without causing personnel casualties. a branch of the Department of Defense charged with conducting defensive information warfare defines cyberspace as: The electronic environment formed by the aggregate of global computing and telecommunications resources. with which the terrorist is familiar. Cyberspace Cyberspace is a term coined to capture the essence of "where" computers work. are the primary goal of the terrorist in infrastructure warfare. Instead of attempting to "make a statement" by bombing a physical target for a physical impact. cofounder of Electronic Frontier Foundation. infrastructure warfare is defined as a physical attack on system components that would subsequently influence the ability to process or transmit information. such as power and water distribution. an infinity of electrons speeding down copper or glass fibers at the speed of light from one point to another. Terrorists design these events to "send a message" to the world and to terrorize specific target audiences.) within a targeted system. Terrorists have already proven that they are capable of physical destruction via numerous airline. but for a different purpose. and roads. such as bombs. Terrorist infrastructure warfare may utilize the same tools. they are speaking in Cyberspace. a terrorist group can bomb infrastructure targets to cause cascading failures (loss of electricity leads to loss of computers which leads to loss of communications.Infrastructure Warfare is an attack against the physical components of a state's networks. microwave and satellite communications. Cyberspace is where all of our money is."15 The Defense Information Systems Agency. Cyberspace includes the air waves vibrating with cellular. Winn Schwartau defines cyberspace as follows: Cyberspace is that intangible place between computers where information momentarily exists on its route from one end of the global network to the other. and infrastructure bombings. the place between the phones. As such bombing the telephone switching building that serve a specific location to isolate it from the rest of the world or destroying the electrical grid that supplies power to a targeted system would constitute infrastructure warfare. except for the cash in our pocket. While the physical components of computers and their networks are necessary for cyberspace to exist. it is more than merely the sum of these parts. 3.

Individuals who have the requisite level of knowledge to become cyberterrorists fall into three main categories. Joseph Seanor of CIBIR Corporation. the human is usually the weakest link in a computer system. others are purely joyriders. they would attack the computers controlling the system and not its subsidiary physical components. The weapons and the targets are the electrons moving within cyberspace. and information warfare in general. "a person that is interested in the use of encryption to protect the privacy and the use of decryption methods to access other protected files. While the "tools" of the cyberterrorist (computer modems. a computer crime investigative group. His definitions provide a useful starting point to examine how cyberterrorists may attack their targets.characterized by: no geographic. It consists of the "virtual world" through which all electronic transactions take place. "a harder edged computer hacker. they exist exclusively to destroy or modify computer data. Rather. with the skill resident in these groups. It is in this realm that the cyberterrorist will operate. 4. laws.16 Cyberspace does not have a physical reality. a. While it is possible to attack this data without any human interfaces. One cannot physically "enter" cyberspace. or identity cards. Some are destructive in nature. phone connections) are nearly universally available. they operate within the virtual world of cyberspace to manipulate these actors. is knowledge. The first is a "hacker" defined as a "person that breaks into computers to prove that it can be done." The third category is the cypherpunk. recently discussed the "Methods of Operations" of Cyberterrorists. one that enjoys technology and uses that technology to make money or act as an anarchist. Weapons of the Cyberterrorist The weapons of the cyberterrorist are not designed to kill people or break physical objects. The critical element in cyberterrorism. Cyberterrorism The term cyberterrorism refers to the use of information warfare tactics and techniques by terrorist organizations to affect cyberspace. or temporal boundaries."17 Paul Strassmann notes that." The second category is the cyberpunk. the knowledge of computer systems and their weaknesses (while becoming increasingly common is not as easily obtained. no ownership. Thus. The cyberterrorist will operate exclusively within cyberspace and will not physically destroy any of the infrastructure that supports the existence of cyberspace. several risks to computer systems exist: . While cyberterrorists wish to have an impact on the actions of real people in the real world. if cyberterrorists wished to take down a telephone system or an electric grid. national.

