What is cyberterrorism?
Cyberterrorism is any premeditated, politically motivated attack against information systems, programs and data that results in violence.
The details of cyberterrorism and the parties involved are viewed differently by various organizations. The U.S. Federal Bureau of Investigation (FBI) defines cyberterrorism as any "premeditated, politically motivated attack against information, computer systems, computer programs and data which results in violence against noncombatant targets by subnational groups or clandestine agents."
Unlike a nuisance virus or computer attack that results in a denial of service (DoS), the FBI distinguishes a cyberterrorist attack as a type of cybercrime explicitly designed to cause physical harm. However, there is no current consensus between various governments and the information security community on what qualifies as an act of cyberterrorism.
Other organizations and experts suggest that less harmful attacks can also be considered to be acts of cyberterrorism, as long as the attacks are intended to be disruptive or to further the attackers' political stance. In some cases, the differentiation between cyberterrorism attacks and more ordinary cybercrime activity lies in the intention: The primary motivation for cyberterrorism attacks is to disrupt or harm the victims, even if the attacks do not result in physical harm or cause extreme financial harm.
In other cases, the differentiation is tied to the outcome of a cyber attack; many cybersecurity experts believe an incident should be considered cyberterrorism if it results in physical harm or loss of life, either directly or indirectly through damage or disruption to critical infrastructure. However, others believe physical harm is not a prerequisite for classifying a cyber attack as a terrorist event. The North Atlantic Treaty Organization, for example, has defined cyberterrorism as "a cyber attack using or exploiting computer or communication networks to cause sufficient destruction or disruption to generate fear or to intimidate a society into an ideological goal."
According to the U.S. Commission on Critical Infrastructure Protection, possible cyberterrorist targets include the banking industry, military installations, power plants, air traffic control centers and water systems.
Methods used for cyberterrorism
The intention of cyberterrorist groups is to cause mass chaos, disrupt critical infrastructure, support political activism or hacktivism, and inflict physical damage or even loss of life. Cyberterrorism actors use a variety of attack methods. These include but are not limited to the following:
- Advanced persistent threat (APT) attacks use sophisticated and concentrated penetration methods to gain network access and stay there undetected for a period of time with the intention of stealing data. Typical targets for APT attacks are organizations with high-value information, such as national defense, manufacturing and the financial industry.
- Computer viruses, worms and malware target information technology (IT) control systems and can affect utilities, transportation systems, power grids, critical infrastructure and military systems, creating instability.
- DoS attacks are intended to prevent legitimate users from accessing targeted computer systems, devices or other computer network resources and can be aimed at critical infrastructure and governments.
- Hacking, or gaining unauthorized access, seeks to steal critical data from institutions, governments and businesses.
- Ransomware, a type of malware, holds data or information systems hostage until the victim pays the ransom.
- Phishing attacks attempt to collect information through a target's email, using that information to access systems or steal the victim's identity.
Examples of cyberterrorism
Acts of cyberterrorism can be carried out over computer servers, devices and networks visible through the public internet, as well as against secured government networks or other restricted networks. Examples of cyberterrorism include the following:
- disruption of major websites to create public inconvenience or to stop traffic to websites containing content the hackers disagree with;
- unauthorized access that disables or modifies signals that control military technology;
- disruption of critical infrastructure systems to disable or disrupt cities, cause a public health crisis, endanger public safety or cause massive panic and fatalities -- for example, cyberterrorists may target a water treatment plant, cause a regional power outage, or disrupt a pipeline, oil refinery or fracking operation; and
- cyberespionage carried out by governments to spy on rival nations' intelligence communications, learn about the locations of troops or gain a tactical advantage at war.
Historical instances of cyberterrorism
Between January 2018 and February 2019, the Center for Strategic and International Studies identified 90 cyber attacks that targeted government agencies, defense and high-tech companies, as well as economic crimes with losses in excess of $1 million.
Here are several examples:
- In September 2020, prosecutors in Cologne, Germany, opened a negligent homicide investigation into to an incident where an ailing woman was turned away from a hospital that was in the grips of a ransomware attack. She died on the way to another hospital.
- In 2019 and 2020, the S. Department of Justice (DOJ) charged China's Huawei Technologies Co. Ltd. with cybercrimes ranging from wire and bank fraud to obstruction of justice and conspiracy to steal trade secrets.
- In February 2019, state-sponsored extremists from China stole personal identification information from the employees of Airbus, a European aerospace company.
- In January 2019, it was revealed that former U.S. intelligence personnel were working with hacker groups from United Arab Emirates to help the country access the phones of activists, diplomats and foreign government officials.
- In July 2018, the DOJ indicted 12 Russian intelligence officers for carrying out large-scale cyber attacks against the Democratic Party in advance of the 2016 presidential election.
- In March 2014, hacktivists in Russia allegedly perpetrated a distributed DoS attack that disrupted the internet in Ukraine, enabling pro-Russian rebels to take control of Crimea.
Defending against cyberterrorism
The key to countering the threat of cyberterrorism is to implement extensive cybersecurity measures and vigilance.
On the corporate level, businesses must ensure that all internet of things devices are properly secured and inaccessible via public networks. To protect against ransomware and similar types of attacks, organizations must regularly back up systems; utilize firewalls, antivirus software and antimalware; and implement continuous monitoring techniques.
Companies must also develop IT security policies to protect business data. This includes limiting access to sensitive data and enforcing strict password and authentication procedures, like two-factor authentication or multifactor authentication.
On the state and national level, the National Cyber Security Alliance recommends training employees on safety protocols and how to detect a cyber attack or malicious code.
The Department of Homeland Security coordinates with other public sector agencies, as well as private sector partners, to share information on potential terrorist activity, how to protect national security and other counterterrorism measures.
On a global level, 38 countries, including the United States, participate in the Council of Europe's Convention on Cybercrime, which seeks to harmonize international laws, improve investigation and detection capabilities, and promote international cooperation to stop cyberwarfare.