Cyber terrorism: a clear and present danger, the sum of all fears, breaking point or patriot games?

Abstract

Over the past two decades there has developed a voluminous literature on the problem of cyber terrorism. The themes developed by those writing on cyber terrorism appear to spring from the titles of Tom Clancy’s fiction, such as Clear and Present Danger, The Sum of All Fears and Breaking Point, or somewhat more cynically, Patriot Games. This essay examines both the gap between the presumed threat and the known cyber terror behaviors and the continuing literature which suggests an attack is imminent. It suggests that at least part of the explanation lies both in the continuing failure to distinguish between what Denning (Activism, hacktivism, and cyber terrorism: The internet as a tool for influencing foreign policy, 1999) referred to as hactivism and cyberterrorism and also the failure to distinguish between the use of digital means for organizational purposes (information, communication, command and control) and the use of digital communications to actually commit acts of terror.

This is a preview of subscription content, log in to check access.

Notes

  1. 1.

    “The most popular term, ‘electronic Pearl Harbor,’ was coined in 1991 by an alarmist tech writer named Winn Schwartau to hype a novel. For a while, in the mid-1990s, ‘electronic Chernobyl’ was in vogue. Earlier this year, Sen. Charles Schumer (D-N.Y.) warned of a looming ‘digital Armageddon.’ And the Center for Strategic and International Studies, a Washington think tank, has christened its own term,”digital Waterloo [18]. http://www.washingtonmonthly.com/features/2001/0211.green.html

    See also Debrix [7]. “Cyberterror and Media-Induced Fears: The Production of Emergency Culture,” Strategies: Journal of Theory, Culture and Politics, Vol. 14, No. 1, 149–168.

  2. 2.

    Of course the millennium bug was not the result of a terrorist threat but rather the result of an outdated programming system which had not accounted for the transition from 1999 to 2000. See for example http://www.soci.niu.edu/~crypt/other/harbor.htm.

    By 1999 Crypt newsletter noted that “Electronic Pearl Harbor” and variations on it, could be found in over 500 citations for the phrase in on-line news archives, military research papers and press releases.

  3. 3.

    Simpson [32] writes “The nearest thing to cyber terror involved the March 2000 case of Vitek Boden, who infiltrated the systems of a sewage treatment plant in Australia. His attacks resulted in the release of an estimated 265,000 gallons of untreated sewage into local water courses... ...Boden had been employed by the company that installed the control network and his laptop contained a software application needed to access the system. The motive was revenge for rejection of his job application by the local authority in Queensland.”

  4. 4.

    “The consensus among security experts is that there has never been a recorded act of cyberterrorism pre- or post-September11” ([15]:388).

  5. 5.

    Whether or not this appreciation of terrorism actually receives its due in the formulation of counter terrorist policy, particularly in the post 9/11 environment, it was clearly articulated in the 1999 State Department report on global terrorism. “Furthermore, terrorist acts are part of a larger phenomenon of politically inspired violence, and at times the line between the two can be difficult to draw” (2000:5).

  6. 6.

    This fear of cyberterror mirrors the fear of crime found in many studies during the past quarter century. (See Glassner [16]; Gerbner and Gross [14]; Altheide [1])

  7. 7.

    For example see Ryter [29]. “You might say 1999 – the year of the Y2K fears – was ‘the year of the Clarke.’ For a very brief period, Clarke became a second tier player with a first string chorus – but only because it served the interests of the Clinton–Gore Administration to promote Clark’s fantasies about cyber-armageddon. It helped Clinton and the liberals in Congress push through a legislative agenda that likely could never have been enacted without the Y2K fantasy fodder fed by Clarke. And Clarke enjoyed the limelight.” “Can we trust the guy who gave us Y2K??” Jon Christian Ryter March 27, 2004 NewsWithViews.com. Retrieved on February 1, 2006 from http://www.newswithviews.com/Ryter/jon28.htm and George Smith Crypt Newsletter 1999 Like old Jacob Marley, Richard Clarke – the broken record of the National Security Council – is produced to rattle his electronic chains and howl menacingly for the rubes. “...Richard A. Clarke of the National Security Council, repeatedly warns them that ‘cyberterrorists’ could launch computer attacks ‘shutting down a city’s electricity, shutting down 911 systems, shutting down telephone networks and transportation systems,’ as he said in a recent interview.” http://www.soci.niu.edu/~crypt/other/harbor.htm

  8. 8.

