and finance can exact high economic cost and public distress. There are attacks that could create more serious damage to communications, but they are probably more difficult for terrorists to accomplish. Examples might include
cumulative delayed action attacks on critical infrastructures (Trojan horses) or backdoor traps in software or hardware, such as were mentioned by Dr. Ignatyev
attacks that benefit from a corrupted insider, especially one with access to systems management
attacks on soft but important targets such as the Internet; one example is attacks on root name servers, but since these files are replicated on other name servers, all must be successfully attacked
The National Academies study Making the Nation Safer: The Role of Science and Technology in Countering Terrorism concluded that most communications systems, while vulnerable to attack, are also resilient and can in most cases be brought back into service in a relatively short time.1 Thus, cyberwarfare is not considered a weapon of mass destruction.
However, cybertechnology is accessible to terrorists; it is ubiquitous in target systems, critical to their proper functioning, and attacks can be deployed covertly from anywhere. Indeed, IT systems are also critical in all phases of counterterrorism:
detection of imminent attacks
response and damage mitigation when attack occurs
forensic analysis and recovery
Thus, a cyberattack may be designed to inhibit all of these defensive functions, increasing the risk of attack and aggravating the consequences by inhibiting response and damage mitigation. In this way, a cyberattack may be used to amplify the effect of a more conventional attack using explosives or chemical, biological, or nuclear weapons.
The most serious threat from a cyberattack may be the use of the cyberattack to amplify a physical attack. A cyberattack may accomplish this in a variety of ways, for example,
interference with emergency services and command/control communications
unauthenticated false messages directing inappropriate actions; false information creating confusion and panic
attacks on local critical infrastructure on which response and recovery depend