Globally, Technical/Digitalization clairvoyants are busy claiming that omnipresent and highly interconnected digital technology will scale up productivity and efficiency in a utopian realm, as well as new capabilities that the world has neither seen nor imagined.
By most prevalent definition standards; Cyber terrorism is the premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives
Terror tactics have transformed over time as the class of criminal perpetrators and the security measures in place to obstruct them has advanced and evolved.
As known targets are hardened, terrorist groups typically shift to softer, more vulnerable ones. This transition is shown in the changing terrorist practices of the last hundred years, from political assassination in the early 20th century, to airplane hijacking and hostage taken by Middle Eastern terrorist groups in the 1970s, attacks on police and army units and mainland car bombs preceded by warnings in 1990s, and a shift toward maximizing civilian casualties with suicide attacks by jihadists in the past 15 years.
Perhaps the most radical innovation in terror tactics in the 21st century to date has been the weaponization of passenger aircraft by al-Qaeda in 2001.
New terrorist groups have deep pockets, are technically advanced thus capable of inflicting catastrophic damage to a diversified set of targets. Mostly computers have been sought target and it”s impact thereafter as per numerous publications & works (pure cyberterrorism) but real danger posed by the synthesis of computers and terrorism is not only the insertion of computer as target in the terrorism matrix, but in many of the other areas, too.
Computers – the new age WMD aka. Weapons of Mass Destruction
Certainly at least the “weapon” of the cyberterrorist is a computer if not the target too. Well limiting the access to a computer just as to an explosive will be fruitful? Not exactly but almost. The paramount mandate is the protection of the plethora of “connected computer(s) without any exception. The constitution & law thereby guides how one should protect a firearm from illegal/dangerous use. The enforced use of trigger locks, although controversial, sought to prevent danger in case the weapon is illegally possessed.
Of course, explosive and guns are not analogous to computers. A better analogy might stem from the concept of an “attractive nuisance”. For example, a hotel owner shares some responsibility for injury caused by an escalator on his property – it is deemed an attractive nuisance, and as such, the innocent should be prevented from the harm..There are laws in place which address the damage done by/to a third party from the intentional or unintentional misuse of a piece or part or whole of corporate/personal property. The applicability of such laws or the definition of “misuse” with respect to computers has been unclear till sometime ago but now the sanctified & revived acts & laws are catching up. However, there is a need for clear laws and standards that will equivocally engulf & hold accountable all the operators of large networks of Internet-connected ecosystems; both virtual and physical; to ensure a zero-tolerance and occurrence of deviation from security & integrity at the least.
The capabilities and threats posed by these groups are assessed as characterized by different motivations, capabilities, and targeting priorities.
The attacks on the computer infrastructure (virtual-physical-hybrid) can be classified into three categories as such
Physical Attack: The computer infrastructure is damaged by using conventional methods like bombs, fire etc.
Syntactic Attack: The computer infrastructure is damaged by modifying the logic of the system to introduce delay or make the system unpredictable. Computer viruses and Trojans are used in this type of attack.
Semantic Attack: It exploits the confidence of the user in the system. During the attack the information keyed in the system during entering and exiting the system is modified without the user”s knowledge to induce errors,
Cybercrime is way beyond system hijacks now; it”s high-level exploitation of social media platforms, impersonation of unique identities/profiles and thus the personally identifiable information (PII). This is catering to propaganda, sedition which further lead to acts of terror like suicide bombings, facilitation to criminals by unsuspected netizens, money laundering for terror funding.
Let”s consider three phases of progressively more sophisticated terrorist cyber capability:
Enabling – online activities that support the operations of terrorist groups, such as publicity and propaganda, recruitment, reconnaissance, clandestine communications between members, and disseminating manuals and know-how to incite and facilitate attacks by others.
Disruptive – online activities that disrupt the information technology of opponents, including pro-active cyber breaches of networks; dissemination of malware; exfiltration of digital information; financial theft and fraud; denial of service attacks; phishing and other information technology (IT) hacking activities.
Destructive – cyberattacks that trigger physical damage or injury through spoofing operation technology (OT) and digital control systems; attacks on Supervisory Control and Data Acquisition (SCADA) systems; disabling control and safety systems.
Online activities that indicate that the group has mastered levels of information technology used to promote and facilitate the spread of the group’s ideologies, recruitment, and operational functionality.
