Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars     Apps
AFCEA logo
 

The United States Is Vulnerable to Cyberterrorism

March 2004
By Col. (S) Bradley K. Ashley, USAF

 

Personnel holding watch in air operations centers during flight operations regularly rely on networking for coordination of efforts. A cyberterrorist attach on military networks could seriously compromise missions.

The danger is real, and the country must prepare.

Today’s battlefields transcend national borders. Cyberspace adds an entirely new dimension to military operations, and the ubiquitous dependence on information technology in both the government and commercial sectors increases exponentially the opportunities for adversaries as well as the potential ramification of attacks.

To understand cyberterrorism fully, it is necessary first to understand the cyberspace environment and its particular attributes. The various components of the cyberterror anatomy reveal the answers to the basic questions about who, what, how, where, why and when.

It is not difficult to imagine a scenario where the global media is buzzing with reports of U.S. military systems under relentless electronic assault from computers in the Middle East. An unknown adversary controls military logistics, transportation and administration systems essential to deploying troops to the Persian Gulf. Many of the largest U.S. commercial Web sites are flooded with connection requests, paralyzing significant portions of the Internet. Deadly viruses begin to infect computers around the world, including many military systems. More than 60 million computers are affected, costing billions of dollars.

Consider other scenarios. People around the globe join in electronic attacks simply by clicking on a Web site to begin flooding campaigns. Osama bin Laden calls for a cyber Jihad on an Afghanistan-hosted Web site. Computers at U.S. infrastructure sites such as dams are infiltrated, and more than a million liters of raw sewage are released into coastal waters. Agents tied to al Qaida buy useful information to penetrate U.S. Defense Department computer networks. Power grids in California are infiltrated and held captive for weeks. The stock market closes early because of computer problems after a record-setting one-week loss. Americans are alarmed at the devastation, and the cost of these cyberattacks comes on the heels of a major attack on U.S. soil. The competitive media help spread the cyberterrorism panic throughout the world.

Each of these situations is 100-percent plausible because each one has occurred. Fortunately, they took place at different times during the past several years. However, they could occur in an orchestrated fashion in a short time frame in the future.

Cyberspace is a unique environment. It is ageographic and borderless, and attacks can be asymmetric and clandestine. Attacks have virtually unlimited range and speed. Massive results can be achieved without massing forces. These attacks are fast, easy and relatively inexpensive. Many regional conflicts have cyberspace dimensions where battles are fought by hackers on both sides with their own rules of engagement. This occurred in Bosnia, Kosovo and several Middle Eastern countries. Cyberspace security is an international challenge that is not constrained by national boundaries.

The diversity of information system adversaries ranges from individuals to nation-states. Enemies of the United States are conducting information operations against the nation daily. Hackers are probing while well-organized and well-financed foreign intelligence collection organizations are performing intelligence preparation of the cyberbattlefield to gain unauthorized knowledge and access to Defense Department systems.

Over time, the level of sophistication required to hack into an information system has decreased dramatically. At the same time, the quantity and availability of hacking tools have increased substantially, and the quality has improved greatly. This creates an environment where even teenagers can successfully infiltrate Defense Department and other U.S. government systems, in turn creating a dangerous target-rich and low-risk combination.

Cyberattacks are rising exponentially, and several factors contribute to this equation. The growth of the Internet raises the number of both attackers and targets. Vulnerabilities of new software versions continue to grow. Sophisticated hacking tools are easily accessible.

The weapons of cyberwar are available for download on the Internet. Unlike the weapons of conventional warfare, the tools of this trade require no long-term acquisition, training or fielding to mount an attack. As the typical PC has become more powerful and easier to use, so has the sophistication of the weapons that information adversaries have at their disposal. An adversary with minimal technology, funding, training, staff and defense infrastructure can employ these limited resources as weapons on short notice from anywhere in the world.

An intruder could take countless specific actions after gaining access to an information system; however, these acts can be grouped into four general categories: modification, fabrication, interception and interruption.

For years, the world has witnessed unauthorized intrusions and Web hacks from a myriad of actors, including teenagers, industrial espionage experts, hacker groups and nation-states. Newcomers to this area have infiltrated very sensitive systems with relative ease. These people use many tactics, techniques and procedures, such as polymorphic viruses or polymorphic code, worms, software vulnerability exploits, other viruses and denial-of-service attacks.

The challenge is that all critical infrastructures must be defended. The President’s Commission on Critical Infrastructure Protection divided U.S. infrastructures into five sectors: information and communication, physical distribution, energy, banking and finance, and vital human services.

 

Although structures like the Hoover Dam are vulnerable to physical attack, the increased reliance on computers and networks in the utilities infrastructure means that homeland security agencies also must be concerned about cyberterrorist attacks on the controls of such facilities.

