Computer Crime Research Center


Panel Discusses Threat of Cyberterrorism at Workshop

Date: November 16, 2004
Source: The Cornell Daily Sun
By: Casey Holmes

he first reaction of the United States government to the Sept. 11 attacks was to order the immediate grounding of all airplanes. In the hours that followed, all airplanes were landed.

"Imagine what would have happened if the air traffic control system had been compromised at the same time ... As bad as 9/11 was, that would have been a much worse scenario," said Herb Lin, senior scientist at the National Research Council in Washington D.C.

Lin was the first of three presenters in a workshop entitled "Definitions, Myths and Realities of Cyber Terrorism." With a small audience, three experts discussed the possibilities and probabilities of a cyberterrorist attack on the United States.

Giampiero Giacomello, postdoctoral associate of peace studies, moderated the workshop. He explained that the purpose of the workshop was to explore the realities and myth's surrounding cyberterrorism. Therefore, he brought together three experts to discuss the theoretical, political and technical sides of cyber terrorism. Lin was the first presenter followed by Prof. Seymour Goodman, international affairs and computing at the Sam Nunn School of International Affairs and the College of Computing at Georgia Tech. The presentation was concluded by Prof. Fred B. Schneider, computer science and director of Information Assurance Institute at Cornell who gave what he described as a fifteen minute synopsis of a thirteen week course.

"What's at stake, the answer is everything. Internet technology is everywhere now," Lin said.

Goodman defined cyberspace as "a set of computer-communication networks," He further explained that cyberspace is a much fuller medium than past communication technologies like the telephone because it has real objects of value contained within it and a real sense of permanence. According to Goodman, the vulnerability of cyberspace lies in the dependence of many institutional infrastructures on information technology. Now that many infrastructures, from energy distribution to transportation, are computerized and accessible through the internet or other networks, they are potential targets for terrorists.

"I suspect some non-trivial part of all your lives depends on cyberspace," Goodman said.

Lin explained that unlike the inherent physical realities that come with a conventional attack, cyberspace has far fewer physical boundaries. Lee made the comparison that the impact of a physical attack is limited by the amount of man power involved; the automation of computer systems can amplify the impact of an attack very quickly. Therefore, Lin explained, one person can possibly conduct a full scale and devastating terrorist attack from their living room.

"The lone-hacker threat is often described as the mal-adjusted teenager ... it's more than that," Lin said.

All three lecturers pointed out the inadequacies and vulnerabilities in our current computer networks and software.

Goodman explained that when the original computer programs for many institutions' infrastructures were designed security was an afterthought. "All those afterthoughts are being found to be inadequate," Goodman said, "All cyberspace is riddled with vulnerabilities."

According to Lin standardization of computer software is one major problem because one attack on one software program can spread through the United States and further.

"An attack to one can be an attack on all," Lin said.

Schneider noted the legacy software problem.

"Most systems are built by evolving from previous systems," Schneider said. Like Goodman, Schneider explained that the software that serves as a foundation for many current computer programs was constructed in a day when all computers were not connected over a network and thus security concerns were not fully-realized nor a priority.

"There are fixes out there that people don't implement," Lin said.

Lin explained that people often place convenience above security and therefore do not keep anti-virus software up-to-date or choose not to use more secure technology to keep their information safe.

"It's convenient to have the social security number be the password," Lin said.

One myth, Schneider explained was the idea that there are security mechanisms out there that can absolutely solve the problem of hackers or cyber terrorists. "Every system and lock has flaws in it," Schneider said "The game is moving vulnerabilities around to places where it will do the least good for the attacker."

Goodman spoke of what the current and potential capabilities are of organized terrorist groups using cyberspace to conduct attacks. He claimed that terrorist organizations are currently using cyberspace mainly to support their activities and infrastructure. According to Goodman, right now terrorists use the internet as a tool for recruitment, money laundering, research on potential targets, and communication through encrypted messages.

"This medium gives them all sorts of exposure to the world ... this shouldn't be underestimated," Goodman said.

Goodman then spoke of two other possibilities of what terrorists could do with cyberspace; an attack on institutional infrastructures or a large scale cyber attack coordinated with a physical attack like the possible Sept. 11 scenario described earlier.

He addressed the fact that there have currently been no cyber terrorist attacks or evidence of Al Qaeda or any other terrorist organizations attempting one. "We are much more imaginative in thinking what they could do to us then I suspect they are," Goodman said. Yet, Goodman warned against the presumption that terrorist organizations simply do not have or will never recruit the people with the expertise to carry out a cyber attack. Goodman stressed the need to take the threat of cyber terrorism seriously now because as terrorists begin to realize the full potential of such an attack cyber terrorism will become more of a threat later.

At the end of the lecture, no concluding determinations on what the myths and realities of cyber terrorism were made.

"What I gathered from the discussion is it's very hard to tell what is myth and what is reality ... even the most informed people don't know enough," Giacomello explained.

The lecture was sponsored by the Cornell Information Assurance Institute and the Peace Studies Program.

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo