Cyber-Warfare and Cyber-Terrorism

 

According to the United States Institute of Peace, an independent, nonpartisan institution created by Congress to promote the prevention, management, and peaceful resolution of international conflicts, “Cyber fears have been exaggerated. Cyber attacks on critical components of the national infrastructure are not uncommon, but they have not been conducted by terrorists, and have not sought to inflict the kind of damage that would qualify as cyber terrorism.” It is irresponsible for the United States Institute of Peace to report this, because in December 2021 alone, there were a number of cyber attacks reported by foreign governments that show the potential damages of cyber-attacks. A few of these December 2021 attacks are outlined below:

•       A cyber attack on the Belgium Ministry of Defense forced part of its computer network, including the ministry’s mail system, to shut down for several days. Hackers exploited the Log4j vulnerability to compromise the network.
•         Hackers targeted multiple Southeast Asian governments over the past 9 months using custom malware linked to Chinese state-sponsored groups. Many of the nations targeted are currently engaged in disputes with China over territorial claims in the South China Sea.
•         A breach of Prime Minster Modi’s Twitter allowed hackers to Tweet from the account that India officially adopted bitcoin as legal tender. The Tweet also included a scam link promising a bitcoin giveaway.
•         A Bloomberg investigation publicly linked an intrusion into Australia’s telecommunications systems in 2012 to malicious code embedded in a software update from Huawei.
•         Cyber security firms found government-linked hackers from China, Iran, and North Korea attempting to use the Log4j vulnerability to gain access to computer networks. Following the announcement of Log4j, researchers already found over 600,000 attempts to exploit the vulnerability.
•         Chinese hackers breached four more U.S. defense and technology firms in December, in addition to one organization in November. The hackers obtained passwords to gain access to the organizations’ systems and looked to intercept sensitive communications.
•         A Russian group took responsibility for a ransomware attack on Australian utility company CS energy. This announcement came after Australian media outlets blamed Chinese government hackers for the attack.

(Center for Strategic and International Studies, 2021)

Cyber terrorism is the combination of terrorist and cyberspace and includes the unlawful threats and attacks against computers, networks, and their internally stored information to intimidate or coerce a government and its people for social or political objectives (Weimann, n.d.). In order to qualify as cyber terrorism, the attack must result in violence against property or person, or do enough harm to generate fear. Threats of cyber warfare continue to grow as our enemies continue to get smarter and more innovative on this front. However, it is important to understand that, yes, while we have heard about countless cyber-attacks in the news, the larger scale attacks that wipe out our water or electrical supply, and transportation grids on a united, large scale is highly unlikely. According to the Center for Strategic and International Studies Assessment on the Risks of Cyber Terrorism, Cyber War, and Other Cyber Threats, cyber-attacks on this scale would be extremely difficult, due to these facts:

•         In the US, there are 54,064 separate water systems, 3,769 of these systems server 81% of the US population, and the uneven spread of different network technologies make hacking the US water supply a huge undertaking, and unlikely target due to the complexity that an attack on this scale would take.
•        An attack on the electrical grid would be complex due to the fact that it is a highly interconnected grid with over 3,000 public and private utilities that use different information technologies to operate their separate, unique grids. A team of hackers would need to find vulnerabilities in these multiple systems in order to significantly disrupt the overall power supply to the US.
•         We are not yet to the point where computer networks remotely operate aircraft. Pilots are still in charge of operating the plane in any emergency. Also, the Federal Aviation Authority (FAA) does not solely depend on computer networks to direct air traffic, and the communication systems are not dependent on the internet. Because of this, a large scale attack on the US airspace would prove an extremely difficult task for hackers to pull off.

As of now, cyber-terrorists have been relying on smaller, more rapid cyber-attacks that prove to be an annoyance, end up costing a lot of money to recover from, and still cause a large path of destruction, but not thankfully we have not seen these attacks successfully focus on a single point of critical infrastructure, that impacts the US as a whole. One thing is for sure, cyber-terrorists are always thinking up new ways to attack us, and even though we may not see an immediate vulnerability, they are working on one at this very moment. It is important for all of us to stay up to date on existing and new vulnerabilities, and stay vigilant.

 

References

Center for Strategic and International Studies. (2021). Significant cyber incidents. Significant Cyber Incidents. Retrieved January 12, 2022, from https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents

Lewis , J. A. (2022, January 12). Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats. Center for Strategic and International Studies. Retrieved January 12, 2022, from https://www.csis.org/

Weimann, G. (n.d.). United States Institute of Peace Special Report. Cyberterrorism How Real Is the Threat? Retrieved January 12, 2022, from https://www.usip.org/sites/default/files/sr119.pdf