Information Resources Management CollegeNational Defense University

Cyber Terrorism:

The Real Story

Irving Lachow, Robert Miller & Courtney Richardson

May 10, 2007

“A global learning community for government’s most promising information leaders.”

2

Outline

Introduction Why is this issue important?

What is Cyber Terrorism? Terrorist Use of the Internet US Response Options Recommendations

3

U.S. is Losing Cyber War Against Terrorists

Terrorist use of Internet is leading to: A global ideological movement based on a set of guiding

principles and beliefs Effective operational structures that support local action without

centralized control Effective perception management campaigns that influence target

audiences while undermining U.S. interests

Secretary of Defense Rumsfeld: “If I were rating, I would say we probably deserve a D or D+ as a

country as how well we’re doing in the battle of ideas that’s taking place.”

Dr. Bruce Hoffman: “…the U.S. is dangerously behind the curve in countering terrorist

use of the Internet…”

4

Outline

Introduction What is Cyber Terrorism?

Definition Cyber Terror vs. Other Cyber Activities

Terrorist Use of the Internet US Response Options Recommendations

5

What is Cyber Terrorism?

Definitions of terrorism: State Dept: “Premeditated, politically motivated violence perpetrated

against noncombatant targets by subnational groups or clandestine agents, usually intended to influence an audience.”

FBI: “The unlawful use of force or violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives.”

Definition of cyber terrorism: Denning: “A computer based attack or threat of attack intended to

intimidate or coerce governments or societies in pursuit of goals that are political, religious, or ideological. The attack should be sufficiently destructive or disruptive to generate fear comparable to that from physical acts of terrorism. Attacks that lead to death or bodily injury, extended power outages, plane crashes, water contamination, or major economic losses would be examples... Attacks that disrupt nonessential services or that are mainly a costly nuisance would not.”

6

Cyber Terrorism vs. Other Computer Attacks

MOTIVATION TARGET METHOD

Cyber Terror Political change Innocent victims Computer-based violence or destruction

Cracking Ego,

personal enmity

Individuals, companies, gov’ts

CNA, CNE

(sometimes overt)

Cyber Crime Economic gain Individuals, companies

Fraud, ID theft, blackmail, CNA, CNE

Cyber Espionage

Economic gain Individuals, companies, gov’ts

CNA, CNE

(rarely overt)

State-Level

Info War

Political or military gain

Infrastructure, military assets

CNA, CNE, physical attack

7

Outline

Introduction Why is this issue important?

What is Cyber Terrorism? Terrorist Use of the Internet

Operational Effectiveness Influence Operations

US Response Options Recommendations

8

Why Do Terrorists Use the Internet?

Rapid communications Low cost Ubiquity Ease of use + sophistication of tools Anonymity

9

How do Terrorists Use the Internet?

Organizational effectiveness Recruiting Fundraising Training Command and control Intelligence gathering

Influence Operations Public affairs Civil affairs Psychology operations Computer network

operations

Very few documented cases of cyber terrorism.WHY?

10

Cyber Terrorism vs. Other Attack Vectors

Cyber Terror Challenges: May not create sufficient

horror, fear, and “terror” Prospects for success and

potential outcomes are highly uncertain

Requires different skill set and potential reliance on outside experts

May require extensive intelligence gathering, training, and funding

Use of explosives is a proven strategy Highly effective at creating

terror and getting attention. Easy to do, requires little

training, and is based upon extensive knowledge base

WMD is another option Would create tremendous

sense of terror and panic Would dominate news for

weeks or months Would be huge source of

pride

11

Outline

Introduction What is Cyber Terrorism? Terrorist Use of the Internet US Response Options

Infrastructure Content Cognition

Recommendations

12

US IO Options: Physical Infrastructure

Target physical infrastructure to deny or disrupt access to Internet (and possibly other ICT)