traffic analysis -Indirect misuse. modifying.launching saturation attacks Passive Misuse -Browsing. factoring numbers to obtain crypto keys. Their weapons exist nearly exclusively in cyberspace. While a conventional terrorist finds a fertilizer bomb effective in blowing up a building or other symbolic target. aggregation. off-line pre-encryptive matching.preparing for subsequent misuses. a technoterrorist will find the same bomb useful in destroying a critical node in a network to cause disruption. This apparent dichotomy exists because the laws of physics do not operate in .attaching code to programs and replicating it Bypasses -Backdoor attacks. -Logic bombs-setting time or event bombs -Malevolent worms. entering false or misleading data -Incremental attacks. hacking control files Active Misuse -Creating. Cyberterrorists have no use for physical explosives.using salami tactics -Denials of service.password cracking. denying service. sending letter bombs.exploiting database searches. the cyberterrorist cannot use the weapons commonly employed in conventional terrorism. These new weapons are unique in that they can simultaneously be more powerful and weaker than the weapons of the conventional terrorist.using existing flaws in software for exploitation -Authorization attacks.Pest Programs -Trojan horse attacks.implanting malicious code.denying access to distributed resources -Virus Attacks.reading and copying with apparent authorization -Interference.18 To achieve these results. autodialer and voice-mail scanning.

19 To compete against virus detection and removal programs. A software bomb when exploded in cyberspace may have an extraordinary effect the first time it is used as it normally exploits an existing weakness in a computer operating system. After that weakness has been corrected.000) is evidence of this threat.) Viruses. Once released. A virus is so named because it "lives" within a host system or program and cannot spread without some actin. failed to cripple the world's computers.cyberspace in the same manner as the physical world. the great artist's birthday. thus denying a virus detection program a fixed set of "indicators" that the virus has infected a computer. The battle between virus writers and virus fighters will continue into the future. Several cyberterrorist weapons can have an impact on the networks of today and tomorrow. The ease of identifying and removing the Michelangelo virus has resulted in publicity about it not attacking computers: MICHELANGEL0 VIRUS FAILS TO SURFACE: The Michelangelo virus. March 6.20 This exponential growth suggests that virus writers hold the initiative in the battle for cyberspace. One of the most heralded weapons of a cyberterrorist or a hacker is the computers virus. Computer viruses are programs designed to perform actions not intended by the operator. the virus can be studied to find a method to prevent its further spread and remove it form the system. The Michelangelo virus was front-page news in 1992. For existing operating systems that are infected with viruses. an identical software bomb will do no damage to the targeted computer or its data. Viruses can be used in an attempt to shut down a computer or even hold it hostage. a cure cannot be developed until the virus is released into the system. The front page publicity granted the "Michelangelo virus" every march serves as an example of the publicity power generated by hostile virus. (1. The computer community is striving to regain the initiative by developing operating systems that are more resistant to viruses. This type of virus changes itself slightly every time it is replicated or executed. . A conventional bomb will have some effect every time it is exploded in the real world. a nasty bit of high-technology vandalism designed to break out each year on March 6. with each trying to outsmart the other. by the system operator.. virus writers have created a subset of the virus. by 1995 that number expanded to more than 5. These actions include erasing or modifying the data in a computer's memory or storage with or without malicious intent. The sheer explosion in the number of viruses (in 1991 where were approximately 500 known computer viruses. known as a polymorphic virus. The virus was widely publicized when released in 1992. often unwitting (such as using an infected disk). This particular virus was written to check the computer's internal clock/calendar and destroy the data on the infected computer on Michelangelo's birthday.

