Introduction
The current level of improvement in technology, coupled with globalization, has made it possible for people to interact worldwide. The invention of the World Wide Web has made it possible for people to store, access, and share information around the world. This has seen improvements in trade relationships among various countries, as business operators are capable of accessing and sharing business ideas.
The Medical field has also not been left behind. It has been one of the fields that have greatly benefited from this development. It is now possible for doctors to add to their knowledge by obtaining additional information from medical journals and publications from their peers on the internet. Government relations among countries have been improved by technology. Various governments can now share ideas regarding government methods as well as mechanisms for reducing crimes.
With every person focusing on the internet for answers to various questions, the area has become one of the major targets for criminals whose aim is to conduct heinous crimes. There have been numerous cases of crimes being conducted over the internet. One of the major internet crimes that have become a threat to every nation is cyber terrorism.
What is cyber terrorism?
This is a controversial term with no common agreement on the meaning of the term. Some organizations take it to mean the deliberate act by terrorist groups of using the internet to attack and cause disruption in the information systems of certain private institutions or government institutions with an aim of sending an alarm and creating panic to the victims of the attack. It can be defined as the premeditated use of threats on computers and networks with an aim of causing harm or in pursuit of political, ideological, social, or religious motives (Anusuya, 2009, Par. 2). It is the opinion of some people that there is no existence of cyber terrorism.
The position is that what exists is hacking and information warfare, as these acts do not trigger fear or inflict physical harm on people. According to the National Conference of State Legislatures (NCSL), an organization comprising of legislators from 150 countries and aimed at addressing problems affecting their member states, cyber terrorism stands for the act of use of the internet by terrorist groups to conduct their terrorist activities. Cyber terrorism is similar to normal terrorism, the only difference being that in this case, the attackers use computers to stage their attacks.
Cyber terrorism can take the form of hacking into the CIA (Central Intelligence Agency) or FBI (Federal Bureau of Investigation) systems for example, with an aim of intimidating or forcing the American government with the intention of achieving a certain selfish end. It can also take the form of hacking into the financial and hospital systems of the country in a bid to lame the nation’s economy. In many cases, cyber terrorism is defined in two perspectives: effect-based and internet-based.
From an effect-based perspective, cyber terrorism is said to have occurred when the computer attack results in inflicting fear on people. Internet-based on the other hand is when the attack leads to severe damage to the country’s economy. The main motives of cyber-attacks are to cause physical destruction to a country, ensure that there is no confidentiality of country’s classified information such as security issues undermine the integrity of the country as well as making sure that vital information that could make the country progress is not available (Anusuya, 2009, Par. 4)
Background information
Public concern about cyber terrorism started in the year 1980. As the millennium approached, everyone was skeptical of the millennium bag. This led to people fearing the possibility of cyber-terrorist attacks. Despite the millennium bag not being related in any way to terrorist attacks or a conspiracy against the world, it led to people fearing that there might be a premeditated cyber attack. The terrorist attack of the United States on September 11 2001 made people as well as the media suspect of a potential occurrence of cyber terrorism in the years to come. Cyber terrorism takes two forms: one being an attack on data and the other attack on control systems.
Attack on the data comes where the attacks attempt to steal some information from the system, corrupt the information or deny some services to the system users. Attack on control system is where the attacks made an attempt to dismantle or take charge of the underlying infrastructure (Boyle, 2005, P. 39)
The major target in terrorist attacks is a denial of service. This is a situation where terrorists deliberately flood the system with a lot of information requests making it hard for the system to execute some of the requests made by the legitimate users of the system. Here terrorists investigate the internet in order to identify some of the vulnerable sites to attack. Most of these sites usually have a limited mechanism for countering the attack. Once they have identified the site, they conduct their first attack aimed at alerting the affected institution. Sometimes the attacks send a message confirming their responsibility for the attack and demand some favor for them to stop launching a full-scale attack (Coleman, 2003, Par. 4).
Risks of cyber terrorism on public and private entities
Cyber terrorism poses a great threat to the world. This has made the IT (Information Technology) industry, mass media, and security departments start looking at the underlying risks that it poses to various sectors. Scenarios have been developed where cyber terrorists have employed sophisticated technology to break into systems that manage air traffic or are responsible for water supply. With most of the vital infrastructures in the United States being networked through the use of computers, there is a high risk for cyber terrorism in the country.
With most terrorist groups looking for various methods of ensuring that they have incapacitated this country, there is a high possibility of these terrorists focusing on the network infrastructures of the country (Cordesman, 2002, P. 36). There have been cases of hackers finding their way to some of the government and private systems. This is a clear indication that it is possible for individuals to gain access to sensitive information stored in public systems as well as taking control of operations of important services in the country.
