Cyberterrorism: just how real is the threat?
When confronted with the idea of cyberterrorism, much of the population would shrug. How much would a large scale disruption of computer networks or a malware attack on a government actually affect the average person’s life or livelihood? Is cyberterrorism really an imminent threat?
The issue lies with the terrorism part of the word. When compared to the al-Qaeda attack in Burkina Faso, the suicide bombings in Iraq, the Paris attacks, the Brussels bombings, the nightclub shooting in Orlando or any number of atrocities motivated by ideology the world over, cyberterrorism just doesn’t seem to rank. But the threats presented by cyberterrorism both present and future are real, and they’re certainly alarming.
The definition
If you’re going to draw a conclusion as to whether or not cyberterrorism is a real threat that the average person needs to be aware of and guard against, you have to understand what it actually is. Cyberterrorism is essentially any premeditated attack against the information, computer programs, computer systems or data of individuals, organizations or governments that is motivated by politics or ideology.
Cyberterrorism differs from hacktivism and other forms of cybercrime in that its ultimate goal is to cause destruction and damage, possibly even widespread disruption and fear. While cyberterrorism may result in financial gain for the attacking organizations, financial gain is not the main objective, nor is internet infamy, revenge or other ego-related results.
When the digital world and the real world become one
One of the main reasons cyberterrorism is a bigger threat than many would assume is that our lives are so dependent on the internet. We as individuals are constantly connected through our devices, and our governments, hospitals, organizations, infrastructure and pretty much everything else in our lives relies on the internet. Things like our communication infrastructure and our power plants could theoretically be crippled by terrorists from across the globe. The ‘smarter’ our cities are, the more apt they are to come to a halt if a large scale cyber-attack is successful.
We’re admittedly a ways off from the point where a terrorist organization has the skill and opportunity to take control of a smart army or weapons or throw an entire nation into economic turmoil. The purpose of these ideas isn’t to fear monger, rather to paint a realistic picture of where we are in terms of cyberterrorism threats. In terms of what cyber terrorists have been able to accomplish in recent months, attackers have caused deliberate outages with attacks on energy providers in the Ukraine, and a malware infection disrupted the operations at nuclear facilities in Iran.
Hitting close to home
Terrorist organization ISIS accomplishes much of their terrorism through warfare in Iraq, Syria and surrounding areas, and lone wolf and sleeper cell attacks worldwide. However, they’ve always been known for their active internet presence, effectively recruiting members and spreading propaganda through social media.
ISIS recently made the news for releasing an exhaustive ‘kill list’ that included the names, email addresses and home addresses for 8,318 people, many of them average Americans, Canadians and Brits. Security researchers and reporters were quick to note that much of the information included in the list appears to have been culled from previous hackings, such as those that affected LinkedIn, casting doubt on the idea that any pro-ISIS hacktivist or cyber terrorist groups have been able to accomplish any hacks themselves.
Regardless, this list being distributed to ISIS members worldwide is a hugely unsettling development. And if those hackings and data breaches hadn’t occurred in the first place, the home addresses of innocent people wouldn’t be in the hands of a terrorist organization.
On guard
As application security provider Checkmarx states, there is no one solution to guarding against cyberterrorism. With individuals, businesses, organizations, governments and beyond all needing protection against ideologically-motivated attacks and breaches, the scope is simply too huge. However, as Checkmarx also points out, secured websites, applications and infrastructure is rooted in secure application development that starts at the beginning of coding.
Even if you think your organization would never be a target of a cyberterrorism attack, take a lesson from all of the organizations that were affected by data breaches that ultimately landed their users on a list of ISIS targets. Your users are your responsibility, and whether you’re talking hackers or terrorists, it’s a responsibility that can’t be anything other than the highest priority.
[su_box title=”About Benjamin Stone” style=”noise” box_color=”#336588″][short_info id=’74810′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.