Crossing the Rubicon: Understanding Cyber Terrorism in the European Context

Abstract

The first decade of the twenty-first century introduced a cultural shift where terrorism is concerned by making new technologies such as computers and networks available as both tools and targets for exploitation. The current rise in the number of attempts at launching a cyber attack may represent a new generation of “terrorists” and their discontent with governments, private companies, or with other non-governmental groups. Using cyber technologies has many benefits for the user and the potential of causing more damage by a keystroke than a bomb is increasing daily. Despite much recent scholarship on cyber terrorism, however, there continue to be problems not only in defining what cyber terrorism means but in identifying both who are the actors and the panoply of choices actors confront. In this essay, I attempt to clarify these problems by defining key terms and by analyzing the recent escalation in cyber use in the European context.

Notes

1. Tom Brewster, “Shipping Sector Security Awareness ‘Low to Non-Existent’,” ITPRO News, 20 December 2011, at: http://www.itpro.co.uk/638005/shipping-sector-security-awareness-low-to-non-existent; accessed 23 December 2011.

2. Dogrul, Murat, Adil Aslan, and Celik Eyyup, “Developing an International Cooperation on Cyber Defense and Deterrence Against Cyber Terrorism,” in Third International Conference on Cyber Conflict (2011). Also see Dorothy E. Denning, Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy, Paper Sponsored by and Presented to the Nautilus Institute, 2001; Richard Clarke and Robert K. Knake, Cyber War: The Next Threat to National Security and What to Do About It (New York: HaperCollins, 2010).

3. Jerrold M. Post, Keven G. Ruby, and Eric D. Shaw, “From Car Bombs to Logic Bombs: The Growing Threat from Information Terrorism,” Terrorism & Political Violence 12 (Summer 2000): 100.

4. Matthew G. Devost, Brian K. Houghton, and Neal A. Pollard, “Information Terrorism: Can You Trust Your Toaster?” in Sun Tzu and Information Warfare, ed. Robert E. Neilson (Washington, D.C.: National Defense University Press, 1997), 75, 97–122.

5. Denning, Activism, Hacktivism, and Cyberterrorism.

6. Post et al., From Car Bombs to Logic Bombs, 97–122.

7. A DDoS attack is a “preprogrammed flood of Internet traffic designed to crash or jam networks” (Clarke and Knake, Cyber War, 18). The DDoS attack floods an Internet site with more requests for data that it can process, shutting down the site and preventing usage. Botnets, or networks of computers that have been hijacked through software infection, coordinate to launch simultaneous attacks. Sites attacked in this way are disrupted until the flooding stops or the attackers disperse. For more information, see Brandon Valeriano and Ryan Maness, “Persistent Enemies and Cyberwar: Rivalry Relations in an Age of Information Warfare,” in Cybersecurity to Cyberwar Workshop (U.S. Naval War College, 2010).

8. The interesting questions that arise from this are: would an attack that is limited to damaging data and possibly economic commerce qualify as a terror attack? Would a cyber attack that causes a plane to crash or prevents proper medical attention and thus causes bodily harm or death constitute an act of terror? Thought about in this way, a cyber attack could simply be a means to another means to an end, where cyber is a tool much like a bomb is a tool. Taking this notion to the extreme, one might wonder if cyber terrorism is a category of terror at all. Rather than a category, it may be seen as another means at the disposal of terrorists where more direct applications of fear and bloodshed are less strategic choices than cyber terror.

9. Barry C. Collins, “The Future of Cyber Terrorism: When the Physical and Virtual Worlds Converge,” speech delivered at the 11th Annual International Symposium on Criminal Justice Issues, 2008, at <http://www.crime-research.org/library/Cyberter.htm>; accessed 1 January 2012. Also see Thomas Friedman, “Digital Defense,” New York Times, 27 July 2001, A19; Brigittee L. Nacos, Terrorism and Counterterrorism, 3d ed. (New York: Penguin, 2010); Jill R. Aitoro, “Terrorists Nearing Ability to Launch Big Cyberattacks against the U.S.,” Next-gov, 2 October 2010, at http://nextgov.com/site_services/print_aritcle.php?StoryID=ng_20091002_9081; accessed 1 January 2012.

