Science and

Technology

AU 121

STC/MT (01) 3

Original: English

NATO Parliamentary Assembly

 

 

 

 

SUB-COMMITTEE ON THE PROLIFERATION

OF MILITARY TECHNOLOGY

 

 

 

 

TECHNOLOGY AND TERRORISM

 

 

 

 

 

Draft Interim Report

 

 

 

Michael MATES (United Kingdom)

Rapporteur*

 

 

 

 

International Secretariat                                                                                                           April 2001

 

 

*        Until this document has been approved by the Science and Technology Committee, it represents only the views of the Rapporteur.

 

Assembly documents are available on its website, http://www.nato-pa.int


CONTENTS

 

 

 

Page

 

I.        HOW TERRORISM IS CHANGING........................................................................................... 1

 

II.       TERRORISM AND WMD: A REAL THREAT?........................................................................ 2

A.      A LOOK INTO THE FUTURE.............................................................................................. 4

B.      MEASURES TO COUNTER WMD TERRORISM............................................................ 5

 

III.      INFORMATION TECHNOLOGY AND TERRORISM............................................................. 6

A.      TERRORISTS USING INFORMATION TECHNOLOGY................................................... 6

B.      INFORMATION TECHNOLOGY AS A WEAPONS OR TARGET.................................. 7

C.      WHO ARE THE TERRORISTS?........................................................................................ 8

D.      COUNTERING CYBER TERRORISMCYBERTERRORISM................................................................................. 9

 

IV.     CONCLUSIONS......................................................................................................................... 11

 

REFERENCES.................................................................................................................................... 14


I.       HOW TERRORISM IS CHANGING[*]

 

1.             International terrorism is changing in ways that may make it more dangerous and difficult to combat.  Despite the fall of the communist bloc, which once provided support to left-wing terrorists, and the resulting reduction in the number of states supporting terrorism, incidents reported around the world have not decreased.  Moreover, terrorist attacks are becoming more lethal: according to a recent report to the US Congress, in the 1990s a terrorist incident was almost 20% more likely to result in death than an incident two decades ago.  Although significant, this is not the only change occurring in international terrorism.  Terrorist groups now have now different motivations, organisation, structures, and tools.

 

2.             Times and political environment have always shaped the definition of terrorism.  It is significant to note that, so far, most definitions adopted by governments and international bodies include three basic characteristics: terrorism (1) is aimed at non-combatants; (2) uses violence to exact revenge, influence or intimidate an audience; and (3) is premeditated and politically motivated.  The most recent definitions do not limit motives only to the political sphere but include “religious, or other ideological objectives”.

 

3.             Most terrorist groups in the 1970s and 1980s had concrete political agendas, such as social‑revolutionary or nationalist-separatist programmes.  Although these groups have not completely disappeared, “new” terrorists have emerged having different motives unrelated to clear political goals, including religious and ethnic fanaticism, millenarian and apocalyptic cults, white supremacism, and environmental ultra-radicalism.  The trend towards higher lethality in part reflects the changing motives of today’s terrorists.  Traditional political terrorists generally calibrated their attacks to produce just enough violence to get attention for their cause, but not so much as to alienate public support.  Religiously motivated terrorists, such as Osama bin Laden’s al‑Qaida, representing a growing trend toward hatred of the West - and the United States in particular - have few goals other than to “punish” their enemies and to killing as many of them as possible.

 

4.             Changes in motives have produced changes in the organisation and structure of terrorist groups.  While state-sponsored political terrorists usually have rigid hierarchical structures, new political or religious groups rely on looser affiliations and organisations among like-minded people, often from different countries.  An organisational figure that appears to apply to many terrorist organisations is the Segmentary, Polycentric, Ideologically Integrated Network (SPIN), a definition originally coined for 1960s' social movements.  Of course, leaders still exist, but rather than “military” commanders they are more likely to be charismatic figures offering political and ideological guidance.

 

5.             These more loosely affiliated, transnational terrorist groups usually rely on various means for funding and logistical support, as well as on self-financing criminal activities.  Their networks of support include legitimate businesses, associations and non-governmental organisations.  Computers, satellite phones, and other modern technologies offer these terrorists very effective organisational and communication tools.  They use them to co-ordinate and support their activities, collect money and, spread information and propaganda. 

