Just so everyone knows where I am coming from, I define cyber terrorism as:
Cyber terrorism is a premeditated, politically motivated criminal act by sub-national groups or clandestine agents against information and computer systems, computer programs, and data that result in physical violence where the intended purpose is to create fear in non-combatant targets.
This means that just defacing a website is not cyber terrorism, nor is shutting off the lights unless someone is physically injured. Any other definition enlarges computer crime in the name of terrorism. We need to stay focused so we do not simple turn everyone or every computer incident into a terrorist attack.
There are several primary areas of concern for cyber terrorism. These are:
1. The ability to gather intelligence on potential targets by breaking into systems. This includes family histories, medical conditions, credit, travel schedules, political and religious affiliations, and even enough information to assume a person's identity. Ramzi Tousef was the mastermind behind the 1993 World Trade Center bombing. He came to the US as Ramzi and left on a different passport as Abdel Basit. Target intelligence is no small matter in skilled hands with significant resources.
2. Modify existing electronic records or databases that have a direct outcome such as a high profile target's blood type before a major operation, vaccination or allergy histories, and the like. This also includes the removal of people on airport watch lists before a hijacking.
3. Much of our economic infrastructure is controlled by SCADA systems. This includes our railroads, water treatment facilities, electrical generation and distribution, as well as simple traffic systems. The man power needed to run these facilities would be enormous without SCADA systems as control of these facilities involve great geographic distances. Breaches of SCADA systems have huge secondary ramifications to health and safety.
Believe what you like about all the hype about cyber terrorism. The real issue is implementing protective measures against these types of attacks and protecting people from harm. Let's stop the drumbeat about cyber terrorism and start doing something about securing our information infrastructures.
With Kind Regards,
Dr. Andrew M. Colarik,
AndrewColarik.com
After reading other definitions from government people, I define cyber terrorism as a premeditated, politically motivated criminal act by sub-national groups or clandestine agents against information and computer systems, computer programs, and data that result in violence where the intended purpose is to create fear in non-combatant targets.
Ignorance? Not to insult you but I think you should go do some homework on police and EMS systems. Much of the telecommunications infrastructure is shared with the Internet backbone. Even wireless has a shared infrastructure. Military systems which are extremely secured at their installations use public infrastructure to communicate and as such become vulnerable as a result. This isn't about me creating fear, it's about bring this issue forward so we can address the core issues.
Remember, the terrorists have proven they can turn our own technology against us (i.e. jetliners into missiles). Asymmetric warfare is what we now have to start dealing with...
All I can say is that cyber terrorism is so much more than what the Washington Post is presenting, but it is about time that this topic starts getting discussed. Remember, terrorism is about creating fear, and cyber terrorism is the use of our Global Information Infrastructure (telecommunications and cyber space) to communicate and coordinate terrorist activities between cells and potential recruits, the gathering of intelligence on potential targets, a force multiplier for physical attacks by disabling emergency response systems, and for causing physical harm by electronically attacking control systems such as dams, electrical systems, medical databases, and a host of other computer dependent infrastructures.
So much of our livelihoods now depend on the secure use of computers for communications, transportation, banking, medical, etc., and these systems have been penetrated by hackers, crackers and cyber criminals for quite some time. Imagine what would happen if mobile phone service was disrupted just prior to a major chemical attack. Emergency Medical Services would be unable to communicate life saving instructions from doctors much less coordinate rescue activities. Visualize having your blood type changed in a medical database before a major operation. Game over...
Law enforcement is working to integrate their computer systems to provide better sharing of criminal and terrorist activities. In the past, people like Kevin Mitnik have demonstrated their ability to break into judicial and law enforcement systems and actually remove their criminal histories. Envision a cyber terrorist removing five people from a watch list hours before they board a jetliner. Imagine having your identity stolen and used to rent the apartment and truck that was used to make and deliver the bomb that blew up a federal building. Your life would change in an instant.
I have been doing continuous research on terrorist activities in cyber space and welcome any contributions or discussions. Visit my site at http://www.andrewcolarik.com/home.htm for contact details.