In an asymmetric world, terrorists look for alternative methods to spread terror. The cyberworld may prove to be the simplest and quickest alternative to traditional physical attacks. The motives of cyberterrorists in this realm likely will be the same as those that incite physical attack. They generally seek financial gain, disruption, decreased military capability, fear/panic, publicity and news impact, decreased confidence in critical infrastructures/psychological operations, great physical damage and even loss of life. The dilemma in the cyberworld is not only to detect attackers but also to understand why they are attacking.

Cyberattacks, whether stand-alone or coordinated, occur at the time and choosing of the adversary. They are inherently stealthy and can be used at critical periods such as when U.S. forces deploy, at a crucial point in a war or at high-profile events. They can be used as retaliation for trials or sentencing. Terror attacks are often randomly timed and sporadically targeted to maximize the aspect of surprise, and cyberattacks have the same characteristics.

It is likely that cyberattacks will accompany physical attacks to enhance the impact and reduce U.S. response capabilities. Combining physical attacks with cyberattacks magnifies their impact and limits first responders and other assistance. This type of attack will serve as a force multiplier for terrorists.

Today, al Qaida is America’s primary terrorist adversary. The organization already operates within the cyberworld. The television network al Jazeera reported that Osama bin Laden’s senior aides transmitted the instructions for the attacks on September 11, 2001, to Mohammed Atta via encoded e-mail. Al Qaida terrorists are using the Internet to research infrastructure information about U.S. water and wastewater systems. Federal Bureau of Investigation bulletins say that U.S. law enforcement and intelligence agencies have received indications that al Qaida members have sought information on supervisory control and data acquisition (SCADA) systems available on multiple SCADA-related Web sites. SCADA systems allow utility and transportation companies to monitor and direct equipment at unmanned facilities from a central location. The computers of bin Laden associates were found to include structural engineering data and programs related to dams and other water retaining structures.

Ramzi Yousef, the first World Trade Center bomber, stored detailed plans to destroy U.S. airliners in encrypted files on his laptop computer. Terrorist groups also are using the Internet to recruit like-minded people to their cause. “Hacktivists” is a term that has recently emerged to describe those who carry out cyberprotests, e-mail floods, denials of service and hacks for a political cause. These actions undertaken immediately following real-world events also are on the rise.

Al Qaida has not been known to use cyberattacks in the past. However, bin Laden has suggested that he has the expertise to use the computer as a weapon. After the September 11 attacks, he was quoted in the newspaper Ausaf as saying that hundreds of young men had pledged to him that they were ready to die and that hundreds of Muslim scientists were with him who would use their knowledge in chemistry and biology as well as in areas ranging from computers to electronics against the infidels. This statement implies that bin Laden is threatening computer attacks against the United States.

The Central Intelligence Agency (CIA) is already alert to the possibility of cyberwarfare by al Qaida and describes this group as becoming more adept at using the Internet and computer technologies. Al Qaida is believed by some government officials to be developing cyberterrorism plans. The Washington Post and CBS News have reported that al Qaida prisoners have informed interrogators about their intent to use cyberattack tools. Captives have said al Qaida is on the threshold of using the Internet as a direct instrument for bloodshed.

Terrorists must go beyond Web page defacements, simple hacks or pranks. To gain publicity for their cause, cyberterrorists must cause widespread damage, destruction, or death. An example of how this could be accomplished already has occurred. In 1998, a 12-year-old hacker broke into the SCADA computer systems that run Arizona’s Roosevelt Dam. Federal authorities said the hacker had complete control of the dam’s massive floodgates. This dam holds back as much as 489 trillion gallons of water above a flood plain inhabited by more than a million people. More than 3 million SCADA devices are in use today.

Members of Congress have expressed concern. “There is a 50 percent chance that the next time al Qaida terrorists strike the United States, their attack will include a cyberattack,” Rep. Lamar Smith (R-TX) said. Al Qaida has the capabilities, has the intention, has a history of gathering reconnaissance and has targeted the United States. This makes the organization a very serious cyberthreat.

A June 2002 survey of technology industry experts revealed that 74 percent thought it was nearly certain that there would be a cyberattack against the United States within one year. Nearly 60 percent said they expect a major cyberattack against the federal government within one year. A February 2002 CIA memorandum indicates that al Qaida had far more interest in cyberterrorism than previously believed and had contemplated the use of hackers for hire to speed the acquisition of capabilities.

As a relatively new dimension of warfare, the cyberenvironment must be thoroughly studied and analyzed. The events of September 11 caught the United States by surprise. Unless appropriate steps are taken to protect the country against cyberattacks now, it surely will suffer tragic cyberterrorist attacks that could include loss of life. Terrorists are pursuing this capability. Major cyberterror attacks against the United States will occur. It is a matter of when, not if.

Col. (S) Bradley K. Ashley, USAF, is chief of the plans, policy and resources division, communications and information directorate, Headquarters Pacific Air Forces, Hickham Air Force Base, Hawaii.