 

6.             Statistically, most terrorists still prefer guns and conventional weapons.  However, evidence suggests that some of the “new” terrorist groups may be willing to inflict mass casualties for a variety of motives other than political goals.  The famed Aum Shinrikyo sarin gas attack on the Tokyo subway in 1995, already analysed by your Rapporteur in 1999 [Biological Weapons: the Threat of the New Century, AS 287 STC/MT (99) 8], has attracted the general attention on to the possible terrorist use of weapons of mass destruction (WMD).  The emergence of a new breed of terrorists less constrained by traditional ethics or political pressures, coupled with the diffusion of know-how about nuclear, biological and chemical weapons, may increase the probability of a major WMD terrorist incident.  In the next section , we will try to give a brief assessment of this threat.

 

7.             Terrorists’ familiarity with IT (and the examples offered by hackers and criminals) make it increasingly possible that they will resort to cyberattacks or other forms of attacks to on information systems, thus exploiting our societies’ reliance on computers and networked information systems.  Some terrorist (or cyberterrorist) groups are becoming increasingly sophisticated in the use of these technologies, and there is evidence that they could inflict serious damage to our information systems.  Another section will be devoted to terrorists using highly sophisticated technology, and to the specific area of the so-called cyberterrorism.

 

8.             Many analysts have defined the emergence in the 1990s of these new non‑traditional threats with the term: “asymmetric threats”.  These are threats that do not present the menace of a major conventional war but do present equal dangers to Western populations and governments.  Former US President Bill Clinton, the former president of the United States, well defined these threats well in a 1998 address to the US Naval Academy: “our security”, he stated, “is challenged increasingly by non-traditional threats from adversaries, both old and new, not only hostile regimes, but also international criminals and terrorists who cannot defeat us in traditional theatres of battle, but search instead for new ways to attack by exploiting new technologies and the world’s increasing openness”.  This report will try to outline precisely how technologies may enable new and extremely dangerous forms of terrorism.  Current strategies to counter these threats will then be briefly assessed.  Finally, your Rapporteur will offer a few suggestions to improve our public safety through a better use of new technologies , and legal and political remedies.

 

 

II.      TERRORISM AND WMD: A REAL THREAT?

 

9.             The possibility that terrorists use WMD to conduct mass casualty attacks has become a serious national security concern for the United States.  Since the mid-1990s, the US government has steadily increased funding to programmes to counter and combat WMD terrorism: according to the Monterey Center for Nonproliferation Studies, Washington spends about $5 billion per year in this area.  As a consequence,This has sparked a debate in the West has sparked between those who believe the expenses are justified, because the threat is indeed real, and those convinced that risks are exaggerated by defence officials and think-tanks in order to draw out resources from the political system.  The general terms of this debate were already outlined by your Rapporteur in the cited 1999 report on biological weapons.  However, the rich recent literature on the subject allows for a deeper analysis that would also take into account also chemical and radiological agents, and nuclear devices.

 

10.         The historical record includes very few terrorist incidents in which chemical and biological agents were used and no cases involving radiological agents or nuclear weapons (although there have been episodes of smuggling of fissile material).  The main explanation seems to be that this form of terrorism requires not only the motive to employ such weapons but also the technical skills to produce and deliver them effectively.  The number of terrorists possessing the right characteristics are is therefore limited.  As Jessica Stern’s study The Ultimate Terrorists indicated, politically motivated, state‑sponsored groups are the most technically proficient but “likely to avoid large-scale use of WMD, for fear of alienating their constituents or evoking harsh reactions from authorities”.  On the other hand, loners, schizophrenics and sociopaths may well want to inflict mass killings , but are less likely to overcome the technical obstacles.

 

11.         Why would terrorists decide to use WMD?  One reason might be to attract attention: apart from the actual casualties, WMD – especially biological and chemical agents – may produce an enormous psychological impact because of the sheer fear they inspire.  Terrorists might desire to impress their target audiences by demonstrating their technological prowess with the use of “unusual” weapons.  More specifically, biological weapons might be appealing to religious fanatics because they want to emulate God and produce devastating outbreaks.  Right-wing extremists and neo-nazis might be drawn towards the use of nerve gas or other chemicals out of a highly perverse admiration for the methods employed by the Nazis.  Finally, considering the recent level of attention for WMD and the number of countermeasures adopted by some governments, terrorists might just want to prove their superiority by overcoming such measures.