10. Daniel Rosenfield, “Rethinking Cyber War,” Critical Review 21 (2009): 77. Also see Clarke and Knake, Cyber War.

11. Post et al., From Car Bombs to Logic Bombs, 101.

12. Rosenfield, Rethinking Cyber War, 77.

13. Supervisory Control and Data Acquisition (SCADA) systems are computer systems that typically control and monitor industrial processes like utility companies, power plants, water treatment systems, transportation, and communication systems.

14. Gabriel Weimann, “Cyberterrorism: How Real Is the Threat?” United States Institute of Peace Special Report No. 119, United States Institute of Peace (2004), 2, at http://www.usip.org/files/resources/sr119.pdf; accessed 23 December 2011.

15. Clarke and Knake. Cyber War. Also see Joseph Nye Jr. Cyber Power (Boston, MA: Belfer Center for Science and International Affair, 2010).

16. Olivier Roy, “Recruiting Terrorists,” International Herald Tribune, 11 January 2010.

17. These cyber attacks must be distinguished from cyberwar, where there is a military component. Cyberwar is defined as “conducting, and preparing to conduct, military operations according to information-related principles. It means disrupting if not destroying the information and communication systems, broadly defined to include even military culture, on which an adversary relies in order to ‘know’ itself.” See Irving Lachow, “Cyberterrorism: Menace or Myth?” in Cyberpower and National Security, ed. Franklin D. Kramer, Stuart H. Starr, and Larry K. Wentz (Washington D.C.: National Defense University Press, 2009), 441. An example of cyberwar is the shutting down of Syrian radar systems by Israelis so they would not recognize fighter jets within their airspace.

18. Anon, “Anonymous (Internet Group),” The New York Times, 3 July 2012, at http://topics.nytimes.com/top/reference/timestopics/organizations/a/anonymous_internet_group/index.html; accessed 23 December 2011.

19. Somini Sengupta, “The Soul of the New Hactivist,” The New York Times, 17 March 2012, at

<http://www.nytimes.com/2012/03/18/sunday-review/the-soul-of-the-new-hacktivist.html?ref=anonymousinternetgroup>; accessed 3 January 2012.

20. Nye, Cyber Power, 3–4.

21. General Michael Heyden, in an interview on CNN on the threat of cyber terrorism, said that actors involved in destructive terror have “crossed the rubicon,” which phrase I adopted as the title of this article.

22. Herbert Lin, “Special Report: Lifting the Veil on Cyber Defense,” IEEE Security & Privacy 7 (2009): 15–21.

23. James P. Farwell, “Countering Cyber Piracy and Cyber Vandalism: A New Perspective,” Australian Security Research Center (2010).

24. Jonathan Masters, “Confronting the Cyber Threat,” Council on Foreign Relations, at <http://www.cfr.org/technology-and-foreign-policy/confronting-cyber-threat/p15577>; accessed 23 December 2011.

25. Yudhijit Bhattacharjee, “How a Remote Town in Romania Has Become Cybercrime Central,” Wired Magazine, February 2011.

26. Masters, Confronting the Cyber Threat.

27. Jeffery Carr, Inside Cyber Warfare: Mapping the Cyber Underworld (California: O’Reilly Media Publishing, 2010).

28. Farwell, Countering Cyber Piracy and Cyber Vandalism, 12.

29. Rosenfield, Rethinking Cyber War, 83.

30. Rosenfield, Rethinking Cyber War, 83. Also see Mindi McDowell, “National Cyber Alert System – Cyber Security Tip ST04-015: Understanding Denial of Service Attacks,” The United States Computer Emergency Response Team (US-CERT), 1 August 2007, at http://www.uc-cert.gov/cas/tips/ST04-015.html; accessed 3 January 2012.

31. Stephen Herzog, “Revisiting the Estonian Cyber Attacks: Digital Threats and Multinational Responses,” Journal of Strategic Security 4 (2011): 49–60. Also see Thomas M. Chen, “Stuxnet, the Real Start of Cyber Warfare,” IEEE Network (November-December 2010): 2–3.

