The Cavalier Daily
Serving the University Community Since 1890

Cyber-terrorism: More nuisance than threat

Imagine a cyber-terrorist shutting down electrical power to all of lower Manhattan with a desktop computer a thousand miles away. Imagine a terrorist exploding a bomb in a large metropolitan area. And then jamming our 911 lines, or wreaking havoc on our banking systems with the push of a button.

These frightening scenarios, proposed by experts before the House Science Committee on Oct. 10, could happen. However, in the war on terrorism, combating cyber-terror should not be among our top priorities.

Cyber-terrorism is "the convergence of terrorism and cyberspace," said Dorothy Denning, director of the Georgetown Institute for Information Assurance. To qualify as cyber-terrorism, the attack must focus on computers or computer networks, the purpose must be to coerce a government, and the magnitude of the damage should be enough to cause violence.

Under this definition an act of cyber-terrorism has never occurred. Nothing done on the Internet so far has directly resulted in violence or human casualties. Past cyber attacks are best to be labeled as "nuisance attacks" or "cyber protests" rather than acts of terrorism. These attacks (if we can even call them that) have included flooding e-mail boxes or defacing Web sites, which are comparatively petty in the face of recent human tragedies.

This past April, denial-of-service attacks crashed U.S. government Web sites during the controversy surrounding the collision between an American surveillance aircraft and a Chinese fighter plane. Although irritating to system administrators and costly for some businesses, these attacksdid not cause any significant long-term damage.

 
Cracking codewords
Hacker - A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. 
Cracker - One who breaks security on a computer system. This term was coined around 1985 by hackers in defense against journalists who misused the term "hacker."
Denial-of-Service
attack -
An attack initiated with the intent to shut down newsgroups or networds by flooding it with spam, or jamming it with large amounts of traffic. To do this, attackers often abuse network broadcast addresses.
Information Warfare - the offensive and defensive use of information and information systems to exploit an adversary's information or information systems while protecting one's own. Such actions are taken by the attacker so he can gain an advantage over his military or business adversaries. 

SOURCE: THE JARGON FILE

But just because cyber-terrorism, by definition, never has happened before does not mean it will not happen in the future. Asgovernment, business and personal computer systems become more interconnected, they also become more vulnerable. More companies are using the same pieces of software such as Windows NT, and this change makes attacking easier for computer crackers since they only need to learn one system to attack many computers. Since the network is often more homogeneous, viruses also spread more easily.

But more important than the issue of history is whether terrorists even possess the capability to carry out cyber-attacks.

An attack can be made easier if the terrorist can get inside access. If a cyber-terrorist is able to recruit an operator at a power company either through bribery, ideology or blackmail, he can get crucial knowledge on how to shut down the system.

The most powerful potential cyber-terrorist groups are those that have support from foreign governments. According to Michael Vatis, director of the Institute for Security Technology Studies at Dartmouth College, countries such as Syria, Iraq, Iran, Sudan and Libya are believed to be developing information warfare capabilities. Because they are receiving funding from their governments, it is conceivable that a well-funded intelligent group given enough time could infiltrate a critical infrastructure like an electrical power grid for an entire city. This was demonstrated in Project Eligible Receiver when the National Security Agency hired a group to break into a simulation of critical computer systems. Alarmingly, they succeeded.

It is much less likely, however that a small group like al-Qaeda and its supporters, even with millions of dollars at its disposal, could do it. If recent events are any indication, the group is not equipped with the computer savvy experience necessary to launch a cyber attack. Additionally, there may be backup systems or contingency plans that they may not be aware of without inside access.

Nuisance attacks are an option for an organization like al-Qaeda, but these attacks are not very potent. Vatis predicted that such "nuisance attacks" are "extremely likely" following any U.S military action. Some of these attacks have occurred but have been insubstantial compared to other types of attacks which have a human toll attached to it.

In countering cyberterrorism, high-tech solutions are not necessarily the answer. We should first and foremost prevent terrorists from getting inside access, and this relies on relatively low-tech devices such as background checks and polygraphs. Right now, people are the weakest link.

The government should allocate reasonable funds to at least understand the problem better. While we need to be vigilant about all forms of security, we also need to be skeptical.

(David Friedman is a fourth year Engineering student. Keen Browne is a third year Engineering student.)

Local Savings

Comments

Latest Video

Latest Podcast

With Election Day looming overhead, students are faced with questions about how and why this election, and their vote, matters. Ella Nelsen and Blake Boudreaux, presidents of University Democrats and College Republicans, respectively, and fourth-year College students, delve into the changes that student advocacy and political involvement are facing this election season.