if misprogrammed or programmed with malicious intent. In addition to utilizing software attacks on a computer system. a cyberterrorist or hacker can attack a computer system through the vulnerability of its operators. The hacker community commonly refers to this as "social engineering. those that attack computer systems will generally hold the initiative. trojan horses. True to its name. trojan horses. there exists a class of weapons that destroy computers and electronics through an electromagnetic pulse. Worms are programs originally developed to travel through systems and perform mundane tasks. Computer operators are the vehicles by which viruses. While they can be useful. While not nearly as widespread as viruses. A trojan horse can be used to install a password "sniffer" program that collects the passwords of valid users and stores them for later use by an intruder posing as a legitimate user. The second type of weapon is a trojan horse. they can be extraordinarily destructive. While normally programmed to perform a task on a network. The Morris worm discussed in Chapter IV serves as an example of the damage a "non-malicious" worm can cause. While there have been reports of the military using such weapons in the GulfWar. a cyberterrorist may impersonate a computer technician and call individuals within the targeted organization to obtain information to penetrate a system. (4) Humans.Despite these developments. (2) Trojan Horses. cyberterrorists will have "legal" access to a system and can insert viruses. A virus attaches itself to a host program. (5) Electro-Magnetic Pulse Weapons.22 The capability now exists to generate an instantaneous electromagnetic pulse that will overload and destroy the sensitive circuitry in advanced electronics and computer systems without the previously required detonation of nuclear weapons in the upper atmosphere. there are no indications that any terrorist organization possesses or has used . (3) Worms. it is a program that does not appear to be destructive but releases a second program to perform a task unintended by the system operator. Any system that is within the limited range of these weapons will be disrupted or have its electronic components destroyed. Cyberterrorists can utilize this type of weapon for espionage to gain the information needed to access a system by impersonating legitimate users. a worm may also simply replicate itself on target computers while it continues to spread across a network. but a worm is designed to spread across a computer network independently. and worms are initially programmed and then inserted into computer systems."21 Using a social engineering tactic. Once in possession of legitimate log on information. thus compounding the problem of intrusion detection. or worms to expand their control of the system or shut it down. such as data collection or ensure of old data.

At some point in terrorism. which contains an overview of some of the more popular definitions in the literature. an individual or group must believe that they are being threatened with violence. The violence caused by a terrorist action must have some larger political goal than the physical action itself.these weapons against computer targets. incriminated in the sarin gas attacks on Tokyo's subway was attempting to develop a high powered microwave weapon. Terrorism The debate over the definition of terrorism is as old as the term itself. expanding the definition of terrorism to include actions taken inside cyberspace as well as the physical world may be necessary. There are several elements that run through the many definitions of terrorism.25 In the same manner as a fertilizer bomb can be assembled by a conventional terrorist. Unlike the cyberterrorist. The second element is the political nature of terrorism. An electromagnetic weapon does not leave a crater like a conventional bomb. As such.23 Press reports from Japan indicate that the AUM Shinrikyo cult. a cyberterrorist can manufacture an EMP/T bomb out of readily available electrical and electronic components. they may have intended this weapon for use against electronic targets as well. The debate surrounding the definition of terrorism is addressed in Appendix B. nor does it modify the operating system of a computer." The technoterrorist understands the importance of high technology networks and C2 systems to a "third wave" state. One of the popular selling points of information warfare is that it is a less violent and destructive form of warfare in which the combatant states wage war with electrons in cyberspace. The first critical element is physical violence. detection of an attack becomes more difficult. ostensibly for use against humans. Technoterrorism is the intermediate step between "conventional" terrorism and "cyberterrorism. While the ability of states to wage relatively bloodless war is yet to be seen (the Persian Gulf war began to approach this standard in terms of allied . The technoterrorist will use "conventional" weapons such as bombs and physical destruction to destroy or disable those systems that control cyberspace. As the world moves into the information age. An understanding of the violent and political elements of terrorism are most important for this study.24 While suspected of being powerful enough to incinerate a human body. the computer itself (hardware rather than software) is the target of the technoterrorist. Technoterrorism. the technoterrorist will target and attack those systems that exist in the physical world to disrupt cyberspace. 5. These weapons have been names HERF (High energy Radio Frequency) Guns and EMP/T (Electro Magnetic Pulse Transformer) Bombs by Winn Schwartau in testimony before Congress. 6. Thus.

not people are destroyed. these computers increase the power of the weapons available to cyberterrorist and criminals. where electrons. not destruction must be included as a tool to be utilized by cyberterrorists. it is important to include information warfare as a potential component of information age terrorism." or violence in cyberspace. In addition. The military information warfare tactics that exploit this dual nature may be used against the United States by future cyberterrorists. The evolving concept of information warfare will influence terrorism in the information age. must be understood in the information age. As such. the potential to create mass chaos and insecurity in a society via information warfare techniques may appeal to terrorists. As discussed in Chapter III. the definition of terrorism must be adapted and applied to those events that extend beyond mere physical violence and include what can be called "cyberviolence. Every advance in computing power continues to increase the usefulness of computers and their associated networks to law-abiding citizens. .casualties). disruption. as both a tool and weapon. The implications of computer technology's dual nature. Simultaneously.

