Our world is changing every single day. Technology is advancing every second. Unfortunately, terrorists are evolving at the same rate, or even faster. With increased dependence on the internet and other technology, we become more vulnerable to cyber-crime and the emerging threat of cyber-terrorism. This paper examines why cyber-terrorism is an emerging threat, the methods used to conduct cyber-attacks, and what is being done to mitigate, prevent, and protect against these threats. This paper will also look at real world cyber-terrorism attacks that have taken place, as well as hypothetical worst-case scenarios.
The word terrorism first appeared in the late 1700s during the French Revolution. Over the 19th, 20th, and 21st centuries, the meaning and ideology of terrorism shifted. Terrorism is hard to define, and there are several definitions out there used to describe it. The reason it is hard to describe is because it changes over time and is viewed differently by people in various social and political environments (White, 2017). The U.S. Code of Federal Regulations defines terrorism as “the unlawful use of force and violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives.” The United States has made significant strides to protect our nation against terrorism, especially after 9/11. After 9/11, The U.S. Government established the U.S. Department of Homeland Security, enhanced transportation security, and developed the concept of fusion centers. The Department of Homeland Security was awarded tens of billions of dollars for these new initiatives. In the United States, we may be safer from 9/11 style attacks than we were pre 9/11, however, the threats we face continue to change daily.
Our world continues to evolve rapidly, and technology continues to advance at an extraordinary rate, both for better and worse. There is always a new phone, new computer, new software system, or new vehicle coming out that has more advanced technology. Unfortunately, terrorists and other criminals evolve just as fast as technology, and they are often a step ahead of our government. For instance, the internet has allowed terrorist groups to expand because it has opened the doors for recruitment worldwide. However, not only is technology a tool for recruitment, technology can be used as a weapon. Due to increased dependence on technology, we are most vulnerable to cyber attacks or cyber-terrorism that could disrupt our economy and cripple our society. These attacks may include damaging critical infrastructure such as electric and power, attacking hospital systems that could prevent essential equipment from working properly, causing a nuclear power plant meltdown, defacing websites, or hacking into sensitive government documents.
It is important to note that cyber-terrorism is different from cyber-attacks and cyber-crime. The difference is in the motive behind the attack. Cyber-attacks or cyber-crime are attacks made by criminals to steal money, personal information, or to destroy or alter information. Cyber-Terrorism is defined as “using computers to attack other networks or to conduct physical attacks on computer-controlled targets” (White, 2017), however like terrorism, there is no single definition to describe cyber-terrorism. The methods used for cyber-crimes are often used for cyber-terrorism, what differentiates them from each other is the motivation behind the attack.
Why Terrorists Have Started Turning to Cyberspace
Cyber-Terrorism started in the early 1990s when the internet began to take off. Control systems for critical infrastructure industries such as power utilities, water treatment services, and health and emergency systems are coming online. Experts estimate that by the year 2030, over 30 billion devices will be connected to the internet. This amount of connectivity increases the potential targets for cyber terrorists. Cyber-terrorism is attractive to terrorists for several reasons. First off, even with increased technology, it often remains difficult to identify and trace cyber-attacks. This issue allows cyber-terrorists to complete missions with little risk to being identified. Secondly, cyber-attacks can penetrate boundaries around the world which gives an advantage to terrorists because they can target an area without having to travel. This advantage saves terrorist groups both time and money. Thirdly, the time it takes terrorists or cyber criminals to exploit a vulnerability after being discovered is relatively short. In contrast, it can take those vulnerable to attacks a significant amount of time to identify and fix the issues. Lastly, technology is widely available and relatively cheap compared to other methods of terrorism. While weapons such as bombs can only be used once, technology can be used over and over. The methods of cyber attack are being more sophisticated allowing for more damage to be generated by a single attack.
Methods of Cyber-Terrorism Attacks
There are several methods both cyber-criminals and cyber-terrorist use to attack including but not limited to phishing, watering hole attacks, ransomware, distributed denial of service, man in the middle, and supply chain. These methods of attack are done in order to destroy or delete data, steal information or money, to deface websites, or to gain control over a system. As mentioned before the criminals and terrorists are distinguished by the motive behind the attack.
