Skip to content
Unit 19Cyber Conflict and Cyber StrategyChapter 5: Cyber Terrorism and the Protection of Critical National Infrastructures
All chapters
  1. 1. A Message from the Authors
  2. 2. What is Cyber Warfare?
  3. 3. Cyber arms control
  4. 4. Offence and Defence of Major Cyber Powers
  5. 5. Cyber Terrorism and the Protection of Critical National Infrastructures
  6. 6. The European Union’s Role in Cybersecurity
  7. 7. Summary and Further Reading
Your bookmarks

When you add chapters to your bookmarks they'll appear here.

Chapter 5

Cyber Terrorism and the Protection of Critical National Infrastructures

How to Watch and Read this Chapter

The main objective of this chapter is to give you an overview of the current threat posed by “cyber terrorists” to Critical National Infrastructures (CNI) and what measures can be put in place to mitigate their actions.

Cyber Terrorism: a Working Definition

To date, there are no universally accepted definitions of cyber terrorism, as the concept of terrorism in itself is highly disputed at the international level. For example a rebel group targeting police forces in the context of an escalating civil conflict might be labelled as a “terrorist group” or a “liberation army” depending on the stakeholder’s perspective in the conflict.

There are however some dictionary definitions:

Merriam Webster defines cyber terrorism as: “terrorist activities intended to damage or disrupt vital computer systems”.

Similarly, the Cambridge Dictionary defines it as: “the use of the internet to damage or destroy computer systems for political or other reasons”.

There are also more elaborate definitions as the one put forward by Luiijf, 2014, where the author considers relevant:

“The use, making preparations for, or threat of action designed to cause a social order change, to create a climate of fear or intimidation …”

made with the intention to achieve any goal (political, religious, racial)

“… by affecting the integrity, confidentiality, and/or availability of information, information systems and networks, or by unauthorized actions …”

which should involve violence, serious injuries, damage to properties, risk to health and a serious breach of the social and political stability and cohesion of a country.

This chapter uses the definition as proposed by the National Conference of State Legislatures:

The use of information technology by terrorist groups and individuals to further their agenda. This can include use of information technology to organize and execute attacks against networks, computer systems and telecommunications infrastructures, or for exchanging information or making threats electronically.”

Rather than defining the act this definition has the merit to restrict the concept of cyber terrorism to the actors (i.e. terrorist groups and individuals) who perform online actions to reach their goals.

This allows to achieve better conceptual clarity as a list of individuals and entities associated with terrorist activities is updated by the United Nations.

Terrorist Groups Using ICT: The Major Players

This video explains the strategic goals and tactics of major terrorist groups using ICT, including:

  • ISIL (Da’esh)
  • al-Qaeda

Assessing the Evidence: Is There a Threat to CNI Posed By Terrorist Groups?

A study by Gross, Canetti and Vashdi (2017) has shown that exposure (in the form of video clips) to lethal and non-lethal cyber terrorism generate a “stress-based cyber terrorism effect”.

Exposure to cyber terrorism is not harmless and leads to reactions similar to conventional terrorism, such as:

  • stress
  • anxiety
  • insecurity, a preference for security over liberty
  • a re-evaluation of confidence in public institutions
  • a heightened perception of risk and support for forceful government policies

This leads into support for internet surveillance, regulation of the internet and kinetic responses to terrorism.

However, what is the current assessment of the threat posed by cyber terrorists?

According to the Worldwide Threat Assessment of the US Intelligence Community:

Terrorists could obtain and disclose compromising or personally identifiable information through cyber operations, and they may use such disclosures to coerce, extort, or to inspire and enable physical attacks against their victims. Terrorist groups could cause some disruptive effects—defacing websites or executing denial-of-service attacks against poorly protected networks—with little to no warning.”

p. 6

Generally speaking, there is a consensus among experts that terrorist groups’ ability to launch major and large scale cyber attacks is lower compared to that of state actors.

There are two main reasons for this assessment:

  • Terrorists seem unable to develop new malware. Rather, they resort to what is already available.
  • Perpetrating a major attack against a CNI would require not only advanced network operations skills, but also engineering expertise. These forms of expertise and skills could be hard to assemble for terrorist organizations.

However, because of the fast changes in technology and the possibility to acquire complex exploits from more sophisticated actors, cyber terrorists need continuous monitoring.

Tackling Terrorism Online: How the US Cyber Command Disrupted the ISIL Online Network

In the context of the international military intervention against the Islamic State of Iraq and the Levant (ISIL), the US military launched a cyber operation to dismantle the terrorist organization’s ability to operate in cyberspace.

The task assigned to task force JTF-ARES was to curb ISIL activities in cyberspace. Instead, Operation Glowing Symphony tried to curb ISIL social media and internet propaganda.

Today, it is unknown whether Glowing Symphony is still ongoing, although it is known that JTF-ARES still operates.

Glowing Symphony and JTF-ARES activities are seen as a demonstration of the nation’s offensive cyber capability and a model describing the “American way” of conducting cyber warfare.

This chapter includes content provided by National Public Radio (NPR). Tap Allow and continue to load this content, or view NPR's privacy policy for more information.

Operation Glowing Symphony: An Assessment

The National Security Archive (NAS) obtained documents assessing the first phase of Operation Glowing Symphony.

Outcome of the operation:

  • The operation is assessed to have “imposed time and resource costs” by disrupting activities, leading USCYBERCOM to assess “that OGS successfully contested ISIL in the information domain.”

However challenges were also highlighted:

  • shortcomings in data exploitation capabilities, mostly related to storage of the data itself
  • problems in targeting procedures (clearing targets for engagement)
  • coordination with other US agencies and departments

Quiz

The EU Non-Proliferation and Disarmament eLearning Course aims to cover all aspects of the EU non-proliferation and disarmament agenda. It's produced by PRIF with financial assistance of the European Union. The contents of individual learning units are the sole responsibility of the respective authors and don't necessariy reflect the position of the European Union.