Introduction
With the advancement of technology, newer ways of terrorism are being developed. Equally, terrorist organizations are becoming more organized and established as international businesses. Facilitating this is the aspect of increased availability of technological skills for hire on the internet. As a result, organizations, individuals, nation states, and other entities that posses terrorist intentions, hire these skilled people and use them to disrupt the communication and other computer related activities within the government and institutions.
The loopholes that offer vulnerable points in the critical infrastructure have also stimulated these activities. Consequently, the cyber terrorists get a chance to attack and disrupt the national security, extort money and temper with the economy of the country (Wilson, 2008, p. 2). Based on this argument, this paper intends to highlight the operations of cyber terrorism and how governments are putting up efforts to control the crime. This will also include the identification of counter terror programs and their weaknesses.
Definition
What is cyber terrorism? Just as if the word terrorism has failed to have a definite definition, cyber terrorism has also received several definitions. As quoted by Wilson (2008) Dorothy Denning gives a definition of cyber terrorism as, “politically motivated hacking operations intended to cause grave harm such as lose of life or severe economic damage” (p.7). On the other hand, Federal Emergency Management Agency (FEMA) gives its definition as, “Unlawful attacks and threats of attack against computers, networks and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives (Wilson, 2008, p.7).
These two definitions try to point out on the fact that the cyber terrorism is an intentional and illegal attempt to access and alter information stored in technological databases especially the computer. The underlying concept of this illegal access is to try to coerce a government into offering some social or political needs to a given group of people.
Examples of countries
This form of crime has been experienced by several countries with the most recent example being Estonia. A move by the Estonian government to commemorate one of the Russians who met his death in the war against Nazism stirred emotions within the country. Streets witnessed demonstrations by ethnic Russians. In addition, the Estonian Embassy based in Moscow was blockaded during the uprising.
However, the most outstanding thing that happened was the cyber attacks on the government computers in the spring of that very year. The country’s government websites were attacked by the Distributed Denial-of Service attacks, which were mostly directed to the National websites and the ruling party’s website (Wilson, 2008, p.10). These attacks lasted for several weeks where legitimate users of certain websites failed to access them due to the flooding attacks.
Because Estonia is one of the countries that depend greatly on technology for its day-to-day activities, the implications of the attacks were great. It was until the US and NATO intervened that the attacks ceased. The intervention measures included determination of the source of attack and the methods of attack. The most conspicuous cause of this attack was the political steps taken by the government and above all the vulnerability of the infrastructure of the country (Arquilla & Ronfeldt, 2001, p. 24).
Its implications
Considering such events, it is very likely that the American critical infrastructure could be subjected to similar attacks. This is especially true considering the ever-increasing terrorist attempts to American citizens. In addition, it is obvious that the United States of America boasts one of the strongest economies and strongest and most advanced security system. In addition, it is political and foreign policies have triggered frictions with countries and factions that feel inconvenienced by them. For instance, the United States’ foreign policies towards Israel have triggered emotional reactions from Arab countries and other organizations like Al Qaeda.
As a result, these events have placed the government and intelligent systems of the United States to a high likely hood of cyber attacks by such organizations and countries. The main question to be asked here is, how prepared is the United States to combat such terroristic attacks? Are there programs put in place to counter the threat of cyber terrorism and hence protect the critical infrastructure?
The effort by the International Society
The US Army Training and Doctrine Command (2006) purports that the issue of critical infrastructure came into serious use in the mid 90’s. At this period, the United States boasted of the most stable economy and the strongest military around the globe. Furthermore, these two advantages were strongly founded on the block of cyber communications, which acted as the facilitating link between the different infrastructures that were integral to the economic and military strengths.
Consequently, any attack on the cyber space could result into detrimental effects on both the economy and the security of the country. It was even believed that the September 11 attack was a direct product of the failures in technology in order to control terrorism. Considering the vulnerability of their economy and security, President Bill Clinton was forced to come up with a commission that would oversee the vulnerability of all the critical infrastructure of the United States. The committee came up with two possible threats to the infrastructure. They were physical threats and electronic/computer also known as cyber attacks. The following sections will try to point out the programs put up to monitor and counter cyber terrorism in the United States of America.
US’ efforts
What does an attack on the critical infrastructure network systems mean? Are the implications worth government’s involvement? This questions mark the few that could be asked by a person who does not understand the importance of combating cyber attacks. In 2007, the Idaho National Laboratory did an experiment to identify the degree of damage that could be experienced should there be a cyber attack. There research supported another study carried out earlier in 2002 by the US Naval War College.
