Slide 1 © CSIR 2006 Countermeasures to consider in the Combat against Cyberterrorism Namosha Veerasamy and Dr. Marthie Grobler Council for.

Slide 1 © CSIR 2006 www.csir.co.za

Countermeasures to consider in the Combat against Cyberterrorism

Namosha Veerasamy and Dr. Marthie GroblerCouncil for Scientific and Industrial ResearchPretoria, South Africa


Modern Urban Battles

• The US and Iraq• Middle East unrest• Georgia and Russia• Zimbabwe• India and Pakistan• China and Tibet


Known Terrorist Groups

• Al Qaeda – Afghanistan• Basque Fatherland and Liberty (ETA), aka Euzkadi Ta

Askatasuna- Spain• HAMAS (Islamic Resistance Movement)• Hezbollah aka Islamic Jihad-Liberation of Palestine• Irish Republican Army (IRA)- Ireland• Kurdistan Workers Party (PKK) – Turkey• Liberation Tigers of Tamil Eelam (LTTE)-Sri Lanka• Revolutionary United Front (RUF) – Sierra Leone


Introduction

• Convergance of fear-causing world of terrorism with abstract realm of cyberspace

• Use technical security exploits• Stem from social, political and religious views• High-level view of countermeasures in the fight against

terrorism


Other definitions: Pollitt

• “Cyberterrorism is the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against noncombatant targets by sub national groups or clandestine agents “

• Malicious use of Information, Communication and Technology (ICT) Infrastructure

• Cause harm and distress


Most cited definition from Denning:

• “Cyberterrorism is the convergence of terrorism and cyberspace. …unlawful attacks and threats of attack against computers, networks, and the information stored …done to intimidate or coerce a government or its people in furtherance of political or social objectives. Further, to qualify a cyberterrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of cyberterrorism, depending on their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not.”


CharacteristicsCheap

AnonymousVaried

EnormousRemote

Direct EffectAutomatedReplicated

Fast

Target/FocusTransportation

UtilitiesFinancial sector

TelecommsEmergency Services

GovernmentManufacturing

Types of TerrorismReligiousNew Age

Ethnonationalist Separatist

RevolutionalFar Right Extremist

CapabilitiesEducationTraining

SkillExpertise

Financial supportResourcesIntelligence

Insider knowledge

PracticesDeface web sites

Distribute disinformationSpread propaganda

DOS using worms and viruses

Disrupt crucial systemsCorrupt essential data

Steal credit card info for funds

Malicious GoalsProtestDisrupt

Kill/MaimTerrify

IntimidateMeet demandsSensitive Info

Affect crucial servicesPublicity

Solicit money

Operating Forces

Attack LevelsSimply

UnstructuredAdvanced Structured

Complex Co-ordinated

Modes of OperationPerception

Management & Propoganda

Disruptive AttacksDestructive Attacks

Support FunctionsRecruitment

TrainingIntelligence

ReconnaissancePlanningLogisticsFinance

PropagandaSocial Services

Objectives

Techniques

Social FactorsCultureBeliefs

Political ViewsUpbringing

Personality Traits



Types of Terrorism

• Motivation: religious, political and social • Religious- theological beliefs• New Age- usually focus on one issue (eg animals)• Ethnonationalist separatist: establish new political order

based on ethnic dominance• Revolutionary (Terrorism to the left): seize political power• Far-right extremist (Right- wing): certain people are inferior

• “Cyberterror: Prospects and Implications,” published in August 1999 by the Center for the Study of Terrorism and Irregular Warfare at the Naval Postgraduate School (NPS) in Monterey, California (2004)


Types of Terrorists (Cont…)

• Religious/Theological beliefs• Strong quasi-religious fanatical elements for only total certainty

of belief (or total moral relativism) provides justification for taking lives ¹

• Certainly of belief that justifies the taking of lives• Fastest growing type• Unfocussed and target the masses• Sacrifice one’s life• Simple unstructured does not cause mass destruction• Advanced - structured offer rewards and comply with ideology

• 1. Laqueur, W. (1996), "Postmodern Terrorism", Foreign Affairs, Vol. 75, pp. 24.



