Counter-arguments

2/15/2018 EBSCOhost

http://web.b.ebscohost.com/ehost/delivery?sid=a044cfde-323a-4432-ab13-0153ed2567f1%40sessionmgr102&vid=15&ReturnUrl=http%3a%2f%2fweb.… 1/4

EBSCO Publishing Citation Format: APA (American Psychological Assoc.):

NOTE: Review the instructions at http://support.ebsco.com/help/?int=ehost&lang=&feature_id=APA and make any necessary corrections before using. Pay special attention to personal names, capitalization, and dates. Always consult your library resources for the exact formatting and punctuation guidelines.

References CYBER-TERRORISM. (2011). International Debates, 9(9), 10-13. <!--Additional Information: Persistent link to this record (Permalink): http://search.ebscohost.com/login.aspx? direct=true&db=a9h&AN=70080217&site=ehost-live&authtype=uid&user=grantham&password=research End of citation-->

CYBER-TERRORISM Cyber-attacks, Terrorist Capabilities, and Federal Action Although terrorists have been adept at spreading propaganda and attack instructions on the Web, it appears that their capacity for offensive computer network operations may be limited. The Federal Bureau of Investigation (FBI) reports that cyber-attacks attributed to terrorists have largely been limited to unsophisticated efforts such as email bombing of ideological foes, denial-of-service attacks, or defacing of websites. However, it says, their increasing technical competency is resulting in an emerging capability for network-based attacks. The FBI has predicted that terrorists will either develop or hire hackers for the purpose of complementing large conventional attacks with cyber-attacks.

During his testimony regarding the 2007 Annual Threat Assessment, FBI Director Robert Mueller observed that "terrorists increasingly use the Internet to communicate, conduct operational planning, proselytize, recruit, train, and to obtain logistical and financial support. That is a growing and increasing concern for us." In addition, continuing publicity about Internet computer security vulnerabilities may encourage terrorists' interest in attempting a possible computer network attack, or cyber-attack, against U.S. critical infrastructure.

Possible Terrorist Objectives The Internet, whether accessed by a desktop computer or by the many available handheld devices, is the medium through which a cyber-attack would be delivered. However, for a targeted attack to be successful, the attackers usually require that the network itself remain more or less intact, unless the attackers assess that the perceived gains from shutting down the network entirely would offset the accompanying loss of their own communication. A future targeted cyber-attack could be effective if directed against a portion of the U.S. critical infrastructure, and if timed to amplify the effects of a simultaneous conventional physical or chemical, biological, radiological, or nuclear (CBRN) terrorist attack. The objectives of a cyber-attack may include the following four areas:

* loss of integrity, such that information could be modified improperly;

* loss of availability, where mission-critical information systems are rendered unavailable to authorized users;

2/15/2018 EBSCOhost

http://web.b.ebscohost.com/ehost/delivery?sid=a044cfde-323a-4432-ab13-0153ed2567f1%40sessionmgr102&vid=15&ReturnUrl=http%3a%2f%2fweb.… 2/4

* loss of confidentiality, where critical information is disclosed to unauthorized users; and

* physical destruction, where information systems create actual physical harm through commands that cause deliberate malfunctions.

Publicity would also potentially be one of the primary objectives for a terrorist cyberattack.

Extensive media coverage has shown the vulnerability of the U.S. information infrastructure and the potential harm that could be caused by a cyber-attack. This might lead terrorists to believe that even a marginally successful cyber-attack directed at the United States would garner considerable publicity. Some suggest that were such a cyber-attack by an international terrorist organization to occur and become known to the general public, regardless of the level of success of the attack, concern by many citizens and cascading effects might lead to widespread disruption of critical infrastructures.

For example, reports of an attack on the international financial system's networks could create a fiscal panic in the public that could lead to economic damage. According to security experts, terrorist groups have not yet used their own computer hackers nor hired hackers to damage, disrupt, or destroy critical infrastructure systems. Yet reports of a recent disruptive computer worm that has spread through some government networks, including that of the National Aeronautics and Space Administration, have found a possible link to a Libyan hacker with the handle "Iraq Resistance" and his online hacker group "Brigades of Tariq ibn Ziyad," whose stated goal is "to penetrate U.S. agencies belonging to the U.S. Army."

According to these reports, references to both the hacker and group have been found in the worm's code. However, this does not provide conclusive evidence of involvement, as email addresses can be spoofed and code can be deliberately designed to implicate a target while concealing the true identity of the perpetrator.

The recent emergence of the Stuxnet worm may have implications for what potential future cyber- attacks might look like. Stuxnet is thought to be the first piece of malicious software (malware) that was specifically designed to target the computer-networked industrial control systems that control utilities, in this case nuclear power plants in Iran. Although many experts contend that the level of sophistication, intelligence, and access required to develop Stuxnet all point to nation-states, not only is the idea now in the public sphere for others to build upon, but the code has been released, as well. An industrious group could potentially use this code as a foundation for developing a capability intended to degrade and destroy the software systems that control the U.S. power grid, to name one example.

Federal Government Efforts to Address Cyber-terrorism A number of U.S. Government organizations appear to monitor terrorist websites and conduct a variety of activities aimed at countering them. Given the sensitivity of federal government programs responsible for monitoring and infiltrating websites suspected of supporting terrorism-related activities, much of the information regarding the organizations and their specific activities is deemed classified or law enforcement-sensitive and is not publicly available.

