With all the potential risks to the United States in the war on terror, the threat of cyberterrorism remains the subject of much debate. While some experts claim that a cyberterrorist attack could threaten the economy and the national infrastructure, by targeting crucial facilities such as water and electric, others claim that the threat is largely overhyped and security is already in place to combat cyberterrorist threats. The only thing that cannot be argued is the extreme interest generated by the threat of cyberterrorism within the security and computer industries, as well as the general public, and significant role that cybersecurity and computer forensics play before, during, and after cyberattacks. As one of the greatest weapons against cyberterroism, computer forensics will play an ever-increasing role in the near future against possible devastation to the country’s information infrastructure, both public and private.
Cyberthreat to Public Entities
Cyberterrorist attacks have the potential to create widespread havoc, though the United States government believes, perhaps provincially, that even the worst-case scenarios will not cause a great extent of damage. In a Congressional Research Service report to Congress, it was concluded that security experts widely disagree about the damage that might result from a cyberattack, and some have reportedly stated that U.S. infrastructure systems are resilient and could possibly recover easily from a cyberterrorism attack, thus avoiding any severe or catastrophic effects. Focusing on the optimistic outlook, the report only mentions the potential vulnerabilities of Supervisory Control And Data Acquisition (SCADA) systems, which are computer systems relied upon by most critical infrastructure organizations to automatically monitor and adjust switching, manufacturing, and other process control activities, based on feedback data gathered by sensors (Wilson, 2003, p. 8). The assessment is made that these systems are robust and resilient, and experts cite the routine water and power failures, air traffic disruptions, and other systemic breakdowns that do not affect national security. To test this theory, in July 2002, the U.S. Naval War College hosted a war game called “Digital Pearl Harbor,” which simulated a cross-industry cyber terrorist attack against critical infrastructure systems; the result showed that the attacks would lead to little more than temporary power outage, and the attempts to cripple telecommunications would prove unsuccessful because of the system redundancy (Wilson, 2003, p. 10). Security redundancies in hospitals, emergency facilities, and communications would most likely not cause significant damage or disruption during an attack. However, the simulation did show that the most vulnerable systems were the Internet itself as well as those utilized by the financial infrastructure.
According to the Federal Bureau of Investigation, a cyber attack to obtain national security information is one of the greatest threats, though even the less serious categories have real consequences and, ultimately, can undermine public confidence in web-based commerce (E-commerce) and violate privacy or property rights (Watson, 2002). The ultimate goal of all terrorism is to achieve political gains through the attack, and by creating fear in the citizens of their targets, it matters little whether it is through a bomb or through the thought of losing all their money. But, cyber terrorism is by no means limited to government and economic targets.
Cyber Threat to Private Sector
While the governmental infrastructure may be largely protected by systemic security and redundancies, the threat of a cyber terrorist attack crippling the economy is still viable. In one previous attack, the Code Red worm, infected about a million servers in July 2001 and caused $2.6 billion in damage to computer hardware, software, and networks, and the I LOVE YOU virus unleashed in 2000 affected more than twenty million Internet users and caused billions of dollars in damage (Weimann, 2004). While neither of these attacks was politically motivated, it showed the economic impact of cyber attacks. In other attacks, in February 2000, the sites of Amazon.com, e-Bay, Yahoo, and many other large companies were stopped for several hours due to cyber attacks; on October 22, 2002, the Washington Post reported that “the heart of the Internet network sustained its largest and most sophisticated attack ever,” in a DoS attack that struck the thirteen “root servers” which provide the primary road map for almost all Internet communications worldwide (Weimann, 2004). Systemic safeguards prevented any slowdowns or damage, but brought to light the possibility of more extensive attacks causing far greater disruption of the web. However, even in light of the potential for cyberterrorism on the Internet, at a recent CeBIT trade show for the ICT sector, a panel of IT experts concluded that a bomb would strike more terror into a people or country than a temporary shutdown of the Internet. According to the panel, which included executives from software security vendors and representatives from NATO, most critical systems don’t run on the Internet, but run on secure networks, making it far less likely that terrorist hackers would get in. One reason for all the focus on the possibility of cyberterrorism, claimed those experts, is that the U.S. government wanted a broader front to use in its attack on terrorism and companies and others willingly jumped on that bandwagon, touting the benefits of making sure your controls and systems are secure and safe (Langnau, 2003, p. 18).
Computer Forensics in Public and Private Sectors
Competent computer forensics programs must be established in both the public and private sectors to ensure cybersecurity. The best way to do this is to identify the main perpetrators of cyberterrorism. Hackers, crackers, and phreakers are the individuals who carry out most cyberterrorist attacks. Not only does the Internet allow them to access sensitive data, it also allows them to transmit it, as well as share their knowledge with other potential hackers, crackers, and phreakers. The best way to counter the hacking abilities of crackers and phreakers is for agencies to employ their own hackers with knowledge of the many tricks and deceptions that information technology allows. However, without knowing the goals and objectives of a particular cyberterrorist attack, it often becomes difficult to track their operations.
