A cardoid will not work. In an elipse every wave in every direction from one foci will eventualy hit the other foci. Think about a eliptical pool table. If you shoot a ball from one foci it will hit a ball in the other foci. No matter what direction you shoot it. This is not true about a cardoid.
First off CBRN and Cyber attacks should not be lumped together, they are fundamentally different.
For CBRN the terrorist must have motivation and equipment. It takes a certain kind of person to pull the trigger on a tactical nuclear weapon. You must also have the plutonium to make the weapon. Technical expertise is not always necessary. You can buy a vile of anthrax and release it with no prior knowledge of how it kills people
Cyber attacks, on the other hand, have different requirements. Motivation is less important. Indirectly killing someone on life support by cutting the power is morally easier than blowing up the building. You don't need any special restricted hardware. All hardware is bought or made with off the shelf equipment. A high level of technical knowledge is required. Most software will be hand made and you will not be able to use it without knowing much of the underlying concepts. Cyber attacks have not been very prevalent because it has not been a "high profile" target. Until recently most people did not know the Internet existed. Information was not seen as a useful target.
CBRN terrorists will often need state support because of the high cost or high restrictions on needed hardware. You can't set up a nuclear refining facility in your basement, the power use alone would draw attention.
Cyber terrorists main need is training. I imagine that such training is not the type state terrorist facilities regularly conduct. It is very easy to find training by legitimate means, such as sending personnel to public universities to get CS degrees. There is no real need for a cyber terrorist to ally with a state.
For this paper I will define a cyber attack as an action that significantly disrupts information or information flow. This does not include web defacements, small scale DoS, and other nucance attacks.
The primary goal will be to disrupt information flow.
There are two types of Cyber attacks. Attack on the physical infrastructure, and attack on the logical infrastructure.
Physical attacks: An example would be cutting a transatlantic data line. We saw the effects of this recently when a construction company accidentally cut a major backbone. The major problem with this attack is the fact that the Internet was designed with this in mind. There are many routes between destinations. However, a coordinated attack can still do major damage. A terrorist could cut several major lines, and blow up a couple important buildings at roughly the same time. You could effectively cut the information link between the west and east coast. Satellites do not have the bandwidth to handle all the communication if all the landlines are down.
These types of attack will come from classic terrorist organizations. It provides immediate results, and instills a great fear in the entire country.
Logical attacks: These are attacks directly on the information. These are much harder to pull off. You will not be able to crash a single computer and cause mass chaos and fear. The only truly effective attack will be a slow stealthy takeover. The most basic would be to cause a massive crash. A terrorist would gain access to many critical servers and organizations. He may crack several bank networks, TRW, Yahoo, CNN... There would be mass confusion if all these were to suddenly disappear at the same time. This may be used as a diversionary tactic to make a classic terrorist attack more effective or easier. It would be easier to smuggle a nuke near the capital building if the power were out.
The main goal is not usually to destroy information, but to disrupt information flow. Any information worth destroying will have a backup off site.
The terrorist organization that undertakes this type of cyber attack is much different. They must be patient, and have a high degree of intelligence. They do not need to be physically close. Their motivations will also be different. A logical attack does not directly kill people. It will not strike the kind of terror a bomb does. This attack is designed to cost the target money and time. Therefore it will usually be used when your goal is the destruction of the target government or organization, not to strike fear into its people. The standard "cell" organizational method may be altered. It will consist of iCells. The cells communicate as in a standard model. The personnel in each iCell are only connected by the Internet. Their meeting places are chat rooms. They can be located anywhere in the world. Each person is anonymous.
If the target is something like a power grid you will need an overlap. You will need to physically gain access to the network. The most important networks can not be reached by the Internet. The organization may have several clasic Cells. These will physically gain access to the network. Then there will be one or more iCells, which take over the network and bring it down.
I don't see cyber terrorism growing for a few years still. A coordinated attack is very difficult to accomplish. Though an evil L0pht may be out there right now. Slowly taking over every critical server in the country. Waiting for the day they are told to corrupt every hard drive under their control.
I'll stop now, I think I've made this long enough:).