Vast majority of infrastructure used by extremists is commercially-owned and/or operated Most extremist web sites hosted in US or Western Europe There is heavy use of companies like Yahoo! and Microsoft for

email and chat While ISPs are often local, communications backbone likely owned

by either the state or a major corporation

Options: Direct attack (kinetic or other) Ask or force service providers to identify extremists and/or

terminate services to known extremists

13

Physical Infrastructure: Pro’s and Con’s

Advantages Potential to significantly

disrupt extremist use of Internet or other ICT

May be limited options for extremists to counter this tactic

Disadvantages Political risks Legal impediments Technical challenges Collateral damage Identifying extremist users

is difficult May harm intel activities Results may be hard to

predict

14

US IO Options: Information Content

Focus on data or information Target confidentiality, integrity and availability (CIA) in order to:

Deny ability of extremists to keep information secret Plant false or misleading information (either openly or

surreptitiously) Prevent extremists for having timely access to information

Options Intelligence gathering Spoofing (data) or Posing (people) Denial of service Other types of CNO

15

Information Content: Pro’s and Con’s

Advantages Fewer political, legal and

technical impediments Easier to do in clandestine

manner May be able to guide actions

of extremists Can learn about extremist

goals, methods, personnel, etc.

Disadvantages Extremists can be hard to

find and/or identify Numerous countermeasures

readily available Technology and

demographic trends favor extremists

May be hard to assess success

16

US IO Options: Cognition

Influence how people perceive information and/or make decisions

Focus on human aspect of perception (sense making) rather than data/information per se

Goal is to change extremists’ beliefs, decisions, and actions Options:

“War of Ideas” PSYOPS Public and civil affairs Soft power (economics, media, companies, etc.) Others…

17

Cognition: Pro’s and Con’s

Advantages Reduce legitimacy of and

attractiveness of extremist movements

Create schisms among extremist groups

Gain support among allies and non-aligned parties

Few political, legal or technical barriers

Disadvantages Requires coordinated inter-

agency leadership, planning and execution

Currently lack needed personnel, expertise and resources

Long-term approach (possibly decades)

May be hard to assess success

18

Outline

Introduction What is Cyber Terrorism? Terrorist Use of the Internet US Response Options Recommendations

Suggested Actions Final Observations Discussion of Metrics

19

Recommendations

Develop high-level, coordinated strategy for countering terrorist use of the Internet Current efforts are disjointed and occur mostly at operational and

tactical levels Strategy must maximize benefits and minimize risks/costs of

each layer of info environment Where appropriate disrupt infrastructure if only to create FUD

about its reliability Attack CIA of extremist information to further increase FUD, gain

intel and disrupt operations Focus significant time and energy on cognitive domain to impact

terrorist decision-making, reduce terrorist influence on stakeholders, and promote US ideas

Create mix of short-, medium-, and long-term goals, plans, actions, and metrics

20

A Few Final Observations

US alone cannot counter extremist Muslim ideology Must build up and/or support networks of moderate Muslims and

help spread their message Use former terrorists to undermine extremist recruiting

Current “approval ratings” of US across the world are dismal Improve publicity of “positive” actions Reset terms of the ideological struggle

US is not well organized to fight a long-term, broad-based “war of ideas” Elevate importance of information component of power Develop structures, processes, incentives to better coordinate IO-

type activities Strengthen capabilities of diplomatic corps and the “diplomatic”

abilities of soldiers

21

Discussion

How can we measure the effectiveness of terrorist use of the Internet? # of users? # of websites? Interviews? Anecdotes? Polling data?

Membership in Islamic denominations?

How can we assess the benefits, costs, and risks of US response options? Benefits: Impacts on factors identified above? # of terrorist attacks?

# of stories in the media? Costs: Monetary? Level of effort? Opportunity costs? Risks: Public opinion? Media coverage? Legal actions? Changes in

terrorist use of Internet counter to US goals?

Key challenges include data availability, data accuracy, correlation vs. causality, and understanding of fundamental dynamics