MANAGEMENT INFORMATION SYSTEMS

A STUDY ON CYBER TERRORISM

PROJECT REPORT

SUBMITTED BY:

SHABNI K.A

ROLL NO: 42

IIIrd TRIMESTER

SUBMITTED TO:

PROF. C.M SULAIKA

MBA DEPARTMENT

MES College of Engineering, Kuttipuram

2018-2020

1
 TABLE OF CONTENTS

CHAPTER TITLE PAGE NO

1 Introduction 3-6
2 Research methodology 7
3 Data analysis and interpretation 8-11
4 Findings, suggestions and conclusion 12-14
Bibliography 14

2
 CHAPTER I

INTRODUCTION

Starting in the 19th century, the rise of modern infrastructure systems

has been increasing exponentially, assuming key role for the economy and
security of nations, particularly in the most developed ones. More recently,
the increasing dependency on the Internet has brought heightened concerns about
society's vulnerability to a relatively new form of risk- cyber terrorism.

Terrorists use cyberspace as a target, a weapon and also as a resource. As a target,

Terrorist activities are aimed at the Internet itself, its infrastructure and content
(hardware and software), as well as anyone who uses the Internet in their daily
lives. As a weapon, attacks are committed against physical targets (typically,
critical infrastructures) using Internet resources, to produce real physical impact
(i.e., damage to assets and/or death of humans). As a resource, it provides terrorists
with a wide range of possibilities and applications, namely, propaganda,
communication, command & control, and intelligence. This document focuses on
the best practices developed and used by different leading private and public
entities to counter these terrorist cyber activities, in particular, Security & Defense
organizations that work in counterterrorism.
Within the scope of this analysis we adopted the view of best practices presented
by NATO:
“A best practice is a method or technique that has consistently shown results superi
or to those achieved with other means. It usually becomes a benchmark or standard
way of doing things that multiple organizations can use. Effective practices
exist at organizational, sector, national and international levels for many things,
including interoperability, safety, and security. There are pockets of

3
excellence that could be leveraged to minimize the duplication of effort and
maximize security postures.” (NATO SfPS, 2014)

Since Cyber Terrorism is a specific domain within the more vast range of
possibilities used by terrorists for centuries, it is important to mention that this
document will not refer to general counterterrorism best practices, except if they
address the topic at hand.

A last note must be made on the existing limitation to directly refer to classified
information, which includes most of the official documents of national and
international security and intelligence agencies, discussing counterterrorism
operational procedures and best practices (including in the cyber domain).

Cyber terrorism refers to terrorism in cyberspace. Cyber terrorism includes

unlawful information systems, networks and other computer resources. The main
purpose of cyber terrorism is to intimidate or coerce people of specific community
or nationality, a government. The attackers normally represent certain political and
social objectives. An attack can be related to cyber terrorism only if it results in
violence against persons or property in such a way that it generates fear. Cyber
terrorism includes only serious attacks that incur substantial damages to critical
infrastructures. It does not include disruption of non-critical services.

“Cyber terrorism is the premeditated use of disruptive activities or the threat

thereof, against computers and/or networks, with the intention to cause harm or
further social, ideological, religious, political or similar objectives or to intimidate
any person in furtherance of such objectives”

According to Mark M. Pollitt, “Cyber terrorism is the premeditated politically

motivated attack against information, computer systems, computer programs and
4
data which result in violence against non-combatant targets by sub-national groups
or clandestine agents.

Pure cyber terrorism

Pure cyber terrorism refers to terrorism activity primarily in the virtual space.
There are multiple ways of meeting and communicating anonymously with like-
minded people over internet. To launch a cyber terrorism attack does not require
any physical resources like muscular power, dangerous weapon or large amount of
money. The only required things are knowledge, computer, internet and some
hacking software which can be used multiple times.

In the near future there are possibility of rise of entirely new terrorist groups that
may work in cyber world with safety of anonymity and with fast speed of
organization of members and activity.