Slashdot Mirror
Just so everyone knows where I am coming from, I define cyber terrorism as: Cyber terrorism is a premeditated, politically motivated criminal act by sub-national groups or clandestine agents against information and computer systems, computer programs, and data that result in physical violence where the intended purpose is to create fear in non-combatant targets. This means that just defacing a website is not cyber terrorism, nor is shutting off the lights unless someone is physically injured. Any other definition enlarges computer crime in the name of terrorism. We need to stay focused so we do not simple turn everyone or every computer incident into a terrorist attack. There are several primary areas of concern for cyber terrorism. These are: 1. The ability to gather intelligence on potential targets by breaking into systems. This includes family histories, medical conditions, credit, travel schedules, political and religious affiliations, and even enough information to assume a person's identity. Ramzi Tousef was the mastermind behind the 1993 World Trade Center bombing. He came to the US as Ramzi and left on a different passport as Abdel Basit. Target intelligence is no small matter in skilled hands with significant resources. 2. Modify existing electronic records or databases that have a direct outcome such as a high profile target's blood type before a major operation, vaccination or allergy histories, and the like. This also includes the removal of people on airport watch lists before a hijacking. 3. Much of our economic infrastructure is controlled by SCADA systems. This includes our railroads, water treatment facilities, electrical generation and distribution, as well as simple traffic systems. The man power needed to run these facilities would be enormous without SCADA systems as control of these facilities involve great geographic distances. Breaches of SCADA systems have huge secondary ramifications to health and safety. Believe what you like about all the hype about cyber terrorism. The real issue is implementing protective measures against these types of attacks and protecting people from harm. Let's stop the drumbeat about cyber terrorism and start doing something about securing our information infrastructures. With Kind Regards, Dr. Andrew M. Colarik, AndrewColarik.com
After reading other definitions from government people, I define cyber terrorism as a premeditated, politically motivated criminal act by sub-national groups or clandestine agents against information and computer systems, computer programs, and data that result in violence where the intended purpose is to create fear in non-combatant targets.
Ignorance? Not to insult you but I think you should go do some homework on police and EMS systems. Much of the telecommunications infrastructure is shared with the Internet backbone. Even wireless has a shared infrastructure. Military systems which are extremely secured at their installations use public infrastructure to communicate and as such become vulnerable as a result. This isn't about me creating fear, it's about bring this issue forward so we can address the core issues.
Remember, the terrorists have proven they can turn our own technology against us (i.e. jetliners into missiles). Asymmetric warfare is what we now have to start dealing with...
All I can say is that cyber terrorism is so much more than what the Washington Post is presenting, but it is about time that this topic starts getting discussed. Remember, terrorism is about creating fear, and cyber terrorism is the use of our Global Information Infrastructure (telecommunications and cyber space) to communicate and coordinate terrorist activities between cells and potential recruits, the gathering of intelligence on potential targets, a force multiplier for physical attacks by disabling emergency response systems, and for causing physical harm by electronically attacking control systems such as dams, electrical systems, medical databases, and a host of other computer dependent infrastructures.
So much of our livelihoods now depend on the secure use of computers for communications, transportation, banking, medical, etc., and these systems have been penetrated by hackers, crackers and cyber criminals for quite some time. Imagine what would happen if mobile phone service was disrupted just prior to a major chemical attack. Emergency Medical Services would be unable to communicate life saving instructions from doctors much less coordinate rescue activities. Visualize having your blood type changed in a medical database before a major operation. Game over...
Law enforcement is working to integrate their computer systems to provide better sharing of criminal and terrorist activities. In the past, people like Kevin Mitnik have demonstrated their ability to break into judicial and law enforcement systems and actually remove their criminal histories. Envision a cyber terrorist removing five people from a watch list hours before they board a jetliner. Imagine having your identity stolen and used to rent the apartment and truck that was used to make and deliver the bomb that blew up a federal building. Your life would change in an instant.
I have been doing continuous research on terrorist activities in cyber space and welcome any contributions or discussions. Visit my site at http://www.andrewcolarik.com/home.htm for contact details.