Similarly. it is necessary to define these topics as separate entities. but information warfare is not.‖ Further. Thus. Murder is always killing. ―Cyber terrorism is a component of information warfare.. undefined and misunderstood terms easily could lead a conversation to proceed along parallel lines rather than an intersecting track. as in the case of understanding what cyber terror is and what it is not. Wrong assumptions about concepts. Ph. differentiating concepts and terms is important. Information Warfare Dorothy Denning. In the law enforcement community. accurate knowledge of the context and targets of cyber attacks enhances clarity and helps to avoid obscuring intent.D.Cyber Terror By William L. officers who use a weapon in the line of duty to defend themselves or innocent bystanders may kill but not murder. one often-cited expert.‖1 Said another way.cyber terrorism. words. ―Information warfare is about operations that target or exploit information . Context often serves as the crucial variable justifying the use of deadly force. describes but does not define information warfare (IW): ―Information warfare consists of offensive and defensive operations against information resources of a ‗win-lose‘ nature. For this reason. but killing is not always murder.. Tafoya. Anyone ever misquoted recognizes the importance of context. and phrases easily lead to misunderstanding.

Clearly. is not the technological tools employed but the context and target. EW. and IO through the enforcement clandestine introduction of viruses agencies and logic bombs into Iraqi need to stay well Republican Guard (IRG) informed about command-and-control-center what computers and peripherals.‖2 Nevertheless. control.resources. and steganography. the convergence of these two worlds. and use information. law EW. But. and IO encompass the use of cryptography (cryptology and cryptanalysis). and Security Program at the University of New Haven in IO. however. is the coordinator of and a professor in the Information Protection and battlefield constitutes IW. EW. is older than IW and dates back to World War II. primarily a military term. None of the three. however. electronically acquired intelligence. but terrorism—cyber terror. alteration of the targeting and launching of Scud missiles. and IO? Cyber Terror The term was coined in the 1980s by Barry Collin who discussed this dynamic of terrorism as transcendence from the physical to the virtual realm and ―the intersection. Cyberterrorists may use these same tools. radar jamming. electronic surveillance. high-altitude aerial reconnaissance. Electronic warfare (EW).5 Military combatants engaging one another on the Dr. The distinction..‖4 IW has several variants. are synonymous with cyber terror. or systems in a rivalry over the power to obtain.‖6 The Center for Strategic . Attacking the largely civilian Connecticut.. equipment.. several secondary and tertiary sources term her description ―Denning‘s Definition. how does cyber terror differ from IW. EW and IO both are synonymous with IW. critical infrastructure is notwarfare. causing the disruption and the experts think. In 1991 during Operation Desert Storm. Tafoya. IW.‖3 Other researchers assert that ―Information warfare is combat operations in a high-tech battlefield environment in which both sides use information technology means. a retired FBI special agent. EO. coalition forces used IW. Information operations (IO) is the more contemporary military nomenclature.

