SlideShare a Scribd company logo

CyberTerrorismACaseOfAliceInWonderland

E
Enrique J Cordero
1 of 15
Download to read offline
Cordero 1 Enrique  J  Cordero   Dr.  Marie-­‐Helen  Maras   Cybercrime  –  GLOB1-­‐GC.2510   March  30,  2012   Cyberterrorism:  Is  it  a  case  of  Alice  in  wonderland?   “If   you   know   the   enemy   and   know   yourself,   you   need   not   to   fear   the   result   of   a   hundred   battles…   If   you   know   neither   the   enemy   nor   yourself,   you   will   succumb   in   every   battle…   Knowing  the  enemy  enables  you  to  take  offensive,  knowing  yourself  enables  you  to  stand  on   the  defensive.”   Sun  Tzu,  The  Art  of  War.  Attack  by  Stratagem,  18   Introduction   What  happened  with  the  “old  days”  of  conventional  and  guerilla  warfare  when  your  enemy   had  a  human  face,  and  tactical  plans  as  well  as  rules  of  engagement  where  clearly  defined,   the   amount   and   sophistication   of   one’s   kinetic   weapons   was   the   game   changer   and   acquiring  such  strategic  and  tactical  advantages  required  vast  amounts  of  resources?  Well,   as  we  will  see  in  the  following  pages,  those  days  have  been  rapidly  changing  and  may  be   replaced  by  a  world  that  until  recent  years  has  been  only  in  the  imagination  of  Hollywood.   The  structure  of  this  paper  is  delineated  by  the  answers  to  the  following  3  dilemmas:  Why   is  cyberterrorism  the  greatest  threat  amongst  all  forms  of  cybercrime?  What  measures  are   we  taking  against  the  threat  of  cyberterrorism,  and  how  effective  are  they?  And  finally,  how   can  we  better  address  the  threat  of  cyberterrorism?      
Cordero 2 Threat  assessment   Of   all   the   forms   of   cybercrime   cyberterrorism   stand   out   as   the   most   debated,   the   most   talked   about   in   the   media,   the   most   feared,   yet   the   least   consistently   defined   and,   not   surprisingly,  the  one  with  the  least  number  of  convictions.  It  is  this  combination  of  factors,   the  lack  of  clear  definitions,  hence  unclear  laws,  enforcement  and  punishment,  along  with   the   potential   threat   of   a   major   cyberattack   with   devastating   effects,   which   makes   cyberterrorism   the   greatest   threat   of   all   forms   of   cybercrime.   So,   as   stated   in   Sun   Tzu’s   quote  at  the  beginning  of  this  dissertation,  the  formula  to  successfully  wage  any  form  of   war   relies   on   knowing   the   enemy   and   ourselves;   however,   in   what   relates   to   cyberterrorism  we  still  have  yet  to  know  both.   Knowing  ourselves:  Definitions  and  legal  challenges   The  key  to  knowing  ourselves  in  the  cyberterrorism  space  relies  in  having  clear  definitions   as  to  what  it  is  and  what  it  is  not,  which  in  turn  would  build  a  baseline  for  establishing   governance  and  the  rule  of  law.  Definitions  of  cyberterrorism  date  back  to  the  1980’s  when   the  term  was  first  coined  by  Barry  Colin,  a  senior  fellow  at  the  Institute  for  Security  and   Intelligence  in  California,  who  discussed  this  dynamic  of  terrorism  as  transcendence  from   the   physical   to   the   virtual   realm   and   “the   intersection,   the   convergence   of   these   two   worlds....” 1  However,   nowadays   definitions   range   from   scholarly   developed   hybrid   concepts   between   Colin’s   statement   and   the   US   Government’s   definition   of   conventional   terrorism,   through   law   enforcement   conceived   and   based   mainly   on   impact   to   civilian   enterprise  data,  to  some  broad  in  scope  generated  by  legislative  groups.  Here  are  examples   of  the  three:  
Cordero 3 Maura  Conway,  a  doctoral  student  in  the  department  of  political  science,  Trinity  College  in   Dublin  defines  cyberterrorism  as,   Premeditated,   politically   motivated   attacks   by   subnational   groups   or   clandestine   agents   against  information,  computer  systems,  computer  programs,  and  data  that  result  in  violence   against  noncombatant  targets.2   Dr.  William  F.  Tafoya,  a  retired  FBI  special  agent,  and  now  coordinator  of  and  a  professor  in   the   Information   Protection   and   Security   Program   at   the   University   of   New   Haven   in   Connecticut  defines  cyberterrorism  as,   Intimidation   of   civilian   enterprise   through   the   use   of   high   technology   to   bring   about   political,   religious,   or   ideological   aims,   actions   that   result   in   disabling   or   deleting   critical   infrastructure  data  or  information.3   The  National  Conference  of  State  Legislatures,  an  organization  of  legislators  created  to  help   policymaker’s  issues  such  as  economy  and  homeland  security  defines  cyberterrorism  as,   [T]he   use   of   information   technology   by   terrorist   groups   and   individuals   to   further   their   agenda.   This   can   include   use   of   information   technology   to   organize   and   execute   attacks   against   networks,   computer   systems   and   telecommunications   infrastructures,   or   for   exchanging   information   or   making   threats   electronically.   Examples   are   hacking   into   computer  systems,  introducing  viruses  to  vulnerable  networks,  web  site  defacing,  Denial-­‐of-­‐ service  attacks,  or  terroristic  threats  made  via  electronic  communication.4   Differences  and  similarities  between  them  are  described  in  Table  1  in  terms  of  perpetrator,   motive,   target   and   intent.   Notice   that   of   these   4   areas   only   two,   motive   and   target   are   similar   across   the   three   definitions,   and   it   is   in   the   perpetrator   and   the   intent   were   the   wider  gap  is.    These  gaps  are  important  to  recognize  for  two  fundamental  reasons,  first  to   concentrate  the  debate  amongst  the  different  stakeholders,  and  second  to  enhance  
Cordero 4 TABLE  1.  Cyberterrorism  Definitions   Definition   Perpetrator   Motive   Target   Intent   Scholar   • Subnational   groups   • Clandestine   agents   • Politically   motivated   • Information   • Computer   systems   • Computer   programs   • Data   • Violence  against  non-­‐ combatants   Law   Enforcement   • Anyone   • Political,   religious  or   ideological   aims   • Information   • Critical   infrastructure   data   • Intimidation  of   civilian  enterprise   Legislative   Group   • Terrorist   Groups   • Individuals   • Further   groups   agendas   • Information   technology   • Computer   systems   • Telecom   infrastructure   • Attacks  against   systems   • Terroristic  threats     interpretation  of  the  law  when  it  comes  to  both  enforcement,  prosecution  and  conviction.   This  leads  us  to  the  second  aspect  of  knowing  ourselves,  the  legal  conundrum.     Take  the  case  of  Luis  Mijangos,  a  Southern  California  man  who  in  March  2011  was  accused   of   cyberterrorism,   found   guilty   and   then   sentenced   to   6   years   in   prison.   The   specific   charges   were   wire-­‐tapping   and   computer   hacking.   Mijangos   infiltrated   computers   belonging   to   women   and   teenage   girls   where   he   found   sexually   explicit   photos   and   threaten  to  put  them  online  unless  they  provided  him  with  more.  As  it  can  be  clearly  seen   this  particular  case  does  not  fit  the  intent  or  motive  in  any  of  the  definitions  above,  and   only  fits  the  perpetrator  in  Dr.  Tafoya’s  definition  because  is  broad  enough.  However,  the   case  was  portrayed  as  cyberterrorism  because  the  word  alone  would  justify  a  more  severe   punishment,  as  it  is  clear  in  the  words  of  U.S.  District  Judge  George  King  himself,     who  called  the  crimes  a  form  of  cyberterrorism  and  warned  other  hackers  they  will  meet   stiff  penalties  for  ruining  people’s  lives:  “Society  has  to  understand  that  if  you  engage  in  this  
Cordero 5 type  of  behavior,  it’s  no  joke,”  King  said.  “You  are  going  to  jail  and  going  to  jail  for  a  long   time.”  5     There  is  no  doubt  that  the  crimes  for  which  this  man  was  accused,  tried  and  sentenced  are   despicable   and   deserve   punishment,   but   the   concept   of   cyberterrorism   should   not   be   hijacked  so  we  as  a  society  can  call  for  harsher  punishment.   To  illustrate  even  further  the  complexity  of  the  different  legal  challenges  consider  the  cases   of   the   recent   SOPA   and   PIPA   bills,   which   were   very   quickly   rejected   in   Congress   on   the   grounds  of  invasion  of  privacy  and  limitation  of  citizen’s  liberties  in  the  Internet.6  Now,  as   of  the  writing  of  this  paper,  a  new  bill,  CISPA,  is  being  debated  in  the  US  Congress,  and   many  experts  and  internet  freedom  defenders  are  already  calling  it  a  refurbish  version  of   the   old   SOPA/PIPA,   but   with   even   more   overreaching   measures   that   “would   end   the   Internet  as  we  know  it.”7  It  seems  like  even  with  the  best  of  intentions  from  our  legislature   this   bills   are   crafted   casting   such   a   wide   net   that   include   many   forms   of   cybercrime,   cyberterrorism   being   one   of   them,   adding   more   complexity   and   confusion   into   the   legal   dilemma.   Knowing   the   enemy:   Is   cyberterrorism   the   sum   of   all   fears   or   just   weapons   of   mass   annoyance?8   In  the  road  to  knowing  the  enemy  the  first  step  is  to  assess  the  level  of  risk  and  probability   associated   with   a   potential   aggressive   action   that   may   come   from   the   other   side.   Unfortunately,   threat   assessment   in   cyberterrorism   goes   from   the   devastating   and   imminent   to   the   nuisance   and   dismissive.   Let’s   evaluate   the   first   one,   devastating   and   imminent.  
