Terrorist groups are currently using information and communication technologies to orchestrate their conventional attacks. More recently, terrorists have been developing a new form of cyber-capability to coordinate cyber attacks. This book explores the possibility that cyber-terrorists may have developed or may have future capabilities to attack critical infrastructure by accessing Supervisory Control and Data Acquisition (SCADA) systems within Australia and throughout the world. The book characterises the Australian security and terrorism environment and discusses the vulnerability of Australian computer systems and control systems. It also discusses the cyber-capability of various terrorist groups, SCADA risk evaluation methods and presents a framework to measure and protect SCADA systems from the threat of cyber-terrorism within Australia. This framework forms the main basis of this research and is examined by three focus group interviews, signifying the need for new counter-terrorism security models to assist with assessing new cyber security threats such as cyber-terrorism. This contribution is of great value to the SCADA community and organisations.
The world is becoming ever more interconnected and vulnerable, as has been demonstrated by the recent cyber attacks on Estonia. Thus the need for stringent and comprehensive methods for combating cyber crime and terror have never before been needed more than now. CyberWar, CyberTerror, CyberCrime is a straightforward and pragmatic guide. It details how best practices and standards can be used to combat cyber criminals and terrorists. This book is written by Dr. Julie Mehan who is a Principal Analyst for a strategic consulting firm in the State of Virginia. She has been a Government Service employee, a strategic consultant, and an entrepreneur. Until November 2007, she was the co-founder of a small woman-owned company focusing on secure, assured software modernization and security services. She led business operations, as well as the information technology governance and information assurance-related services, including certification and accreditation, systems security engineering process improvement, and information assurance strategic planning and programme management. During previous years, Dr Mehan delivered information assurance and security-related privacy services to senior department of defense, federal government, and commercial clients working in Italy, Australia, Canada, Belgium, and the United States. Information security should not be an after thought. It should be ingrained into the organization’s culture. This book will help you create this forward thinking culture using best practices and standards.
Many international terrorist groups now actively use computers and the Internet to communicate, and several may develop or acquire the necessary technical skills to direct a co-ordinated attack against computers in the United States. A cyberattack intended to harm the U.S. economy would likely target computers that operate the civilian critical infrastructure and government agencies. However, there is disagreement among some observers about whether a co-ordinated cyberattack against the U.S. critical infrastructure could be extremely harmful, or even whether computers operating the civilian critical infrastructure actually offer an effective target for furthering terrorists’ goals. While there is no published evidence that terrorist organizations are currently planning a co-ordinated attack against computers, computer system vulnerabilities persist world-wide, and initiators of the random cyberattacks that plague computers on the Internet remain largely unknown. Reports from security organisations show that random attacks are now increasingly implemented through use of automated tools, called ‘bots’, that direct large numbers of compromised computers to launch attacks through the Internet as swarms. The growing trend toward the use of more automated attack tools has also overwhelmed some of the current methodologies used for tracking Internet cyberattacks. This book provides background information for three types of attacks against computers (cyberattack, physical attack, and electromagnetic attack), and discusses related vulnerabilities for each type of attack.The book also describes the possible effects of a co-ordinated cyberattack, or computer network attack (CNA), against U.S. infrastructure computers, along with possible technical capabilities of international terrorists. Issues for Congress may include how could trends in cyberattacks be measured more effectively; what is appropriate guidance for DOD use of cyberweapons; should cybersecurity be combined with, or remain separate from, the physical security organization within DHS; how can commercial vendors be encouraged to improve the security of their products; and what are options to encourage U.S. citizens to follow better cybersecurity practices. Appendices to this book describe computer viruses, spyware, and ‘bot networks’, and how malicious programs are used to enable cybercrime and cyberespionage. Also, similarities are drawn between planning tactics currently used by computer hackers and those used by terrorists groups for conventional attacks.
Cyberterrorism can be defined as the use of information technology by terrorist groups and individuals to further their agenda. This can include use of information technology to organise and execute attacks against networks, computer systems and telecommunications infrastructures, or for exchanging information or making threats electronically. Examples are hacking into computer systems, introducing viruses to vulnerable networks, web site defacing, denial-of-service attacks, or terroristic threats made via electronic communication. This book examines various aspects of this new type of warfare.
The United States, our allies, and our partners face a spectrum of challenges, including violent transnational extremist networks, hostile states armed with weapons of mass destruction, rising regional powers, emerging space and cyber threats, natural and pandemic disasters, and a growing competition for resources. The Department of Defense must respond to these challenges while anticipating and preparing for those of tomorrow. We must balance strategic risk across our responses, making the best use of the tools at hand within the U.S. Government and among our international partners. To succeed, we must harness and integrate all aspects of national power and work closely with a wide range of allies, friends and partners. We cannot prevail if we act alone.
As noted in the 2006 QDR, state actors no longer have a monopoly over the catastrophic use of violence. Small groups or individuals can harness chemical, biological, or even crude radiological or nuclear devices to cause extensive damage and harm. Similarly, they can attack vulnerable points in cyberspace and disrupt commerce and daily life in the United States, causing economic damage, compromising sensitive information and materials, and interrupting critical services such as power and information networks. National security and domestic resources may be at risk, and the Department must help respond to protect lives and national assets. The Department will continue to be both bulwark and active protector in these areas. Yet, in the long run the Department of Defense is neither the best source of resources and capabilities nor the appropriate authority to shoulder these tasks. The comparative advantage, and applicable authorities, for action reside elsewhere in the U.S. Government, at other levels of government, in the private sector, and with partner nations. DoD should expect and plan to play a key supporting role in an interagency effort to combat these threats, and to help develop new capacities and capabilities, while protecting its own vulnerabilities.
In the contemporary strategic environment, the challenge is one of deterring or dissuading a range of potential adversaries from taking a variety of actions against the U.S. and our allies and interests. These adversaries could be states or non-state actors; they could use nuclear, conventional, or unconventional weapons; and they could exploit terrorism, electronic, cyber and other forms of warfare. Economic interdependence and the growth of global communications further complicate the situation. Not only do they blur the types of threats, they also exacerbate sensitivity to the effects of attacks and in some cases make it more difficult to attribute or trace them. Finally, the number of potential adversaries, the breadth of their capabilities, and the need to design approaches to deterrence for each, create new challenges.
An underlying assumption in our understanding of the strategic environment is that the predominant near-term challenges to the United States will come from state and non-state actors using irregular and catastrophic capabilities. Although our advanced space and cyber-space assets give us unparalleled advantages on the traditional battlefield, they also entail vulnerabilities.
China is developing technologies to disrupt our traditional advantages. Examples include development of anti-satellite capabilities and cyber warfare. Other actors, particularly non-state actors, are developing asymmetric tactics, techniques, and procedures that seek to avoid situations where our advantages come into play.