Information Resources Management College National Defense University

1
Information Resources Management CollegeNational
Defense University
Cyber Terrorism The Real Story Irving Lachow,
Robert Miller Courtney Richardson May 10, 2007
A global learning community for governments
most promising information leaders.
2
Outline

• Introduction
• Why is this issue important?
• What is Cyber Terrorism?
• Terrorist Use of the Internet
• US Response Options
• Recommendations

3
U.S. is Losing Cyber War Against Terrorists

• Terrorist use of Internet is leading to
• A global ideological movement based on a set of
  guiding principles and beliefs
• Effective operational structures that support
  local action without centralized control
• Effective perception management campaigns that
  influence target audiences while undermining U.S.
  interests
• Secretary of Defense Rumsfeld
• If I were rating, I would say we probably
  deserve a D or D as a country as how well were
  doing in the battle of ideas thats taking
  place.
• Dr. Bruce Hoffman
• the U.S. is dangerously behind the curve in
  countering terrorist use of the Internet

4
Outline

• Introduction
• What is Cyber Terrorism?
• Definition
• Cyber Terror vs. Other Cyber Activities
• Terrorist Use of the Internet
• US Response Options
• Recommendations

5
What is Cyber Terrorism?

• Definitions of terrorism
• State Dept Premeditated, politically motivated
  violence perpetrated against noncombatant targets
  by subnational groups or clandestine agents,
  usually intended to influence an audience.
• FBI The unlawful use of force or violence
  against persons or property to intimidate or
  coerce a government, the civilian population, or
  any segment thereof, in furtherance of political
  or social objectives.
• Definition of cyber terrorism
• Denning A computer based attack or threat of
  attack intended to intimidate or coerce
  governments or societies in pursuit of goals that
  are political, religious, or ideological. The
  attack should be sufficiently destructive or
  disruptive to generate fear comparable to that
  from physical acts of terrorism. Attacks that
  lead to death or bodily injury, extended power
  outages, plane crashes, water contamination, or
  major economic losses would be examples...
  Attacks that disrupt nonessential services or
  that are mainly a costly nuisance would not.

6
Cyber Terrorism vs. Other Computer Attacks
MOTIVATION TARGET METHOD
Cyber Terror Political change Innocent victims Computer-based violence or destruction
Cracking Ego, personal enmity Individuals, companies, govts CNA, CNE (sometimes overt)
Cyber Crime Economic gain Individuals, companies Fraud, ID theft, blackmail, CNA, CNE
Cyber Espionage Economic gain Individuals, companies, govts CNA, CNE (rarely overt)
State-Level Info War Political or military gain Infrastructure, military assets CNA, CNE, physical attack
7
Outline

• Introduction
• Why is this issue important?
• What is Cyber Terrorism?
• Terrorist Use of the Internet
• Operational Effectiveness
• Influence Operations
• US Response Options
• Recommendations

8
Why Do Terrorists Use the Internet?

• Rapid communications
• Low cost
• Ubiquity
• Ease of use sophistication of tools
• Anonymity

9
How do Terrorists Use the Internet?

• Organizational effectiveness
• Recruiting
• Fundraising
• Training
• Command and control
• Intelligence gathering

• Influence Operations
• Public affairs
• Civil affairs
• Psychology operations
• Computer network operations

Very few documented cases of cyber terrorism. WHY?
10
Cyber Terrorism vs. Other Attack Vectors

• Cyber Terror Challenges
• May not create sufficient horror, fear, and
  terror
• Prospects for success and potential outcomes are
  highly uncertain
• Requires different skill set and potential
  reliance on outside experts
• May require extensive intelligence gathering,
  training, and funding

• Use of explosives is a proven strategy
• Highly effective at creating terror and getting
  attention.
• Easy to do, requires little training, and is
  based upon extensive knowledge base
• WMD is another option
• Would create tremendous sense of terror and panic
• Would dominate news for weeks or months
• Would be huge source of pride

11
Outline

• Introduction
• What is Cyber Terrorism?
• Terrorist Use of the Internet
• US Response Options
• Infrastructure
• Content
• Cognition
• Recommendations

