The issue of cyberterrorism is once again in the news, spurred by the ISIS attacks in Paris. The threat is certainly not new; none other than former U.S. Defense Secretary Leon Panetta warned in 2012 of a possible “digital Pearl Harbor.” Some pundits claim ISIS and other terrorist groups are winning the cyber war, while others say that the threat is overblown. Nevertheless, U.S. interests spend billions each year trying to prevent Internet-based attacks. In a broader sense, the Internet and social media have given terrorists an unprecedented opportunity to raise funds and recruit new members, even in the heart of America. Here are a few issues that keep defense and IT security experts awake at night.
5. ISIS, Other Terrorists Have Mastered Social Media
There has been plenty of discussion in the past year about the social media tactics ISIS uses for recruitment worldwide. Not only have social media sites such as Twitter and Facebook propelled the regime change seen during the 2011 Arab Spring, ISIS has used social media to recruit fighters from across the Arab world and beyond. But who answers this sort of call? The disenfranchised, thrill-seekers, or the chronically clueless? An untold number of youths and 20-somethings from the West have traveled overseas to join ISIS, only to become disillusioned by what they see, albeit too late. In one high-profile example, two Austrian teen girls left their country to join ISIS in 2014. Their parting message to family and friends: “Don’t look for us. We will serve Allah and we will die for him.” Dubbed “poster girls” for ISIS, one girl died while fighting in Syria. Austrian newspapers reported the other girl was beaten to death recently as she tried to escape Syria.
ISIS online is a moving target for counterterrorism experts. For example, ISIS has an estimated 90,000 Twitter accounts worldwide, with more created daily as others are taken down. According to one estimate, ISIS followers can generate up to 200,000 tweets a day. In short, the group has a tremendous ability to leverage social media for nefarious purposes. Perhaps President Barack Obama said it best recently when he called ISIS, “a bunch of killers with good social media.”
4. Wall Street Seeking Plan to Fight Cyberterrorism
The 2014 hack of Sony Pictures by North Korean infiltrators demonstrated once again that cyberterrorists often have government backing. Hackers have managed to break into the computer networks of countless government and private organizations in the past couple of years, from the Pentagon to the infidelity site Ashley Madison. Now, imagine a dedicated terrorist cyberattack targeting the American financial system. An internal document obtained by Bloomberg in 2014 shows Wall Street leaders recommend a “cyber-war council” composed of government and business leaders to help ward off cyberterrorist attacks.
Most security exchanges around the world have reported fending off online attacks in the past year. Industry leaders fear simple but damaging “denial of service” attacks on banks — an assault in which a site is bogged down by a flood of “pings” from spoofed IP addresses — could escalate into something far more serious. The document obtained by Bloomberg notes that attacks in the near future could be “devastating” and lead to “account balances and books and records being converted to zeros.” In these situations, mass financial panic could result. Would the FDIC and government step up during such a scenario?
3. Terrorists Smarter About Being Tracked in Cyberspace
To be sure, some of the electronic security practices terrorists used during the recent Paris attacks were sloppy; police were, for example, able to pinpoint a terrorist hideout from a mobile phone thrown in the trash outside the Paris theater. Yet terrorists and terrorist organizations have displayed a remarkable aptitude in learning how to cover their tracks in cyberspace. Terrorists know how to use end-to-end encryption, VPNs (for IP address spoofing), deep web browsers such as Tor, and data-encryption techniques in an effort to stay one step ahead. African nations such as Nigeria have moved to make unregistered mobile phone SIM cards illegal in an effort to track down organizations such as Boko Haram.
Certainly, the NSA and Department of Homeland Security won’t divulge their own tracking capabilities, and use of cyberspace by groups such as ISIS also presents a huge intelligence gathering opportunity. Many have called for tech giants such as Google and Apple to make piles of data collected on individuals available for counterterrorism surveillance. That raises an interesting question: Given the current war on terrorism, would Americans be willing to give up more of their rights to digital privacy to help thwart terrorist communications?
2. Billions Being Spent Fighting Cyberterrorism
The U.S. government will spend more than $5 billion in 2016 alone on cyber defense. In the private sector, banks, major corporations and other institutions will spend billions more on IT security. And still, a terrorist with a $50 smartphone can pose a major threat. A similar scenario unfolds in Israel every time a million-dollar missile shoots down a $100 rocket fired from the Gaza Strip. The U.S. is winning the war — so far — but just think of all the other possible uses for those billions of dollars. It has been said that poverty breeds radical terrorism, and money that could be used in fields such as education and health care is instead spent fending off cyber attacks. It brings to mind how the U.S. engaged and bankrupted the Soviet Union in a similar fashion during the Cold War.
1. An Attack on the Power Grid Could Be Devastating
Our society relies on an aging power grid sorely in need of an upgrade. The power infrastructure in the United States is composed of three grids fed by over 2,000 distributors and 7,000 generating plants, a patchwork affair that somewhat protects it against total collapse. But cascading blackouts — such as the one in the Northeastern and Midwestern U.S. and Canada in 2003 — have demonstrated the vulnerability of the power grid, as plants strain to cope with extra load. An attack during a summer heat wave during peak-use hours could be particularly catastrophic.
A recent report by the Congressional Research Service disclosed by the Federation of American Scientists stated that hackers have the capability to insert harmful malware into internal systems maintaining the U.S. power grid. These are increasingly reliant on computer software for power grid control. The United States is thought to have carried out a similar attack using the Stuxnet virus targeted at Iranian centrifuges in nuclear facilities. USA Today reported in early 2015 that 14 cyber attacks had been made on the U.S. power grid in the past four years. This is a small number to be sure, and thus far, none of these have been successful. But all it takes is one successful attack to cause a catastrophic failure. We won’t point out the obvious fallout, but a major failure of the grid means far more than just not being able to charge your iPhone that day.