Cyber Terrorism - A new And Emerging Threat


Cyber crime was called “computer crime” in its early stages of evolution and has been called “computer related crime” or “crime by computer”. Cyber terrorism has been simplistically defined as “an assault on electronic communication networks”. The Federal Bureau of Investigation of the United States has given a more extensive definition: "the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against non-combatant targets by sub-national groups or clandestine agents”. One commentator states that cyber terrorism is terrorism in cyberspace, which is carried out through computers, the Internet and technology-based networks or systems against infrastructures supported by computers and networks.


by Dr. Ruwantissa Abeyratne

(April 20, Quebec, Sri Lanka Guardian) Cyber Terrorism defines our times. It has brought seismic changes to the way we approach terrorism. This is because global and national reliance placed on cyberspace for the development and sustenance of human interaction will continue to grow in the years to come and with that continued development will come ominous threats and daunting challenges from cyber terrorism. Cyber terrorism has the advantage of anonymity, which in turn enables the hacker to obviate checkpoints or any physical evidence being traceable to him. It is a low budget form of terrorism where the only costs entailed in interfering with the computer programs of a State’s activities and stability would be those pertaining to the right computer equipment. The most intractable challenge posed by cyber terrorism is that the digital environment that we live in, which enables us to create and share knowledge also provides ample opportunity for the commission of a cyber crime since that environment breeds motivated offenders who can develop covert capabilities that could exploit the vulnerability of the cyber environment. The opportunities the cyber environment offers for subterfuge is another challenge to be overcome. However, the most ominous challenge is the lack of sentinels to guard against crimes committed against the digital world.

At the outset, it is necessary to determine the difference, if any, between cyber crime and cyber terrorism and ascertain any link that reflects a commonality. Cyber crime was called “computer crime” in its early stages of evolution and has been called “computer related crime” or “crime by computer”. Cyber terrorism has been simplistically defined as “an assault on electronic communication networks”. The Federal Bureau of Investigation of the United States has given a more extensive definition: "the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against non-combatant targets by sub-national groups or clandestine agents”. One commentator states that cyber terrorism is terrorism in cyberspace, which is carried out through computers, the Internet and technology-based networks or systems against infrastructures supported by computers and networks. Another interpretation is that cyber terrorism is the use of computer networks in order to harm human life or to sabotage critical national infrastructure in a way that may cause harm to human life When all these definitions are considered one notes that the activities concerned with both cyber crime and cyber terrorism are calculated to sabotage infrastructure and disrupt a system. Therefore, although the activities involved may be the same or similar in both categories the intent behind a cyber crime may be different from that which applies to cyber terrorism. The Centre for the Study of Terrorism and Irregular Warfare released a report in 1999 which discussed the likelihood of any significant cyber attacks experienced in the future being supplementary to traditional physical attacks carried out by terrorists.

It has been argued that cyber terrorism is a corollary to a shift of control in manufacturing utilities, banking and communications from secured national control to networked computers. The threat of cyber terrorism resonates the terrifying truth that its occurrence is real and the extent of occurrence of cyber terrorist acts could be prodigious. Blaise Pascal, in his book Ars Cogitandi states that fear of harm ought to be proportional not merely to the gravity of the harm but also to the probability of the event. Fundamentals of risk management tell us that, under similar conditions, the occurrence of an event in the future will follow the same pattern following the past. It follows therefore that we could be faced with the terrifying possibility of a nuclear 9/11 sometime in the future, possibly aided and abetted by cyber terrorism.

The events of 11 September 2001 revealed that the three most vulnerable targets for terrorist attacks are people, infrastructure and technology as they are the preeminent elements of a functional economy in this century. They also brought to bear the inextricable interdependencies between physical and cyber infrastructures. Cyber terrorism represents a “clear and present danger” and the issue has even been raised as to whether 9/11 was a result of cyber terrorism.

Cyberspace, which comprises millions of fibre optic cables enabling servers, computers and routers, is the nervous system of any nation’s critically important infrastructures, prominent among which is transportation. Attacks on cyberspace can cause immeasurable harm, particularly by disrupting essential services such as banking and finance, telecommunications, health and health care, transportation, religious places of worship, infrastructures, government services, education centers, power and energy generation and distribution, manufacturing, agriculture and food, electricity and water supply, and military defence. Of these, aerospace activities and air traffic control are significant targets.