Computer forensics investigators must be sure to do as little damage as possible when tracing cyberterrorists. If the system is shut down—a tempting act when faced with a DOS attack or other business-crippling intrusion—the best evidence of the source may be lost. A computer forensics expert can safely gather the important information and maintain a chain of custody that will enable the evidence to be used in future litigation (Juhnke, 2004). One of the greatest economic threats to private venues is the loss of trade secrets, either through cyberterrorism or espionage. If the intrusion and theft was internal, a computer forensics expert can identify a variety of potential evidentiary sources, but difficulties occur and the longer computers are left in service and the longer backup systems are allowed to overwrite data, the less likely that a forensics examination will yield useful evidence. By maintaining an independent, offsite log of selected network events, a corporation is in a better position to defend itself from any long-term consequences of a cyberattack (Juhnke, 2004).
Acquisition and Admissibility of Digital Evidence
Computer crime is a difficult offense to present to courts. Unlike physical evidence, digital evidence is invisible to the eye and therefore must be developed using more sophisticated forensics tools. Because each step of obtaining digital evidence requires the use of computer forensic tools or specialized knowledge, the process must be documented, reliable and repeatable, as well as understandable to the members of the court (Digital Evidence Professional Services, 2005). The most important part to acquiring electronic evidence is following sound methodology of seizure and handling that can guarantee the evidence has not been altered or improperly collected.
The laws regarding acquisition and admissibility of digital evidence require strict adherence as well as careful examination concerning the source of the evidence. Many questions must be posed when acquiring digital evidence including whether the evidence is a word processing document or an executable program. Other things to consider are whether the evidence is on a local hard drive or located in another jurisdiction (Digital Evidence Professional Services, 2005). Not only may the search require legal authority but also technical skills to complete. Actually identifying a piece of digital evidence represents a three-step process: it must be definable in its physical form, that is that it resides on a specific piece of media; next, it must be identifiable as to its logical position; lastly, the evidence must be placed in the correct context in order to read its meaning (Digital Evidence Professional Services, 2005). Only when the proper steps are taken in obtaining digital evidence can the evidence be admissible in a court of law.
Efforts to Combat Cyberterrorism
The United States is highly susceptible to cyberterrorist attack, and its agencies have set forth to layout specific guidelines to determine the threat. In a report to Congress by the Congressional Research Service, a definition for cyberterrorism is left as non-specific as it is for terrorism, citing no universally accepted definition. However, with definition of terrorism as outlined by the National Infrastructure Protection Center (NIPC), a branch of the Department of Homeland Security, a general definition of cyberterrorism is a criminal attack that includes “the politically motivated use of computers as weapons or as targets, by sub-national groups or clandestine agents intent on violence, to influence an audience or cause a government to change its policies” (Wilson, 2003, p. 4). The definition is also expanded to include DOD operations for information warfare, physical attacks on computer facilities and transmission lines, and any small scale computer attack that may lead to death, injury, power outages, plane crashes, or effect the economy. To carry out such attacks, the cyberterrorist needs to be well schooled in information technology, and there is no shortage of these individuals today.
Terrorism has been the topic of international debate among philosophers, historians, and politicians, as well as a subject of personal contemplation by its perpetrators and victims. With the threat of violent terrorism so prevalent in today’s society, cyberterrorism may seem almost like a diminished threat when compared to the possibility of nuclear and biological attacks, but a cyberterrorist attack has the potential inflict a great amount of damage on the infrastructure of its target. With the economies and governments of so many countries dependent on computer networks, the threat of a cyberterrorist attack is something that each nation must be forced to confront, by citizens and computer forensic experts alike. Combating cyberterrorism can be done by using computer forensics to identify what it is and who the threats are, as well as their goals and possible targets; once this information has been obtained, a plan to prevent cyberterrorist attacks will become infinitely clearer.
Digital Evidence Professional Services. (2005). Computer Forensics. Retrieved July 4, 2008,
Juhnke, D. (2004). Cyber Terrorism or Cyber Crime?. Computer Forensics. Retrieved July 4,
2008, from http://www.forensics.com/pdf/Cyber.pdf
Langnau, L. (2003, May). Cyberterrorism: Threat or hype? Material Handling
Management. Cleveland: Vol.58, Iss. 5
Watson, D. (2002, Feb. 6). The Terrorist Threat Confronting the United States. Federal Bureau
of Investigation. Retrieved July 4, 2008, from http://www.fbi.gov/congress/
Weimann, G. (2004, Dec.) Cyberterrorism: How Real Is the Threat? The United States Institute
of Peace. Retrieved July 4, 2008, from http://www.usip.org/pubs/specialreports/
Wilson, C. (2003, Oct. 17). Computer Attack and Cyber Terrorism: Vulnerabilities and Policy
Issues for Congress. Federation of American Scientists. Retrieved July 4, 2008, from http://www.fas.org/irp/crs/RL32114.pdf