Cordero 6 One  of  the  earliest  risk  assessments  of  this  kind  appears  in  the  National  Security  Decision   Directive   Number   145   on   National   Policy   on   Telecommunications   and   Automated   Information  Systems  Security  issued  by  the  White  House  on  September  17,  1984,  stated   that,   The  technology  to  exploit  these  electronic  systems  is  widespread  and  is  used  extensively  by   foreign  nations  and  can  be  employed,  as  well,  by  terrorist  groups  and  criminal  elements.   Government  systems  as  well  as  those  which  process  the  private  or  proprietary  information   of  US  persons  and  businesses  can  become  targets  for  foreign  exploitation.9   The  second  identifiable  assessment  came  shortly  after  the  terrorist  attacks  of  September   11,  2001  in  New  York  City  when    a  special  congressional  commission  examining  terrorism  was  concerned  that  future  attacks   against   the   U.S.   might   occur   in   conjunction   with   a   cyberattack   that   would   maximize   the   destructive   effects   of   physical   weapons   such   as   bombs   or   chemical   assaults:   "There   has   been   substantial   concern   [about]   the   potential   consequences   of   cyberattacks,"   "Communications,  if  disrupted,  could  have  significant  impact  on  the  [physical]  attack  itself,   and  we  have  been  very  focused  on  that  and  very  concerned  about  that  particular  issue,"  said   Virginia  Gov.  James  Gilmore,  chairman  of  the  commission.10   Then  in  March  of  2002  and  April  of  the  same  year  the  CIA  stated  that  they  were  alert  to  the   possibility  of  cyber  warfare  attacks  by  terrorist  as  they  were  becoming  viable  options  for   them  and  other  foreign  adversaries  becoming  more  familiar  with  these  targets,  and  even   went   as   far   as   pinpointing   al-­‐Qa’ida   and   Hizballah   becoming   more   adept   at   using   the   Internet   and   computer   technologies:   “This   groups   have   the   intentions   and   desire   to   develop  some  of  the  cyberskills  necessary  to  forge  and  effective  cyber  attack  MO.”11  
Cordero 7 Finally,  we  have  The  Comprehensive  National  Cybersecurity  Initiative  in  which  President   Obama   has   identified   cybersecurity   as   one   of   the   most   serious   economic   and   national   security  challenges,  but  one  that  the  US  is  not  adequately  prepared  to  counter.12   Opposite   to   these   previous   assessments   we   have   the   nuisance   and   dismissive   school   of   thought.  According  to  James  A.  Lewis  from  the  Center  for  Strategic  &  International  Studies,   based   on   an   assessment   of   the   historical   occurrence   of   cyberterrorism   attacks   against   infrastructure,   the   consequences   of   routine   infrastructure   failures,   the   dependency   of   infrastructure  on  computer  networks  and  their  redundancies,  and  the  likelihood  of  cyber-­‐ weapons  achieving  political  goals,     computer   network   vulnerabilities   are   an   increasingly   serious   business   problem   but   their   threat  to  national  security  is  overstated.  In  all  cases,  cyber  attacks  are  less  effective  and  less   disruptive  than  physical  attacks.  Their  only  advantage  is  that  they  are  cheaper  and  easier  to   carry  out  than  a  physical  attack.13   Just  recently  Dr.  Thomas  Rid  stated  that  a  virtual  conflict  is  more  hype  than  reality  and  that   recent   cyberattacks   such   as   the   one   in   Estonia   were   more   a   nuisance   and   an   emotional   strike  in  the  country,  also  that  creating  a  Pearl  Harbor  scenario  in  cyberspace  would  be  a   daunting  challenge  at  best.  In  his  view  Cyberwar  alarmists  want  the  United  States  to  see   cybersecurity  as  a  new  challenge  on  a  geopolitical  scale.14   Having  this  disparity  of  assessments  will  only  increase  the  possibilities  of  disagreement  in   selecting  the  right  course  of  action  and  reduce  the  ability  to  better  understand  the  enemy’s   true   capability   while   some   members   of   the   stakeholder   community   will   be   overly   concerned  and  reactive  whereas  others  will  be  complacent  and  underprepared.      
Cordero 8 Current  measures  and  their  effectiveness   In  the  US   From  the  cyber-­‐power-­‐countries  the  United  States  is  the  one  at  the  helm  of  the  debate  and   one  of  the  most  progressive  in  terms  of  actions  and  preparedness  in  relation  not  only  to   cyberterrorism,  but  cybercrime  in  general.  This  comes  as  no  surprise  since  the  country  has   gone  through  a  rude  awakening  after  the  terrorist  attacks  of  9/11  and  the  wars  that  came   after  that.  Many  measures  have  been  taken  both  in  terms  of  legislation  and  institutional   change;  however,  the  effectiveness  of  these  actions  is  still  being  debated.   Legislative  Measures   Policy  measures  date  back  to  the  Reagan  administration  with  two  pieces  of  legislation,  the   Computer   Abuse   Act   in   1984/8615  targeted   to   curb   computer   crime,   and   the   1987   Computer   Security   Act16  enacted   in   an   effort   to   protect   federal   agencies’   computer   data   from  espionage.  However,  one  of  the  most  notable  in  recent  years  came  when  the  Bush   administration   enacted   the   USA   Patriot   Act   in   2001,   more   specifically   Title   VIII   Section   81417,  which  deals  with  strengthening  the  criminal  laws  against  terrorism  as  well  as  the   deterrence  and  prevention  of  cyberterrorism.  In  particular  it   increased  the  maximum  penalty  for  intentionally  damaging  a  federally  protected  computer   from   a   prison   term   of   five   years   to   a   prison   term   of   10   years   and   raised   the   maximum   penalty   from   a   prison   term   of   10   years   to   a   prison   term   of   20   years   for   intentionally   or   recklessly  damaging  a  federally  protected  computer  after  having  previously  been  convicted   of  computer  abuse.18   It   also   broadened   the   scope   of   protection   provided   to   federally   protected   computers   by   adding  a  fifth  category  for  triggering  criminal  or  civil  liability.  
Cordero 9 Effectiveness   of   policy   measures   can   be   assessed   in   two   ways:   deterrence,   and   effective   prosecution  and  conviction.    Deterrence  is  hard  to  document,  but  one  can  just  consider  the   fact   that   there   has   not   been   an   occurrence   of   a   major   cyberattack   with   significant   or   devastating  impact,  despite  the  countless  and  relentless  efforts  of  enemy  groups  to  acquire   and  use  cyber-­‐weapons  against  the  US  and  its  interests.19  Now,  in  terms  of  prosecution  and   convictions,  a  2004  report  to  Congress  from  Atty.  Gen.  John  Ashcroft  stated  that,  since  the   enactment  of  the  USA  PATRIOT  Act  and  as  a  direct  result  of  it,  the  US  Department  of  Justice   had  charged  310  defendants  with  criminal  offenses  related  to  terrorism,  and  from  those   179  had  already  been  convicted.    In  relation  to  cyberterrorism,  the  same  report  cited  the   2004   conviction   of   Rajib   Mitra,   a   man   who   jammed   the   Madison,   Wisconsin   police   department’s  emergency  radio  system  in  more  than  20  occasions;  Mitra  was  sentenced  to   eight   years   in   prison.   Also   cited   is   the   case   of   a   cyberterrorist   threat   to   the   South   Pole   Research  Station  in  2003,  which  was  quickly  investigated  and  resolved  using  section  212  of   the  act  to  identify  the  perpetrators  and  arrest  them  before  any  harm  was  done.20   Institutional  Change  Measures   In  June  of  2009  the  US  military  recognizing  the  importance  of  protecting  cyberspace  just  as   they  do  land,  air,  sea  and  space,  initiated  an  effort  to  consolidate  two  task  forces  (Joint  Task   Force-­‐Global   Network   Operations,   which   carried   out   the   bulk   of   operation   Buckshot   Yankee,   and   Joint   Task   Force-­‐Network   Warfare,   the   military's   cyber-­‐offense   arm)   into   a   single  four-­‐start  command,  the  U.S.  Cyber  Command,  which  began  operations  in  May  2010   as  part  of  the  U.S.  strategic  command  with  General  Keith  B.  Alexander  as  head  of  this  new   command.  
Cordero 10 Institutional   change   effectiveness   is   usually   gaged   by   the   accomplishment   of   its   fundamental  missions.  USCYBERCOM  has  three  basic  missions:  first,  to  protect  all  defense   networks   and   support   military   and   counter-­‐terrorism   missions   with   operations   in   cyberspace;  second,  to  manage  and  orchestrate  all  cyberwarfare  resources  across  the  U.S.   military;  and  third,  to  work  and  liaise  with  a  wide  range  of  stakeholders  inside  and  outside   the  U.S.  government  in  pursue  of  the  cybermission.  21   In  reference  to  the  first  element  of  the  mission,  in  August,  2011,  Army  Cyber  Command   reported  that  a  corps  of  21,000  soldiers  and  civilians  has  been  put  together  to  serve  24/7   worldwide   operating   and   defending   all   Army   networks   under   the   U.S.   Cyber   Command   umbrella.  In  simplest  terms,  Army  Cyber  Command  provides  security  for  these  networks  so   commanders,  regardless  of  their  location,  can  communicate  with  their  own  forces,  higher   headquarters  and  other  elements.22   In  relation  to  the  second  premise  of  USCYBERCOM  mission,  the  U.S.  Air  Force  reported  in   October,   2010,   that   cyber   training   became   a   permanent   fixture   of   the   Air   Force   Basic   Military   Training   curriculum.   The   two   main   courses,   Cyber   200   and   Cyber   300,   give   students  two  slightly  different  looks  at  cyber  operations,  but  cover  the  same  main  topics:   the  technology,  the  policy,  the  doctrine  and  the  law  as  they  relate  to  the  cyber  domain.23   Finally,   USCYBERCOM   results   in   following   its   third   mission   are   demonstrated   when   in   August,  2011,   a  new  pilot  program  in  which  the  Defense  Department  shares  classified  threat  intelligence   with  defense  contractors  or  their  commercial  Internet  service  providers  is  showing  promise   in   increasing   their   cyber   defenses   and   preventing   enemy   intrusions   into   sensitive   government  networks.24  