According to The National Conference of State Legislatures (NCSL), “Pure cyber

terrorism is the use of information technology by terrorist groups and individuals
to further their agenda. This can be include use of information technology to
organize and execute attacks against networks, computer systems and
telecommunication infrastructures or for exchanging information or making threats
electronically. Examples are hacking in to computer systems, introducing viruses
in to vulnerable networks, website defacing, denial-of-service attacks or terroristic
threats made via electronic communication.”

5
 Objectives of the study

1. To understand the impact of cyber terrorism in various sectors.

2. To provide some suggestions.

Limitations of the study

1. The whole project is based upon the past data analysis.

2. Due to the time limit, I can’t go through a detailed investigation.

6
 CHAPTER II

RESEARCH METHODOLOGY

 Collection of Data

Secondary data: - Secondary data are collected from referring books and surfing
the internet.

 Research method

Document analysis was used to collect data.

7
 CHAPTER III

DATA ANALYSIS AND INTERPRETATIONS

 Cyber terrorism attacks in various sectors

1. Real Estate & Property

Between 55-60% exposures lie in its real estate coverage. This portfolio
incorporates many major London buildings as well as industrial parks, stadia,
arenas and major shopping centers throughout the UK. The Real Estate & Property
category contained the highest number of potential cyber terrorism scenarios.

The scenarios in this category involve the direct exploitation of evacuation and
safety mechanisms and HVAC systems to create physically damaging effects
impacting a building’s structural integrity, its contents and any individuals inside
it. These scenarios are typically time sensitive in their nature, and would need to be
organized with sufficient intelligence to be fully destructive. The proposed cyber
terrorism scenarios for Real Estate are generally also applicable to all other
categories of exposure and could be carried out against facilities insured under
other categories.

2. Aviation

Airports and commercial airliners have been targets for terrorism and extremists
since the mid-twentieth century. The many of the UK’s largest airports, as well as
NATS air traffic control facilities. The scheme’s coverage does not extend to
carrier jets or planes, or their contents. The scenarios in this category demonstrate
how traditional aviation terrorist attacks can be achieved through digital means.

8
3. Retail

A number of large retailers are covered by the Pool Re scheme. The scenarios in
the Real Estate & Property category may be similarly applied to these facilities and
threaten members of the public. The cyber terrorism scenarios specific to this
category lead to significant business interruption due to the loss or compromise of
stock.

4. Construction

Though construction sites may be inherently vulnerable to physical attacks or

infiltration in dense urban areas, there is currently relatively little explosive or
damaging cyber risk associated with the technology present on sites. In October
2015, the CECE-CEMA political summit petitioned the EU to enact legislation to
speed and promote the transition to digitized construction work-sites in Europe,
with an aim to increasing precision and fuel efficiency; ensuring the security of
digitized industrial machinery on construction sites in the future is a matter of
some concern. In 2017, the Committee for European Construction Equipment re-
emphasized its ambitions to digitize work-sites for greater fuel and personnel
efficiency.

5. Transport

The scheme covers various transport depots (stations, docks, links, major
motorways and toll), though not the vessels themselves, including the undersea rail
connections Considering its international status and symbolic value, we would
expect major rail routes to be a likely target for future terrorist disruption; cyber
represents a feasible avenue by which to compromise this rail service. Other
scenarios in this category involve deliberate cargo and signal tampering to create
explosive collisions with major impacts on public health.
9
Interpretations:-

These scenarios were categorized by their area of impact in one of the ten exposure
categories provided by Pool Re and then qualitatively ranked on various interest
criteria, listed below, in order to establish their likelihood and plausibility as attack
vectors for potential cyber terrorism. They are listed with their breakdown for
Material Damage expressed as a percentage of Pool Re’s portfolio. The list does
not include Housing or Miscellaneous coverage as listed in Pool Re’s own data
schemes.