Phishing is the unlawful act of trying to gain sensitive information including usernames, passwords, credit card information, social security numbers, birthdates, and other personally identifiable information. Spear phishing is a phishing attempt that targets specific people. Phishing is done by sending emails that look legitimate in the hopes of you opening an email and clicking on a link, phishers then record the information typed into the webpage. Phishing is usually attempted in order to access important accounts in order to steal one’s identity as well as create a significant financial loss (Walker, 2019). In addition, phishing has also infected computers with viruses and made people unknowingly participate in money laundering. In fact, between 2013 and 2015, Evaldas Rimasauskas from Lithuania phished both Facebook and Google. The companies combined by a total of over 100 million dollars. Rimasauskas successful phished Google and Facebook by sending invoices posing as Quanta Computer which serves both Facebook and Google as clients (Romo, 2019).
According to Executech.com, a watering hole attack is a technique used by cyber-terrorists that is done by compromising a website that their intended victim frequents regularly. The cyber-terrorists will put malware on the website by planting it within a banner or advertisement. Once the victim visits them website, the malware will spread throughout the user’s organization (school, work, etc.). In June of 2017, a water hole attack was the cause of an attack that wiped information from banks, energy corporations, an airport, and government officials in Ukraine. The virus also affected computers in the United States, Denmark, and India.
According to Executech.com, ransomware is a type of malware that infects computers or networks and prevents access to documents, systems, emails, and networks. Those behind these attacks demand a ransom be paid in order for the organization to gain control of their computer or network back. Ransomware is becoming more common and everyone is at risk. Private industries, local governments, as well as hospitals have been targeted by ransomware attackers. In 2019, the city of Baltimore was hit with a ransomware attack. This attack shut down the city’s email, delayed real estate transactions, delayed permits being issued, and prevented citizens from paying city departments online. The hackers demanded 13 bitcoins to give back control to the city. At this point in time, 13 bitcoins were equivalent to $100,000 (Sullivan, 2019). Baltimore did not end up paying the ransom. The city of Baltimore released information that the cost to recover systems combined with the loss in revenue ended up costing 18.2 million dollars (Duncan, 2019). The Federal Bureau of Investigation does not recommend paying ransoms because there is no guarantee that any data will be returned. It also encourages attackers to do it again in the future and attracts other criminals. However, as a municipal government or private company paying $100,000 to get control back rather than paying over 18 million to recover the data may be enticing. Several large companies and governments are now purchasing or looking to purchase cyber insurance.
Distributed denial of service (DDoS) is done by infecting network systems with malware and turning them into a botnet. In simple terms, a botnet is a network of computers that are controlled as a group. These botnets direct traffic to a specific website, often overwhelming the system which causes normal traffic to get a denial of service error (Walker, 2019). This error can prevent people from going to a website for information. In 2016, hackers attempted several DDoS attacks on the websites of presidential candidates Donald Trump and Hilary Clinton, however they lasted only 30 seconds. A month prior to the DDoS attack on the presidential candidates’ websites, a DDoS attack affected Netflix, Amazon, and Twitter. Service to these websites was out most of the day. This attack was one of the largest DDoS attacks up until that point (Rayome, 2016).
Man in the middle attacks occur when a third party is able to intercept information being shared between two other entities. The attacker is then able to either steal information being shared or alter the information before it is transmitted from one entity to the other. In 2015, almost 50 individuals from various countries in Europe were arrested for man in the middle attacks. The hackers monitored email accounts belonging to various companies in order to track payment requests, the hackers then impersonated the companies and reached out to their clients. The clients then unknowingly sent nearly six million dollars to the hacker’s accounts (Abel, 2015).
According to the National Institute of Standards and Technology, a supply chain attack occurs when software code becomes compromised when an attacker has access to the system through an outside partner, insider threat, or from another cyber-attack. In 2017, hackers compromised the code in a commercial anti-antivirus package which allowed the hackers to gain access to systems to steal classified military documents from South Korea. The documents included wartime contingency plans that were developed jointly between the United States and South Korea (NIST, 2017).
