How real is the threat of cyber terrorism?
London, UK - 10 November 2004, 14:45 GMT - In the aftermath of the
9/11 attacks in USA three years ago, the global media has been awash with
hysteria and speculation over the threat of cyber terrorism, which the mi2g
Intelligence Unit defines as an adverse incident caused by digital attack
that leads to significant loss of life. Although some research reports and
experts have raised fears of cyber assault to the point where radical hackers
have been suggested to have the capability to bring entire countries to their
knees overnight, there is a high level of scepticism within executive decision
makers in business and government in regard to the validity of such claims.
The mi2g Intelligence Unit has investigated the arguments behind the
cyber terrorism point of view over two years by tracking over 8,600 hacker
groups across the world and liaising with appropriate government agencies,
insurance and reinsurance groups as well as major banks to garner some insight
into how real is this threat. The mi2g investigation follows reports
from reputable media organisations, which have claimed that the risk from
a cyber attack could amount to an electronic Pearl Harbour capable of causing
mass destruction and tragic loss of life on the 9/11 scale.
Putting hackers in general in the same category as groups that kill people
using powerful explosives is resented by the hacker community and deemed unjustified
by them at this stage.
To imagine that national utilities such as water, electricity and gas and
other critical infrastructure could be brought down by cyber terrorists is
not probable, without using some physical assistance and insider help. So,
remote cyber terrorism is not a high probability threat at present given the
lack of end-to-end internet enabled infrastructure and very tight checks on
entering utility control rooms. Although by 2007, the level of internet enabling
in some OECD countries may be much deeper within critical infrastructure sectors.
It is possible to hack into the systems that control the water supply, for
example, but it is difficult to make any serious changes that affect the constitution
of the water without being noticed by the control room. Hacking into utilities'
networks is harder than putting a bomb somewhere. Terrorists are evil but
they have demonstrated efficiency in terms of resource allocation. It is not
as though there is a secret button hidden somewhere on the electricity, gas
or water utility website's administrative interface with the words 'universal
The biggest threat in the view of most hacker groups would be a combined physical
and digital attack. Digital attacks that cripple emergency response, utilities
transport or telecommunications with some insider help could be very effectively
employed by terrorists in conjunction with physical attacks to magnify the
effects of their intended disruption and carnage.
Based on mi2g's analysis, hacking events tend to mirror events in the
"real" world. Between 2002 and 2004, as tensions have grown over
political issues such as the US/UK policy in Iraq, the Israel-Palestine conflict
and the India-Pakistan standoff over Kashmir, corresponding retaliation from
both sides has been seen in cyberspace.
The mi2g intelligence Unit believes that we will continue to hear
various 'what if' scenarios from experts and non-experts alike, and decision
makers will wonder what to worry about next and how to prioritise those threats.
The worst that can happen by way of very high probability is what we have
already faced - eMail borne and network spreading malware, identity theft
scams, DDoS attacks and malicious data modification through covert and overt
attacks. We know that these type of crimes can be mounted easily, and yet
there is no conclusive evidence to suggest there has ever been an intended
cyber attack carried out by enemy forces which took out a large section of
the power grid.
All these types of attack are theoretically possible but woefully inadequate
in fulfilling the terrorist agenda without insider help. In the end, the terrorists
would like to use tried and tested methods whilst committing minimum resources.
As the damage done by radical, criminal and intellectually motivated hackers
continues to rise, the mi2g Intelligence Unit predicts there will be
a growing requirement for governments to intervene and to mobilise counter-attack-forces
that protect economic targets and critical national infrastructure constituents
on a 24/7 basis. About $15 billion of economic value was destroyed worldwide
by overt and covert digital attacks, DDoS and extortion, including malware
- trojans viruses and worms - in October 2004 alone.
For example, both homes and Small to Medium size Enterprises (SMEs) are incapable
of sheltering themselves or having the budget and expertise to be able to
ward off sustained digital mass attacks, which have now become a daily occurrence
with widely available, automated and easy-to-use sophisticated digital attack
tools. The mounting collective losses to businesses might impact on governments'
revenue streams through reduced tax collection, so in the future, it will
be prudent to look after the SME growth engines and not just large businesses,
who on the whole have the budgets and manpower resources to look after themselves.
Historically, politicians in civilised Western democracies have challenged
their defence forces to provide adequate defence capability within limited
resources. The focus has been on the four physical dimensions - land, sea,
air and outer space - and not on the new dimension of cyberspace. There is
no real digital defence capability deployed so far - other than occasional
simulations and exercises which are to uncover gaps in the national critical
infrastructure's digital defences. The redressal lies primarily in developing
counter-attack-forces, which would begin to arrest the imbalance of power
between ill-motivated hackers on the one hand and little-prepared businesses
on the other. Countries like Russia, China, Korea(s) and Pakistan are already
involved in this kind of state sponsored activity.
Most complex attacks take place through insider knowledge and assistance.
