Cyberterror Prospects and Implications
Loading...
Authors
Nelson, Bill
Choi, Rodney
Iacobucci, Michael
Mitchell, Mark
Gagnon, Greg
Subjects
Advisors
Arquilla, John
Tucker, David
Date of Issue
1999-10
Date
October 1999
Publisher
Language
en_US
Abstract
Type
Description
Much has been made of the threat of cyberterrorism since the report of the
Marsh Commission in 1997. However, current analyses have merely identified
the plethora of vulnerabilities in automated information systems (computers)
and assumed that terrorist organizations would be willing to exploit these
vulnerabilities. They adopt a rudimentary strategic analysis and conclude that
cyberterrorism is inevitable because it provides terrorists with a potentially
strategic advantage over the United States. We do not dispute the fact that our vulnerabilities are real and numerous.
Further, we do not dispute that the consequences of exploitation are
potentially severe, even strategically debilitating, if events unfolded in a
manner described in some scenarios. However, based on our research, we
also do not believe that terrorist organizations will soon possess the
capabilities described in many of these scenarios. According to many analyses, the necessary tools for exploiting vulnerabilities
in the infrastructure are immediately available, easy to use, and proliferating at
an alarming rate. Yet, the United States has not experienced any strategic
attacks on critical infrastructure by terrorist organizations (or any other
organization, for that matter). Even during the conflict in Kosovo, the most
serious "attacks" consisted of vandalizing web pages and denial of service
attacks on e-mail servers. Annoying, yes, but hardly a strategic threat to the
United States or NATO. This suggests that these tools are still insufficient for
the purpose of mass disruption, and that there are requirements for effective
use that go beyond the mere possession of these tools and a desire to inflict
damage. Therefore, a key question we have asked is "Why haven't terrorist
organizations taken advantage of this opportunity?" We believe that the costs
of creating a capability sufficient to achieve terrorists’ ultimate goals are much
higher than the conventional wisdom indicates. Likewise, simply offsetting
development costs is but one of several challenges that must be taken into
account. Terrorist organizations will likely measure the benefits of pursuing
cyberterrorism from the perspective of both internal and external incentives.
Besides development costs, internal incentives must also include the
individual and group psychological processes that heavily affect terrorist
organizations. In terms of external interests, the costs of pursuing cyberterror
may never be attractive as long as traditional terrorist methods remain viable. We examined the issue of cyberterrorism from the perspective of an
organization seeking to conduct a comprehensive assessment of its activities.
Our assessment explores the costs, risks and benefits of adopting cyberterror, either as a stand-alone operation or as an adjunct to traditional terrorist
operations. We believe that this analysis fills a gap in the current literature on
cyberterrorism. While the assessment is by no means comprehensive, it
offers the intelligence community a much-needed starting point for better
understanding the true potential of this threat.
Series/Report No
Department
Organization
Center on Terrorism and Irregular Warfare
Naval Postgraduate School (U.S.)