12
US IO Options Physical Infrastructure

• Target physical infrastructure to deny or disrupt
  access to Internet (and possibly other ICT)
• Vast majority of infrastructure used by
  extremists is commercially-owned and/or operated
• Most extremist web sites hosted in US or Western
  Europe
• There is heavy use of companies like Yahoo! and
  Microsoft for email and chat
• While ISPs are often local, communications
  backbone likely owned by either the state or a
  major corporation
• Options
• Direct attack (kinetic or other)
• Ask or force service providers to identify
  extremists and/or terminate services to known
  extremists

13
Physical Infrastructure Pros and Cons

• Advantages
• Potential to significantly disrupt extremist use
  of Internet or other ICT
• May be limited options for extremists to counter
  this tactic

• Disadvantages
• Political risks
• Legal impediments
• Technical challenges
• Collateral damage
• Identifying extremist users is difficult
• May harm intel activities
• Results may be hard to predict

14
US IO Options Information Content

• Focus on data or information
• Target confidentiality, integrity and
  availability (CIA) in order to
• Deny ability of extremists to keep information
  secret
• Plant false or misleading information (either
  openly or surreptitiously)
• Prevent extremists for having timely access to
  information
• Options
• Intelligence gathering
• Spoofing (data) or Posing (people)
• Denial of service
• Other types of CNO

15
Information Content Pros and Cons

• Advantages
• Fewer political, legal and technical impediments
• Easier to do in clandestine manner
• May be able to guide actions of extremists
• Can learn about extremist goals, methods,
  personnel, etc.

• Disadvantages
• Extremists can be hard to find and/or identify
• Numerous countermeasures readily available
• Technology and demographic trends favor
  extremists
• May be hard to assess success

16
US IO Options Cognition

• Influence how people perceive information and/or
  make decisions
• Focus on human aspect of perception (sense
  making) rather than data/information per se
• Goal is to change extremists beliefs, decisions,
  and actions
• Options
• War of Ideas
• PSYOPS
• Public and civil affairs
• Soft power (economics, media, companies, etc.)
• Others

17
Cognition Pros and Cons

• Advantages
• Reduce legitimacy of and attractiveness of
  extremist movements
• Create schisms among extremist groups
• Gain support among allies and non-aligned parties
• Few political, legal or technical barriers

• Disadvantages
• Requires coordinated inter-agency leadership,
  planning and execution
• Currently lack needed personnel, expertise and
  resources
• Long-term approach (possibly decades)
• May be hard to assess success

18
Outline

• Introduction
• What is Cyber Terrorism?
• Terrorist Use of the Internet
• US Response Options
• Recommendations
• Suggested Actions
• Final Observations
• Discussion of Metrics

19
Recommendations

• Develop high-level, coordinated strategy for
  countering terrorist use of the Internet
• Current efforts are disjointed and occur mostly
  at operational and tactical levels
• Strategy must maximize benefits and minimize
  risks/costs of each layer of info environment
• Where appropriate disrupt infrastructure if only
  to create FUD about its reliability
• Attack CIA of extremist information to further
  increase FUD, gain intel and disrupt operations
• Focus significant time and energy on cognitive
  domain to impact terrorist decision-making,
  reduce terrorist influence on stakeholders, and
  promote US ideas
• Create mix of short-, medium-, and long-term
  goals, plans, actions, and metrics

20
A Few Final Observations

• US alone cannot counter extremist Muslim ideology
• Must build up and/or support networks of moderate
  Muslims and help spread their message
• Use former terrorists to undermine extremist
  recruiting
• Current approval ratings of US across the world
  are dismal
• Improve publicity of positive actions
• Reset terms of the ideological struggle
• US is not well organized to fight a long-term,
  broad-based war of ideas
• Elevate importance of information component of
  power
• Develop structures, processes, incentives to
  better coordinate IO-type activities
• Strengthen capabilities of diplomatic corps and
  the diplomatic abilities of soldiers

21
Discussion

• How can we measure the effectiveness of terrorist
  use of the Internet?
• of users? of websites? Interviews?
  Anecdotes? Polling data? Membership in Islamic
  denominations?
• How can we assess the benefits, costs, and risks
  of US response options?
• Benefits Impacts on factors identified above?
  of terrorist attacks? of stories in the media?
• Costs Monetary? Level of effort? Opportunity
  costs?
• Risks Public opinion? Media coverage? Legal
  actions? Changes in terrorist use of Internet
  counter to US goals?
• Key challenges include data availability, data
  accuracy, correlation vs. causality, and
  understanding of fundamental dynamics