    Stanton continues “Why the Code Red Scare? Well, maybe its just coincidence, but sometime over the next couple of months President Bush is expected to issue a new Executive Order on Cybersecurity and, of course, the new budget cycle starts. He will appoint an interagency cybersecurity and Continuity of Operations Board. Soon after the hype surrounding Code Red, [then head of the] National Information Infrastructure Protection Commission, Ron Dick, got a jump start on things with a press conference on cybersecurity at the National Press Club. Hyping Code Red was a sure fire way to ensure the conference was covered by all the talking head networks. And it didn’t hurt that Code Red provided a convenient backdrop while then-FBI Director designate Robert Mueller was fielding some questions during his Senate conformation hearings on what the FBI will do on cybersecurity during his watch.”

  9. 9.

    “Until recently, Ridge has seemed basically levelheaded about the real dangers of cyberterrorism. Someone who’s close to Ridge told me that the secretary simply doesn’t care that much about the topic, which would explain his silence. But now that agency budgets are up for review, Ridge seems to be treading the same alarmist path as did his former cybersecurity deputy, Richard Clarke, who quit in January. Clarke was a professional paranoiac, a modern-day Chicken Little blinkered by a career spent in the cloistered intelligence community. It didn’t help that Clarke’s résumé featured such harrowing tasks as planning for the ‘continuity of government’ after a nuclear strike on Washington – a job where no precaution is too extreme. Soon after President Clinton appointed him to a ‘national coordinator’ post in 1998, Clarke became infamous for darkling warnings about the spectre of a ‘digital Pearl Harbor’ that would snarl computers and roil the world’s economy.” Declan McCullagh Cyberterror and professional paranoiacs March 24, 2003 retrieved on 1 February 2006 from http://www.crime-research.org/news/2003/03/Mess2502.html

  10. 10.

    See also Lemos et al. [21]. It is also useful to recognize that all “cyberspace-based threats.” are not terrorism. Rand analysts Hundley and Anderson ([20]:1) consider these as, “adverse actions involving and mediated by computer and telecommunications systems and networks.” Accordingly, there are a wide spectrum of possibilities for “evil actions” in cyberspace. “These include attacks on the data contained within the systems, the programs and processing hardware running those systems, and the environment (communications, networks, etc.) in which they operate” ([20]:12).

  11. 11.

    In addition, using the web, while it provides additional organizational opportunities, also introduces potential threats. As Conway ([5]:20–21) argues

    The more terrorist groups use the Internet to move information, money, and recruits around the globe, the more data that is available with which to trail them. Since 9/11 a number of groups have undertaken initiatives to disrupt terrorist use of the Internet, although a small number of such efforts were also undertaken previous to the attacks. .. Perhaps most importantly, however, the Internet and terrorist Web sites can serve as a provider of open source intelligence for states’ intelligence agencies. Although spy agencies are loathe to publicly admit it, it is generally agreed that the Web is playing an ever-growing role in the spy business.

    In addition Warner argues that Intelligence agencies are also said to be deploying the classic spy tactic of establishing so-called ‘honey pots’ with a high-tech twist: in this case, setting up bogus Web sites to attract those people they are seeking to monitor (Warner [40]).

  12. 12.

    Similarly the United States Department of State since 1983 has the same elements but restricts the target to noncombatants and the perpetrators to subnational groups or clandestine agents

    Premeditated, politically motivated violence perpetrated against noncombatant* targets by subnational groups or clandestine agents, usually intended to influence an audience.”

  13. 13.

