Cyber Terrorism

Declaration of Original Work

Hereby I, Christian Nitschke, declare that this document is my own original work and that all sources have been accurately reported and acknowledged, and that this document has not previously in its entirety or i n part been submitted at any university in order to obtain an academic qualification.

Cape Town, 26 ^th September 2003

Economics for Managers - Christian Nitschke

Executive Summary

The dependency on Information Systems and Technology is a given fact of today’s world either in public or in business. But this dependency also creates vulnerabilities in form of new targets for particular groups instead of the supposed improvements of overall life quality. Cyber attacks therefore pose complex problems to national security and public policy as well as to the economy.

Cyber terrorism occurs in the virtual world of bits and is being seen as a convergence of terrorism and cyberspace. It can take place in simple structured styles up to complex coordinated ways of attacking and should be differentiated in conventional or unique manners of execution.

To provide a deeper understanding of the field of cyber terrorism it is investigated with the method of ‘semiotics’. This is be done through the Morphological, Empirical, Syntactical, Semantic and Pragmatic layer to be able to classify and categorize cyber terrorism on risk and the rate of impact.

The concluding part deals with the economic costs of cyber terrorism on the hand and provides a prevention model for terrorism on the other.

Economic costs do not only cover the direct costs involved for security there are as well opportunity cost involved which have to be taken into account. The loss of intellectual property, the lower productivity caused by cyber attacks and the hurt of third party liability are non monetary measures for the ladder.

The prevention model is based on the cybernetic approach to build up a system where the complex structure of ‘cause and affect’ of the anti terrorism variables is incorporated. The sensitivity of this tough system is shown on some particular elements. The model provides a network for the development of sustainable solutions to limit the overall economical costs of the fight against terrorism.

Economics for Managers - Christian Nitschke

iv

Table of Contents

  DECLARATION OF ORIGINAL WORK  II

  EXECUTIVE SUMMARY  III

TABLE OF  CONTENTS  IV

TABLE OF  ILLUSTRATIONS  IV

1  CYBER TERRORISM - FACT OR FANCY?  1

2  THE CURRENT UNDERSTANDING  2

3  SEMIOTICS OF CYBER TERRORISM  4

3.1  A SEMIOTIC DISCOURSE TO ANALYZING CYBER TERRORISM  5

  Morphological  5

  Empirical  6

  Syntactical  7

  Semantic  8

  Pragmatics  9

4  AN ECONOMIC CONTEMPLATION OF CYBER TERRORISM  9

4.1  ECONOMIC CONSEQUENCES  9

5  A CYBERNETIC MODEL FOR PREVENTION  11

5.1  SYSTEM MODEL: TERROR PREVENTION  12

6  REFERENCES  15

Table of  Illustrations  

Illustration  1 : The Semiotics of cyber terrorism  4

Illustration  2 : System Model: Terror Prevention  13

  Economics for Managers - Christian Nitschke  

1 Cyber Terrorism - fact or fancy?

Terrorism and especially cyber terrorism is a contemporary issue of today’s society. The government and business world as well as an increasing part of human beings is confronted with technology day for day.

The dependency on Information Systems and their underlying machinery becomes or has become a critical success factor in various parts of life. Militant actions are not primarily fights of human against human anymore, it is more about intelligence agencies - information about the behaviour of militant groups or changes of the infrastructure in a particular country is gathered by state organisations like the CIA or independent institutions like the World Bank permanently - and complex networked information systems which determine the current structure of conflict.

Cyber attacks, network security and information pose complex problems that reach into new areas for national security and public policy (Lewis, 2002). cyber terrorism is “the use of computer network tools to shut down critical national infrastructures (such as energy, transportation, government operations) or to coerce or intimidate a government or civilian population.” The premise of cyber terrorism is that as nations and critical infrastructure became more dependent on computer networks for their operation, new vulnerabilities are created - “a massive electronic Achilles' heel.” A hostile nation or group could exploit these vulnerabilities to penetrate a poorly secured computer network and disrupt or even shut down critical functions.

Much of the literature on cyber terrorism assumes that the vulnerability of computer networks and the vulnerability of critical infrastructures are the same, and that these vulnerabilities put national security at a significant risk. Given the newness of computer network technology and the rapidity with which it spread into economic activity, these assumptions are not surprising. A closer look at the relationships between computer networks and critical infrastructures, their vulnerability to attack, and the effect on national security, suggests that the assumption of vulnerability is wrong. A full reassessment is outside the scope of this paper, but a brief review suggests that while many computer networks remain very vulnerable to attack, few critical infrastructures are equally vulnerable.

Economics for Managers - Christian Nitschke

A recently developed software by an PhD-student in the United States can explore the most vulnerable areas of the data network of a country. His study concentrates on the question at which points terrorists have to attack the data network to cause the maximum level of impact on government and businesses. The software does not concentrate on attacks in the virtual world instead it calculates the most “valuable” sections of the networks - the real infrastructure like fiber optic cables - to cause as much harm as possible. The interesting fact is that all information needed is available on the World Wide Web (Traufetter, 2003).

The investigation focuses on the societal and economical impacts of cyber terrorism. Despite that there are definitely diverse other factors which influence the genesis of this kind of action. cyber terrorism could be seen from a technological viewpoint which deals with the protection mechanisms like firewalls or from a motivational viewpoint which explores the rationales of Cyber terrorists.

The first part of the report will give actual definitions and understandings of cyber terrorism to start from the same base. The second part deals with a reflection in a semiotic way and considers economic of the discussed topic. Finally a preventive model for international terrorism is discussed.

2 The current understanding

The purists maintain the fact that unless a computer is used specifically as a tool, weapon or target involving a victim, it can not be considered as an instrument of terrorism. If you review the argument regarding firearms: “It is not the gun that kills people, it’s the people who use guns that kill people”. The sole consideration in cyber terrorism should be the intention of the actor, not their choice of weapon or method of conveyance (Desouza, 2003).

Gordon and Ford (2002: 636-647) give a definition of cyber terrorism based on the definition and attributes of Terrorism. They examine these factors in the context of a technological & computer minted environment and synthesize their findings to give a broad definition of the concept of “Pure-cyber terrorism”; that is, terrorism activities that are carried out entirely (or primarily) in the virtual world.

Economics for Managers - Christian Nitschke