Terrorists, having knowledge of information technology and having some of the most sophisticated types of equipment, definitely can follow the same trend used by hackers and manage to access government systems. Having accessed the government and private systems, terrorists can be in a position to lender some of the services offered by military and financial systems malfunctioned. The rate at which our people are changing to use information systems has made it possible for terrorists to target this technology as the main object of attack (Dalal, 2005, Par. 3)
Deregulation as well as increased focus on increasing the profit has made most of the public and private institutions shift from their old way of operations to the use of the internet. This is because they are able to establish themselves globally as well as access information regarding potential markets and how to improve their profit from the internet. Through the internet, they have also managed to improve their efficiency and to reduce operating costs.
The energy industry and other private sectors in the United States have become vulnerable to cyber-terrorist attacks. It is possible for the attacker to establish internet links to these organizations’ systems allowing them to access the supervisory and data acquisition system (SCADA) of the institution (Dalal, 2005, Par. 5).
The system is responsible for controlling the flow of electricity and natural gas. It also controls systems of numerous industries including water purification plants, chemical processing industries, and water delivery services. Bearing in mind the importance of the system, there is a high possibility of terrorists targeting the system for an attack. By managing to access the system, terrorists can be in a position to control, cripple or disrupt some of the services provided by the system threatening national security (Gabrys, 2002, P.28).
As the cyber-terrorist attack continues to advance, there is a high possibility of terrorists developing computer software similar to those used by government agencies. According to Denning, this is the next step of cyber terrorism. Such an incidence was reported in Japan. In the year 2000, Japan’s Metropolitan police department claimed that Aum Shinryko; a group responsible for the Tokyo subway attacks of 1995, had managed to develop a copy of software they had purchased to help them in tracking approximately 150 police vehicles (Gabrys, 2002, P.31). By the time they discovered this, the group had managed to access confidential tracking information of about 115 vehicles.
They had also developed numerous software for Japanese companies and government agencies. As terrorist organizations have experience in software development, they might work as subcontractors with other software developing firms. This would make it hard for the government and private sectors to know the persons responsible for developing their software. This can give terrorists an opportunity to include a Trojan horse in the software to help them in conducting their cyber terrorism in the future (Government Technology, 2003, Par. 2).
Despite the country beefing up security in the country, most IT professionals expressed their skepticism about the government’s ability to prevent cyber terrorism. They claimed that there was a wide gap between cyberattacks and government capacity to control them. The concern was not only attacks directed to government systems but also to private sectors. A research released in 2003 reassured their skepticism.
The research conducted an investigation on computer security in federal agencies and their capability in controlling cyber terrorism. Grades were awarded depending on their capabilities. Other considerations included in the research were how effective the agencies trained their staff on how to cope with cyber attacks as well as how effectively they followed the set procedures to ensure security such as denying access to classified information and reducing the use of easily guessed passwords (Henderson, 2002, P. 18). Most of the involved federal agencies scored very poor grades reflecting how the government was not in a position to control the attack.
Department of Homeland Security which has been given the responsibility of tracking cyber security received the lowest grade among the investigated agencies. These findings clearly showed how the country faces a high risk of being attacked without the knowledge of the government or the government being able to control the attack. They proved that threat of cyber terrorism in the United States is real and the attack can lead to great damage in the country both financially and in loss of life (Kuchta, 2001, P. 32).
With America being able to counter any kind of physical attack staged against it, terrorists are shifting to the use of the internet and other telecommunication technologies to launch their attacks. Physical and border security in the country are the main reasons making these attacks focus on the use of the internet. It is possible for every person to access information on any computer that has been networked. The underlying vulnerability of the internet and computers is encouraging terrorists to improve their computer skills.
They are also forming alliances with other criminal organizations to help them in staging cyber terrorism. Cases have been reported where terrorist groups have accessed credit cards of various organizations and used them to defraud a lot of money. This is a clear indication that terrorist groups have advanced their computer skills and they are in a position of launching cyber terrorism at any time (Layland, 2006, P. 37). Terrorist groups have been found to collaborate with cyber criminals such as hackers in conducting their illegal businesses of drug and weapon trafficking. This reflects their continued effort of ensuring they have improved their computing skills. Their main motive is not being well understood, we can not rule out their bid to launch cyber terrorism in the near future.
Countering cyber terrorism
Efforts to curb cyber terrorism need not be the work of the government alone. There is a need for a combined effort from both the public and the government. The problem can be controlled if not absolutely eliminated. This is only if the three arms of the government: judiciary, legislative, and executive agree to pool together their efforts in controlling the problem. The public also needs to be vigilant on the problem. The legislative should show its commitment to curbing crime by coming up with stringent rules dealing with cyber terrorism. Despite there being statutes that deal with cybercrimes, there is a need for the establishment of new chapters to deal with the evolving methods of cybercrimes.
The available laws are not compatible with the present forms of cyber terrorism. The legislative needs to ensure that it has included a clause dealing with cyber terrorism in the information technology act. This will help in dealing with cyber terrorism (Nearon, 2005, P. 32).