Cordero 11 In  the  International  Community   Activities   at   the   UN   have   shown   some   initial   measures   in   the   form   of   several   General   Assembly  resolutions  dealing  with  the  creation  of  a  global  culture  of  cybersecurity  and  the   protection  of  critical  information  infrastructures.   Moreover,  a  new  Group  of  Governmental  Experts  will  form  in  2012  to  submit  a  report  in   2013,   marking   the   next   step   in   the   politico-­‐military   stream   and   the   norm   emergence   process.25   In   these   new   efforts   each   of   the   commanding   countries   plays   a   different   role   as   their   motives  are  drive  by  individual  interest,  to  that  effect   Russia  has  been  playing  a  crucial  role  in  this  process  with  the  U.S.  as  the  most  important   counterweight.  Germany,  Canada,  and  the  United  Kingdom  have  also  played  an  active  role   funding  various  research  projects  and  expert  groups.  Curiously,  China  seems  to  have  been   rather  inactive  except  for  its  co-­‐sponsorship  of  the  resolution  in  the  First  Committee  in  the   year   after   the   U.S.   decided   to   vote   against   it   for   the   first   time   and   the   recent   code   of   conduct.26   In  terms  of  the  effectiveness  that  these  norms  will  have  in  the  future,  one  has  to  consider   first   that   the   UN   is   a   fragmented   system   in   its   activities   regarding   cybercrime   and   ultimately  countries  themselves  will  play  a  fundamental  role  as  norm  originators,  as  well  as   the   different   endogenous   and   exogenous   factors   that   undoubtedly   will   affect   the   perceptions  of  States’  policy  makers.   Forward-­looking  preparedness   As   we   have   seen   there   is   still   work   to   be   done   in   the   quest   to   fighting   the   threat   of   cyberterrorism,   and   such   a   fight   is   better   served   by   a   robust   prevention   strategy.   Prevention  starts  with  taking  effective  actions  to  increase  awareness  and  education,  as  well  
Cordero 12 as   setting   the   appropriate   legal   frameworks   that   will   allow   for   effective   deterrence   and   adjudication.   Important   strides   have   been   accomplished   in   terms   of   education   but   the   subject  is  still  very  unknown  and  clouded  by  misconception  and  sensationalism.  The  media   in  particular  is  a  very  important  actor  in  this  space  and  a  fundamental  connection  to  the   public   in   general,   so   educating   it   and   empowering   it   can   prove   very   effective   in   the   prevention   efforts.   Regarding   adjudication   the   first   step   is   setting   clear   scope   and   definitions  about  cyberterrorism.  As  demonstrated  in  the  beginning  of  this  paper,  current   definitions  widely  vary  across  the  different  sets  of  stakeholders  involved  in  the  discourse,   so  a  starting  point  could  be  reaching  agreement  in  the  areas  of  perpetrator  and  intent  since   there  seems  to  be  already  a  common  language  in  what  relates  to  motive  and  target.  Once  all   stakeholders   party   to   this   important   form   of   cybercrime   reach   agreement   as   to   its   definition  and  scope,  setting  the  rule  of  law  that  will  govern  monitoring,  enforcement  and   punishment  will  transcend  from  semantics  to  execution.   In  conclusion,  the  debate  must  go  on,  but  concrete  and  prompt  actions  must  be  taken  in  the   near  future.  At  stake  are  not  only  the  national  security  of  all  cyberpower  nations,  but  also   the   assurance   of   a   safe   and   stable   Internet   that   can   continue   serving   as   catalyzer   for   economic  and  social  development.  It  is  then  of  vital  importance  that  future  debates  and   solutions  are  the  result  of  a  concerted  effort  between  a  wide  spectrum  of  stakeholders  from   academia,  state  actors,  law  enforcement  agencies,  the  media  as  well  as  sensible  members  of   the  hacking  community  such  as  “white  hat”  hackers  and  other  cybersecurity  experts.   I  would  like  to  finish  this  dissertation  by  highlighting  the  words  of  Sun  Tzu  regarding  the   importance  of  preventive  and  defensive  measures:  “Attack  is  the  secret  of  defense;  defense  is   the  planning  of  an  attack.”    
Cordero 13 REFERENCES                                                                                                                   1  Tafoya,   William   L.   “Cyber   Terror,”   FBI   Law   Enforcement   Bulletin,   November   2011,   http://www.fbi.gov/stats-­‐services/publications/law-­‐enforcement-­‐ bulletin/november-­‐2011/cyber-­‐terror  (accessed  April  25,  2012).   2  Conway,  Maura.  “What  is  Cyberterrorism?”  Current  History  101.659  (2002):  436-­‐42.   3  Ditto  reference  1   4  National   Conference   of   State   Legislatures.   “Cyber   Terrorism”   http://www.ncsl.org/programs/lis/cip/cyberterrorism.htm   (accessed   April   25,   2012).   5  Chicago  Sun-­‐Times.  “6  years  for  California  man  convicted  of  cyberterrorism.”  September   3,   2011.   http://www.suntimes.com/news/nation/7412050-­‐418/6-­‐years-­‐for-­‐ california-­‐man-­‐convicted-­‐of-­‐cyberterrorism.html  (accessed  April  26,2012)   6  The   DePaulia.   “SOPA/PIPA   bills   rejected.”   January   23,   2012.   http://www.depauliaonline.com/mobile/nation-­‐world/sopa-­‐pipa-­‐bills-­‐rejected-­‐ 1.2746879  (accessed  April  26,  2012)   7  International   Business   Times.   “What   Is   CISPA   2012?   Inside   The   Bill   That   Has   Internet   Privacy   Advocates   Up   In   Arms.”   April   26,   2012.   http://www.ibtimes.com/articles/333865/20120426/cispa-­‐what-­‐sopa-­‐pipa-­‐acta-­‐ stop-­‐congress.htm  (accessed  April  26,  2012)   8  Weapons  of  mass  annoyance:  a  phrase  originated  by  Stewart  Baker.   9  Dunn-­‐Cavelty,  Myriam.  “Cyber-­‐Terror-­‐  Looming  Threat  or  Phantom  Menace?  The  Framing   of  the  US  Cyber-­‐Threat  Debate.”  Journal  of  Information  Technology  &  Politics.  (2008)   4:1,  19-­‐36.  
Cordero 14                                                                                                                                                                                                                                                                                                                                                                       10  Computerworld.   “U.S.   commission   eyes   cyberterrorism   threat   ahead.”   September   17,   2001.   http://www.computerworld.com/s/article/63965/U.S._commission_eyes_cyberterr orism_threat_ahead?taxonomyId=017  (accessed  April  26,  2012)   11  Ditto  reference  9   12  The  White  House.  National  Security  Council.  “The  Comprehensive  National  Cybersecurity   Initiative.”   http://www.whitehouse.gov/cybersecurity/comprehensive-­‐national-­‐ cybersecurity-­‐initiative  (accessed  April  26,  2012)   13  Lewis,   James   A.   “Assessing   the   Risks   of   Cyber   Terrorism,   Cyber   War   and   Other   Cyber   Threats.”   Center   for   Strategic   and   International   Studies.   December,   2002.   http://csis.org/files/media/csis/pubs/021101_risks_of_cyberterror.pdf   (accessed   April  27,  2012)   14  Rid,   Thomas.   “Think   Again:   Cyberwar.”   Foreign   Policy   Magazine.   March/April   2012.   http://www.foreignpolicy.com/articles/2012/02/27/cyberwar?print=yes&hidecom ments=yes&page=full  (accessed  March  20,  2012)   15  The  Counterfeit  Access  Device  and  Computer  Fraud  Abuse  Act,  18  U.S.C.  1030  (1984).;   Computer  Fraud  Abuse  Act  (U.S.)  18  U.S.C.  1030(a)  (1986)   16  Computer  Security  Act  of  1987,  Public  Law  100-­‐235,  H.R.  145,  (1988),  (100th  Congress)   17  USA  PATRIOT  Act  of  2001,  Public  Law  107-­‐56,  H.R.  3162,  (2001),  (107th  Congress)   18  US  Department  of  Justice.  “Report  From  The  Field:  The  USA  PATRIOT  Act  at  work.”  July   2004.   http://www.justice.gov/olp/pdf/patriot_report_from_the_field0704.pdf   (accessed  April  27,  2012)   19  Ditto  reference  9  
Cordero 15                                                                                                                                                                                                                                                                                                                                                                       20  Ditto  reference  18   21  Lynn,  William  J,  III.  2010.  “Defending  a  New  Domain.”  Foreign  Affairs.  89,  no.  5:  97-­‐108.   22  U.S.   Department   of   Defense.   “Army   Cyber   Command   Focuses   on   Protecting   Vital   Networks.”   American   Forces   Press   Service.   August   15,   2011.   http://www.defense.gov/news/newsarticle.aspx?id=65031   (accessed   April   28,   2012)   23  U.S.   Department   of   Defense.   “Air   Force   School   Focuses   on   Cybersecurity.”   American   Forces   Press   Service.   October   29,   2010.   http://www.defense.gov/news/newsarticle.aspx?id=61471   (accessed   April   28,   2012)   24  U.S.   Department   of   Defense.   “Sharing   Intelligence   Helps   Contractors   Strengthen   Cyber   Defenses.”   American   Forces   Press   Service.   August   16,   2011.   http://www.defense.gov/news/newsarticle.aspx?id=65050   (accessed   April   28,   2012)   25  Maurer,  Tim.  “Cyber  Norm  Emergence  at  the  United  Nations  –  An  Analysis  of  the  UN‘s   Activities  Regarding  Cyber-­‐security?”  Discussion  Paper  2011-­‐11,  Cambridge,  Mass.:   Belfer   Center   for   Science   and   International   Affairs,   Harvard   Kennedy   School,   September  2011.   26  Ditto  reference  25  