1. Real Estate & Property (70%)

2. Aviation (1.5%)

3. Retail (2%)

4. Construction (1%)

5. Transport (15%)

6. Power & Energy (1.5%)

7. Healthcare (1%)

8. Pharmaceutical (1%)

9. Chemical (1%)

10. Aerospace (1.5%)

While TIV (The total insured value) is most concentrated in the London area and
along commuter lines to the UK’s industrial centers, roughly 33% of Pool Re’s
Material Damage exposure is located in urban areas, compared with 66% in non-
city areas. It is reasonable to assume that London would be the area most at risk in
10
any future cyber terrorism plots, and that insured companies located in the City
would be most susceptible to malicious compromise and viewed as high value
targets. However, cyber risk is rarely limited or circumvented by geography. A
piece of malware that is designed to infect a particular industrial system may put
all systems using a certain exploitable technology at risk, and any physical damage
caused may be indiscriminate in terms of location. The most sophisticated and
costly acts of cyber terrorism are likely to impact multiple systems at the national
level.

11
 CHAPTER IV

FINDINGS, SUGGESTIONS, CONCLUSION

FINDINGS

 Cyber terrorism is one of the greatest threats to the IT world.

 It affected various sectors.
 The Real Estate & Property category contained the highest number of potential
cyber terrorism scenarios.
 The scenarios in this category involve the direct exploitation of evacuation and
safety mechanisms and HVAC systems to create physically damaging effects
impacting a building’s structural integrity, its contents and any individuals
inside it.
 Airports and commercial airliners have been targets for terrorism and extremists
since the mid-twentieth century. The scenarios in this category demonstrate
how traditional aviation terrorist attacks can be achieved through digital means.
 The cyber terrorism scenarios specific to this category lead to significant
business interruption due to the loss or compromise of stock.
 Though construction sites may be inherently vulnerable to physical attacks or
infiltration in dense urban areas, there is currently relatively little explosive or
damaging cyber risk associated with the technology present on sites.
 Considering its international status and symbolic value, we would expect major
rail routes to be a likely target for future terrorist disruption; cyber represents a
feasible avenue by which to compromise this rail service.

12
SUGGESTIONS

 Introduction of insurance against cyber terrorism may provide relief to the

victims.
 Advanced studies and research about encryption and decryption of data may
help to get a protection from the cyber terrorists.
 Cyber terrorism is growing threat to all over the sectors, so more care should be
given in this subject matter.
 Terrorists already acquire explosives or physical weapons through similar black
market means. Focusing on such black markets, helps to relieve terrorists plot.

CONCLUSION

From the study which conducted on the topic cyber terrorism, we can understand
that, the cyber terrorism attacks on various sectors and its impact. The population
of digital devices, which form the first line of vulnerability to a cyber attack, is
growing rapidly. The complexity of the interaction of those devices with each other
and with existing physical systems, from manufacturing and other industrial
facilities to biological systems, the latter including human healthcare, likewise
increases the potential means or vectors of destructive attacks. The same
complexity also masks criticality of digital processes or devices, i.e., the extent to
which compromising a relatively rare process or device leads to an exponentially
larger effect on the whole system. In this context, issues such as the cost of
business interruption insurance payouts, currently found to be a relatively low
priority concern, and the ongoing progress in industry and commerce of cyber
education, data and process standards, and IT capability in monitoring and
responding to digital anomalies, are expected to become more visible and
significant over time.

13
Therefore a qualifying conclusion is that the emergent nature of the digital
economy, cyber tools, and the capabilities of our own adversaries require a
repeated reassessment of cyber attack over time. A greater depth of understanding
and threat assessment will be gained through continued collaboration between Pool
Re and the Cambridge Centre for Risk Studies in the coming years.

Bibliography

 www.jbs.cam.ac.uk/risk
 Cyber Terrorism Insurance Futures Project Lead by Simon Ruffle, Tamara
Evan
 Evan, T.; Leverett, E.; Ruffle, S. J.; Coburn, A. W.; Bourdeau, J.; Gunaratna,
R.; Ralph, D.; 2017. Cyber Terrorism: Assessment of the Threat to Insurance;
Cambridge Risk Framework series; Centre for Risk Studies, University of
Cambridge. Evan, T.; Leverett, E.; Ruffle, S. J.; Coburn, A. W.; Bourdeau, J.;
Gunaratna, R.; Ralph, D.; 2017. Cyber Terrorism: Assessment of the Threat to
Insurance; Cambridge Risk Framework series; Centre for Risk Studies,
University of Cambridge.

14