Cyberterrorism: Real Security Threat or Boogeyman?
Today, many fear that whoever seeks to cause damage by virtual means can do so. Whether this fear is warranted or not, such discourse has real-world impact, across all social strata. The term “cyberterrorism” was coined in the 1980s by Barry Collin, of the Institute for Security and Intelligence. Fifteen years into the 21st century, one camp of experts says that cyberattacks possess the capacity to cause numerous casualties, significant publicity, etc. Another camp contends that cyberterrorism is largely theoretical, although it should be recognized and prudently approached. Treatment of cyberattacks as a threat
Throughout Western democracies, prosecutions of cyberattacks are inconsistent because of the discrepancies in the definition and understanding of such attacks. This disparity suggests that the parameters to frame an earnest debate are becoming important to protect civil liberties. A narrow definition of a cyberterrorist is someone who induces fear through harm done to persons and property by cyberattacks; this can be simplified further if cyberattacks against “non-essential services” are not considered to be terrorism but rather costly nuisances. Each country is currently free to define what is, or is not, a cyberterrorist threat. By failing to reach a consensus, state-sponsored approaches to counter any attacks overlook the globally networked and interdependent international political environments. Also, states might fail to understand their responsibility, or that of the private sector, in the issue. At worst, approaches to counter cyberattacks might even employ cyberattacks. Can the prospects of perpetrating a cyberattack motivate a terrorist to action? Or, do cyberattacks lack the often-cited “heroic” quality of other kinds of attacks? Self-perception is an important dynamic in radicalization. It is unlikely that this narcissistic need can be filled as well by cyberattacks as by conventional attacks. According to Gabriel Wiemann, compared to traditional attacks, cyberterrorism offers the advantages of: lower financial costs, anonymity, a wider selection of targets, remote conduct of the attacks, and multiple casualties. Some add another benefit: several attacks might be triggered simultaneously in multiple locations without requiring an extensive infrastructure. Some criminal organizations already have access to technologies that could facilitate cyberattacks, but they use this ability to extend their reach and their acquisitive power, for whatever the desired political capital may be. This suggests that, as concerns terrorists, traditional methods and weapons are considered to be more effective at killing people. Nevertheless, extreme projections of cyberterrorism fall under the broad category of “utility-maximization arguments” and are part of an “electronic Pearl Harbor” scenario, which is taken for granted in non-academic treatments of this topic. Critical Information Infrastructures (CII) can encounter real and plausible dangers. When protecting CIIs from cyberattacks, it is quite hard to attribute and locate the party(ies) responsible. Researchers also cite a “black hole” that devours any ability to soften emergent problems involving cyberattacks. Furthermore, if the damages are neither to persons nor property, it is unclear whether the attacks warrant the label of cyberterrorism. The globalized nebulae of networks and infrastructure appear to lend a borderless quality to cybersecurity challenges. If so, does this threaten the stability of, or alter completely the sovereignty and significance of, today’s nation-states? In light of the global paradigm shift that concerns cybersecurity’s alteration of the international political system as an anarchic collection of nation-states, people around the world see the consequences of a growing dependence on a range of interlinked information systems. In many ways, it has become much more difficult to discern an accidental catastrophic system failure from a malicious attack. Whereas physical attacks usually implicitly involve a simultaneity of cause and effect, the consequences of cyberattacks might not have an intelligible half-life. The increasing complexity of information systems makes it such that problems also grow more acute. Defensive measures to identify a cyberattacker are like locating a needle in a haystack.