The results from both studies showed that in case of a cyber attack, the results would not be very wide spread given the protection strategies put in place. However, it was until 2002 that the first major set back was discovered.
The Simple Network Management Protocol was discovered to be vulnerable to attacks. It was realized that if cyber terrorists took advantage of this loophole, they would take control of the Internet routers and hence cause a global communication breakdown. This would result from crippled equipment that enables telecommunication around the globe. It was also identified that cyber attacks could be used to destroy or disable the financial markets. This disruption of financial markets could cost the government billions of dollars (Wilson, 2008, p.25).
On the other hand, the Supervisory Control and Data Acquisition (SCADA) systems operate as the core monitor of most of the critical manufacturing industry. The computers fixed on this system monitor and adjust the operational activities of these manufacturing factories. As a result, any attack on the systems will mean that the operations of the manufacturing industry are stalled. This can be detrimental on the economy of the country.
Finally, an attack on the DOD computers would mean destruction and exposure of the secrets and strengths of the department of defense. This could jeopardize the United States citizens’ security. Interrupted communication and monitoring systems could lead to events like September 11, which led to the death of several thousands of innocent people. These few examples try to identify the critical nature of controlling cyber terrorism (Business Roundtable, 2006, para. 5).
Effort by Governments to Counter Cyber Terrorism
Considering the importance of this issue on the economy of any given country, it has been identified that cyber terrorism should not just be considered an issue for a given country but one for the completely international community. This section of the paper identifies the international and national efforts to counter cyber terrorism. To begin with, the Council of Europe (EC) made its first attempt to counter cyber terrorism in 1998.
It provided guidelines that would be used as tools for its member countries to ensure that they cushioned themselves against this crime. These guidelines were made in such a way that they offered no hindrance on the development of e-commerce while at the same time allowing the citizens to enjoy their rights to privacy. The guidelines assumed two major perspectives that included legislative and non-legislative approaches.
On the legislative side, the EC guidelines pointed out that the legislative measures for all the member countries be harmonized so that there does not arise an issue of conflicts. In addition, it would en sure that no one-member country acted as a haven for cyber terrorists from where they would launch their attacks. On the other hand, non-legislative measures included the promotion of public awareness. It was made mandatory that all member countries launch awareness campaigns to ensure that its citizens and organizations were well informed about cyber terrorism. In addition, EC advocated for the promotion of more secure IT ventures that would promote the security capacity of the computer related critical infrastructure. This would reduce the chances of attacks from cyber terrorists (Berkowitz, 2003, p. 43).
On its part, the G8 came up with a Network that operated on a 24/7 basis and which acted as a central point that from which all member countries could monitor all instances of hacking. The installation of this network greatly facilitated the investigation and monitoring of crimes and threats for the member countries. On its part, the OECD came up with a nine principled guideline that called for awareness creation, training and provision of education to the public to ensure that they understand cyber terrorism and how to deal with it. The guidelines further called upon the countries to be responsible and aware of the dangers of cyber terrorism and hence identify ways of ensuring security for their cyber spaces (Kim & Hyun, 2005, p. 31).
As discussed earlier, the US is one of the countries that are very much at risk of being attacked by cyber terrorists. In fact, they have, in the past few years, experienced some instances of cyber attacks. Consequently, the United State government has done all that is possible to ensure that its cyber space is well guarded. To begin with, legislative measures have been taken to ensure that all governments, starting with the federal, state and local governments are obligated in the fight against cyber terrorism. In May 2002, the House and the Senate passed the Cyber Security Enhancement Act.
The Act calls upon the government to make the cyber crime laws tough so that they could combat this crime. In addition, it specifies the punishment for such crimes and allows the federal agencies to eavesdrop e-mail communications between people that are considered suspect (Kim & Hyun, 2005, p. 32)
Secondly, the government established the National Strategy to Secure Cyber Space (NSSC) and the National Cyber Security Division (NCSD) whose roles were to ensure that there existed no loopholes in the security of the critical infrastructure (Anderson, 2008, p. 6). Other measures taken by the government include time to time training offered to IT specialists from the government to ensure that they are able to handle any technological complications should they arise.
Technological advances like the creation of securities were developed. They include firewalls, use of passwords, use of secret key encryptions, systems designed to detect intrusion, access control lists, stenography, secure socket layers et cetera. All these were developed to ensure that secret information could not be accessed by unauthorized people. Summarily, the international and national governments took legislative measures, training, educating and creating awareness and also development of technologically enabled intrusion determining objects in order to beef up security for their cyber space (Khosrowpour, 2004, p. 389; Berinato, 2007, para. 6).