Recommended

Great Issues Reflective Essay CybersecurityLI
Great Issues Reflective Essay CybersecurityLIGreat Issues Reflective Essay CybersecurityLI
Great Issues Reflective Essay CybersecurityLIJames Bollen
 
UNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKINGUNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKINGLillian Ekwosi-Egbulem
 
Privacy and terrorism informatics
Privacy and terrorism informaticsPrivacy and terrorism informatics
Privacy and terrorism informaticsmali chum
 
HacktivismPaper.docx
HacktivismPaper.docxHacktivismPaper.docx
HacktivismPaper.docxDesarae Veit
 
Gsn 2014 digital yearbook of homeland security awards
Gsn 2014 digital yearbook of homeland security awardsGsn 2014 digital yearbook of homeland security awards
Gsn 2014 digital yearbook of homeland security awardsChuck Brooks
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )Sameer Paradia
 
Marriage of Cyber Security with Emergency Management -- NEMA
Marriage of Cyber Security with Emergency Management -- NEMAMarriage of Cyber Security with Emergency Management -- NEMA
Marriage of Cyber Security with Emergency Management -- NEMADavid Sweigert
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
 

Recommended

Great Issues Reflective Essay CybersecurityLI
Great Issues Reflective Essay CybersecurityLIGreat Issues Reflective Essay CybersecurityLI
Great Issues Reflective Essay CybersecurityLIJames Bollen
 
UNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKINGUNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKINGLillian Ekwosi-Egbulem
 
Privacy and terrorism informatics
Privacy and terrorism informaticsPrivacy and terrorism informatics
Privacy and terrorism informaticsmali chum
 
HacktivismPaper.docx
HacktivismPaper.docxHacktivismPaper.docx
HacktivismPaper.docxDesarae Veit
 
Gsn 2014 digital yearbook of homeland security awards
Gsn 2014 digital yearbook of homeland security awardsGsn 2014 digital yearbook of homeland security awards
Gsn 2014 digital yearbook of homeland security awardsChuck Brooks
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )Sameer Paradia
 
Marriage of Cyber Security with Emergency Management -- NEMA
Marriage of Cyber Security with Emergency Management -- NEMAMarriage of Cyber Security with Emergency Management -- NEMA
Marriage of Cyber Security with Emergency Management -- NEMADavid Sweigert
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
 
NCRIC Analysis of Cyber Security Emergency Management
NCRIC Analysis of Cyber Security Emergency ManagementNCRIC Analysis of Cyber Security Emergency Management
NCRIC Analysis of Cyber Security Emergency ManagementDavid Sweigert
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonEljay Robertson
 
Reliability not Reliance.
Reliability not Reliance.Reliability not Reliance.
Reliability not Reliance.George Briggs
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfareshifahirani
 
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemIT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemLillian Ekwosi-Egbulem
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsLove Steven
 
ABI White Paper
ABI White PaperABI White Paper
ABI White PaperRandy Weaver
 
The securitization of online activism
The securitization of online activismThe securitization of online activism
The securitization of online activismjwilso
 
Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Jordan Peacock
 
Privacy in the Information Age
Privacy in the Information AgePrivacy in the Information Age
Privacy in the Information AgeJordan Peacock
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Chuck Brooks
 
About cyber war
About cyber warAbout cyber war
About cyber wareugenvaleriu
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Ben Griffith
 
A criminological psychology based digital forensic investigative framework
A criminological psychology based digital forensic investigative frameworkA criminological psychology based digital forensic investigative framework
A criminological psychology based digital forensic investigative frameworkSameer Dasaka
 
Chapter 12 Power Point
Chapter 12 Power PointChapter 12 Power Point
Chapter 12 Power Pointtaylor024519
 
The Information Warfare: how it can affect us
The Information Warfare: how it can affect usThe Information Warfare: how it can affect us
The Information Warfare: how it can affect usLuis Borges Gouveia
 
White7e ppt ch17
White7e ppt ch17White7e ppt ch17
White7e ppt ch17difordham
 
Information Warfare
Information WarfareInformation Warfare
Information Warfaredibyendupaul
 
R41674
R41674R41674
R41674Dr Lendy Spires
 
Clean CT Class - Copy
Clean CT Class - CopyClean CT Class - Copy
Clean CT Class - CopyMark Leslie
 
aboutme
aboutmeaboutme
aboutmeKhwanruthai Panya
 
CV_Inma_Munoz final
CV_Inma_Munoz finalCV_Inma_Munoz final
CV_Inma_Munoz finalInma Munoz Carcelen
 

More Related Content

What's hot

NCRIC Analysis of Cyber Security Emergency Management
NCRIC Analysis of Cyber Security Emergency ManagementNCRIC Analysis of Cyber Security Emergency Management
NCRIC Analysis of Cyber Security Emergency ManagementDavid Sweigert
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonEljay Robertson
 
Reliability not Reliance.
Reliability not Reliance.Reliability not Reliance.
Reliability not Reliance.George Briggs
 
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemIT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemLillian Ekwosi-Egbulem
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsLove Steven
 
The securitization of online activism
The securitization of online activismThe securitization of online activism
The securitization of online activismjwilso
 
Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Jordan Peacock
 
Privacy in the Information Age
Privacy in the Information AgePrivacy in the Information Age
Privacy in the Information AgeJordan Peacock
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Chuck Brooks
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Ben Griffith
 
A criminological psychology based digital forensic investigative framework
A criminological psychology based digital forensic investigative frameworkA criminological psychology based digital forensic investigative framework
A criminological psychology based digital forensic investigative frameworkSameer Dasaka
 
Chapter 12 Power Point
Chapter 12 Power PointChapter 12 Power Point
Chapter 12 Power Pointtaylor024519
 
The Information Warfare: how it can affect us
The Information Warfare: how it can affect usThe Information Warfare: how it can affect us
The Information Warfare: how it can affect usLuis Borges Gouveia
 
White7e ppt ch17
White7e ppt ch17White7e ppt ch17
White7e ppt ch17difordham
 
Information Warfare
Information WarfareInformation Warfare
Information Warfaredibyendupaul
 
Clean CT Class - Copy
Clean CT Class - CopyClean CT Class - Copy
Clean CT Class - CopyMark Leslie
 

What's hot (20)

NCRIC Analysis of Cyber Security Emergency Management
NCRIC Analysis of Cyber Security Emergency ManagementNCRIC Analysis of Cyber Security Emergency Management
NCRIC Analysis of Cyber Security Emergency Management
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
 
Reliability not Reliance.
Reliability not Reliance.Reliability not Reliance.
Reliability not Reliance.
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfare
 
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemIT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectors
 
ABI White Paper
ABI White PaperABI White Paper
ABI White Paper
 
The securitization of online activism
The securitization of online activismThe securitization of online activism
The securitization of online activism
 
Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]
 
Privacy in the Information Age
Privacy in the Information AgePrivacy in the Information Age
Privacy in the Information Age
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...
 
About cyber war
About cyber warAbout cyber war
About cyber war
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
 
A criminological psychology based digital forensic investigative framework
A criminological psychology based digital forensic investigative frameworkA criminological psychology based digital forensic investigative framework
A criminological psychology based digital forensic investigative framework
 
Chapter 12 Power Point
Chapter 12 Power PointChapter 12 Power Point
Chapter 12 Power Point
 
The Information Warfare: how it can affect us
The Information Warfare: how it can affect usThe Information Warfare: how it can affect us
The Information Warfare: how it can affect us
 
White7e ppt ch17
White7e ppt ch17White7e ppt ch17
White7e ppt ch17
 
Information Warfare
Information WarfareInformation Warfare
Information Warfare
 
R41674
R41674R41674
R41674
 
Clean CT Class - Copy
Clean CT Class - CopyClean CT Class - Copy
Clean CT Class - Copy
 

Viewers also liked

Chapter dki jakarta mht
Chapter dki jakarta mhtChapter dki jakarta mht
Chapter dki jakarta mhtRumah CSR
 
The Top 10 Cities for Tech Startups
The Top 10 Cities for Tech StartupsThe Top 10 Cities for Tech Startups
The Top 10 Cities for Tech StartupsNeil Eisenberg
 
Hoja de reflexión
Hoja de reflexiónHoja de reflexión
Hoja de reflexiónjesusgc98
 
Chapter dki jakarta mht
Chapter dki jakarta mhtChapter dki jakarta mht
Chapter dki jakarta mhtRumah CSR
 
Chapter DKI Jakarta_MHT
Chapter DKI Jakarta_MHTChapter DKI Jakarta_MHT
Chapter DKI Jakarta_MHTRumah CSR
 
Puedo comunicarme mejor
Puedo comunicarme mejorPuedo comunicarme mejor
Puedo comunicarme mejorAniBoli
 
Tu puedes decidir estilo de vida
Tu puedes decidir estilo de vidaTu puedes decidir estilo de vida
Tu puedes decidir estilo de vidaKAtiRojChu
 

Viewers also liked (15)

aboutme
aboutmeaboutme
aboutme
 
CV_Inma_Munoz final
CV_Inma_Munoz finalCV_Inma_Munoz final
CV_Inma_Munoz final
 
Chapter dki jakarta mht
Chapter dki jakarta mhtChapter dki jakarta mht
Chapter dki jakarta mht
 
Vasu
VasuVasu
Vasu
 
EWS Resume 2016
EWS Resume 2016EWS Resume 2016
EWS Resume 2016
 
Meenu Resume.
Meenu Resume.Meenu Resume.
Meenu Resume.
 