transportation.g. they should calculate the cost of replacing their hard drives and databases in the event they became intentionally wiped out—then. religious. as well as private. Further. neither could compare to the loss of one human life. that certainly would impact quality of life. The intelligence community (IC) is at a turning point because it is difficult to catch a criminal who establishes an identity in cyberspace.‖ As an illustration in size. [we are at] a critical point in [time] for public policy because the government will have to devise regulations of electronic data transfer for public. groups. The highest levels of government have emphasized the need to focus on this specter. a graduate student observed that ―Cyberterrorism is a critical threat to national security and public policy. Of course. this article does not compare to the holdings of the Library of Congress. or ideological aims.. Loss of the latter. but would impact few other people. would prove devastating if a cyber attack deleted those files.‖9 Although some experts assert that no credible evidence exists that terrorists have initiated cyber attacks.and International Studies (CSIS) has defined it as ―the use of computer network tools to shut down critical national infrastructures (e.‖7 The author defines cyber terror as ―the intimidation of civilian enterprise through the use of high technology to bring about political. double that estimate. actions that result in disabling or deleting critical infrastructure data or information. allegedly undertook such attacks more than a decade ago.10―Lone wolves‖ have perpetrated more recent ones. energy.11 What are the most vulnerable targets of cyber terrorists? What constitutes the significance of the targets and the magnitude of the threat? Does it matter what the threat is called? Does cyber terror constitute an element of computer crime? …where do vulnerabilities . But. The loss of the former would be traumatic to the author. government operations) or to coerce or intimidate a government or civilian population. likely irreplaceable. information that can be identified and accessed via the Internet. such as Hamas and Hezbollah.8 Recently. if data or information from any of the nation‘s critical infrastructure databases were attacked and destroyed. One expert asserted that if people wanted to know how much to spend on information security.

but. Mitra. a lone wolf. and Conficker Worm (2008). Mitra.. 2004. elements of the business sector. and the sophistication and diversity of types of cyber attacks have increased. Code Red Worm (2002). acts ofcyber terror as here defined impact society—even the nation—not just an individual. and various scams. v. Initially. One example is the case of U. the earliest occurrence of such abuse occurred in 1958. In 2003. was of Robert Tappan Morris. Rajib K. and later sentenced to 96 months imprisonment. Jr. Over the course of approximately 13 years. not even the technological tools most prominent authorities have reached a will terrorists consensus about what constitutes use? computer crime. all of which certainly are malicious. According to one of the pioneers of this genre.13 Along the time continuum. then a graduate student of computer science.12 The first prosecution under federal law. fraud. identify theft. Space limitations do not allow for an incident-by-incident accounting of cyber terror episodes. U. The case was prosecuted under federal law (Computer Fraud and Abuse Act). who unleashed the so-called Internet Worm in 1988.S. noting that ―it is impossible to fathom why any sane person would think that the penalty for crippling an emergencycommunication system on which lives may depend should [not] be higher than the penalty for hacking into a Web site to leave a rude message. this is where the line begins to blur between ―conventional‖ computer crime and what the author refers to as cyber terror. if people wait until they have absolute proof positive. Seventh Circuit Court of Appeals judges ruled unanimously. However. U. ILOVEYOU Virus (2001). These attacks differ from extortion. and what More than a half century later. both the number and frequency of instances of digital disorder have intensified.‖14 Clearly.S. ultimately. the Computer Fraud and Abuse Act.S. law enforcement agencies need to stay well informed about what the experts think. was tried and convicted on March 12. This genus includes the Melissa Virus (1999). However. . Title 18.Computer Crime lie. Blaster Virus (2004). Subsequently. Code. deemed them attacks on the critical infrastructure. The cyber trends seem clear. authorities investigated Mitra‘s cyber assaults as a violation of Wisconsin state law. Section 1030. Mitra undertook an ongoing attack on a police emergency radio system. Most contemporary professionals remain cautious. it may be too late. his appeal failed. or government agencies.

