National Academies Press: OpenBook

Terrorism: Reducing Vulnerabilities and Improving Responses: U.S.-Russian Workshop Proceedings (2004)

Chapter: Cyberattacks as an Amplifier in Terrorist Strategy

« Previous: Analysis of the Threat of Cyberattacks to Major Transportation Control Systems in Russia
Suggested Citation:"Cyberattacks as an Amplifier in Terrorist Strategy." National Research Council. 2004. Terrorism: Reducing Vulnerabilities and Improving Responses: U.S.-Russian Workshop Proceedings. Washington, DC: The National Academies Press. doi: 10.17226/10968.
×

Cyberattacks as an Amplifier in Terrorist Strategy

Lewis M. Branscomb

Harvard University

In modern industrial societies, information technology may be exploited by terrorists as either a target or a weapon or both. Information technology (IT) is also essential in arranging defenses against terror attack. This multifaceted character of IT is unique among the technologies of concern to the counterterrorist.

As a target, not only the telecommunications and data network infrastructures might be subject to a cyberattack, but so might all of the other areas of critical infrastructure whose efficient functioning depends on computer controls, data management, and digital communications. Of particular concern are the Systems Control and Data Acquisition (SCADA) systems that are rapidly replacing operating engineers as the control elements in networked industrial applications. The electric power distribution industry is a particularly sensitive but not unique example. SCADA software is built outside the United States; it is difficult to prove that no trapdoors were implemented in the software. Furthermore, while more advanced power companies use encrypted communications through buried optical fiber to communicate among the SCADA computers, in some cases, unprotected Internet communications were still used after September 11, 2001.

As a weapon, IT is very familiar, for hackers have demonstrated how information systems may be used to defeat themselves since the beginning of the Internet. Most familiar are the viruses, worms, and Trojan horses; less familiar but more destructive are the sophisticated attacks that may allow the attacker to gain control of the software system (key-zero state).

A cyberattack on a nation’s communications and data network systems may be very disruptive and exact large penalties in inconvenience and in burdensome economic cost. Disruption, if repeated, of energy, telecoms, or transportation

Suggested Citation:"Cyberattacks as an Amplifier in Terrorist Strategy." National Research Council. 2004. Terrorism: Reducing Vulnerabilities and Improving Responses: U.S.-Russian Workshop Proceedings. Washington, DC: The National Academies Press. doi: 10.17226/10968.
×

and finance can exact high economic cost and public distress. There are attacks that could create more serious damage to communications, but they are probably more difficult for terrorists to accomplish. Examples might include

  • cumulative delayed action attacks on critical infrastructures (Trojan horses) or backdoor traps in software or hardware, such as were mentioned by Dr. Ignatyev

  • attacks that benefit from a corrupted insider, especially one with access to systems management

  • attacks on soft but important targets such as the Internet; one example is attacks on root name servers, but since these files are replicated on other name servers, all must be successfully attacked

The National Academies study Making the Nation Safer: The Role of Science and Technology in Countering Terrorism concluded that most communications systems, while vulnerable to attack, are also resilient and can in most cases be brought back into service in a relatively short time.1 Thus, cyberwarfare is not considered a weapon of mass destruction.

However, cybertechnology is accessible to terrorists; it is ubiquitous in target systems, critical to their proper functioning, and attacks can be deployed covertly from anywhere. Indeed, IT systems are also critical in all phases of counterterrorism:

  • intelligence

  • detection of imminent attacks

  • response and damage mitigation when attack occurs

  • forensic analysis and recovery

Thus, a cyberattack may be designed to inhibit all of these defensive functions, increasing the risk of attack and aggravating the consequences by inhibiting response and damage mitigation. In this way, a cyberattack may be used to amplify the effect of a more conventional attack using explosives or chemical, biological, or nuclear weapons.

The most serious threat from a cyberattack may be the use of the cyberattack to amplify a physical attack. A cyberattack may accomplish this in a variety of ways, for example,

  • interference with emergency services and command/control communications

  • unauthenticated false messages directing inappropriate actions; false information creating confusion and panic

  • attacks on local critical infrastructure on which response and recovery depend

Suggested Citation:"Cyberattacks as an Amplifier in Terrorist Strategy." National Research Council. 2004. Terrorism: Reducing Vulnerabilities and Improving Responses: U.S.-Russian Workshop Proceedings. Washington, DC: The National Academies Press. doi: 10.17226/10968.
×

In each of these examples, the period of effectiveness of the attack need only be for a short time, perhaps a few hours or less, which may be significantly shorter than the time for recovery of the communications system in question.