    See also Bruce Schneier, Beyond Fear: Thinking Sensibly about Security in an Uncertain World (New York: Copernicus Book 2003); Joshua Green, “The Myth of Cyberterrorism,” Washington Monthly, November 2002, available at (http://www.washingtonmonthly.com/features/2001/0211.green.html);Andrew Donoghue “Cyberterror: Clear and present danger or phantom menace?,” ZDNet, 2004, available at (http://insight.zdnet.co.uk/specials/networksecurity/0,39025061,39118365-2,00.htm).Lewis, James, “Assessing the Risk of Cyber Terrorism, Cyber War and Other Cyber Threats” (Washington,DC: Center for Strategic and International Studies, December 2002), available at (http://www.csis.org/ tech/0211_lewis.pdf) and Dorothy Denning, “Is Cyber Terror Next?” In Understanding September 11, edited by C. Calhoun, P. Price, and A. Timmer (2001), available at ( http://www.ssrc.org/sept11/ essays/denning.htm).

  14. 14.

    The Report of the National Commission on Terrorism ([26]:12) concurs suggesting that “[t]errorists are using the same modern technology as the rest of us....”

    Likewise, Denning [9] argues Terrorists do use cyberspace to facilitate traditional forms of terrorism such as bombings. They put up Web sites to spread their messages and recruit supporters, and they use the Internet to communicate and coordinate action. However, there are few indications that they are pursuing cyber terrorism, either alone or in conjunction with acts of physical violence.

  15. 15.

    As early as the 1998 (1999:17) report on terrorism in the United States, the Federal Bureau of Investigation finds: “Terrorists are known to use information technology and the Internet to formulate plans, raise funds, spread propaganda, and communicate securely.”

  16. 16.

    In the case of the Zapatistas, group of supporters called the Electronic Disturbance Theater (EDT) have used the Internet stage disturbances as a means of on-line protest ([9], 2).

  17. 17.

    Internet sites were also established in Canada and the United States in support of the MRTA’s activity (Anti-Defamation League [2]:1).

  18. 18.

    See http://www.adl.org/main_Terrorism/jihad_brigades_80805.htm

  19. 19.

    (See http://abcnews.go.com/WNT/IraqCoverage/story?id=766276&page=1 and http://www.pbs.org/wgbh/pages/frontline/shows/front/special/tech.html).

  20. 20.

    For many other earlier examples see Damphousse and Smith [6]; Arquilla et al. [3]:91–92, Stanton [34] for many other examples.

  21. 21.

    See Arquilla, Ronfeldt and Zanini [3] for a detailed discussion of this point especially as it relates to Al Qaeda and Stohl and Stohl ([38], forthcoming) on network research on terrorism since 2001.

  22. 22.

    These can be thought of as a greater degree of terror or longer lasting fear on the part of the victim.

  23. 23.

    Less effort is defined in terms of fewer resources, less manpower and quicker/easier planning, all of which should translate into reduced risk/greater likelihood of logistical success.

  24. 24.

    As Giacomello ([15]:391) argues

    Professional military around the world are used to judge the effectiveness of weapons systems according to the “break things, kill people” principle. Projectiles or germs, kinetic or chemical–biological agents are normally required to achieve a BTKP outcome.

    He then goes on to argue that

    Under certain circumstances, however, even employing bytes (the basic units of all CNO) may lead to the same results. If CNO target the critical application software of certain infrastructures, they may well yield a BTKP outcome.... If the main outcome of those attacks had been the SCADA (Supervisory Control and Data Acquisition) management systems of critical infrastructure, the potential physical damage would have been considerable. However, thus far, there is no conclusive evidence that this is indeed possible.

  25. 25.

    The 1965 blackout in fact led to a sense of community and was the subject of many humorous tales including the 1968 Hollywood film Where Were You When the Lights Went Out?

  26. 26.

    This sophisticated audience analysis is seen in the letter sent in July 2005 by Ayman al-Zawahri, purportedly the number 2 in al Qaeda to Abu Musab al-Zarqawi, leader of the organization now named al Qaeda in Iraq.

