Cover Image


View/Hide Left Panel

and finance can exact high economic cost and public distress. There are attacks that could create more serious damage to communications, but they are probably more difficult for terrorists to accomplish. Examples might include

  • cumulative delayed action attacks on critical infrastructures (Trojan horses) or backdoor traps in software or hardware, such as were mentioned by Dr. Ignatyev

  • attacks that benefit from a corrupted insider, especially one with access to systems management

  • attacks on soft but important targets such as the Internet; one example is attacks on root name servers, but since these files are replicated on other name servers, all must be successfully attacked

The National Academies study Making the Nation Safer: The Role of Science and Technology in Countering Terrorism concluded that most communications systems, while vulnerable to attack, are also resilient and can in most cases be brought back into service in a relatively short time.1 Thus, cyberwarfare is not considered a weapon of mass destruction.

However, cybertechnology is accessible to terrorists; it is ubiquitous in target systems, critical to their proper functioning, and attacks can be deployed covertly from anywhere. Indeed, IT systems are also critical in all phases of counterterrorism:

  • intelligence

  • detection of imminent attacks

  • response and damage mitigation when attack occurs

  • forensic analysis and recovery

Thus, a cyberattack may be designed to inhibit all of these defensive functions, increasing the risk of attack and aggravating the consequences by inhibiting response and damage mitigation. In this way, a cyberattack may be used to amplify the effect of a more conventional attack using explosives or chemical, biological, or nuclear weapons.

The most serious threat from a cyberattack may be the use of the cyberattack to amplify a physical attack. A cyberattack may accomplish this in a variety of ways, for example,

  • interference with emergency services and command/control communications

  • unauthenticated false messages directing inappropriate actions; false information creating confusion and panic

  • attacks on local critical infrastructure on which response and recovery depend

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement