Terror Defense No Al Qaida Terror



Download 2.62 Mb.
Page4/81
Date18.10.2016
Size2.62 Mb.
#2908
1   2   3   4   5   6   7   8   9   ...   81

No Cyber Terror

No cyberterror attacks – information requirement, less harm, closed networks


Mathisen 13 [Georg Mathisen, scientific journalist for ScienceNordic, “Cyberterrorism poses limited risk,” December 27, 2013, http://sciencenordic.com/cyberterrorism-poses-limited-risk]//JIH

The goal of any terrorist is not only to do harm, but to get attention. A spectacular attack using cyberterrorism would be very complicated. It would be a lot easier to simply fill a truck with explosives and drive it into a vulnerable spot, or produce nerve gas and release it on the subway,” Diesen points out. The Web is important for terrorists, but for entirely different reasons. Terrorists use the Web "for propaganda and recruitment and to assume responsibility for their actions.” says Diesen's colleague Torgeir Broen, who is also a researcher at FFI, FFI has started to develop a study of the use of computers in warfare. The researchers say that there is a big difference between opportunistic crime and targeted terror and warfare. Broen points out that “online crime for financial gain is tremendously widespread. But these criminals do not have to take over one particular machine. That is much more difficult.” Layer upon layer upon layer Although it is possible to access the user area of a slightly sloppy operator who has used the name of his cat or the birthday of his wife as his password, you have to bypass quite a few security layers to even begin to guess the password. “If you want to take control of an industrial control system, such as a nuclear power plant, you have to enter the computer system of the energy company,” Diesen explains. “So you have to get into a specific network. Then you have to get into a specific computer on the network, and then into a specific software component.” “You have to know these systems well. For example, you have to know which version of the applications they use and how they are used. The difficulties quickly pile up,” he says. Intelligence All this means that if military hackers from another country want to be able to do some damage, they need information. A lot of information. As Broen says, “these operations are so dependent on intelligence that the link between the people engaged in hacking operations and the intelligence service is very close. It has to be.” Diesen admits that it is hard to get people to understand this. “We are struggling with perceptions created by the entertainment industry. These things seem far easier than they are in reality,” he says. Hacker movies are good entertainment, but not more than that, he adds.Attacks on Iran's nuclear centrifuges Diesen distinguishes between open and closed networks. Closed networks are not connected to the Internet. This is the case for military networks and industrial control networks. He also explains that there is a tendency for more and more networks to be connected to the Internet to be fully functional. But “closed systems increasingly use the same software as open networks," Broen says. "Security mechanisms in commercial software are often better than those found in specialized software, in part because they are exposed to a lot of attacks.”

An ISIS cyber-attack won’t happen anytime soon – no resources, no experts, no motivation.


Frizell 14 [Sam Frizell, political writer for TIME magazine, “Experts Doubt ISIS Could Launch Major Cyberattack Against the U.S.,” Sept. 19, 2014]//JIH

In the Islamic State of Iraq and Greater Syria’s (ISIS) drive to establish what it calls a new caliphate, the group has gathered between 20,000 and 31,500 fighters, partly thanks to its recruitment campaign over social media networks like Facebook, Twitter and YouTube. Widely disseminated video footage of executed American and British citizens have become ISIS’s tools for terror; the Internet is ISIS’s vehicle. Today, ISIS’s adroit use of modern technology is raising a new specter: cyberterrorism. Several prominent national security experts and cyber analysts warned this week that ISIS could someday threaten the United States, elevating fears about the West’s vulnerability to a cyberattack. “ISIS has already had success in utilizing technology, using the web for recruiting, distribution of terrorist information and scare tactics,” David De Walt, the chief executive of tech security company FireEye told the Financial Times this week. Now, De Walt said, “[w]e’ve begun to see signs that rebel terrorist organizations are attempting to gain access in cyber weaponry.” And on Tuesday, National Security Agency Director Michael Rogers warned that the U.S. needs to bolster its defenses against digital attacks from terrorist groups like ISIS. “It’s something I’m watching,” Rogers said of ISIS’s aggressive use of Internet technology at a cybersecurity conference in Washington, D.C. “We need to assume that there will be a cyber dimension increasingly in almost any scenario that we’re dealing with. Counterterrorism is no different.” But do we really need to fear a cyber attack from ISIS? As it turns out, probably not: ISIS’s social media savvy doesn’t necessarily translate into a real cybersecurity threat against the United States, and much of the talk about the group’s growing cyber-prowess overstates the point, experts told TIME. “I don’t think anyone has any proof that there’s an imminent attack or that ISIS has acquired the manpower or the resources to launch an attack on the infrastructure of the United States,” said Craig Guiliano, senior threat specialist at security firm TSC Advantage and a former counterterrorism officer with the Department of Defense. “It could be a potential threat in the future, but we’re not there yet.” ISIS, a group with little technological infrastructure, doesn’t have many resources to wage a cyberwar against the United States. Compared to larger, state-sponsored hacking operations, ISIS is miles behind. Chinese hackers, for instance, who have been accused of attacking U.S. businesses and government contractors, are reported to have wide-ranging support from Chinese authorities, with many of the hackers hailing directly from the Chinese army. A few ISIS-related figures have been connected with cyberattacks or cybercrime. Abu Hussain Al Britani, a British hacker who has since moved to Syria and begun recruiting for ISIS, was jailed in 2012 for hacking into former Prime Minister Tony Blair’s Gmail account. One of the more prominent tech-savvy ISIS supporters, Al Britani maintains a Twitter account that calls for new ISIS recruits. And a group called “Lizard Squad” that has claimed responsibility for high-profile cyberattacks that have brought down the websites of the Vatican, Sony and others has tenuously been linked to ISIS on the basis of tweets like this one: But ISIS doesn’t appear to have the manpower to launch sophisticated attacks against the United States. “You need some resources. You need access to certain kinds of technology. You need to have hardcore programmers,” Jim Lewis of the Center for Strategic and International Studies said. “ISIS doesn’t have those capabilities.” Unlike China’s state-sponsored hackers, who have a strong interest in attacking U.S. businesses to hawk trade secrets and intellectual property, ISIS is more concerned with taking real-world territory and controlling it. ISIS’ first priority is establishing control over the disparate desert regions from the outskirts of Aleppo in Syria to Falluja in Iraq and creating an Islamic caliphate—not an expensive and often intangible cyberwar against American websites. “ISIS wants to conquer the Middle East, not hack websites in Omaha,” said Lewis. That’s not to say that ISIS is incapable of launching an attack in the future. ISIS is believed to be well-funded, likely capable of purchasing simple malware on the black market and using it against the West. But the kinds of attacks ISIS would be able to carry out would likely be more of an annoyance than a debilitating strike on the United States’ infrastructure, the kind of attack that national security experts really worry about.

Cyber terror is not a national security threat – no cyberattack has resulted in deaths or injuries, and information infrastructure isn’t vulnerable.


Cavelty 14 [Myriam Dunn Cavelty, PhD, Deputy for research and teaching a the Center for Security Studies (CSS) and Senior Lecturer for Security Politics at ETH Zurich, “Cyber-Terror– Looming Threat or Phantom Menace? The Framing of the US Cyber-Threat Debate,” Oct 13, 2014]//JIH

While governments and the media repeat-edly distribute information about cyber-threats, real cyber-attacks resulting in deaths and injuries remain largely the stuff of Holly-wood movies or conspiracy theory. In fact, menacing scenarios of major disruptive occur-rences in the cyber-domain, triggered by mali-cious actors, have remained just that– scenarios. Nonetheless, for the US government (and to a lesser degree other governments around the world), the decision has been far more straightforward: it considers the threat to national security to be real, has extensively studied various aspects of cyber-threats, and spends considerable sums on a variety of coun-termeasures (Abele-Wigert & Dunn, 2006). This observation raises interesting questions from a security studies perspective: Why and how is a threat that has little or no relation to real-world occurrences included on the secu-rity political agenda? Are there specific characteristics that make it particularly likely to be there? Due to its vague nature, cyber-terrorism is a playfield for very different and diverse commu-nities, concerned with topics such as freedom of speech and Internet censorship (Gladman, 1998; Weimann, 2004a); cyber crime in con-nection with terrorism (Sofaer & Goodman, 2000); or information warfare and sub-state groups (Devost, Houghton, & Pollard, 1997; Rathmell, Overill, Valeri, & Gearson, 1997). This article will focus on cyber-threats and cyber-terror broadly framed as a national secu-rity issue. Previous research on the topic has generally been highly specific and policy-ori-ented (Alberts & Papp, 1997; Arquilla & Ronfeldt, 1996) and has often uncritically adopted arguments on the nature and scale of cyber-terrorism from official statements or pieces of media coverage.2 This is epitomized in the tendency of many authors to hype the is-sue with rhetorical dramatization and alarmist warnings (cf. Arquilla, 1998; Schwartau, 1994). On the other hand, the considerable hype has brought forth a counter-movement of more cautious voices that are deliberately more spe-cific in their estimates of the threat (cf. Lewis, 2002; Wilson, 2003). The key question on which these two groups differ is whether or to what degree there is a credible or likely connec-tion between terrorism and cyber-terrorism be-yond the suspected vulnerability of critical infrastructures (cf. Nicander & Ranstorp, 2004, p. 15) and consequently, at what point in future time such an attack might occur. While it is undisputed in both communities that cyber-at-tacks and cyber-incidents cause major incon-veniences and have cost billions of US dollars in lost intellectual property, maintenance and repair, lost revenue, and increased security in the last couple of years (Cashell, Jackson, Jickling, & Webel, 2004), these two groups dif-fer considerably in their assessment of the fu-ture point in time at which such an attack might occur, and some even doubt whether there truly is a national security threat linked to the Internet and the information infrastructure. The main reason for this controversy is that cyber-threats have not materialized as a na-tional security threat, even granted that there have been some few incidents with at least some potential for grave consequences. Inter-estingly enough, both hypers and de-hypers tend to agree on this point. But while the first group assumes that vicious attacks that wreak havoc and paralyze whole nations are immi-nent, more cautious researchers often point to the practical difficulties of a serious cyber-attack (Ingles-le Nobel, 1999), question the as-sumption of critical infrastructure vulnerabilities (Lewis, 2002; Smith, 1998, 2000), or point to unclear benefits of cyber-attacks for terrorist groups (Barak, 2004). Despite this caution, however, even the second group contends that one “cannot afford to shrug off the threat” (Denning, 2001a) due to unclear and rapid fu-ture technological development as well as dy-namic change of the capabilities of terrorism groups themselves (Technical Analysis Group, 2003). To summarize the debate in a nutshell: due to too many uncertainties concerning the scope of the threat, experts are unable to con-clude whether cyber-terror is fact or fiction, or, since they are unwilling to dismiss the threat completely, how long it is likely to remain fic-tion.


Download 2.62 Mb.

Share with your friends:
1   2   3   4   5   6   7   8   9   ...   81




The database is protected by copyright ©ininet.org 2024
send message

    Main page