Cell
CellCell
Cell
 
The Top 10 Cities for Tech Startups
The Top 10 Cities for Tech StartupsThe Top 10 Cities for Tech Startups
The Top 10 Cities for Tech Startups
 
Hoja de reflexión
Hoja de reflexiónHoja de reflexión
Hoja de reflexión
 
Chapter dki jakarta mht
Chapter dki jakarta mhtChapter dki jakarta mht
Chapter dki jakarta mht
 
Chapter DKI Jakarta_MHT
Chapter DKI Jakarta_MHTChapter DKI Jakarta_MHT
Chapter DKI Jakarta_MHT
 
Puedo comunicarme mejor
Puedo comunicarme mejorPuedo comunicarme mejor
Puedo comunicarme mejor
 
Nadie me escucha en esta casa (v unidad)
Nadie me escucha en esta casa (v unidad) Nadie me escucha en esta casa (v unidad)
Nadie me escucha en esta casa (v unidad)
 
Tu puedes decidir estilo de vida
Tu puedes decidir estilo de vidaTu puedes decidir estilo de vida
Tu puedes decidir estilo de vida
 
Resume
ResumeResume
Resume
 

Similar to CyberTerrorismACaseOfAliceInWonderland

Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentationmerlyna
 
The Patriot Act Title Vii Section 814 And 816
The Patriot Act Title Vii Section 814 And 816The Patriot Act Title Vii Section 814 And 816
The Patriot Act Title Vii Section 814 And 816Nicole Fields
 
CJ513Unit 3 DQTopic #1The Definition of CyberterrorismDi
CJ513Unit 3 DQTopic #1The Definition of CyberterrorismDiCJ513Unit 3 DQTopic #1The Definition of CyberterrorismDi
CJ513Unit 3 DQTopic #1The Definition of CyberterrorismDiVinaOconner450
 
PROTECTING THE NATION’S CYBER SYSTEMS 9WHAT ARE THE .docx
PROTECTING THE NATION’S CYBER SYSTEMS 9WHAT ARE THE .docxPROTECTING THE NATION’S CYBER SYSTEMS 9WHAT ARE THE .docx
PROTECTING THE NATION’S CYBER SYSTEMS 9WHAT ARE THE .docxbriancrawford30935
 
Causes of the Growing Conflict Between Privacy and Security
Causes of the Growing Conflict Between Privacy and SecurityCauses of the Growing Conflict Between Privacy and Security
Causes of the Growing Conflict Between Privacy and SecurityDon Edwards
 
A View Of Cyberterrorism Five Years Later
A View Of Cyberterrorism Five Years LaterA View Of Cyberterrorism Five Years Later
A View Of Cyberterrorism Five Years LaterJulie Davis
 
WHAT ARE THE METHODS THAT CAN BE EMPLOYED TO REDUCE THE TH.docx
WHAT ARE THE METHODS THAT CAN BE EMPLOYED TO REDUCE THE TH.docxWHAT ARE THE METHODS THAT CAN BE EMPLOYED TO REDUCE THE TH.docx
WHAT ARE THE METHODS THAT CAN BE EMPLOYED TO REDUCE THE TH.docxphilipnelson29183
 
The Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalThe Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalLeslie Lee
 
Running headEMERGING THREATS AND COUNTERMEASURES .docx
Running headEMERGING THREATS AND COUNTERMEASURES .docxRunning headEMERGING THREATS AND COUNTERMEASURES .docx
Running headEMERGING THREATS AND COUNTERMEASURES .docxrtodd599
 
Cyber Weapons Proliferation
Cyber Weapons Proliferation Cyber Weapons Proliferation
Cyber Weapons Proliferation OllieShoresna
 
1)Using general mass-media (such as news sites) identify a recent co.pdf
1)Using general mass-media (such as news sites) identify a recent co.pdf1)Using general mass-media (such as news sites) identify a recent co.pdf
1)Using general mass-media (such as news sites) identify a recent co.pdfezzi552
 

Similar to CyberTerrorismACaseOfAliceInWonderland (20)

Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentation
 
The Patriot Act Title Vii Section 814 And 816
The Patriot Act Title Vii Section 814 And 816The Patriot Act Title Vii Section 814 And 816
The Patriot Act Title Vii Section 814 And 816
 
Traditional Terrorists
Traditional TerroristsTraditional Terrorists
Traditional Terrorists
 
CJ513Unit 3 DQTopic #1The Definition of CyberterrorismDi
CJ513Unit 3 DQTopic #1The Definition of CyberterrorismDiCJ513Unit 3 DQTopic #1The Definition of CyberterrorismDi
CJ513Unit 3 DQTopic #1The Definition of CyberterrorismDi
 
28658043 cyber-terrorism
28658043 cyber-terrorism28658043 cyber-terrorism
28658043 cyber-terrorism
 
PROTECTING THE NATION’S CYBER SYSTEMS 9WHAT ARE THE .docx
PROTECTING THE NATION’S CYBER SYSTEMS 9WHAT ARE THE .docxPROTECTING THE NATION’S CYBER SYSTEMS 9WHAT ARE THE .docx
PROTECTING THE NATION’S CYBER SYSTEMS 9WHAT ARE THE .docx
 
Causes of the Growing Conflict Between Privacy and Security
Causes of the Growing Conflict Between Privacy and SecurityCauses of the Growing Conflict Between Privacy and Security
Causes of the Growing Conflict Between Privacy and Security
 
A View Of Cyberterrorism Five Years Later
A View Of Cyberterrorism Five Years LaterA View Of Cyberterrorism Five Years Later
A View Of Cyberterrorism Five Years Later
 
WHAT ARE THE METHODS THAT CAN BE EMPLOYED TO REDUCE THE TH.docx
WHAT ARE THE METHODS THAT CAN BE EMPLOYED TO REDUCE THE TH.docxWHAT ARE THE METHODS THAT CAN BE EMPLOYED TO REDUCE THE TH.docx
WHAT ARE THE METHODS THAT CAN BE EMPLOYED TO REDUCE THE TH.docx
 
Cyber-Terrorism Essay
Cyber-Terrorism EssayCyber-Terrorism Essay
Cyber-Terrorism Essay
 
The Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalThe Hacked World Order By Adam Segal
The Hacked World Order By Adam Segal
 
Running headEMERGING THREATS AND COUNTERMEASURES .docx
Running headEMERGING THREATS AND COUNTERMEASURES .docxRunning headEMERGING THREATS AND COUNTERMEASURES .docx
Running headEMERGING THREATS AND COUNTERMEASURES .docx
 
Cyber Weapons Proliferation
Cyber Weapons Proliferation Cyber Weapons Proliferation
Cyber Weapons Proliferation
 
Cyber Terrorism Essay
Cyber Terrorism EssayCyber Terrorism Essay
Cyber Terrorism Essay
 
Terrorist Cyber Attacks
Terrorist Cyber AttacksTerrorist Cyber Attacks
Terrorist Cyber Attacks
 
1)Using general mass-media (such as news sites) identify a recent co.pdf
1)Using general mass-media (such as news sites) identify a recent co.pdf1)Using general mass-media (such as news sites) identify a recent co.pdf
1)Using general mass-media (such as news sites) identify a recent co.pdf
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorism
 
