Cyberterrorism also called digital terrorism simply means, spreading terrorism using cyberspace. This could also include threats and illegal attacks against computers, networks, and storing information that is used to intimidate or force a government with intentions of social or political objectives. Cyberterrorism includes the spreading of computer viruses to vulnerable data networks, hacking of servers to obtain sensitive information to disrupt the communication link present in the network, and attacking financial institutions leading to financial losses.
Terrorist organizations use cyberspace for recruitment, command, and control, and for spreading their ideology and these organizations use the internet to set up training camps in cyberspace. The most recent Cyberterrorism was a response to the 2022 Russian invasion of Ukraine, Anonymous performed many attacks against computer systems in Russia. Most notably, Anonymous committed a cyberattack against Roskomnadzor in March 2022.
Background: “The term ‘Cyberterrorism’ was first coined by Banny C. Collin of the Institute for Security and Intelligence (ISI) in the late 1980s. But its usage was better understood during the 9/11 attack. Use of the Internet to carry out violent activities that result in or threaten the loss of life or substantial physical injury to accomplish political or ideological advantages through threat or intimidation. According to Federal Bureau of Investigation (FBI), new phenomenon recognized as a cyber terrorism is defined by follow: “previously planned, politically motivated attack against information, computer systems, computer programs and data that result with violence against targets that are not military (civilian) by the sub – national groups or secret agents”.”
The Centre of the Study of Terrorism and Irregular Warfare at the Naval Postgraduate School of California defined three levels of cyberterror capabilities: “Simple-Unstructured: the capability to conduct basic hacks against individual systems using tools created by someone else. The organization possesses little target analysis, command-and-control, or learning capability.”
Advanced-Structured: “The capability to conduct more sophisticated attacks against multiple systems or networks and possibly, to modify or create basic hacking tools. The organization possesses an elementary target analysis, command-and-control, and learning capability.”
Complex-Coordinated: “The capability for a coordinated attack capable of causing mass disruption against integrated, heterogeneous defenses (including cryptography). Ability to create sophisticated hacking tools. Highly capable target-analysis, command-and-control, and organization learning-capability.”
The United State of America have opened up various gambit’s in providing laws that counter Cyberterrorism such as The Cybersecurity Information Sharing Act (CISA) which was passed in the Senate on October 27, 2015. This would also secure many American cyber networks and would also defend any forms of cyber-attacks. Let us discuss few more laws in this regard:
- Cybersecurity Enhancement Act of 2014: “Which was signed on December 18, 2014. It provides an ongoing, voluntary public-private partnership to improve cybersecurity and strengthen cybersecurity research and development, workforce development and education, and public awareness and preparedness.”
- Federal Exchange Data Breach Notification Act of 2015: “This bill requires a health insurance exchange to notify each individual whose personal information is known to have been acquired or accessed as a result of a breach of security of any system maintained by the exchange as soon as possible but not later than 60 days after discovery of the breach.”
- National Cybersecurity Protection Advancement Act of 2015: “This law amends the Homeland Security Act of 2002 to allow the Department of Homeland Security’s (DHS’s) national cyber security and communications integration center (NCCIC) to include tribal governments, information sharing, and analysis centers, and private entities among its non-federal representatives.”
- ECPA: Electronic Communications Protection Act which provides protections for communications in storage and in transit. Under the Stored Communications Act (Title II of the ECPA), 18 U.S.C. Section 2702, it is a criminal violation of intentionally access without authorisation (Or exceed authorised access) a facility that provides an electronic communications service (ECS), which could include, among others, email service providers or even some employer provided email. Violations of the ECPA are subjected to penalties ranging from upto 10 years for repeat violations for an improper purpose. The ECPA also prohibits intentionally intercepting electronic communications in transit under the Wiretap Act (Title I Of the ECPA), 18 U.S.C. Section 2511, with some exceptions available for law enforcement, service providers and others (Including, potentially, employers). The Economic Espionage Act of 1996, 18 USC Section 1831-1839, the Defend Trades Secrets Act of 2016, 18 USC Section 1836-1139, and the Wire Fraud Statue, 18 USC Section 1343, are further sources of potential criminal and civil penalties against the theft of trade secrets and other valuable intellectual property.”
- In “addition to federal statutes, numerous states have passed statutes prohibiting hacking and other cybercrimes, some of which are broader than the federal statutes. New York, for example, prohibits the knowing use of a computer with the intent to gain access to computer material (computer trespass), N.Y. Penal Law Section 156.10, with penalties of up to four years imprisonment. New York is merely an example; dozens of such state law exists. Determining which statute is applicable depends on several factors under conflict of law rules; including the location of the alleged act and the location of the impacted individuals.”
As you can see, Cyberterrorism is a dangerous problem for humanity as technology evolves the vulnerability may increase, and to combat this, there should be a development in the IT security policies to protect the data which consists of limiting access to sensitive information and enforcing strict password and authentication procedures.