How Cyberterrorism Can Affect You
Even if cyberterrorism may become a reality, what does this have to do with dot-coms, dot-orgs, or dot-nets? After all, most organizations don't run a power grid, a military control room, an emergency dispatch center, or a naval cruiser. They sell merchandise, provide consumer services, help those in need, work for associations, manage ISP networks. How can they really be affected by cyberterrorism? Most "cyber attacks" in the pastviruses, worms, Trojan horses, denial-of-service attacks, and so onhave been inconveniences rather than life-or-death struggles. Bombs are more effective than bytes, and as yet there has been no "virtual body count" consigned to cyberterrorism. So why the big deal?
Critics of the concept of cyberterrorism play down its ability to create real damage to our socioeconomic and political infrastructure. Martin Libicki of National Defense University is one of them. In his opinion, the hacker tactics deployed so far have merely been weapons of "mass annoyance." For example, if you shut off all the lights in Iowa for two hours or stop Visa Card purchases for an hour, that's going to inconvenience a lot of people, but it's not going to bring the country to its knees. Libicki and other critics point out that computer failures and power outages are a simple fact of life, and the economy is too resilient to be easily crippled by system failuresdeliberate or accidental. Even when a quarter of the country was out of work for half a week during a snowstorm in the Northeast several years ago, that didn't bring the economy tumbling down. So why should businesses, institutions, and organizations be concerned now?
Because of one thing.
In the United States, the private sector owns or manages a large number of critical infrastructures, including banking and finance, electricity, oil and gas production, telecommunications, transportation, and water supply. In addition, a RAND Corporation report noted that nearly everything the U.S. military does depends on computer-driven civilian information networks. About 95% of military communications travel over the same networks used by civilians for faxes and telephoning. Each of these information nodes represents a vulnerable point of attack.
Although the military establishment has put in place safeguards from cyber attacks, the state of preparation of civilian enterprises, unfortunately, is way behind. Of course, sensitive military computers are required to be kept as far away from the public Internet as possible. However, there is always a weak link in the chain. For example, an army depends on manufacturer A for supplies and equipment, and, in turn, manufacturer A depends on parts from manufacturer B, and so on. Somewhere in that supply chain is a vulnerability due to the massive networks, technological dependence, and just-in-time ordering systems. Indeed, although direct attacks on a critical infrastructure are unlikely, if done on a network that has a link into it elsewhere, then one vulnerability is all it takes. This is not an impossibility. We've seen labor strikes in one automotive plant effectively shut down large carmakers. Most U.S. automotive plants are also government contractors that supply vehicles and replacement parts to the militaryan obvious target for cyberterrorists.
Because of the importance of these infrastructures to the country's economy and their close relationship to national security, the private sector will increasingly be targeted for terrorist attacks. And if you've kept your eye on the news lately, you'll know that in a recent videotape, Usama bin Ladin ordered his followers to wreak economic havoc on the U.S.
That means you.
The dangers in failing to recognize the risks could be serious. The dangers in recognizing the risks but not acting on them could be far worse. To quote Frank J. Cilluffo of the Washington-based Center for Strategic and International Studies, "While bin Laden may have his finger on the trigger, his grandson might have his finger on the mouse."
The events of September 11 have made it clear that we're all on the firing lineall combatants in this new kind of warand the weapons facing us can be fired from anywhere in the world. Cyberterrorism assaults can be undertaken from any computer from anywhere on the planet and directed toward the systems in America that depend on flows of information. The aim of cyberterrorism is not necessarily mass destruction per se, but mass disruption of an opponent by corrupting its information. But it goes further. The aim of cyberterrorism is to damage, misuse, confuse, and hijack our information and communications infrastructureand that damage could, if unchecked, have far-reaching and catastrophic results.