Dissenting voices
Some qualify “the looming specter of cyberterrorism” as being little more than a fantasy. Others go so far as to call cyberterrorism a consequence of the need to sustain Cold War “security imaginaries” of the 1980s and 90s. One prescient opinion is that cyberterrorism and its accouterments are actually the psychological summation of terrorism, technology, and the unknown. Cyberterrorism thus lends itself to opportunistic fear-mongering of the already powerful. “Securitization theory”, an extreme kind of lobbying that permits the use of extraordinary means for security’s sake, is brought up as a means to dismantle arguments about cybersecurity. Maura Conway argues that, in deconstructing cyberterrorism, the terrorists are dehumanized, and technology gets alloyed with a lack of global control. A worst-case scenario evolves in which entire societies become prey to evil terrorists who wage cyberattacks. Some additional arguments are that no attack of “weaponized computer code” has ever killed or injured a person; attacks carried out by state actors are a far more inevitable vein of cyber warfare; high profile attacks that do not qualify as cyberterrorism because they do not result in violence against people or property might nevertheless lead to an erosion in civil liberties. The media is essential for defining the public’s perception of security, shaping cyberterrorism assumptions, confabulating hypothetical scenarios, and bending information to report to the public “what is out there”. Since for most people, this topic falls into the realm of a near science-fiction futuristic security threat, real-life reports do not require much in the way of hard facts to horrify and bait the public. Critics of cyberterrorist threat “constructions” point out that empirical realities neither drive discourses about the topic nor necessarily correspond with one another. For example, the impact of intangibly related events, such as 9/11 and public policy on cybersecurity, is what led the Council of Europe to hasten its Convention on Cybercrime. Committing a cybercrime to abet terrorist activity, however, does not make such criminal activity terrorism; there is a difference between cyberterrorism and cybercrime committed to facilitate terrorism, however fine a point this may seem. There have been cyberattacks that did not cause widespread fear and were in fact not carried out to generate fear. Without the elements of intimidation and coercion, can cyberattacks be equated to cyberterrorism? Many argue that those who have perpetrated such attacks have indeed lacked the political and ideological motives necessary to qualify these attacks as being cyberterrorism. This poses a heedful rebuttal to the Orwellian type of global securitization that is being heavily pursued by nations like the United States. Hacktivism is yet another issue to consider, and there are many reasons to treat “hacktivism” as being separate from cyberterrorism. What if hacktivists, or likeminded groups, act in order to free people from the many oppressions wrought on them by powerful corporations? What if hacktivist groups claim to free the defenseless from, say, crippling debts that oppress the world’s poor, or from the censure of free speech in tyrannical and theocratic nations? Such hacktivist activities would involve non-violent means and would not implicitly seek to garner further political power through terror. Moreover, traditional approaches to terrorism presume violence to persons and property; but with regards to hacktivism, it seems those whose wallets might lighten most are those who argue that cyberterrorism must include the digital erosion of property and the virtual looting of money. In whose interest will cyberterrorism be defined? Do the potential ramifications for civil liberties outweigh capitalist elements such as property and profit? Are there effective countermeasures for states to sustain a battle against cyberattacks? Do some states themselves qualify as being cyberterrorists? Is there a distinction between traditional counterterrorist measures and virtual ones? Which global demographics stand to lose the most—the rich and powerful, or the poor and marginalized? Such questions belong to a productive debate on cyberterrorism that does not seem to take place in the public sphere quite as it should. Nevertheless, nations might work to replace doomsday scenarios with a more reasonable discourse, and they might appeal to their own civil society to counter potential cyberattacks. To preempt cyberattacks, a focus on state actors, rather than non-state actors, might be worthwhile since some states could initiate these attacks to prevent plausible victimhood. Ultimately nations like the US and the major powers of Europe might best protect themselves from this perceived threat of cyberattacks by not starting or sustaining criminal wars worldwide, and instead allocating resources to education and humanitarian aid, rather than arms manufacture. Otherwise, the development of specific countermeasures in anticipation of “cyberterrorism” might merely serve as a distraction from the real roots of radicalism.
Editor’s Notes: Composite images one, three and five by Charis Tsevis; photograph two from the archive of Pennsylvania National Guard; four from the Center for Strategic and International Studies‘ archive; six from US Army; seven from ITU Pictures; eight and ten from the Department of Homeland Security archive; and nine by Bill Smith.
Related Articles
You must be logged in to post a comment Login