Cyber-criminals and cyber-terrorists have a variety of methods to deploy attacks. Not only are cyber-criminals becoming more advanced, so is the technology they use. Large companies, family owned businesses, governments, and individuals are all at risk. It’s important to recognize vulnerabilities, remain vigilant, and increase our knowledge on such attacks.
Past Cyber-Terrorism Attacks
There have been a limited number of cyber-terrorist attacks in the United States to date. However, they do happen and will continue to happen. In 2015, the United States convicted the Ardit Ferizi. Ardit Ferizi was the first person in the U.S. to be convicted of cyberterrorism and was sentenced to 20 years in prison. Ferizi was accused of providing ISIS with the data of over 1300 military personnel in order to help ISIS target their attacks, he gained access to the data after hacking into a protected computer. Also, in 2015, the Cyber Caliphate, an ISIS hacking group, hacked into the U.S. Central Command’s social media accounts and posted pro ISIS messages as well as threats.
In 2018, a United Kingdom Citizen, Kane Gamble, was convicted for leaking confidential information from the FBI, Department of Justice, and CIA databases. He gained access to these databases by impersonating a CIA Chief. Gamble had political motivations for the attack, he felt strongly about U.S violence against Palestinians as well as bombings the U.S. carried out that killed innocent civilians in Syria and Iraq. He also felt strongly about the police involved shooting of Michael Brown in Ferguson, Missouri which occurred in 2014. Gamble breached the FBI database in order to get the names of 1,000 staff members as well as details of the officer that was responsible for the shooting. Gamble leaked the information from the various databases on the internet for terrorists’ groups to access. Gamble was 15 when he began his cyber terrorism actions and was 18 when convicted, he was sentenced to 2 years in a youth detention center (Cambridge, 2018). His age likely played a role in the short sentence he was given.
While cyber-terrorism attacks have not made many headlines in the United States so far, this will likely change in the future as terrorists’ groups are able to recruit more advanced hackers.
Imagine reading the headline “Two Planes Have Crashed: Caused by an Act of Cyber-Terrorism” or “Plane Crashes into Airport: Controlled by Cyber-Terrorists”. Fortunately, we have not yet seen either of those headlines, but it is realistic enough to cause concern. Thus far, most cyber-attacks have been aimed at reservation systems which can cause flight disruptions and lost revenue. However, future attacks could affect the safety of aircraft and those occupying them.
In 2015, the Federal Aviation Administration was targeted by a cyber attack in which malicious software infected its computer system. The Administration said it found no damage from the attack. Unfortunately, next time that may not be the case. Over the last decade, experts have warned that potential cyber-attacks could cause air traffic control systems to crash, shut down radar facilities, or send false information to pilots and air traffic controllers. By sending false information to air traffic controllers, it could cause planes to collide mid-air or affect where the plane lands.
On 9/11, the plane was taken over by terrorists on board, who ended their own lives to cause the crash. In the future terrorists have the potential to cause a similar attack from the safety of a seat behind a computer. It’s imperative to protect computer systems that control our critical infrastructure in order to prevent these kinds of attacks.
Nuclear Power Plants
Nuclear Power Plants produce 20% of the United States energy every year. Nuclear energy produces little greenhouse gases and is relatively inexpensive to generate. After Three Mile Island, 9/11, and Fukushima, the United States changed policy for Nuclear Power Plants in order to make them safer against human error, terrorist attacks, as well as natural disasters. But are the safe from cyber-terrorism? According to White (2017), nuclear power plants and other critical infrastructure are vulnerable to such attacks. White discusses the possibility of a malicious software infiltrating the computer system and causing a meltdown. A meltdown at a nuclear power plant could cause major physical, mental, and economical damage. A meltdown at a nuclear power plant would cause the relocation of all residents within a 10-mile radius, possibly a larger area as well. Depending on the size of the meltdown, the area could be uninhabitable for dozens to hundreds of years. The financial obligation of the nuclear power plant and government to respond and clean up the area would be unprecedented. The financial burden and mental health of the families who would need to relocate, find new jobs, and start their lives over would be unimaginable. Furthermore, there would likely be protests and a lack of public support for other nuclear power plants throughout the United States.