Slashdot Mirror
A cardoid will not work. In an elipse every wave in every direction from one foci will eventualy hit the other foci. Think about a eliptical pool table. If you shoot a ball from one foci it will hit a ball in the other foci. No matter what direction you shoot it. This is not true about a cardoid.
First off CBRN and Cyber attacks should not be lumped together, they are fundamentally different.
:).
For CBRN the terrorist must have motivation and equipment.
It takes a certain kind of person to pull the trigger on a tactical nuclear weapon.
You must also have the plutonium to make the weapon.
Technical expertise is not always necessary. You can buy a vile of anthrax and release it with no prior knowledge of how it kills people
Cyber attacks, on the other hand, have different requirements.
Motivation is less important. Indirectly killing someone on life support by cutting the power is morally easier than blowing up the building.
You don't need any special restricted hardware. All hardware is bought or made with off the shelf equipment.
A high level of technical knowledge is required. Most software will be hand made and you will not be able to use it without knowing much of the underlying concepts.
Cyber attacks have not been very prevalent because it has not been a "high profile" target. Until recently most people did not know the Internet existed. Information was not seen as a useful target.
CBRN terrorists will often need state support because of the high cost or high restrictions on needed hardware. You can't set up a nuclear refining facility in your basement, the power use alone would draw attention.
Cyber terrorists main need is training. I imagine that such training is not the type state terrorist facilities regularly conduct. It is very easy to find training by legitimate means, such as sending personnel to public universities to get CS degrees. There is no real need for a cyber terrorist to ally with a state.
For this paper I will define a cyber attack as an action that significantly disrupts information or information flow. This does not include web defacements, small scale DoS, and other nucance attacks.
The primary goal will be to disrupt information flow.
There are two types of Cyber attacks. Attack on the physical infrastructure, and attack on the logical infrastructure.
Physical attacks:
An example would be cutting a transatlantic data line. We saw the effects of this recently when a construction company accidentally cut a major backbone. The major problem with this attack is the fact that the Internet was designed with this in mind. There are many routes between destinations. However, a coordinated attack can still do major damage. A terrorist could cut several major lines, and blow up a couple important buildings at roughly the same time. You could effectively cut the information link between the west and east coast. Satellites do not have the bandwidth to handle all the communication if all the landlines are down.
These types of attack will come from classic terrorist organizations. It provides immediate results, and instills a great fear in the entire country.
Logical attacks:
These are attacks directly on the information. These are much harder to pull off. You will not be able to crash a single computer and cause mass chaos and fear. The only truly effective attack will be a slow stealthy takeover.
The most basic would be to cause a massive crash. A terrorist would gain access to many critical servers and organizations. He may crack several bank networks, TRW, Yahoo, CNN... There would be mass confusion if all these were to suddenly disappear at the same time. This may be used as a diversionary tactic to make a classic terrorist attack more effective or easier. It would be easier to smuggle a nuke near the capital building if the power were out.
The main goal is not usually to destroy information, but to disrupt information flow. Any information worth destroying will have a backup off site.
The terrorist organization that undertakes this type of cyber attack is much different. They must be patient, and have a high degree of intelligence. They do not need to be physically close. Their motivations will also be different. A logical attack does not directly kill people. It will not strike the kind of terror a bomb does. This attack is designed to cost the target money and time. Therefore it will usually be used when your goal is the destruction of the target government or organization, not to strike fear into its people. The standard "cell" organizational method may be altered. It will consist of iCells. The cells communicate as in a standard model. The personnel in each iCell are only connected by the Internet. Their meeting places are chat rooms. They can be located anywhere in the world. Each person is anonymous.
If the target is something like a power grid you will need an overlap. You will need to physically gain access to the network. The most important networks can not be reached by the Internet. The organization may have several clasic Cells. These will physically gain access to the network. Then there will be one or more iCells, which take over the network and bring it down.
I don't see cyber terrorism growing for a few years still. A coordinated attack is very difficult to accomplish. Though an evil L0pht may be out there right now. Slowly taking over every critical server in the country. Waiting for the day they are told to corrupt every hard drive under their control.
I'll stop now, I think I've made this long enough