Just one motivated individual cannot usually perpetrate complex cross-boundary
physical or digital terrorism. Disgruntled employees in sensitive places are
suborned, coerced or indeed volunteer their services to support a cause. This
is seen in financial services when complex fraud or deeply damaging hack attacks
take place. It is also seen in large multi-nationals, in the breach of government
services security and even in the planning of the 9/11 co-ordinated attacks.
More attention needs to be given to the value of human intelligence collected
by local agencies, where the information is collected in situ at the grass
In the future, when seeking to protect the critical infrastructure constituents
and business digital systems at a national level, the economically prudent
way forward would be to combine knowledge management, analysis and counter-attack
tools with on-the-ground human intelligence sources. Surveillance and reconnaissance
dashboards of digital systems need to be managed by experienced counter-attack-forces
on a 24/7 basis.
mi2g believes that the threat of cyber terrorism can be curbed decisively
and effectively. As in the deployment of all counter-measures, our collective
defences must excel the aggressor's capability. We therefore need to understand
1. Defence has always been about securing trade routes and markets. Given
that several trillion Dollars of trade is routed digitally, counter-attack-forces
with digital tools that can disable attacking systems from various parts of
the world will ultimately need to be deployed with Governments' backing. Counter-attack-forces
can save businesses a lot of lost time and money in dealing with rogue, politically
motivated, electronic attacks from espionage, radical and criminal groups
scattered across the world and within the nation.
2. Laws are being passed throughout the civilised world that declare cyber
attacks that spark fear and cause damage to life and assets as equivalent
to physical-world terrorism at an international level. The US and UK have
already taken such steps. The perpetrators of such attacks are to be dealt
with as terrorists.
a. This process began with the US Senate and House of Representatives passing
the "Uniting and Strengthening America Act by Providing Appropriate Tools
Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001'' and
the "Cyber Security Enhancement Act (CSEA) of 2001". The CSEA seeks
life imprisonment for anyone putting lives at risk by electronic means. In
the UK, under the Terrorism Act 2000, enacted into law in February 2001, people
who endanger lives through the manipulation of public computer systems are
to be considered under the anti-terrorism law as would any other terrorist.
b. All business operations should also be required, by law, to possess a sufficiently
layered and tranched security architecture so that even if one layer or tranche
of defence is breached the entire sub-set of valuable databases or command
and control capabilities would be scrutinised for compromises.
3. Mobilisation of resources including new investment is now necessary on
interoperable distributed knowledge management and analysis systems, which
allow data to be shared easily from and between different sources and agencies
collecting intelligence. Also, investment in more local human intelligence
across the globe is essential. What is going on in cyber cafes in radical
breeding grounds across the globe needs to be permanently watched. The expertise
of the very few available people who are proficient in the technologies of
counter-cyber warfare needs to be utilised to train the counter-attack-forces
through the establishment of a national centre of excellence for digital defence.
Nothing significant can be achieved without this cohesive sharing capability
being made available to the future counter-attack-forces, who would be able
to ensure reliability, availability, maintainability and scalability of SME
systems in the event of complex hacker and malware attacks.
"mi2g believes that we have entered an era of sustained digital attacks
from radicals, criminals and zealots, who will be difficult to contain and
to deal with at the consumer and small to medium size enterprise level in
the 21st Century. The roll out of 'always on' full broadband and wireless
connectivity tilts the balance further against the innocent citizens and corporations.
In the years to come, government intervention to deal with cyber warfare is
imperative. It is no longer a question of if but when,"
Matai, Executive Chairman, mi2g.
"It is unlikely that governments are going to remain oblivious to the
challenge of daily digital attacks on their citizens and their livelihoods
given the billions of Dollars of damage being caused to digital commerce,
productivity, intellectual property and employed capital. Organised crime
syndicates embarking on identity theft, elaborate scams and financial fraud
have now become rampant. As knowledge management based authentication systems
proliferate both at airports and digital commerce sites, digital identity
theft levers are going to be exercised by future criminals."
The sophistication of would be cyber terrorism groups has been rising significantly
since 2002 as they have embarked on detailed digital surveillance and reconnaissance
of economic targets within financial services, manufacturing, transport and
utilities. However, the present threat level of a terrorist digital attack
that causes severe loss of life is still low to medium but likely to rise
in profile to medium and then to high, in the coming three to five year horizon.
mi2g is at the leading edge of building secure on-line banking, broking
and trading architectures. The principal applications of our technology are:
2. Digital Risk Management; and
3. Bespoke Security Architecture.
mi2g pioneers enterprise-wide security practices and technology to
save time and cut cost. We enhance comparative advantage within financial
services and government agencies. Our real time intelligence is deployed worldwide
for contingency capability, executive decision making and strategic threat
mi2g Research Methodology: The Frequently Asked Questions (FAQ) List
is available from here in pdf. Please
note terms and conditions of use listed on
Full details of the October 2004 report are available as of 1st November
2004 and can be ordered from here.
(To view contents sample please click here).