    In the absence of this popular support, the Islamic mujahed movement would be crushed in the shadows, far from the masses who are distracted or fearful, and the struggle between the Jihadist elite and the arrogant authorities would be confined to prison dungeons far from the public and the light of day. This is precisely what the secular, apostate forces that are controlling our countries are striving for. These forces don't desire to wipe out the mujahed Islamic movement, rather they are stealthily striving to separate it from the misguided or frightened Muslim masses.....Therefore, the mujahed movement must avoid any action that the masses do not understand or approve, if there is no contravention of Sharia in such avoidance, and as long as there are other options to resort to, meaning we must not throw the masses-scant in knowledge-into the sea before we teach them to swim.

  27. 27.

    Schwarts, 2003

    New vulnerabilities that could leave the way open to a cyberattack are being discovered all the time: according to Symantec, one of the world’s corporate leaders in the field of cyber security, the number of “software holes” (software security flaws that allow malicious hackers to exploit the system) reported in the nation’s computer networks grew by 80 percent in 2002. Still, the company says it has yet to record a single cyberterrorist attack – by its definition, one originating in a country on the State Department’s terror watch list. That could be because those inclined to commit terrorist acts do not yet have the know-how to inflict significant damage, or perhaps because hackers and adept viruswriters are not sympathetic to the goals of terrorist organizations. However, should the two groups find common ground, the results could be devastating.

References

  1. 1.

    Altheide, D. (1997). The news media, the problem frame and the production of fear. The Sociological Quarterly, 38(4), 647–668.

    Article  Google Scholar 

  2. 2.

    Anti-Defamation League (1999). CyberTerrorism – Terrorism update. Retrieved March 1, 2006, from http://www.adl.org/terror/focus/16_focus_a.asp.

  3. 3.

    Arquilla, J., Ronfeldt, D., & Zanini, M. (1999). Networks, netwar and information-age terrorism. In Z. M. Khalilzhad & J. P. White (Eds.), The changing role of information in warfare. Santa Monica, CA: Rand.

    Google Scholar 

  4. 4.

    Barnett, R. J. (1973). Roots of war: The men and institutions behind U.S. foreign policy. Baltimore: Penguin Books.

    Google Scholar 

  5. 5.

    Conway, M. (2005). Terrorist “use” of the internet and fighting back. Paper prepared for presentation at the conference Cybersafety: Safety and security in a networked world: Balancing cyber-rights and responsibilities. Oxford Internet Institute (OII), Oxford University, UK, 8–10 September, 2005. Retrieved February 1, 2006, from http://www.oii.ox.ac.uk/research/cybersafety/extensions/pdfs/papers/maura_conway.pdf.

  6. 6.

    Damphousse, K. R., & Smith, B. L. (1998). The internet: A terrorist medium for the 21st century. In H. W. Kushner (Ed.), The future of terrorism: Violence in the new millennium. Thousand Oaks, CA: SAGE.

    Google Scholar 

  7. 7.

    Debrix, F. (2001). Cyberterror and Media-Incluced fears: The production of emergency culture, Strategies: Journal of Theory, Culture and Politics, 14(1), 149–168.

    Google Scholar 

  8. 8.

    Denning, D. E. (1999). Activism, hacktivism, and cyber terrorism: The internet as a tool for influencing foreign policy.” Presented to “The Internet and International Systems:Information Technology and American Foreign Policy Decision Making,” The World Affairs Council, San Francisco, December 10, 1999. Retrieved February 1, 2006, from http://www.rand.org/pubs/monograph_reports/MR1382/MR1382.ch8.pdf.

  9. 9.

    Denning, D. E. (2000). Cyberterrorism. Testimony before the Special Oversight Panel on Terrorism Committee on Armed Services U.S. House of Representatives, May 23, 2000. Retrieved February 1, 2006, from http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html.

  10. 10.

    Duvall, R. D., & Stohl, M. (1983). Governance by terror, chapter six. In M. Stohl (Ed.), The politics of terrorism (2nd ed., pp. 179–219). New York: Marcel Dekker.

    Google Scholar 

  11. 11.

    Embar-Seddon, A. (2002). Cyber terrorism: Are we under siege? American Behavioral Scientist, 45(6), 1033–1043.