The information listed below represents a sampling of what has been publicly discussed about some of the federal government organizations responsible for monitoring and infiltrating jihadist websites. It should be noted that the actions associated with the organizations listed below could be conducted by employees of the federal government or by civilian contract personnel.

2/15/2018 EBSCOhost

http://web.b.ebscohost.com/ehost/delivery?sid=a044cfde-323a-4432-ab13-0153ed2567f1%40sessionmgr102&vid=15&ReturnUrl=http%3a%2f%2fweb.… 3/4

* Central Intelligence Agency -- development, surveillance, and analysis of websites, commonly referred to as honey pots, for purposes of attracting existing and potential jihadists searching for forums to discuss terrorism-related activities.

* National Security Agency -- surveillance of websites and rendering them inaccessible.

* Department of Defense (DOD) -- surveillance of websites focused on discussions of perceived vulnerabilities of overseas U.S. military facilities or operational capabilities and disabling those that present a threat to operations.

* Department of Justice -- development of polices and guidelines for creating, interacting within, surveilling, and rendering inaccessible websites created by individuals wishing to use the Internet as a forum for inciting or planning terrorism-related activities.

* Federal Bureau of Investigation -- monitoring of websites and analysis of information for purposes of determining possible terrorist plans and threats to U.S. security interests.

* Department of Homeland Security -- monitoring of websites and analysis of information for purposes of determining possible threats to the homeland.

Numerous other federal government organizations have cybersecurity responsibilities focused on policy development, public awareness campaigns, and intergovernmental and private-sector coordination efforts. Information gleaned from the agencies noted above may at times be used to help inform and advise nonfederal government entities responsible for safeguarding a geographic area or activity that has been discussed in an online jihadist forum.

Federal Government Challenges and Implications Although organizations, policies, and plans exist to counter violent extremists' use of the Internet, implementation may be hampered by several factors. Laws may be interpreted by some agencies to prohibit certain activities, and in some cases agencies may have competing equities at stake.

Legislative and policy authority may be given to organizations that lack the technical capability to fulfill a mission, while entities with the capacity to address cyber-attacks may be legally constrained from doing so due to privacy or civil liberties concerns. There may be tensions between the Global Internet Freedom Initiative as highlighted by Secretary of State Hillary Clinton and overall counterterrorism objectives. Additionally, the lack of clarity in definitions related to information operations and terrorism may lead to institutional questions such as which agency has the lead for federal government coordination or independent oversight.

Some argue that the effectiveness of the U.S. Government's strategic communications, information operations, and global engagement programs is still hampered by the U.S. Information and Educational Exchange Act of 1948, also known as the Smith-Mundt Act. The law directs that information about the United States and its policies intended for foreign audiences "shall not be disseminated within the United States, its territories, or possessions." Amendments to the Smith-Mundt Act in 1972 and 1998 further clarified the legal obligations of the government's public diplomacy apparatus, and several presidential directives have set up specific structures and procedures as well as further legal restrictions regarding U.S. public diplomacy and information operations.

Some say that these policies have created an unnecessary "firewall" between domestic and foreign audiences, limiting what information the United States produces and distributes to counter extremists in cyberspace for fear of "blowback" to its own citizens. Cyberspace as a global domain does not

2/15/2018 EBSCOhost

http://web.b.ebscohost.com/ehost/delivery?sid=a044cfde-323a-4432-ab13-0153ed2567f1%40sessionmgr102&vid=15&ReturnUrl=http%3a%2f%2fweb.… 4/4

recognize territorial boundaries, making it difficult to target a specific geographic region. Some argue that this has effectively created a ban on all government "propaganda," a term that carries with it negative historical connotations, although the term is neither defined nor mentioned in the law itself. Some critics argue that the law does not prevent government propagandizing, but rather has been consistently misinterpreted. Others maintain that the Smith-Mundt provisions may prevent undue government manipulation of citizens and are a necessary protection.

In addition to questions over what constitutes propaganda and the applicability of Smith-Mundt, confusion over "information operations" programs has led some to question their budgetary process and management within DOD. Often confused with Information Operations as a whole, PSYOP (Psychological Operations) refers to influence activities specifically intended "to induce or reinforce foreign attitudes and behavior in a manner favorable to U.S. objectives." While PSYOP is focused at audiences abroad, it is supported by the public affairs function.

The Public Affairs Office is the entity responsible for working with media outlets both domestic and foreign, to "inform" rather than to "influence." Given the public's and government's aversion to the term "propaganda" and particularly military activities that might be described as such, DOD has changed military lexicon from PSYOP to Military Information Support Operations (MISO). The Secretary of Defense approved the name change in June 2010 following a recommendation from the Defense Senior Leadership Council. Some argue that the name change elevates the importance of information support to military operations for commanders in the field, while others point to the traditional career field of PSYOP as a source of pride among its servicemembers.

A January 2011 memorandum issued by DOD acknowledges the heightened strategic emphasis on countering violent extremism and transnational, global networks through effective strategic communications and information operations. The memo outlines organizational changes that are designed to facilitate better program integration and coordination to meet these challenges.

From the Library of Congress, Congressional Research Service report Terrorist Use of the Internet: Information Operations in Cyberspace, issued March 8, 2011. See http://www.ieeeusa.org/policy/eyeonwashington/2011/documents/terroristuseinterne t.pdf.

Copyright of International Debates is the property of Congressional Digest and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.