Natural Disaster Response Interference
Imagine a tornado outbreak is wreaking havoc in the mid-west. However, the sirens aren’t going off. The control system for the sirens have been taken over by cyber-terrorists. People are unable to get living saving information and warning. Hundreds of people who have come to take warnings for granted aren’t getting them. The potential for hundreds of people to perish in the storms is there. Take it a step further and imagine if the same terrorists took control over 9-1-1 communications and the communications of first responders. Those in need of help would be unable to call in and first responders would be unaware of where their assistance may be needed. Ambulances, EMTs, and paramedics could be directed to the wrong area. This type of attack would not only cause fatalities but could also end up causing a lack of faith that people have in those who are supposed to protect them.
There are a lot of what ifs and hypothetical scenarios out there when it comes to cyber-terrorism. The examples above may seem unrealistic or farfetched, and fortunately, we have yet to see something so traumatic. However, as unlikely as they might seem, nothing is impossible. We need to remain vigilant, increase our knowledge, and continue protecting out nations critical infrastructure.
Prevention, Protection, and Mitigation for Cyber-Terrorism
The Federal Emergency Management Agency uses the term “Whole Community Approach.” The term is used to describe that it takes the entire community to prepare for and respond to disasters. When planning for and defending against cyber-terrorism, it is no different, everyone must be due diligent. Individuals need to be aware of phishing attempts, companies need to upgrade technology and test for vulnerabilities, and the government must play a role. At the federal level, several agencies have cyber responsibilities, some responsibilities are unique to the agency, while some responsibilities may overlap.
The Roles of U.S. Agencies in Regard to Cyber Security
According to Lieutenant Colonel Samuel P. Mowery of the United States Marines and Colonel Prentiss O. Baker with the Department of Military Strategy, there is a lack of definitions when it comes to cyber incidents. The lack of accepted definitions forces the Department of Defense to focus on a wide range of cyber incidents including that of minor crimes as well as attacks that could cause affects equal to that of 9/11 (Mowery & Baker 2013). The lack of definitions causes duplication of efforts by various federal agencies. Lieutenant Colonel Samuel P. Mowery believes that in order to prevent duplication of effort, save money, and appropriately respond to cyberspace incidents, that definitions need to be drafted and widely accepted.
Critical Infrastructure and Security Agency
The U.S. government understands the increasing risk of cyber-attacks and cyber-terrorism, and in 2018, President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. The act created the Cyber Security and Infrastructure Security Agency (CISA), the agency was created to serve as the Risk Advisor for the nation.
CISA is designed to strengthen both critical infrastructure and cyberspace, and the two intertwine more every day. For cyber security, the agency is tasked with securing federal networks, conducting risk assessments, providing training and exercise opportunities, as well as providing assistance when cyber-attacks target governmental entities or critical infrastructure.
U.S. Cyber Command
On May 21st, 2010, the U.S. Cyber Command was created. The mission of the U.S. Cyber Command is to “direct, synchronize, and coordinate cyberspace planning and operations to defend and advance national interests in collaboration with domestic and international partners.”
ISIS has been turning to cyberspace for years now. ISIS used the web to spread messages, recruit members, and attack targets. In 2016, the United States decided they needed to attack back. The U.S. Cyber Command partnered with the National Security Agency and formed the Joint Task Force ARES. The plan was to disrupt ISIS operations in cyberspace. Over the summer of 2016, the task force was able to penetrate ISIS networks and began putting malware on their servers and looking for other data that would be of use later on. It is believed that they were able to penetrate the networks by using a phishing scheme. During this time, the task force discovered that the servers that ISIS used where located around the world, and these servers had materials from civilians located on it as well. The task force had to convince Congress and well as DoD officials that they had the skills and knowledge to take down ISIS materials without affecting the civilian materials. In the fall of 2016, Operation Glowing Symphony was a go. The task force began logging into accounts impersonating their enemy. They deleted files, changed passwords, created access denied errors, created slow downloads, and much more. Six months later, and several ISIS websites had still not come back into operation, and three years later, the task force is still in ISIS networks.