Abilities to cause loss of function in online information technology systems operated by others, demonstrating “hacking” capability and criminal operations.
Capability to carry out digital operations that results in physical damage or interfere with real-world operations.
There are emerging frontiers that can further escalate the grim situation of cyberterrorism unless they are globally regulated and made resilient by uniform laws and frameworks:
Typically Cyberterrorism has been across all vital & fundamental services – industries:
These suggestive scenarios assessments are considered on the basis of an “extreme-case-scenario” based on contributing factors resulting in extreme losses and then scored in terms of the following impacts broadly:
Mortality Rate: (ranked 0 to 10) Scenarios logarithmically ranked for their worst-case- scenario death toll where 0 indicates no deaths linked to the effects of the cyber attack, 1 indicates fewer than 10 deaths and 10 indicates a thousand or more.
Physical Damage: (ranked 0 to 10) In terms of economic costs of physical damage rendered by cyber terrorism activities, 0 indicates no physical damage whatsoever, and 10 indicates billions of pounds.
Plausibility: (ranked 0 to 10) Plausibility is defined as a combination of cyber capability (or the developing cyber capability within a three-year period) and motivation. Motivation is understood as the worth of “return”, or “utility” to attacker, compared to an organization’s financial or time investment; though an attack may be relatively easy to carry out, without the surety of significant impact in terms of death toll, public disruption or spectacular damage, it is implausible to consider it as a viable cyber-terrorist threat for the current age.
Prevalent paradoxical scenarios are out there on newspapers to look at time and again so let us perpetuate what lies ahead Near Future/Potential Scenarios of Cyber Terrorism.
Crenshaw (Crenshaw, 1999) examined a summary of traditional counter-terrorist techniques as listed below with an India specific approach.
DETERRENCE: The exemplary adherence to exhibit the initiatives, tough stand and quick redressal of such issues must be undertaken by the government on a serious note. This will send a strong message and instill a sense of hesitation if not an all-out nullification of such acts. This will certainly instill resistance from Human Rights perspective.
REGULATORY FRAMEWORK: It has eveolved from IT Act 2000 till latest Draft Personal Data Protection Bill under consideration with active National Cybersecurity Policy in place. But
ENHANCED DEFENSE: The overall network of people, processes and technologies instrumental and necessary for the hardening of the virtual-physical-social-infrastructure must be strengthened and sustained for a seamless exchange, execution and to make decision along.
GLOBAL JOINT VENTURES: As of now, India is in a high-level official joint venture with USA & ad-hoc cooperation from few more countries. Budapest Convention too is being considered to be associated with. This yet leaves a lot to be taken up and dealt with unless the national policies and infrastructures are conducive as well as matured to international standards.
ESTIMATING VULNERABILITIES (Yet to be started in India)
The number of vulnerabilities present in the global supply of digital products in aggregate is not known and new products or updates, when released, are rarely thoroughly interrogated for an accurate count of new avenues of compromise or susceptibility. Exploitable vulnerabilities can exist in hardware, software, network protocols and programming languages, and be present on both local and remote, or isolated or connected systems.
The estimation of the same is adjudged by the virtue & benchmarking dynamically maintained by The Cyber Green project. The world”s computer emergency response teams report into a metrics portal at the Cyber Green Website. This shared resources allows for a general metric of the performance of computer emergency response teams (CERT) globally. This useful risk metric is derived from reports submitted by global CERTs, and these teams agree to report the submitted incidents they receive in two categories: “vulnerable nodes” and “compromised nodes”.
A progressive Public-Private Cooperation, Institutional & Regulatory Framework by hybrid though intermittent communication/exchange along hindering overall strength sought. The comprising bodies/institutions converging into government for example:
As of November 2017, The second Global Cybersecurity Index (GCI), released by the UN telecommunications agency International Telecommunication Union (ITU), said only about half of all countries have a cybersecurity strategy or are in the process of developing one and urged more countries to consider national policies to protect against cybercrime.
India is ranked 23rd on the index with a score of 0.683 and has been listed in the “maturing” category, which refers to 77 countries that have developed complex commitments to cybersecurity and engage in cybersecurity programs and initiatives.
👋 Hi! I’m your smart assistant Amy!
Don’t know where to start? Type your requirements and I’ll connect you to an academic expert within 3 minutes.get help with your assignment