• Etho-nationalist• Fighting to establish a new political order based on ethnic

dominance/homogeneity. ² • Public recognition• Have shown violent tendencies but more targets of symbol of

state like public facilities, government representatives• Rely on sympathy from community• Cyberterror attacks that cause interruptions: DoD• Use ICT for propaganda and gathering support

• 2. Post, J.M. (2005), "The New Face of Terrorism: Socio-Cultural Foundations of Contemporary Terrorism", Behavioral Sciences & the Law, Vol. 23, No. 4, pp. 451-465.



• Social-revolutionary • Terrorism of the left• Seek to overthrow the capitalist economic and social order 3

• Change structures and rules• Focussed attacks on governments and corporations to

protest against commercial and capitalist regimes

• 3. Post, J.M. (2005), "The New Face of Terrorism: Socio-Cultural Foundations of Contemporary Terrorism", Behavioral Sciences & the Law, Vol. 23, No. 4, pp. 451-465.



• New Age• The vulnerability of modern societies to unconventional attacks 4

• Use violence when traditional forms of campaigning to not yield results sufficiently fast

• Examples animal rights groups targeting pharmaceutical companies using arson and sabotage

• Anti-abortion and environmental groups• Disrupt e-commerce and web-based advertising

• 4. Gearson, J. (2002), "The Nature of Modern Terrorism", The Political Quarterly, Vol. 73, No. s1, pp. 7-24.



• Right Wing• Outsider” (eg. foreigners, ethnic and religious minorities) is

targeted as well as state itself, as they are seen as ineffective or worse under the sway of the outsiders 5

• Can be racist• Violence is acceptable form of demonstration• ICT for propaganda and disruption, selling survivalist gear or

distribution of material• Strong psychological roots of superiority

• 5. Michael, G. 2003, Confronting Right Wing Extremism and Terrorism in the USA, Routledge


Considerations

• Gangs, tribes, religious and ethnic groups yield power• Blurred lines between civilian and military boundaries• Consider at a high-level how people’s opinions are shaped • Help show growth of insurgency in groups• Cyberterrorism merge of terrorism and technology• Countermeasures: psychological and technical

perspectives



Legal and Political

• Major focus should be law enforcement and military response 1

• Treaties, protocols, regulations and acts can ensures fair conduct of relations between nations

• Laws can help promote acceptable forms of protest and consistent way of dealing with political and religious fanaticism

1 A.K. Cronin, "The diplomacy of counterterrorism lessons learned, ignored and disputed," International Research Group on Political Violence

(IRGPV), pp. 1-8, 2002.


Legal and political

• International presence eg. Interpol and Council of European Convention on Cyber Crime combating cyberterrorism

• Military force to retaliate against attacks can also cause group to hide and conduct underground operations

• No longer simple task to target hierarchical groups- geographically dispersed


Fusion Centres

• Intelligence• cultural specialists• security personnel • linguists• political military specialists• engineers• psychological operations• media relations• economic advisors


Humanitarian and peace-keeping

• Assistance to people suffering from famine, repressions, natural disasters and violence can help with conflict resolution

• Favourable response from the provision of money, food, medicine, education, fuel and employment

• Charity and education shows the effort to uplift the community


Analysis

• Patterns• Links• Forensics• Cultural• Tribal• Religious• Communications linguistics• Intelligence gathering from fusion and cultural centres


Technical Countermeasures

• Protective, detective and reactive• CSIRTs• Intrusion prevention• Network monitoring• Interception and blockage• Disaster Recovery• Forensics


CSIRTs

• Computer Security Incident Response teams • Proactive: assistance with info to prepare and protect

systems, technology watch• Detective: Identify attack patterns, audits• Reactive: Service announcements, incident handling


Network monitoring

• Detective• Jan 2008, Bush signed directive to monitor Internet traffic

on federal computers in response to large no. of attacks• Detection of suspicious behaviour: block web site, IP

address or port


Disaster Recovery Plan

• Contact information for appropriate people• Critical devices• Procedures• Chain-of-command


Forensics

• Cyberterrorism First Responders• Reactive to handle incident


Conclusion…

• Cyberspace potential means through which terrorists could cause chaos

• Affect psyche of communities• Underlying political, social, religious reasoning for violent

and extremist behaviour• Summary of political, religious, legal, economic, social and

technical issues to combat• Include countermeasures like laws, fusion centres,

education, treaties, network monitoring and CSIRTs


Discussion…

Slide 1 © CSIR 2006 Countermeasures to consider in the Combat against Cyberterrorism Namosha Veerasamy and Dr. Marthie Grobler Council for.

Documents