SCADA systems have proliferated rapidly—for starters. they were stand-alone. and what technological tools will terrorists use? SCADA Systems Not the only concern. They are spread far and wide across the nation. do experts resemble the proverbial blind men who feel different parts of the same elephant? On the near-term horizon. SCADA systems also are embedded in ―telephone and cell phone networks. air. water treatment. waste management. or taking over the air traffic control network and colliding airplanes. technological wonders will arise of which the unscrupulous will avail themselves. but not from an information security perspective. and how damaging is it likely to be?‖15 Another authority notes that ―threats to the critical infrastructure are becoming increasingly frequent‖ and goes on to say. even in some of the most remote places . they automatically and remotely collect data from sensors in devices used for industrial processing. Today. They store information in databases for subsequent central-site management and processing. railroad. This may be great as a cost-cutting measure. are supervisory control and data acquisition (SCADA) systems.‖ He went on to invoke a costbenefit ratio perspective: ―We need to understand the actual risks.One high-profile specialist contended that ―stories of terrorists controlling the power grid. oil. routers. are unrealistic scare stories. firewalls. where do vulnerabilities lie. what about the future? What technological innovations will impact the ability to serve and protect in the near-term future? Tomorrow’s Challenges Concerning the use of the term cyber terror. Quietly and without fanfare. and maritime. or antivirus software to protect them. but certainly a major worry.17 But. or opening dams. and gas. and automobile traffic control industries. SCADA systems have existed since the 1960s. including 911 emergency services. just as others before them have done. and few were networked. virtually all are accessed via the Internet. Closely related are digital control systems (DCS) and programmable logic controllers (PLC). SCADA systems are more ubiquitous than personal computers and laptops combined. is fire not obviously far behind? And. in the electric.‖16 Where there is smoke. ―Cyber attacks are one of the greatest threats to international peace and security in the 21st Century. Here‘s the critical question we need to answer: Just how likely is a terrorist attack.‖18 These obscure little drone-like computer systems have virtually no security. Without onsite human intervention. In the early days.

23 HERF. or electrical energy to a target. the question is not what might happen tomorrow.19 One anonymous hacker interviewed for a television program said. irretrievably erase data in memory storage devices. does not cause permanent damage—EMP does. . Given these forecasts. and worms of yesteryear. ―SCADA is a standard approach toward control systems that pervades everything from water supply to fuel lines. an expert warned about Internet agents. addresses. Web spiders. cyber now loom large as a near-term future IC attacks on the nation’s and policing issue. mechanical. specified with the aftermath words or phrases. These devices can destroy a computer‘s motherboard and permanently. and Web …law enforcement scutters. how wellprepared law enforcement will be to protect and serve. EMP and HERF are serious menacing perils of the near-term technological age. Bots Two decades ago. as asserted.24 An array of demonstrations of the power of such homemade devices is depicted at several Web sources.imaginable. deliver heat. too. and perpetrators can use them to overload computer circuitry. they reoccurring.22 They. More recent research critical infrastructure. While the latter remain worrisome. Web crawlers. HERF devices use electromagnetic radiation. harvesting but not regularly e-mail addresses—for many years. or e-mail of hard-to-forecast.‖ He goes on to describe that the systems run operating systems that make them vulnerable.21 Like EMPs. including bots (robots). supports this contention. rather.20 Ominous Threats Electromagnetic pulse (EMP) bombs and high-energy radio frequency (HERF) weapons differ from the malicious codes.25 Although bots have served benign functions—for example. EMP devices are compact. computer viruses. The difference is that individuals can focus HERF devices on a specific target using a parabolic reflector. but. prepared to deal such as retrieving linked pages. such as YouTube. software apps that traverse the agencies should be Internet while undertaking repetitive tasks.

anyone can recognize these digital threats. has focused on marshaling the talents of members of America‘s information security (INFOSEC) community. Many local law enforcement agencies have had useful resources. Say Something is a terrific crime prevention slogan promoted in New York City. then.‖ To reduce the threat. tsunamis. However. This includes ensuring adequate funding for staffing. Precautions. an information sharing and analysis effort. . and training. alerted the New York Police Department to the SUV used in what turned out to be. beyond that. such as citizens‘ police academies. local law enforcement officers must encourage citizens to be alert and to report suspicious behavior. must remain vigilant. equipment. is the bottom line? Necessary Preparations Earthquakes. includingcyber terror. what of ―main street USA‖? See Something. and implementation of the augmentation here proposed. toxic spills. tornadoes. but not regularly reoccurring. Similarly. employees could add a ―‗behavior‘ layer to [antivirus products]. for decades. including those in a work environment.27 It seems to have resonated recently in Times Square when an observant man. that could alert authorities to precursors of potential cyber misdeeds. a street vendor and Vietnam veteran. But. hurricanes. What.‖29 Of course. forest fires.28 Any such program should be augmented to provide to its participants examples of behavior in the business community.Implications for Law Enforcement Federal agencies responsible for investigating terrorism. Although they cannot be forecast with great accuracy. Just as someone does not need specialized education to recognize threats in real life. there is no reason not to include such agencies in the discussion. These programs can educate taxpayers about activity in the physical realm that should be reported. planning. nevertheless. are in place to protect people from the physical threats posed when these natural but seldom-occurring violent events occur. we are prepared for them. and shark attacks do not occur with great frequency. a failed Taliban-sponsored car-bombing attempt. this suggestion could unnerve many civil liberty-oriented watchdog organizations. volcanoes. One authority notes that ―an example of suspicious behavior might be a bit of malicious program attempting to install itself from opening an office document. what about transcendence to the virtual realm? Since 1996. law enforcement agencies should be prepared to deal with the aftermath of hard-toforecast. the FBI‘s InfraGard Program.26 However. cyber attacks on the nation‘s critical infrastructure. fortunately.