    Article  Google Scholar 

  12. 12.

    Flemming, P., & Stohl, M. (2001). Myths and realities of cyber terrorism. In A. P. Schmid (Ed.), Countering terrorism through international cooperation (pp. 70–105). Vienna, Austria: ISPAC (International Scientific and Professional Advisory Council of the United Nations Crime Prevention and Criminal Justice Program.

    Google Scholar 

  13. 13.

    Gellman, B. (2002). Cyber-attacks by Al Qaeda feared: Terrorists at threshold of using internet as tool of bloodshed, experts say,” Washington Post June 27: A01. Retrieved December 1, 2005, from http://www.washingtonpost.com/ac2/wp-dyn/A50765-2002Jun26.

  14. 14.

    Gerbner, G., & Gross, L. (1976). The scary world of tv’s heavy Viewer. Psychology Today, 89–91, April.

  15. 15.

    Giacomello, G. (2004). Bangs for the buck: A cost-benefit analysis of cyber terrorism. Studies in Conflict and Terrorism, 27, 387–408.

    Article  Google Scholar 

  16. 16.

    Glassner, B. (1999). The culture of fear: Why Americans are afraid of the wrong things. New York: Basic Books.

    Google Scholar 

  17. 17.

    Grabosky, P. N., & Stohl, M. (2003). Cyberterrorism Reform 82, Autumn:8–13. Retrieved September 15, 2005 from http://www.alrc.gov.au/reform/summaries/82.htm.

  18. 18.

    Green, J. (2002). The myth of cyber terrorism. Washington Monthly, November. Retrieved February 1, 2006, from http://www.washingtonmonthly.com/features/2001/0211.green.html.

  19. 19.

    Hoffman, L. (2006). ‘Cyber Storm’ simulation aims to head off computer assault, February 9, 2006. Retrieved March 1, 2006, from http://shns.abc15.com/shns/story.cfm?pk=CYBERSTORM-02-09-06&cat=WW.

  20. 20.

    Hundley, R. O., & Anderson, R. H. (1996). A qualitative methodology for the assessment of cyberspace-related risks. Santa Monica: Rand.

    Google Scholar 

  21. 21.

    Lemos, R., Borland, J., Bowman, L., & Junnarkar, S. (2002). E terrorism-threats. Have Digital Myths Diverted Attention from True Threats?” CNET News.com. Retrieved August 26, 2002, from http://news.com.com/E-terrorism+Digital+myth+or+true+threat/2009-1001_3-954728.html?tag=nl.

  22. 22.

    Lenzner, R., & Vardi, N. (2004). Cyber-nightmare. Forbes. Retrieved September 20, 2004, from http://www.forbes.com/global/2004/0920/104_print.html.

  23. 23.

    Lerner, J. S., Gonzalez, R. M., Small, D. A., & Fischhoff, B. (2003). Emotion and perceived risks of terrorism: A national field experiment. Psychological Science, 14, 144–150.

    Article  Google Scholar 

  24. 24.

    Lewis, J. A. (2006). The war on hype: The deadly terror lurking around the corner may not be such a big, ominous threat after all. San Francisco Chronicle, February 19, 2006. Retrieved March 1, 2006, from http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2006/02/19/INGDDH8E2V1.DTL.

  25. 25

    Nabi, R. L. (2002). Anger, fear, uncertainty, and attitudes: A test of the Cognitive-Functional Model. Communication Monographs, 69(3), 204–216.

    Google Scholar 

  26. 26.

    National Commission on Terrorism. (1998). Countering the Changing Threat of International Terrorism. Report of the National Commission on Terrorism, http://www.fas.org/irp/threat/commission.html.

  27. 27.

    Rathmell, A. (1997). Cyber-terrorism: The shape of future conflict. Royal United Service Institute Journal. October, 40–46. Retrieved March 1, 2006, from http://www.kcl.ac.uk/orgs/icsa/Old/rusi.html.

  28. 28.

    Rollins, J., & Wilson, C. (2005). Terrorist capabilities for cyberattack: Overview and Policy Issues, Congressional Research Service, October 20, 2005. Retrieved February 1, 2006, from http://www.fas.org/sgp/crs/terror/RL33123.pdf.