There is another weapon that shares this characteristic: the portable device delivering an electromagnetic pulse (EMP) sufficiently strong to damage the operating condition of electronics systems such as computers, digital telephone switches, and the like, but not strong enough to permanently damage the hardware.

It follows that emergency operations centers (EOCs), such as those in all major cities, should be protected against both cyber- and EMP attacks on their information systems. We should be prepared for the likelihood that a well-planned terrorist attack might begin with an attack that removes the EOC from effectiveness for a few hours, during which time a major physical (or biological or chemical) attack occurs.

The National Academies study referenced above provided a variety of recommendations, some of which require changes to communications hardware, intended to reduce the effectiveness of cyberattacks. Among them are the following:

  • ensure secure and interconnected communications among first responders and crisis managers

  • develop and apply methods for high-reliability authentication of security messages

  • develop ways to ensure that critical networks degrade slowly and reversibly when attacked

  • devise systems for acquiring a snapshot of system state and preserve the most critical data in critical large systems under attack, to allow them to be recovered in most important respects as quickly as possible

Some longer-range research tasks were to

  • develop telecommunications system software so that limited service will continue when in a volume-saturated state

  • design self-adaptive networks that reconfigure automatically when attacked

  • address the security needs of mobile wireless communications

  • create better decision support tools for crisis managers

  • address the security flaws in operating systems and network software

Underlying these practical research objectives is the need, at least in the United States, for expanded investments in basic research and advanced research education to address the general lack of strong security in computer operating systems and network software.

Suggested Citation:"Cyberattacks as an Amplifier in Terrorist Strategy." National Research Council. 2004. Terrorism: Reducing Vulnerabilities and Improving Responses: U.S.-Russian Workshop Proceedings. Washington, DC: The National Academies Press. doi: 10.17226/10968.
×

The lack of a full effort in computer security research is a consequence of the perception in the commercial world that the research performed in the 1970s and 1980s addressed commercial security concerns to an adequate degree. Consequently, the weak market for very high security resulted in a lack of investment and training in security research and development. Wm. A. Wulf addresses this issue in his paper.

NOTE

1.  

Making the nation safer: The role of science and technology in countering terrorism. 2002. National Research Council, Washington, D.C. Available online in PDF at: http://books.nap.edu/html/stct/index.html. Hard copies may be ordered from National Academies Press at: (888) 624-8373 or www.nap.edu.

Suggested Citation:"Cyberattacks as an Amplifier in Terrorist Strategy." National Research Council. 2004. Terrorism: Reducing Vulnerabilities and Improving Responses: U.S.-Russian Workshop Proceedings. Washington, DC: The National Academies Press. doi: 10.17226/10968.
×
Page 93
Suggested Citation:"Cyberattacks as an Amplifier in Terrorist Strategy." National Research Council. 2004. Terrorism: Reducing Vulnerabilities and Improving Responses: U.S.-Russian Workshop Proceedings. Washington, DC: The National Academies Press. doi: 10.17226/10968.
×
Page 94
Suggested Citation:"Cyberattacks as an Amplifier in Terrorist Strategy." National Research Council. 2004. Terrorism: Reducing Vulnerabilities and Improving Responses: U.S.-Russian Workshop Proceedings. Washington, DC: The National Academies Press. doi: 10.17226/10968.
×
Page 95
Suggested Citation:"Cyberattacks as an Amplifier in Terrorist Strategy." National Research Council. 2004. Terrorism: Reducing Vulnerabilities and Improving Responses: U.S.-Russian Workshop Proceedings. Washington, DC: The National Academies Press. doi: 10.17226/10968.
×
Page 96
Next: Cybercrime and Cyberterrorism »
Terrorism: Reducing Vulnerabilities and Improving Responses: U.S.-Russian Workshop Proceedings Get This Book
×
Buy Paperback | $61.00 Buy Ebook | $48.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

This book is devoted primarily to papers prepared by American and Russian specialists on cyber terrorism and urban terrorism. It also includes papers on biological and radiological terrorism from the American and Russian perspectives. Of particular interest are the discussions of the hostage situation at Dubrovko in Moscow, the damge inflicted in New York during the attacks on 9/11, and Russian priorities in addressing cyber terrorism.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!