―to protect and serve. preparations to thwart such attacks are necessary. and learning more each time they do so. Brazil. not the technological tools or frequency of attacks. and Spain. To best serve its motto. Thus. Endnotes 1 Robert Taylor. Some of these criminals are being caught and prosecuted. NJ: Pearson Prentice Hall. the context and targets. 2 Dorothy Denning. battering firewalls. ed. France.‖ in Information Warfare: Separating Hype from Reality. China. well-known U. Information Warfare and Security (Reading. Respected INFOSEC authorities have made a compelling case for the ―swarm‖—attacks via different paths by dispersed cells. 19. Leigh Armistead (Washington. What is not obvious is by whom or when. cyber terrorism targets civilians. ―Cyberterrorism: Hype and Reality. Tory Caeti. Eric Fritsch. already have experienced such attacks. but information warfare is conducted between military combatants. 2011). Al Qaeda already has demonstrated an understanding of the technique. preparing to launch a large-scale attack. Daily crackers and terrorists are skulking. DC: .Criminals are menacing our cyber shores. companies have reported major breaches targeting source code. Conclusion The skills.30Other countries. tools. 3 Maura Conway. 21.32 Cyber terrorists are pinging ports and probing our digital fortifications as they endeavor to identify vulnerabilities. Kall Loper. Digital Crime and Digital Terrorism (Upper Saddle River. 1999).‖ law enforcement must proactively guard this country‘s national security on every front. Saudi Arabia. such as India. Cyber terrorists indiscriminately will attack the nation‘s critical infrastructure and civilians—the innocent. and techniques are the same. but more remain undetected. are the more appropriate delimiters that distinguish cyber terror from informationwarfare.S. Clearly. and John Liederbach. E. MA: AddisonWesley Longman. What is clear is that it will happen.31 Additionally.

See alsohttp://www. 2007). MA: Little. 2010). 2010). June 9-12. 11 National Security Council. 2010). ―Future of Computing‖ (lectures.com.globalsecurity. 5 Denning. and CBS.http://csis. FBI Academy. VA. ‖The Future of Cyberterrorism. http://video. 34th Annual Meeting of the Northeastern Association of Criminal Justice Sciences.htm (accessed October 28. 15 Bruce Schneier.sdsc. ―Sabotaging the System. 2010).S.com/ccrime. 10 David Pettinari. andhttp://www. ―Computer Crime. China. 7 James Lewis. Bristol.‖ Academy of Military Science. 2010). Beyond Fear: Thinking Sensibly About Security in an Uncertain World (New York. Brown.pdf (acc essed October 28. 2010).techrepublic. 73–93.com/2422-13792_11364499. htm (accessed October 29. 1976). ―Information Warfare. 6 Barry Collin.youtube. 14 U.‖ Police Futurist 5. Beijing. v.http://www.‖ Crime & Justice International Journal (March 1997): 15.youtube. 2010).com/watch?v=CVMhPVInxoE&feature=related (accessed October 29.org/files/media/csis/pubs/021101_risks_of_cyberterror.rbs2.html (accessed October 29 2010). ―Cyber Terror: Unequivocal Threat or Hyperbole?‖ (awardwinning paper presentation.html (accessed October 29. 12 Donn Parker. Crime by Computer (New York. Quantico.edu/ScienceWomen/hopper. NY: Copernicus Books. RI. .‖http://www. 8 Dr. no. ―The Comprehensive National Cybersecurity Initiative.org/irp/world/china/docs/iw_wang. 1985-1991).‖ Center for Strategic and International Studies.org/security/library/policy/national/cnci_2010. 1993). ―Cyber Terrorism-Information Warfare in Every Hamlet. ―Assessing the Risks of Cyber Terrorism.com/watch?v=7sUT7gFQEsY (accessed October 29. 2003).htm (accessed October 29. Mitra 04-2328. 9 Mehwish Salim. 2010). War and Anti-War: Survival at the Dawn of the 21st Century(Boston. Cyber War and Other Cyber Threats.fas. and Alvin and Heidi Toffler.Potomac Books.‖ 60 Minutes. 4 Wang Baocun and Li Fei.‖ http://www.http://www. NY: Charles Scribner‘s Sons. Grace Hopper. 13 Ronald Standler. 3 (1997): 7-8.