Weaknesses and loopholes
However, analysts have pointed out that these forms of protection are inadequate. The Roundtable, an organization of the leading business CEOs and other management levels argues that despite the improved efforts, the issue of strategic management and governance has received inadequate consideration. They argue that it is upon the government to ensure that they show the ability of reconstituting the cyber economy and ensure that the confidence in the market in case of an internet failure is restored. This weakness is further echoed by Cordesman, 2002, p. 151) who argue that the roles of the Federal, the State and the Local government have failed to address the issue of cyber terrorism. They argue that the limits and expectations to which each government reaches have not been clearly demarcated.
Furthermore, the local governments have been identified to have a problem with implementation of strategies. Even though the strategies to combat cyber terrorism have been beautifully outlined, the chances of them performing accurately are minimal. This is attributed on the local government’s problems like inadequate funds, which eventually result into lagging behind as compared to the private sector. Subsequently, local governments lack the capacity to remain at par with the technological changes that are characteristic of the developing world.
The problem of underfunding is specifically the creation of lack of coordination between the different governmental levels. For example, if the federal government, the state and the local governments worked together in a coordinated approach, the federal government would realize the need for funding the local governments and hence increase the amount of funds pumped to them. This would facilitate the programs for the local government and hence give them the capacity to be at par with the changing technological dimensions of the society (Cordesman, 2002, p. 151).
Another managerial weakness that points out a weakness in the United States’ preparation against cyber terrorism is the vulnerable way through which some critical infrastructures are handled. For instance, SCADA, which is the center of most of the manufacturing industry, has loopholes that could be used by attackers to destroy the operations of the industries. The greatest loophole is the fact that most of the hardware and software used in this system are off-the-shelf articles. This can be very detrimental because even enemies can access them and develop viruses and other weapons of destruction. The same thing applies to the computers used in the Department of Defense who also use software and hardware from off-the-shelf. This makes them vulnerable to an attack (Denning, 2001, p. 28; Verton, 2003, p. 65).
Conclusion
With the society becoming more and more technology based, most of the critical infrastructure is becoming computer reliant. This is to say, should anything happen to the networks that link up the different infrastructures, serious economic implications can be achieved. Equally, this has become one of the best ways of terrorists’ application to gain compliance. The United States is one of the countries that run the greatest risks from cyber attack.
Terrorists understand that by attacking their Internet links, they could destroy their financial market, manufacturing sector, defense and security, and all day-to-day activities. Considering their vulnerability, the government has put up legislative measures to ensure that their cyber security is reinforced. Furthermore, they have made efforts to create awareness, educate and train IT specialists so that they can develop reliable measures to counter terrorism. In addition, they have developed ways through which access to records can be controlled. However, there still appear loopholes that could lead to a cyber attack.
This includes the lack of coordination between the various levels of government, which leads to uncoordinated ventures. In addition, inadequate funding leads to lagging behind of the governmental sector as compared to its private counterparts. If these few identified loopholes are sealed, it is very likely that the cyber space of the United States of America will be well guarded. The government should therefore look for ways through which the gaps could be sealed (Janczewski & Colarik, 2005, p. 36).
Reference List
Anderson, P. S. (2008). Critical infrastructure protection in the information age. Web.
Arquilla, J., & Ronfeldt, D. (2001). Networks and netwars: The future of terror, crime, and militancy. Santa Monica, CA: RAND.
Berinato, S. (2007). How online criminals make themselves tough to find, near impossible to nab. CIO. Web.
Berkowitz, B. D. (2003). The new face of war: How war will be fought in the 21st century. New York: Free Press.
Business Roundtable. (2006). Essential steps to strengthen America’s cyber terrorism preparedness. Web.
Cordesman, A. (2002). Cyber threats, information warfare, and critical infrastructure protection: Defending the US Homeland Westport. Connecticut: Praeger.
Denning, D. (2001). Cyberwarriors: Activists and terrorists turn to cyberspace. Harvard International Review. 23(2).
Janczewski, L. & Colarik, A. (2005). Managerial Guide for Handling Cyber-Terrorism and Information Warfare. Idea Group Publishing.
Khosrowpour, M. (2004). Innovations through Information Technology: 2004 Information Resources Management Association International Conference. Louisiana: Idea Group inc.
Kim, J. & Hyun, T. (2005). Status and Requirements of Counter Cyber Terrorism. World Academy of Science, Engineering and Technology. Web.
Verton, D. (2003). Black Ice: The Invisible Threat of Cyber-Terrorism. McGraw-Hill.
Wilson, C. (2008). Botnets, cybercrimes and cyber terrorism: Vulnerabilities and policy issues for congress. Congressional Research Service. Web.