R41674
R41674R41674
R41674
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 

CyberTerrorismACaseOfAliceInWonderland

  • 1. Cordero 1 Enrique  J  Cordero   Dr.  Marie-­‐Helen  Maras   Cybercrime  –  GLOB1-­‐GC.2510   March  30,  2012   Cyberterrorism:  Is  it  a  case  of  Alice  in  wonderland?   “If   you   know   the   enemy   and   know   yourself,   you   need   not   to   fear   the   result   of   a   hundred   battles…   If   you   know   neither   the   enemy   nor   yourself,   you   will   succumb   in   every   battle…   Knowing  the  enemy  enables  you  to  take  offensive,  knowing  yourself  enables  you  to  stand  on   the  defensive.”   Sun  Tzu,  The  Art  of  War.  Attack  by  Stratagem,  18   Introduction   What  happened  with  the  “old  days”  of  conventional  and  guerilla  warfare  when  your  enemy   had  a  human  face,  and  tactical  plans  as  well  as  rules  of  engagement  where  clearly  defined,   the   amount   and   sophistication   of   one’s   kinetic   weapons   was   the   game   changer   and   acquiring  such  strategic  and  tactical  advantages  required  vast  amounts  of  resources?  Well,   as  we  will  see  in  the  following  pages,  those  days  have  been  rapidly  changing  and  may  be   replaced  by  a  world  that  until  recent  years  has  been  only  in  the  imagination  of  Hollywood.   The  structure  of  this  paper  is  delineated  by  the  answers  to  the  following  3  dilemmas:  Why   is  cyberterrorism  the  greatest  threat  amongst  all  forms  of  cybercrime?  What  measures  are   we  taking  against  the  threat  of  cyberterrorism,  and  how  effective  are  they?  And  finally,  how   can  we  better  address  the  threat  of  cyberterrorism?      
  • 2. Cordero 2 Threat  assessment   Of   all   the   forms   of   cybercrime   cyberterrorism   stand   out   as   the   most   debated,   the   most   talked   about   in   the   media,   the   most   feared,   yet   the   least   consistently   defined   and,   not   surprisingly,  the  one  with  the  least  number  of  convictions.  It  is  this  combination  of  factors,   the  lack  of  clear  definitions,  hence  unclear  laws,  enforcement  and  punishment,  along  with   the   potential   threat   of   a   major   cyberattack   with   devastating   effects,   which   makes   cyberterrorism   the   greatest   threat   of   all   forms   of   cybercrime.   So,   as   stated   in   Sun   Tzu’s   quote  at  the  beginning  of  this  dissertation,  the  formula  to  successfully  wage  any  form  of   war   relies   on   knowing   the   enemy   and   ourselves;   however,   in   what   relates   to   cyberterrorism  we  still  have  yet  to  know  both.   Knowing  ourselves:  Definitions  and  legal  challenges   The  key  to  knowing  ourselves  in  the  cyberterrorism  space  relies  in  having  clear  definitions   as  to  what  it  is  and  what  it  is  not,  which  in  turn  would  build  a  baseline  for  establishing   governance  and  the  rule  of  law.  Definitions  of  cyberterrorism  date  back  to  the  1980’s  when   the  term  was  first  coined  by  Barry  Colin,  a  senior  fellow  at  the  Institute  for  Security  and   Intelligence  in  California,  who  discussed  this  dynamic  of  terrorism  as  transcendence  from   the   physical   to   the   virtual   realm   and   “the   intersection,   the   convergence   of   these   two   worlds....” 1  However,   nowadays   definitions   range   from   scholarly   developed   hybrid   concepts   between   Colin’s   statement   and   the   US   Government’s   definition   of   conventional   terrorism,   through   law   enforcement   conceived   and   based   mainly   on   impact   to   civilian   enterprise  data,  to  some  broad  in  scope  generated  by  legislative  groups.  Here  are  examples   of  the  three:  
  • 3. Cordero 3 Maura  Conway,  a  doctoral  student  in  the  department  of  political  science,  Trinity  College  in   Dublin  defines  cyberterrorism  as,   Premeditated,   politically   motivated   attacks   by   subnational   groups   or   clandestine   agents   against  information,  computer  systems,  computer  programs,  and  data  that  result  in  violence   against  noncombatant  targets.2   Dr.  William  F.  Tafoya,  a  retired  FBI  special  agent,  and  now  coordinator  of  and  a  professor  in   the   Information   Protection   and   Security   Program   at   the   University   of   New   Haven   in   Connecticut  defines  cyberterrorism  as,   Intimidation   of   civilian   enterprise   through   the   use   of   high   technology   to   bring   about   political,   religious,   or   ideological   aims,   actions   that   result   in   disabling   or   deleting   critical   infrastructure  data  or  information.3   The  National  Conference  of  State  Legislatures,  an  organization  of  legislators  created  to  help   policymaker’s  issues  such  as  economy  and  homeland  security  defines  cyberterrorism  as,   [T]he   use   of   information   technology   by   terrorist   groups   and   individuals   to   further   their   agenda.   This   can   include   use   of   information   technology   to   organize   and   execute   attacks   against   networks,   computer   systems   and   telecommunications   infrastructures,   or   for   exchanging   information   or   making   threats   electronically.   Examples   are   hacking   into   computer  systems,  introducing  viruses  to  vulnerable  networks,  web  site  defacing,  Denial-­‐of-­‐ service  attacks,  or  terroristic  threats  made  via  electronic  communication.4   Differences  and  similarities  between  them  are  described  in  Table  1  in  terms  of  perpetrator,   motive,   target   and   intent.   Notice   that   of   these   4   areas   only   two,   motive   and   target   are   similar   across   the   three   definitions,   and   it   is   in   the   perpetrator   and   the   intent   were   the   wider  gap  is.    These  gaps  are  important  to  recognize  for  two  fundamental  reasons,  first  to   concentrate  the  debate  amongst  the  different  stakeholders,  and  second  to  enhance  
  • 4. Cordero 4 TABLE  1.  Cyberterrorism  Definitions   Definition   Perpetrator   Motive   Target   Intent   Scholar   • Subnational   groups   • Clandestine   agents   • Politically   motivated   • Information   • Computer   systems   • Computer   programs   • Data   • Violence  against  non-­‐ combatants   Law   Enforcement   • Anyone   • Political,   religious  or   ideological   aims   • Information   • Critical   infrastructure   data   • Intimidation  of   civilian  enterprise   Legislative   Group   • Terrorist   Groups   • Individuals   • Further   groups   agendas   • Information   technology   • Computer   systems   • Telecom   infrastructure   • Attacks  against   systems   • Terroristic  threats     interpretation  of  the  law  when  it  comes  to  both  enforcement,  prosecution  and  conviction.   This  leads  us  to  the  second  aspect  of  knowing  ourselves,  the  legal  conundrum.     Take  the  case  of  Luis  Mijangos,  a  Southern  California  man  who  in  March  2011  was  accused   of   cyberterrorism,   found   guilty   and   then   sentenced   to   6   years   in   prison.   The   specific   charges   were   wire-­‐tapping   and   computer   hacking.   Mijangos   infiltrated   computers   belonging   to   women   and   teenage   girls   where   he   found   sexually   explicit   photos   and   threaten  to  put  them  online  unless  they  provided  him  with  more.  As  it  can  be  clearly  seen   this  particular  case  does  not  fit  the  intent  or  motive  in  any  of  the  definitions  above,  and   only  fits  the  perpetrator  in  Dr.  Tafoya’s  definition  because  is  broad  enough.  However,  the   case  was  portrayed  as  cyberterrorism  because  the  word  alone  would  justify  a  more  severe   punishment,  as  it  is  clear  in  the  words  of  U.S.  District  Judge  George  King  himself,     who  called  the  crimes  a  form  of  cyberterrorism  and  warned  other  hackers  they  will  meet   stiff  penalties  for  ruining  people’s  lives:  “Society  has  to  understand  that  if  you  engage  in  this  
  • 5. Cordero 5 type  of  behavior,  it’s  no  joke,”  King  said.  “You  are  going  to  jail  and  going  to  jail  for  a  long   time.”  5     There  is  no  doubt  that  the  crimes  for  which  this  man  was  accused,  tried  and  sentenced  are   despicable   and   deserve   punishment,   but   the   concept   of   cyberterrorism   should   not   be   hijacked  so  we  as  a  society  can  call  for  harsher  punishment.   To  illustrate  even  further  the  complexity  of  the  different  legal  challenges  consider  the  cases   of   the   recent   SOPA   and   PIPA   bills,   which   were   very   quickly   rejected   in   Congress   on   the   grounds  of  invasion  of  privacy  and  limitation  of  citizen’s  liberties  in  the  Internet.6  Now,  as   of  the  writing  of  this  paper,  a  new  bill,  CISPA,  is  being  debated  in  the  US  Congress,  and   many  experts  and  internet  freedom  defenders  are  already  calling  it  a  refurbish  version  of   the   old   SOPA/PIPA,   but   with   even   more   overreaching   measures   that   “would   end   the   Internet  as  we  know  it.”7  It  seems  like  even  with  the  best  of  intentions  from  our  legislature   this   bills   are   crafted   casting   such   a   wide   net   that   include   many   forms   of   cybercrime,   cyberterrorism   being   one   of   them,   adding   more   complexity   and   confusion   into   the   legal   dilemma.   Knowing   the   enemy:   Is   cyberterrorism   the   sum   of   all   fears   or   just   weapons   of   mass   annoyance?8   In  the  road  to  knowing  the  enemy  the  first  step  is  to  assess  the  level  of  risk  and  probability   associated   with   a   potential   aggressive   action   that   may   come   from   the   other   side.   Unfortunately,   threat   assessment   in   cyberterrorism   goes   from   the   devastating   and   imminent   to   the   nuisance   and   dismissive.   Let’s   evaluate   the   first   one,   devastating   and   imminent.  