The U.S. Cyber Command in partnership with the National Security Agency help keep cyberspace safe here in the United States, and Operation Glowing Symphony is proof of that. As more terrorists groups emerge and technology evolves, there will likely be similar as well as more advanced cyber-attacks back against terrorists groups.
Federal Bureau of Investigation
The Federal Bureau of Investigation (FBI) is the lead federal agency in preventing domestic and international acts of terrorism (to include subsets of terrorism such as cyber-terrorism) and to investigate such attacks. The FBI has 56 field offices throughout the U.S. and has international offices around the world. The FBI has both intelligence and law enforcement responsibilities and works with local law enforcement agencies, fusion centers, and members of the private sector in order to accomplish their missions. In 1996, InfraGard, a partnership between the FBI and private sector industries was developed. InfraGard provides an avenue for public-private collaboration on protecting our nations most critical infrastructure, which includes cyber security initiatives (InfraGard, 2020).
Fusion Centers are an information and intelligence sharing center which first started to appear in the early 2000s. Fusion centers are staffed by full time employees as well as law enforcement officers from various agencies, and often a representative from the FBI. Fusion centers work to identify and stop threats before they occur. In Indiana, the fusion center is physically located within the Emergency Operations Center and works well with the state Watch Desk. The fusion center often does a risk assessment for large events to determine if and what threats pose a risk. According to a briefing by the National Governor’s Association, many fusion centers have started to develop cybersecurity capabilities. For instance, the state of Washington established The Public Regional Information Security Event Management System (PRISEM) which is integrated with cyber intelligence analysts located in the state fusion center. This system allows for information on cyber threats to be shared in real time to public-sector organizations. In New Jersey, the fusion center created a cyber fusion cell that focuses on cyber threats to both public and private entities. In New York, the Fusion center physically moved the Center for Internet Security’s campus in order to improve coordination and communication between private sector, law enforcement, and other government agencies (Blute, 2015).
There are several agencies that play a role in protecting our nation from a variety of threats, including cyber terrorism. While some of the duties of the agencies overlap, they all offer unique tools and expertise on the rising threat of cyber-terrorism. Moving forward, it will be imperative that these agencies enhance their communication and coordination with each other to combat the rising threat of cyber-terrorism.
For individuals, we have car insurance, health insurance, home insurance, and possibly flood insurance. The insurance covers us in case of a loss (car gets damaged, house floods, or you get sick). Businesses may have additional insurance policies such as a business owner policy, workers compensation insurance, general liability insurance, business income insurance. Cyber insurance is another type of policy that businesses can purchase. By purchasing a cyber policy, the business is transferring some of the risk of a cyber-attack. Cyber insurance is like all other insurance policies, it is going to be different for each company, and it is important for policy holders to know the ins and outs of what the policy will cover. The policy may cover the costs of restoring data, cost of lost revenue, or may pay a ransom. Unfortunately, because some insurance companies are paying ransoms, it is encouraging cyber-criminals or cyber-terrorists to continue using ransomware attacks. Although many companies have not yet purchased cyber insurance, some have, and many more are looking into it.
When it comes to terrorism or in general any disaster, as a nation we are more reactive than proactive. After 9/11, the United States made significant changes to try and prevent and protect against future attacks. Cyberspace is one of the most vulnerable places when it comes to terrorism. Information that is generated, transferred, and stored on websites and other internet-based stores is extremely susceptible to cyber-attacks. The critical infrastructure that depends on computer technology is also at risk. A comprehensive proactive approach is needed to combat the rising threat of cyber-terrorism. As a nation, we need to ensure that as technology evolves our cybersecurity knowledge, policies, and procedures evolve with it. As a nation, we have made significant strides in defending against cyber-attacks, but more can be done, if not, some of the worst-case scenarios may become a reality.