32. Herzog, Revisiting the Estonian Cyber Attacks, 51.

33. Rosenfield, Rethinking Cyber War, 77–90.

34. Herzog, Revisiting the Estonian Cyber Attacks, 49–60.

35. Carr, Inside Cyber Warfare, 183.

36. Stephen Korns and Joshua Kastenberg, “Georgia’s Cyber Left Hook,” Parameters (Winter 2008–2009): 60–76.

37. Carr, Inside Cyber Warfare, 183.

38. Carr, Inside Cyber Warfare, 106.

39. Structured Query Language (SQL) is a programming language that is used in the management of data in relational database management systems (Carr, Inside Cyber Warfare, 106).

40. Carr, Inside Cyber Warfare, 141.

41. “Matching off to Cyberwar,” The Economist, 4 December 2008, at http://www.economist.com/node/12673385; accessed 3 January 2012.

42. Atika Shubert, “Cyber Warfare: A Different Way to Attack Iran’s Reactors,” CNN Tech 8 November 2011, at http://articles.cnn.com/2011-11-08/tech/tech_iran-Stuxnet_1_Stuxnet-centrifuges-natanz-facility?_s=PM:TECH; accessed 23 December 2011. Also see Chen, Stuxnet, the Real Start of Cyber Warfare, 2–3, and Tom Gjelten,“Stuxnet Raises ‘Blowback’ Risk in Cyberwar,” NPR 2 November 2011, at

http://www.npr.org/2011/11/02/141908180/Stuxnet-raises-blowback-risk-in-cyberwar; accessed 23 December 2011.

43. Chen, Stuxnet, the Real Start of Cyber Warfare, 3.

44. Shubert, Cyber Warfare: A Different Way to Attack Iran’s Reactors.

45. Chen, Stuxnet, the Real Start of Cyber Warfare, 3.

46. Gjelten, Stuxnet Raises ‘Blowback’ Risk in Cyberwar.

47. Carr, Inside Cyber Warfare, 186.

48. Dorris E. Denning, “Whither Cyber Terror?” 10 Years after September 11, A Social Science Research Council Essay Forum, September 2011, at <http://essays.ssrc.org/10yearsafter911/whither-cyber-terror/>; accessed 3 January 2012.

49. Project Grey Goose is an open source investigation founded and created by Jeffery Carr to better understand the nature of cyber activities involving Russia and Georgia. See Carr, Inside Cyber Warfare, 180.

50. Martha Crenshaw, “The Concept of Revolutionary Terrorism,” The Journal of Conflict Resolution 16.3 (1972): 384.

51. Jonathan Stevenson, “How Europe and America Defend Themselves,” Foreign Affairs 82 (March–April 2003): 76, 77.

52. Ramon Spaaij, “The Enigma of Lone Wolf Terrorism: An Assessment,” Studies in Conflict & Terrorism 33 (2010): 845.

53. Bruce Hoffman, Al Qaeda, Trends in Terrorism, and Future Potentialities: An Assessment, (Santa Monica, CA: RAND Corp., 2003), 16–17.

54. Oldrich Bures, “Perceptions of the Terrorist Threat among EU Member States,” Central European Journal of International and Security Studies 4 (2010): 60.

55. Bures, “Perceptions of the Terrorist Threat among EU Member States,” 51–80.

56. Elisa Mala and J. David Goodman, “At Least 80 Dead in Norway Shooting,” The New York Times, 22 July 2011, at http://www.nytimes.com/2011/07/23/world/europe/23oslo.html?pagewanted=all; accessed 23 December 2011.

57. Anonymous, “Europe Under Fire for Overlooking Right Wing Terrorism Threats,” Today’s Zaman, 26 July 2011, at http://www.todayszaman.com/news-251686-europe-under-fire-for-overlooking-right-wing-terrorism-threats.html; accessed 23 December 2011.

58. Anonymous, Europe Under Fire for Overlooking Right Wing Terrorism Threats.

59. Giampiero Giacomello, “Bangs for the Buck: A Cost-Benefit Analysis of Cyberterrorism,” Studies in Conflict & Terrorism 27 (2004): 387–408.

60. Clarke and Knake, Cyber War, 136.

61. Bures, Perceptions of the Terrorist Threat among EU Member States, 51–80.

62. Nye, Cyber Power, 13.

63. Giacomello, Bangs for the Buck, 387–408.

64. Lachow, “Cyberterrorism: Menace or Myth?” 464.