  • 6. Cordero 6 One  of  the  earliest  risk  assessments  of  this  kind  appears  in  the  National  Security  Decision   Directive   Number   145   on   National   Policy   on   Telecommunications   and   Automated   Information  Systems  Security  issued  by  the  White  House  on  September  17,  1984,  stated   that,   The  technology  to  exploit  these  electronic  systems  is  widespread  and  is  used  extensively  by   foreign  nations  and  can  be  employed,  as  well,  by  terrorist  groups  and  criminal  elements.   Government  systems  as  well  as  those  which  process  the  private  or  proprietary  information   of  US  persons  and  businesses  can  become  targets  for  foreign  exploitation.9   The  second  identifiable  assessment  came  shortly  after  the  terrorist  attacks  of  September   11,  2001  in  New  York  City  when    a  special  congressional  commission  examining  terrorism  was  concerned  that  future  attacks   against   the   U.S.   might   occur   in   conjunction   with   a   cyberattack   that   would   maximize   the   destructive   effects   of   physical   weapons   such   as   bombs   or   chemical   assaults:   "There   has   been   substantial   concern   [about]   the   potential   consequences   of   cyberattacks,"   "Communications,  if  disrupted,  could  have  significant  impact  on  the  [physical]  attack  itself,   and  we  have  been  very  focused  on  that  and  very  concerned  about  that  particular  issue,"  said   Virginia  Gov.  James  Gilmore,  chairman  of  the  commission.10   Then  in  March  of  2002  and  April  of  the  same  year  the  CIA  stated  that  they  were  alert  to  the   possibility  of  cyber  warfare  attacks  by  terrorist  as  they  were  becoming  viable  options  for   them  and  other  foreign  adversaries  becoming  more  familiar  with  these  targets,  and  even   went   as   far   as   pinpointing   al-­‐Qa’ida   and   Hizballah   becoming   more   adept   at   using   the   Internet   and   computer   technologies:   “This   groups   have   the   intentions   and   desire   to   develop  some  of  the  cyberskills  necessary  to  forge  and  effective  cyber  attack  MO.”11  
  • 7. Cordero 7 Finally,  we  have  The  Comprehensive  National  Cybersecurity  Initiative  in  which  President   Obama   has   identified   cybersecurity   as   one   of   the   most   serious   economic   and   national   security  challenges,  but  one  that  the  US  is  not  adequately  prepared  to  counter.12   Opposite   to   these   previous   assessments   we   have   the   nuisance   and   dismissive   school   of   thought.  According  to  James  A.  Lewis  from  the  Center  for  Strategic  &  International  Studies,   based   on   an   assessment   of   the   historical   occurrence   of   cyberterrorism   attacks   against   infrastructure,   the   consequences   of   routine   infrastructure   failures,   the   dependency   of   infrastructure  on  computer  networks  and  their  redundancies,  and  the  likelihood  of  cyber-­‐ weapons  achieving  political  goals,     computer   network   vulnerabilities   are   an   increasingly   serious   business   problem   but   their   threat  to  national  security  is  overstated.  In  all  cases,  cyber  attacks  are  less  effective  and  less   disruptive  than  physical  attacks.  Their  only  advantage  is  that  they  are  cheaper  and  easier  to   carry  out  than  a  physical  attack.13   Just  recently  Dr.  Thomas  Rid  stated  that  a  virtual  conflict  is  more  hype  than  reality  and  that   recent   cyberattacks   such   as   the   one   in   Estonia   were   more   a   nuisance   and   an   emotional   strike  in  the  country,  also  that  creating  a  Pearl  Harbor  scenario  in  cyberspace  would  be  a   daunting  challenge  at  best.  In  his  view  Cyberwar  alarmists  want  the  United  States  to  see   cybersecurity  as  a  new  challenge  on  a  geopolitical  scale.14   Having  this  disparity  of  assessments  will  only  increase  the  possibilities  of  disagreement  in   selecting  the  right  course  of  action  and  reduce  the  ability  to  better  understand  the  enemy’s   true   capability   while   some   members   of   the   stakeholder   community   will   be   overly   concerned  and  reactive  whereas  others  will  be  complacent  and  underprepared.      
  • 8. Cordero 8 Current  measures  and  their  effectiveness   In  the  US   From  the  cyber-­‐power-­‐countries  the  United  States  is  the  one  at  the  helm  of  the  debate  and   one  of  the  most  progressive  in  terms  of  actions  and  preparedness  in  relation  not  only  to   cyberterrorism,  but  cybercrime  in  general.  This  comes  as  no  surprise  since  the  country  has   gone  through  a  rude  awakening  after  the  terrorist  attacks  of  9/11  and  the  wars  that  came   after  that.  Many  measures  have  been  taken  both  in  terms  of  legislation  and  institutional   change;  however,  the  effectiveness  of  these  actions  is  still  being  debated.   Legislative  Measures   Policy  measures  date  back  to  the  Reagan  administration  with  two  pieces  of  legislation,  the   Computer   Abuse   Act   in   1984/8615  targeted   to   curb   computer   crime,   and   the   1987   Computer   Security   Act16  enacted   in   an   effort   to   protect   federal   agencies’   computer   data   from  espionage.  However,  one  of  the  most  notable  in  recent  years  came  when  the  Bush   administration   enacted   the   USA   Patriot   Act   in   2001,   more   specifically   Title   VIII   Section   81417,  which  deals  with  strengthening  the  criminal  laws  against  terrorism  as  well  as  the   deterrence  and  prevention  of  cyberterrorism.  In  particular  it   increased  the  maximum  penalty  for  intentionally  damaging  a  federally  protected  computer   from   a   prison   term   of   five   years   to   a   prison   term   of   10   years   and   raised   the   maximum   penalty   from   a   prison   term   of   10   years   to   a   prison   term   of   20   years   for   intentionally   or   recklessly  damaging  a  federally  protected  computer  after  having  previously  been  convicted   of  computer  abuse.18   It   also   broadened   the   scope   of   protection   provided   to   federally   protected   computers   by   adding  a  fifth  category  for  triggering  criminal  or  civil  liability.  
  • 9. Cordero 9 Effectiveness   of   policy   measures   can   be   assessed   in   two   ways:   deterrence,   and   effective   prosecution  and  conviction.    Deterrence  is  hard  to  document,  but  one  can  just  consider  the   fact   that   there   has   not   been   an   occurrence   of   a   major   cyberattack   with   significant   or   devastating  impact,  despite  the  countless  and  relentless  efforts  of  enemy  groups  to  acquire   and  use  cyber-­‐weapons  against  the  US  and  its  interests.19  Now,  in  terms  of  prosecution  and   convictions,  a  2004  report  to  Congress  from  Atty.  Gen.  John  Ashcroft  stated  that,  since  the   enactment  of  the  USA  PATRIOT  Act  and  as  a  direct  result  of  it,  the  US  Department  of  Justice   had  charged  310  defendants  with  criminal  offenses  related  to  terrorism,  and  from  those   179  had  already  been  convicted.    In  relation  to  cyberterrorism,  the  same  report  cited  the   2004   conviction   of   Rajib   Mitra,   a   man   who   jammed   the   Madison,   Wisconsin   police   department’s  emergency  radio  system  in  more  than  20  occasions;  Mitra  was  sentenced  to   eight   years   in   prison.   Also   cited   is   the   case   of   a   cyberterrorist   threat   to   the   South   Pole   Research  Station  in  2003,  which  was  quickly  investigated  and  resolved  using  section  212  of   the  act  to  identify  the  perpetrators  and  arrest  them  before  any  harm  was  done.20   Institutional  Change  Measures   In  June  of  2009  the  US  military  recognizing  the  importance  of  protecting  cyberspace  just  as   they  do  land,  air,  sea  and  space,  initiated  an  effort  to  consolidate  two  task  forces  (Joint  Task   Force-­‐Global   Network   Operations,   which   carried   out   the   bulk   of   operation   Buckshot   Yankee,   and   Joint   Task   Force-­‐Network   Warfare,   the   military's   cyber-­‐offense   arm)   into   a   single  four-­‐start  command,  the  U.S.  Cyber  Command,  which  began  operations  in  May  2010   as  part  of  the  U.S.  strategic  command  with  General  Keith  B.  Alexander  as  head  of  this  new   command.  
  • 10. Cordero 10 Institutional   change   effectiveness   is   usually   gaged   by   the   accomplishment   of   its   fundamental  missions.  USCYBERCOM  has  three  basic  missions:  first,  to  protect  all  defense   networks   and   support   military   and   counter-­‐terrorism   missions   with   operations   in   cyberspace;  second,  to  manage  and  orchestrate  all  cyberwarfare  resources  across  the  U.S.   military;  and  third,  to  work  and  liaise  with  a  wide  range  of  stakeholders  inside  and  outside   the  U.S.  government  in  pursue  of  the  cybermission.  21   In  reference  to  the  first  element  of  the  mission,  in  August,  2011,  Army  Cyber  Command   reported  that  a  corps  of  21,000  soldiers  and  civilians  has  been  put  together  to  serve  24/7   worldwide   operating   and   defending   all   Army   networks   under   the   U.S.   Cyber   Command   umbrella.  In  simplest  terms,  Army  Cyber  Command  provides  security  for  these  networks  so   commanders,  regardless  of  their  location,  can  communicate  with  their  own  forces,  higher   headquarters  and  other  elements.22   In  relation  to  the  second  premise  of  USCYBERCOM  mission,  the  U.S.  Air  Force  reported  in   October,   2010,   that   cyber   training   became   a   permanent   fixture   of   the   Air   Force   Basic   Military   Training   curriculum.   The   two   main   courses,   Cyber   200   and   Cyber   300,   give   students  two  slightly  different  looks  at  cyber  operations,  but  cover  the  same  main  topics:   the  technology,  the  policy,  the  doctrine  and  the  law  as  they  relate  to  the  cyber  domain.23   Finally,   USCYBERCOM   results   in   following   its   third   mission   are   demonstrated   when   in   August,  2011,   a  new  pilot  program  in  which  the  Defense  Department  shares  classified  threat  intelligence   with  defense  contractors  or  their  commercial  Internet  service  providers  is  showing  promise   in   increasing   their   cyber   defenses   and   preventing   enemy   intrusions   into   sensitive   government  networks.24  
