How is cyber terrorism defined and how likely is an attack?
Everyone is familiar with what “terrorism” means, but when we stick the word “cyber” in front of it, things get a bit more nebulous.
Whereas the effects of real-world terrorism are both obvious and destructive, those of cyber terrorism are often hidden to those who aren’t directly affected. Also, those effects are more likely to be disruptive than destructive, although this isn’t always the case.
Cyber terrorism incidents
One of the earliest examples of cyber terrorism is a 1996 attack on an ISP in Massachusetts. Cited by Edward Maggio of the New York Institute of Technology and the authors of Internet: A Historical Encyclopedia, Volume 2, a hacker allegedly associated with the white supremacist movement in the US broke into his Massachusetts-based ISP after it prevented him from sending out a worldwide racist message under its name. The individual deleted some records and temporarily disabled the ISP’s services, leaving the threat “you have yet to see true electronic terrorism. This is a promise”
While this is a clear example of a cyber-terrorist incident carried out by a malicious, politically motivated individual that caused both disruption and damage, other frequently listed examples fit less clearly into the category of “terrorism”.
For example, while attacks that have taken out emergency services call centres or air-traffic control could be considered cyber terrorism, the motivation of the individuals is often unclear. If a person caused real-life disruption to these systems, but had no particular motivation other than mischief, would they be classed as a terrorist? Perhaps not.
Similarly, cyber protests such as those that occurred in 1999 during the Kosovo against NATO’s bombing campaign in the country or website defacements and DDoS attacks are arguably online versions of traditional protests, rather than terrorism.
Additionally, in the case of civil war, if one side commits a cyber attack against the other then it can be said to be more of an act of war – or cyber war – than one of cyber terror. Again, where there is a cold war between nations, associated cyber attacks could be thought of as sub-conflict level skirmishes.
Indeed, the FBI defines cyber terrorism as “[any] premeditated, politically motivated attack against information, computer systems or computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents”. Under this definition, very few of the tens-of-thousands of cyber attacks carried out every year would count as cyber terrorism.
The future of cyber terrorism
As the number of connected devices increases, the likelihood of a more destructive cyber terrorist incident – something on a par with an attack in the physical world – becomes increasingly possible.
The security industry is full of stories and proofs of concept about hacking medical devices, with two particularly famous demonstrations being given by New Zealander Barnaby Jack.
This opens up the possibility for targeted assassinations or mass-scale killings carried out remotely and potentially across borders. Similarly, there are concerns self-driving vehicles could be turned into remote-controlled missiles and used in an attack, although the counter argument is that such vehicles will make the roads safer in the face of terrorists driving conventional vehicles into crowds.
Another possible style of cyber terrorism is disruption of infrastructure in a way that could potentially endanger life. For example, in 2016 an unknown actor caused a disruption that saw two apartment buildings in Finland lost hot water and heating for a week in the dead of winter. In locations as cold as Finland, actions like this could cause illness and death if widespread and sustained.
Nevertheless, the likelihood is most serious cyber attacks will be acts of cyber warfare, rather than cyber terrorism, as nation states have larger and more sophisticated resources at hand.