In 2003, The United States adopted the National Strategy to Secure Cyberspace under the signature of President Bush, with a view to preventing cyber attacks against critical infrastructures of the United States; reducing national vulnerability to cyber attacks and minimizing damage and recovery time from cyber attacks that do occur. The Strategy outlines the national priority which is securing the Government’s cyberspace and national security and international cyberspace security cooperation. These priorities will be driven with the assistance of a national cyberspace security response system; a national cyberspace security threat and vulnerability reduction programme; and a national cyberspace security awareness and training programme. A fundamental principle of this strategy lies in the recognition that efforts to counter cyber terrorism would involve robust and active collaboration between the various components involved in the activities of the United States. This is simply because the federal government could not—and, should not—secure nor interfere with the computer networks of privately owned banks, energy companies, transportation firms, and other parts of the private sector. In similar manner, the federal government should not intrude into homes and small businesses, into universities, or state and local agencies and departments to create secure computer networks. The Strategy therefore exhorts each American who depends on cyberspace and information networks, to secure the part that they own or for which they are responsible.

The extent of the threat posed by cyber terrorism is reflected in the Annual Threat Assessment of the US Intelligence Community for the Senate Select Committee on Intelligence of 2010 which states that the agility and technological innovation demonstrated by the cyber criminal sector far exceeds the response capability of network defenders. The Threat Assessment identified Network Convergence – which is the merging of distinct voice and data technologies to a point where all communications are relayed over a common network structure – and Channel Consolidation – which is the concentration of data captured on individual users by service providers through emails or instant messaging – as being particularly vulnerable to cyber attacks. The Threat Assessment drew an implicit parallel between cyber terrorism and international organized crime, expanding that international criminal organizations will increasingly damage the ability of legitimate businesses to compete and may drive some legitimate players out of the market.

Cyber terrorism, whether conducted by individuals, corporations or States could target the electronic systems of companies which design and develop hardware and software used in airports, air traffic control systems. It could target industries involved in the construction of aircraft and components whether they be used for civil or military purposes. One commentator says: “here, the objective is that of manipulating, in the design phase, software or hardware which will eventually come to be used in critical environments. The events linked to the theft of designs relating to the American F-35 project15 are an example of this kind of act”.

Of note are the efforts of various international organizations such as the United Nations, Council of Europe, Interpol, and OECD dating back to the 1980s in responding to the challenges of cyber crime. One significant result of this collective effort was the publication of the United Nations Manual on Cybercrime and United Nations Resolution of 2001 which exhorted States, in the context of an earlier UN Resolution on Millennium Goals - which recognized that the benefits of new technologies, especially information and communication technologies are available to all - to ensure that their laws and practices eliminate safe havens for those who criminally misuse information technologies; while also ensuring law enforcement cooperation in the investigation and prosecution of international cases of criminal misuse of information technologies which should be coordinated among all concerned States. The Resolution went on to require that information should be exchanged between States regarding the problems that they face in combating the criminal misuse of information technologies and that law enforcement personnel should be trained and equipped to address the criminal misuse of information technologies.

The Resolution recognized that legal systems should protect the confidentiality, integrity and availability of data and computer systems from unauthorized impairment and ensure that criminal abuse is penalized and that such systems should permit the preservation of and quick access to electronic data pertaining to particular criminal investigations. It called upon mutual assistance regimes to ensure the timely investigation of the criminal misuse of information technologies and the timely gathering and exchange of evidence in such cases. States were requested to make the general public aware of the need to prevent and combat the criminal misuse of information technologies. A significant clause in the Resolution called for information technologies to be designed to help prevent and detect criminal misuse, trace criminals and collect evidence to the extent practicable, recognizing that the fight against the criminal misuse of information technologies required the development of solutions taking into account both the protection of individual freedoms and privacy and the preservation of the capacity of governments to fight such criminal misuse.

A seminal event in the international response to cybercrime occurred in 2001 with the adoption of the Cybercrime Convention of the Council of Europe which was opened for signature in November 2001 and came into force on 1 July 2004. The Convention was ratified by President Bush on 22 September 2006 and entered into force for the United States on 1 January 2007. The main concern of the Convention was the risk that computer networks and electronic information may also be used for committing criminal offences and that evidence relating to such offences may be stored and transferred by these networks. States Parties to the Convention therefore expressed their view - in a Preambular Clause to the Convention - that co-operation between States and private industry in combating cybercrime was necessary and that there was a need to protect legitimate interests in the use and development of information technologies.

The Convention in Article 2 requires each Party to adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, access to the whole or any part of a computer system without right. The provision goes on to say that a Party may require that the offence be committed by infringing security measures, with the intent of obtaining computer data or with other dishonest intent, or in relation to a computer system that is connected to another computer system. There are also provisions which call for States Parties to adopt legislative or other measures to counter illegal inception of transmission of computer data, data interception and exchange interception. Of particular significance to aviation is Article 7 on alteration of data and forgery, which goes on to require each Party to adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right, the input, alteration, deletion, or suppression of computer data, resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the data is directly readable and intelligible. The Provision concludes that a Party may require an intent to defraud, or similar dishonest intent, before criminal liability attaches.

Although cyber terrorism has not caused catastrophic damage yet, it could be but a matter of time. All the treaties in the world would be of no use unless States, individually and collectively, take concrete and practical measures against this threat.

Tell a Friend