  • 11. Cordero 11 In  the  International  Community   Activities   at   the   UN   have   shown   some   initial   measures   in   the   form   of   several   General   Assembly  resolutions  dealing  with  the  creation  of  a  global  culture  of  cybersecurity  and  the   protection  of  critical  information  infrastructures.   Moreover,  a  new  Group  of  Governmental  Experts  will  form  in  2012  to  submit  a  report  in   2013,   marking   the   next   step   in   the   politico-­‐military   stream   and   the   norm   emergence   process.25   In   these   new   efforts   each   of   the   commanding   countries   plays   a   different   role   as   their   motives  are  drive  by  individual  interest,  to  that  effect   Russia  has  been  playing  a  crucial  role  in  this  process  with  the  U.S.  as  the  most  important   counterweight.  Germany,  Canada,  and  the  United  Kingdom  have  also  played  an  active  role   funding  various  research  projects  and  expert  groups.  Curiously,  China  seems  to  have  been   rather  inactive  except  for  its  co-­‐sponsorship  of  the  resolution  in  the  First  Committee  in  the   year   after   the   U.S.   decided   to   vote   against   it   for   the   first   time   and   the   recent   code   of   conduct.26   In  terms  of  the  effectiveness  that  these  norms  will  have  in  the  future,  one  has  to  consider   first   that   the   UN   is   a   fragmented   system   in   its   activities   regarding   cybercrime   and   ultimately  countries  themselves  will  play  a  fundamental  role  as  norm  originators,  as  well  as   the   different   endogenous   and   exogenous   factors   that   undoubtedly   will   affect   the   perceptions  of  States’  policy  makers.   Forward-­looking  preparedness   As   we   have   seen   there   is   still   work   to   be   done   in   the   quest   to   fighting   the   threat   of   cyberterrorism,   and   such   a   fight   is   better   served   by   a   robust   prevention   strategy.   Prevention  starts  with  taking  effective  actions  to  increase  awareness  and  education,  as  well  
  • 12. Cordero 12 as   setting   the   appropriate   legal   frameworks   that   will   allow   for   effective   deterrence   and   adjudication.   Important   strides   have   been   accomplished   in   terms   of   education   but   the   subject  is  still  very  unknown  and  clouded  by  misconception  and  sensationalism.  The  media   in  particular  is  a  very  important  actor  in  this  space  and  a  fundamental  connection  to  the   public   in   general,   so   educating   it   and   empowering   it   can   prove   very   effective   in   the   prevention   efforts.   Regarding   adjudication   the   first   step   is   setting   clear   scope   and   definitions  about  cyberterrorism.  As  demonstrated  in  the  beginning  of  this  paper,  current   definitions  widely  vary  across  the  different  sets  of  stakeholders  involved  in  the  discourse,   so  a  starting  point  could  be  reaching  agreement  in  the  areas  of  perpetrator  and  intent  since   there  seems  to  be  already  a  common  language  in  what  relates  to  motive  and  target.  Once  all   stakeholders   party   to   this   important   form   of   cybercrime   reach   agreement   as   to   its   definition  and  scope,  setting  the  rule  of  law  that  will  govern  monitoring,  enforcement  and   punishment  will  transcend  from  semantics  to  execution.   In  conclusion,  the  debate  must  go  on,  but  concrete  and  prompt  actions  must  be  taken  in  the   near  future.  At  stake  are  not  only  the  national  security  of  all  cyberpower  nations,  but  also   the   assurance   of   a   safe   and   stable   Internet   that   can   continue   serving   as   catalyzer   for   economic  and  social  development.  It  is  then  of  vital  importance  that  future  debates  and   solutions  are  the  result  of  a  concerted  effort  between  a  wide  spectrum  of  stakeholders  from   academia,  state  actors,  law  enforcement  agencies,  the  media  as  well  as  sensible  members  of   the  hacking  community  such  as  “white  hat”  hackers  and  other  cybersecurity  experts.   I  would  like  to  finish  this  dissertation  by  highlighting  the  words  of  Sun  Tzu  regarding  the   importance  of  preventive  and  defensive  measures:  “Attack  is  the  secret  of  defense;  defense  is   the  planning  of  an  attack.”    
  • 13. Cordero 13 REFERENCES                                                                                                                   1  Tafoya,   William   L.   “Cyber   Terror,”   FBI   Law   Enforcement   Bulletin,   November   2011,   http://www.fbi.gov/stats-­‐services/publications/law-­‐enforcement-­‐ bulletin/november-­‐2011/cyber-­‐terror  (accessed  April  25,  2012).   2  Conway,  Maura.  “What  is  Cyberterrorism?”  Current  History  101.659  (2002):  436-­‐42.   3  Ditto  reference  1   4  National   Conference   of   State   Legislatures.   “Cyber   Terrorism”   http://www.ncsl.org/programs/lis/cip/cyberterrorism.htm   (accessed   April   25,   2012).   5  Chicago  Sun-­‐Times.  “6  years  for  California  man  convicted  of  cyberterrorism.”  September   3,   2011.   http://www.suntimes.com/news/nation/7412050-­‐418/6-­‐years-­‐for-­‐ california-­‐man-­‐convicted-­‐of-­‐cyberterrorism.html  (accessed  April  26,2012)   6  The   DePaulia.   “SOPA/PIPA   bills   rejected.”   January   23,   2012.   http://www.depauliaonline.com/mobile/nation-­‐world/sopa-­‐pipa-­‐bills-­‐rejected-­‐ 1.2746879  (accessed  April  26,  2012)   7  International   Business   Times.   “What   Is   CISPA   2012?   Inside   The   Bill   That   Has   Internet   Privacy   Advocates   Up   In   Arms.”   April   26,   2012.   http://www.ibtimes.com/articles/333865/20120426/cispa-­‐what-­‐sopa-­‐pipa-­‐acta-­‐ stop-­‐congress.htm  (accessed  April  26,  2012)   8  Weapons  of  mass  annoyance:  a  phrase  originated  by  Stewart  Baker.   9  Dunn-­‐Cavelty,  Myriam.  “Cyber-­‐Terror-­‐  Looming  Threat  or  Phantom  Menace?  The  Framing   of  the  US  Cyber-­‐Threat  Debate.”  Journal  of  Information  Technology  &  Politics.  (2008)   4:1,  19-­‐36.  
  • 14. Cordero 14                                                                                                                                                                                                                                                                                                                                                                       10  Computerworld.   “U.S.   commission   eyes   cyberterrorism   threat   ahead.”   September   17,   2001.   http://www.computerworld.com/s/article/63965/U.S._commission_eyes_cyberterr orism_threat_ahead?taxonomyId=017  (accessed  April  26,  2012)   11  Ditto  reference  9   12  The  White  House.  National  Security  Council.  “The  Comprehensive  National  Cybersecurity   Initiative.”   http://www.whitehouse.gov/cybersecurity/comprehensive-­‐national-­‐ cybersecurity-­‐initiative  (accessed  April  26,  2012)   13  Lewis,   James   A.   “Assessing   the   Risks   of   Cyber   Terrorism,   Cyber   War   and   Other   Cyber   Threats.”   Center   for   Strategic   and   International   Studies.   December,   2002.   http://csis.org/files/media/csis/pubs/021101_risks_of_cyberterror.pdf   (accessed   April  27,  2012)   14  Rid,   Thomas.   “Think   Again:   Cyberwar.”   Foreign   Policy   Magazine.   March/April   2012.   http://www.foreignpolicy.com/articles/2012/02/27/cyberwar?print=yes&hidecom ments=yes&page=full  (accessed  March  20,  2012)   15  The  Counterfeit  Access  Device  and  Computer  Fraud  Abuse  Act,  18  U.S.C.  1030  (1984).;   Computer  Fraud  Abuse  Act  (U.S.)  18  U.S.C.  1030(a)  (1986)   16  Computer  Security  Act  of  1987,  Public  Law  100-­‐235,  H.R.  145,  (1988),  (100th  Congress)   17  USA  PATRIOT  Act  of  2001,  Public  Law  107-­‐56,  H.R.  3162,  (2001),  (107th  Congress)   18  US  Department  of  Justice.  “Report  From  The  Field:  The  USA  PATRIOT  Act  at  work.”  July   2004.   http://www.justice.gov/olp/pdf/patriot_report_from_the_field0704.pdf   (accessed  April  27,  2012)   19  Ditto  reference  9  
  • 15. Cordero 15                                                                                                                                                                                                                                                                                                                                                                       20  Ditto  reference  18   21  Lynn,  William  J,  III.  2010.  “Defending  a  New  Domain.”  Foreign  Affairs.  89,  no.  5:  97-­‐108.   22  U.S.   Department   of   Defense.   “Army   Cyber   Command   Focuses   on   Protecting   Vital   Networks.”   American   Forces   Press   Service.   August   15,   2011.   http://www.defense.gov/news/newsarticle.aspx?id=65031   (accessed   April   28,   2012)   23  U.S.   Department   of   Defense.   “Air   Force   School   Focuses   on   Cybersecurity.”   American   Forces   Press   Service.   October   29,   2010.   http://www.defense.gov/news/newsarticle.aspx?id=61471   (accessed   April   28,   2012)   24  U.S.   Department   of   Defense.   “Sharing   Intelligence   Helps   Contractors   Strengthen   Cyber   Defenses.”   American   Forces   Press   Service.   August   16,   2011.   http://www.defense.gov/news/newsarticle.aspx?id=65050   (accessed   April   28,   2012)   25  Maurer,  Tim.  “Cyber  Norm  Emergence  at  the  United  Nations  –  An  Analysis  of  the  UN‘s   Activities  Regarding  Cyber-­‐security?”  Discussion  Paper  2011-­‐11,  Cambridge,  Mass.:   Belfer   Center   for   Science   and   International   Affairs,   Harvard   Kennedy   School,   September  2011.   26  Ditto  reference  25