visit http://www. 20 Tom Longstaff.net.com/guides/content. 21 Graham. ―SCADA and Security. Chairman. 26 For more information. 23 For additional information. 2010).‖http://www. Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack. 2010). see http://www.battelle. Air Force encourage citizens Institute of Technology. visit http://www. 1997). .pbs. http://empcommission. and Seth Fogie. Air War University.com/definition/Parabolic_reflector (accessed October 29. 2010). KY. annual meeting of the Academy of Criminal Justice Sciences. 24 John Geis.aspx?g=security&seqNum=323 (accessed October 29. ―Robots. TrustBased Security Mechanisms for a National …officers must Utility Intranet‖ (master‘s thesis. Alabama.16 17 Jeffrey Carr.pdf (accessed October 29. ―Report of the behavior. Critical to report suspicious National Infrastructures. ―SCADA InSecurity.informit.lbl.org/wgbh/pages/frontline/shows/cyberwar/vulnerable/s cada. 2010). ―Collaborative. to be alert and 19 William Graham. 2003). Wanderers. Maxwell Air Force Base.org/do cs/A2473-EMP_Commission-7MB.‖http://www. see http://www.org.com/guides/content.informit. 22 For additional information. CA: O‘Reilly. 25 Kevin Manson.gov/MicroWorlds/ALSTool/EMSpec/ (accessed October 29. 2010).aspx?g=security&seqNum=322 (accessed October 29. 2010). Louisville. Inside Cyber Warfare (Sebastopol. Spiders and Avatars: The Virtual Investigator and Community Policing Behind the Thin Digital Blue Line‖ (presentation.html (accessed October 29. 2010).‖ EMP Commission. 18 Gregory Coates.infragard. ―Cyberwar: Vulnerability of Scada Systems?‖http://www. ―Directed Energy Weapons of the Battlefield: A New Vision for 2025‖ (paper. March 15. Center for Strategy and Technology.wordiq. 2007). For more information. Seth Fogie.

May 2. visit http://www. ―President Calls to Thank Times Square Vendor.com/threatlevel/2010/01/google-hack-attack/ (accessed October 29. 2010. 2010).com/threatlevel/2010/01/csis-report-oncybersecurity/ (accessed October 29.wired. .info/mta/security/index.‖ http://www. ―Security Expert Urges Shift in Tactics Against Cyber Attacks.wired.html (accessed October 29. 29 Frances Alonzo. CA: RAND. 2010. Swarming and the Future of Conflict (Santa Monica.―Pakistani Taliban Behind Attempted Times Square Car Bombing. ―Report: Critical Infrastructures Under Constant Cyberattack Globally‖http://www. 2000).27 28 For more information. May 9. 2010).mta. Attorney General Says.‖Washington Post. ―Google Hackers Targeted Source Code of More Than 30 Companies.org/news/ security-expert-urges-shift-in-tactics-against-cyber-attacks-206747eng. ―Fighting the Network War. 31 Kim Zetter. and John Arquilla and David Ronfeldt.‖http://it. 2010).html.‖ Wired 9.‖ Associated Press. 12 (2001). 32 Kim Zetter.moldova. and Anne Komblut. 30 John Arquilla and David Ronfeldt. no.