IN THIS STORY:
>Defining cyberterrorism
>Supporting the private sector
>Cyberdefense

Printable version

Email article

In the recent movie The Recruit, Colin Farrell plays a young CIA operative who takes possession of a computer virus capable of traveling across existing electrical lines, knocking out power as it goes. Sound like science fiction? Perhaps, but protecting our nation's critical infrastructure has become a very real concern.

In previous wars, critical infrastructure components such as airports, power plants, water systems, railroads, oil and gas pipelines, and communication centers were targeted by the military because their destruction could help cripple a nation. These same components no longer have to be physically destroyed, however, because most are dependent on computer-based systems that could be disabled in a cyberattack. 

Several incidents in recent years have raised concerns about the security of our nation's computer systems. In 1998, the Israeli National Police, working in conjunction with the U.S. Department of Justice, arrested an Israeli citizen for illegally accessing computers belonging to the Israeli and U.S. governments, as well as hundreds of other commercial and educational systems in the United States and elsewhere. 

Two years later, a Boston man was charged with using his home computer to illegally gain access to a number of computers, including those controlled by NASA and a Department of Defense (DoD) agency, where, among other things, he intercepted log-in names and passwords and intentionally caused delays and damaged communications.

In November 2002, Gary McKinnon, an unemployed computer systems administrator from London, was indicted for making a series of computer network intrusions at Earle Naval Weapons Station, N.J. The intrusions adversely affected the station's ability to accomplish its mission - replenishing munitions and supplies for the U.S. Navy's Atlantic fleet - immediately following the terrorist attacks of Sept. 11. McKinnon also was charged for intruding into two computers located at the Pentagon and 92 other computer systems belonging to the Army, Navy, Air Force, NASA, and DoD, as well as six private companies' networks.

Defining cyberterrorism
These and other high-profile cases have raised concerns that critical infrastructure elements could be crippled during a cyberattack, which could be instigated by anyone from a systems-savvy teenager looking for a challenge to a seasoned hacker hired by a terrorist group. Most computer intrusions, however, aren't acts of cyberterrorism. In fact, many in the industry feel the term "cyberterrorism" has been overused since the attacks of Sept. 11.

"We know what terrorism is," says Bruce Schneier, founder and chief technology officer of Counterpane Internet Security Inc., which is headquartered in Cupertino, Calif. "It's someone blowing himself up in a crowded restaurant or flying an airplane into a skyscraper. It's not infecting computers with viruses, forcing air traffic controllers to route planes manually, or shutting down a pager network for a day. That causes annoyance and irritation, not terror."

James Lewis, senior fellow at the Center for Strategic and International Studies in Washington, D.C., also believes the term cyberterrorism is being used to describe events that are more annoying than terrifying.

"If some kid hacks into a Web site and he draws a mustache on [Attorney General] John Ashcroft's face, it's not that big of a deal," he says. "… It's just graffiti."

Not everyone is so quick to dismiss the term "cyberterrorism," however. In fact, some information technology (IT) professionals classify unwanted computer intrusions into one of three categories: cybervandalism, cybercrime, and cyberterrorism. 

Cybervandalism, or "cyberhooliganism" as Schneier calls it, might include knocking out an e-mail system, defacing a Web site, or performing some other disruptive or annoying activity. Cybercrime sees hackers infiltrate secure computer systems in order to steal confidential information, such as customers' credit card data. 

Cyberterrorism differs from other forms of intrusions because it is both politically motivated and destructive. However, most attacks labeled as cyberterrorism meet one criteria but not both.

In 2001, for example, Chinese hackers defaced several U.S. government Web sites following the death of Wang Wei, a Chinese pilot who was killed when his plane collided with a U.S. spy plane earlier that year. Although the intrusion was politically motivated, it was more annoying than destructive. 

Even if the Internet were taken down, an often-cited cyberterrorist threat, Lewis says the event, although disruptive, would hardly inspire terror and for many would become "an adult snow day because everyone would take off" from work. In fact, even the most malicious cyberattacks have failed to instill fear in the general public.

Lewis cites a 1997 case, which saw a teenage hacker shut down the airport control tower in Worcester, Mass. Personnel at the airport quickly reverted to a backup system, and the incident didn't cause any accidents. This case illustrates why many cyberattacks fail to produce mass hysteria or fear. The incident affected only one airport, and the airport's system administrators had a backup system in place so their critical systems could continue running.

Continued>>