We’ve heard a lot about cyber terrorism lately – including FBI Director Mueller’s March 4th warning at the RSI Cyber Security Conference that “the cyberterrorism threat is real” and that terrorist organizations are looking to conduct cyber attacks against the US. Yet at the same time, and Mueller acknowledges this, terrorists have not launched any significant cyber attacks against Western targets. And why should they when there are so many factors mitigating against the use of such cyber weapons?
There is no guarantee that after all the lengthy and complex work to prepare an attack that, in the end, it won’t fizzle into a non-event. While many of our networks may be vulnerable to hackers and other malicious operatives, at the same time they are also quite resilient to the kind of outage that generates the necessary fear that terrorists seek.
It’s time that we start decoupling the very different digital threats that the popular discourse keeps confusing. Cyber terrorism is fundamentally different from cyber war, and, as you will read below, hackers who support terrorist causes have a different agenda than sowing mayhem in cyberspace. In order to make sense from these confusing mash-ups we need a different lens to view these threats than apocalyptic sound bites referring to “digital Pearl Harbors”. Nor are we helped by the jockeying of various Federal government and military agencies to frame cyber threats within the larger and oft dramatized global war on terror. A must read in this regard is Prof. Myriam Dunn Cavelty’s penetrating analysis of the debate.
Indeed, some of the most clear thinking and compelling research on cyber threats is increasingly coming from academia. Across the US, institutions such as the University of Alabama Birmingham (UAB) are developing new research methodologies and tools for understanding the cyber threat landscape. And these schools are not only getting government grants and scholarships (see the National Security Agency’s “National Centers of Academic Excellence” program), but they are also in some cases applying their cyber research in helping the US authorities fight cyber crime.
I recently learned from Gary Warner, Director of Research in Computer Forensics at AUB, that he and his students have found links between surprisingly large and capable hacker communities from Morocco and Saudi Arabia, to Turkey and Pakistan and regional extremist causes and groups. Warner, who joined me this week at the GovSec Conference’s General Session on “Cyber Espionage and Criminal Hacking: The New Threat Matrix”, described how hackers from these regions are successfully using phishing attacks to steal large amounts of money out of unwitting Americans’ digital pockets, and how portions of these proceeds are going to support their violent causes. Now that is a tremendously beneficial and enlightening insight into the cyber threats discussion.
For more information, please contact Heather Sabharwal at email@example.com or 202-349-7016.
Mon, March 29, 2010
by Mark Danner filed under