  29. 29

    Ryter J. C. (2004). Can we trust the guy who gave us Y2K?? Jon Christian Ryter March 27, 2004 NewsWithViews.com retrieved on February 1, 2006 from http://www.newswithviews.com/Ryter/jon28.htm.

  30. 30.

    Savas, A. (2006). IBM launches internal network protection. Computer weekly. Com, Monday, 27 February 2006. Retrieved March 1, 2006, from http://www.computerweekly.com/Articles/2006/02/27/214429/IBMlaunchesinternalnetworkprotection.htm.

  31. 31.

    Schwartz, J. (2003). Decoding computer intruders. The New York Times, April 24, 2003. Retrieved March 1, 2006, from http://tech2.nytimes.com/mem/technology/techreview.html?res=9C02E3D71F3AF937A15757C0A9659C8B63.

  32. 32.

    Simpson, P. (2005). Don’t fear e-terror hype Computer Weekly March 7. Retrieved February 1, 2006, from http://www.computerweekly.com/Articles/2005/04/26/209612/Don’tfeare-terrorhype.htm.

  33. 33.

    Squitieri, T. (2002). Cyberspace full of terror targets , USA Today, May 5, 2002. Retrieved February 1, 2006, from http://www.usatoday.com/tech/news/2002/05/06/cyber-terror.htm.

  34. 34.

    Stanton, J. J. (2002). Terror in cyberspace terrorists will exploit and widen the gap between governing structures and the public. American Behavioral Scientist, 45(6), 1017–1032.

    Article  Google Scholar 

  35. 35.

    Stohl, M. (1986). The superpowers and international terrorism. In M. Stohl & G. Lopez (Eds.), Government violence and repression: An agenda for research. Greenwood Press, 207–228.

  36. 36.

    Stohl, M. (1988a). Demystifying terrorism: The myths and realities of contemporary political terrorism. In M. Stohl (Ed.), The politics of terrorism (3rd ed.). New York: Marcel Decker.

  37. 37.

    Stohl, M. (2006). Knowledge claims and the study of terrorism. In S. Melnick & J. Victoroff (Eds.), Psychology and terrorism. Amsterdam, the Netherlands: Ios Press (forthcoming).

  38. 38.

    Stohl, C., & Stohl, M. (2007). Networks of terror: Theoretical assumptions and pragmatic consequences, Communication Theory. (forthcoming).

    Google Scholar 

  39. 39.

    Thomas, T. L. (2003). Al Qaeda and the internet: The danger of “cyberplanning.” Parameters, 33(1), 112–23. Retrieved February 1, 2006, from Carlisle http://www.army.mil/usawc/Parameters/03spring/thomas.pdf.

  40. 40.

    Warner, B. (2003). Intelligence experts comb web for terror clues. Reuters News Service, November 12. Retrieved March 1, 2006, from http://www.chron.com/disp/story.mp1/special/iraq/2218091.html.

  41. 41.

    US News and World Report. (1998). Terrorists on the web: Electronic ‘safe haven’ guerrillas use guns, bombs and home pages. 124(24), 46, June 22.

  42. 42.

    Weimann, G. (2005). Cyber terrorism: The sum of all fears? Studies in Conflict and Terrorism, 28, 129–149.

    Article  Google Scholar 

  43. 43.

    White, C., K., C. (1998). Cyber-terrorism: Modem mayhem. Carlisle Barracks, Pennsylvania: U.S. Army War College. Retrieved March 1, 2006, from http://stinet.dtic.mil/dticrev/a345705.pdf.

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Michael Stohl.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Stohl, M. Cyber terrorism: a clear and present danger, the sum of all fears, breaking point or patriot games?. Crime Law Soc Change 46, 223–238 (2006). https://doi.org/10.1007/s10611-007-9061-9

Download citation

Keywords

  • Terrorist Group
  • Critical Infrastructure
  • Computer Attack
  • Pearl Harbor
  • Security Firm