The executive can play a vital role in controlling the crime by ensuring that it has come up with various rules that deal with cyber-terrorism and its aspects regularly. Through notification in the official gazette, the Central government can be able to develop rules that will help it in implementing Information technology Act provisions. This can help in ensuring that cyber café owners ensure that their internets are not used to conduct cyber terrorism.
This can be through ensuring that a person who wishes to use any network provides his or her identity to the service provider before being allowed to use the service (Nearon, 2005, P. 34). The identity can be through the production of photo identity card issues at school, a credit card bearing the photo of the person from any bank or passport. After a person has produced his or her identity, the service provider can now obtain and store information about the network user which includes the name of the user, occupation, place of residence and address, age, login time, and log-out time.
This can scare away people who wish to use cyber in conducting their crimes as it would be possible for the government to track and arrest them. A person who objects to produce his or her identity should not be allowed to use the service. Further, the government can block all websites that are perceived to encourage cyber terrorism. It can come up with a single body responsible for issuing instructions with respect to the blocking of websites. Currently, the Information technology Act does not provide for the blocking of websites.
The judiciary can participate in the eradication of cyber terrorism by taking a strict position against the problem. To manage this, it requires first address the issue of jurisdiction problem. The courts need to ensure that they have the necessary authorities to deal with the problem. As the internet is a joint venture where no organization or government body can claim to own it, there are no rules governing its use. The absence of geographical boundaries with respect to the internet further makes it hard to control its use. There happens a situation where rules applicable in one country are not applicable in another (Smith, 2004, PP. 48-52).
The judiciary can establish rules that would help it deal with cyber terrorism that has occurred within their countries as well as those done outside their countries but their implications affect their countries. They can also establish rules that would help them deal with the terrorists if they happen to be citizens of their country despite conducting the crime outside. This would significantly help in curbing cyber terrorism which is encouraged by boundary problems.
Coming up with regulations d to deal with cyber-terrorism alone can not be effective. The public needs to be vigilant and to report any case or person they suspect to be intending to conduct cybercrime. There is also a need for the government as well as private institutions to come up with effective computer hardware and software defense mechanisms. This includes installation of strong firewalls, properly configuring routers, using anti-virus software, and repairing sections of the network systems that they find to be vulnerable to attack. There is a need for regular testing of the systems to ensure that they are secure.
The severity of the attack can also be reduced by distributing information in different systems. This would ensure that the government or private institutions still have systems to help them continue with their activities even after the attack (Srinivasan, 2005, Par. 6).
Failures of the past government programs in eradicating cyber terrorism
For many years the government has established rules to govern the use of the internet. The information technology act is one of the statutes that have been established by the government. Despite this statute being in place, the problem has been seen to escalate. There has been no harmonization of various laws in the statute to facilitate dealing with cyber terrorism. The Act has no provision for blocking websites seen to encourage cyber terrorism. As a result, these websites have continued working leading to an increase in the risk of cyber terrorism. Blocking has been considered as violating the freedom of speech and expression of the service providers. This has made it hard for the government to block these sites even if they are seen to encourage the crime (Verton, 2002, P. 8)
Policy recommendation
Currently, there are numerous laws that deal with cybercrimes. These include the Indian penal code, Information Technology Act, data Protection act, and others. All these laws have led to confusion when it comes to dealing with cyber terrorism. There is no one Act that deals with cyber-terrorism specifically. To end this problem, there is a need for the government to unify these laws and come up with a single code that is efficient in dealing with all problems associated with cyber terrorism.
Reference list
Anusuya, S. (2009). The Menace of Cyber Crime. Web.
Boyle, M. (2005). The latest hit: CSI in your hard drive. Fortune, 152(10), 39.
Coleman, K. (2003). Cyber Terrorism. Web.
Cordesman, A. H. (2002). Cyber-Threats, information warfare, and critical infrastructure protection: Defending the U.S. homeland Westport, CT: Praeger.
Dalal, P. (2005).Cyber Terrorism and Its Solutions: An Indian Perspective. Web.
Gabrys, E. (2002). The international dimensions of cyber-crime, part 1. Information Systems Security, 11(4), 21-32.
Government Technology. (2003). Countering cyber terrorism. Web.
Henderson, S. E. (2002). Suing the insecure?: A duty of care in cyberspace. New Mexico Law Review, 32(1), 11-25.
Kuchta, K. J. (2001). Learning the computer forensic way. Information Systems Security, 10(5), 29-35.
Layland, R. (2006). Application security countering the professionals. Business Communications Review, 36(9), 34-39.
Nearon, B. H. (2005). Foundations in auditing and digital evidence. The CPA Journal, 75(1), 32-34.
Smith, G. S. (2004). Recognizing and preparing loss estimates from cyber-attacks. Information Systems Security, 12(6), 46-57.
Srinivasan, A. (2005). Combating Cyberterrorism. Web.
Verton, D. (2002). Critical infrastructure systems face threat of cyberattacks. Computerworld, 36(2), 8.