ABSTRACT
This research explores the conditions under which ransomware can be considered as an act of cyberterrorism and whether the cases of JBS USA, Colonial Pipeline and the wiperware attacks against Ukraine in 2022 constitute such. These theoretical and practical issues are particularly important in light of the negotiations at the United Nations level for a binding treaty on cybercrime. To achieve these goals, we have undertaken the following steps in designing a model for the analysis of ransomware events. First, we searched for an agreed-upon definition for cyberterrorism in the academic literature. To do so, we compiled a dataset of one hundred peer-reviewed articles published in scholarly journals on the topic of cyberterrorism. We reported whether authors considered factors such as inducing a sense of fear/panic, the destruction of property or the threat of such, and/or killing/violence/coercion or the threat of such as necessary conditions for the definition of cyberterrorism. Second, we complemented academic views with the definitions of practitioners and policymakers. Third, we applied the model to test whether the three ransomware case studies fit the criteria for cyberterrorism. We found that based on the proposed framework, all case studies constitute acts of cyberterrorism, albeit to a different extent.
Disclosure statement
No potential conflict of interest was reported by the author(s).
Correction Statement
This article has been corrected with minor changes. These changes do not impact the academic content of the article.
Additional information
Notes on contributors
Lora Pitman
Dr. Lora Pitman holds a PhD in International Studies from Old Dominion University, a Master’s in Humanities from the same institution, and a Master of Laws degree from Sofia University, Bulgaria. As a subject matter expert, Dr. Pitman worked on different projects on disinformation, sponsored by NATO and by the U.S. Department of State. She was also a contributor to international events organized by the Tactics Institute for Security & Counter Terrorism (UK), the Legal Innovation Lab Wales (UK), NATO-ACT and NATO Innovation Hub. She has published multiple peer-reviewed articles and book chapters with a focus on international security and cybersecurity. Her publications appear in the International Journal of Cyber Criminology, the International Journal of Intelligence & Cybercrime, the International Journal of Criminal Justice Sciences, the Journal of White-Collar and Corporate Crime, the Journal of Criminal Justice Studies, the Journal of Simulation Engineering, the Encyclopedia of Global Security Studies, and in various NATO Science for Peace Series volumes. She is also a co-editor of the NATO-issued book Advances in Defence Analysis, Concept Development and Experimentation: Innovation for the Future.
Wendy Crosier
Wendy J. Crosier graduated with honors from the University of Maine's Political Science Program with a minor in Ecology and Environmental Science. Her interest in renewable energy, policy and national security has led to an internship in Governor Mills’ office and a research fellowship through the University of Maine. The Department of Energy has selected Crosier for the Clean Energy Innovators Fellowship - – administered by the Oak Ridge Institute, amongst 18 other participants nationally.