 

12.         In sum, past experience and analyses of the current situation suggest that probably few terrorists are capable of surmounting the motivational, technical, political, moral, and organisational obstacles to the use of WMD.  However, many experts agree that the greatest danger of WMD terrorism lies with two specific groups: religious extremists (both religious fundamentalists and millenarian cults) and right-wing extremists organised as ad-hoc groups. 

 

13.         Transnational radical Islamists, whose origins can be traced to the West-sponsored insurgency against the Soviet occupation of Afghanistan, have consistently justified inflicting mass casualties in their “holy war” against the United States, seen as the main enemy of the Muslim world.  Osama bin Laden, the Saudi-born terrorist charged with masterminding the bombings of two US embassies in Africa and the deadly attack against the US destroyer Cole in Yemen, has declared that his mission (and that of his terrorist group Al Qaeda, the Base) is to drive US forces out of Saudi Arabia and the Middle East by targeting US civilians, possibly with mass casualties mass casualties weapons.  “We don’t consider it a crime if we tried to have nuclear, chemical, biological weapons.” Declared bin Laden to a Western newspaper in 1999, “We have the right to defend ourselves and to liberate our holy land.”  Similarly, many millenarian cults or new religion extremists perceive themselves in a struggle for survival against a demonised enemy that must be destroyed by any possible means, including mass-casualty weapons. 

 

14.         Right-wing terrorist groups seek to preserve the status and privileges of a “dominant” ethnicity or race.  Generally anti-Semitic and anti-government, these groups are particularly active in the United States and increasingly recognise themselves in as a pseudo-religion, or Christian Identity, which combines traditional elements of fundamentalist Protestantism with persecutory ideologies.  These groups have developed a political agenda that justifies violent aggression (and even mass casualties) against Jews, non-whites and the US federal government.  In the early 1990s, four members of one of these groups, calling themselves the Minnesota Christian Patriots and conspiring to kill local and federal law enforcement officials, were convicted and sentenced to prison for acquiring ricin, a deadly protein toxin derived from castor beans.

 

15.         As this last case showed, certain biological or chemical agents are relatively easy to acquire or produce: a single person with the right expertise could do it.  However, the studies of all the known incidents involving these weapons collected in the book Toxic Terror indicate that terrorists have seldom used chemical agents, and biological agents more rarely still.  Technical constraints are considerable and involve not so much acquiring and producing the agent as disseminating it.  Using radiological agents or detonating a nuclear device present even more binding technical constraints.  According to Stern, “the US military found that disseminating gamma-emitting radiological agents in air involved enormous difficulties because of the heat generated by the material and the problem of dissipation.”  Finally, as the same expert points out, “detonation of a nuclear device is the least likely form of terrorism involving WMD”, and only the most sophisticated groups would be likely to consider it because of the enormous technical obstacles.

 

16.         In conclusion, we cannot undoubtedly say categorically that WMD terrorism is on the rise.  In fact, many of the most important terrorist groups are unlikely to consider mass casualties useful or desirable.  However, something new is happening.  According to Brad Roberts, one of the leading experts on WMD terrorism, “even the strongest critics of the hype in current policy acknowledge that there is a problem there, and one that deserves serious attention and some remedies”.  Terrorism, as we have indicated in the opening section, is changing its tactics, structures, capabilities, and intentions.  Moreover, some of the most serious moral constraints to terrorist use of WMD are easing, with the increasing prominence of religious fundamentalists, millenarian cults, and right-wing extremists.  Technology, as we will see in the next section, could play a role in making this kind of terrorism even more dangerous.

 

A.      A LOOK INTO THE FUTURE

 

17.         Imagining how the world might change in the years ahead could help us understand the possible future developments of the terrorist threat.  One area on which experts have focused their attention is that of biotechnology and genetic engineering.  Scientific advances in these fields will enhance our capabilities to make specific calculated changes to the operation of living systems.  This will give mankind enormous new potential for beneficial medicine, but also for abuse in weapon systems.  In the very long term, the unregulated growth and diffusion of the new biotechnologies could open up a wide array of new potential threats.  Malcolm R. Dando of the University of Bradford (United Kingdom) has singled out three examples of potential misuse of modern biotechnology and genetic engineering:  the enhancement of bacterial and viral virulence, heterologous gene expression and protein engineering of toxins, and genetic weapons.  The third area raises particular concern since the completion in 2000 of the human genome sequence.  Information from genetic research could be considered for the design of weapons targeted against specific ethnic or racial groups. 

 

18.         At the moment, the production of such weapons ‑ and their use by terrorists ‑ is only a theoretical possibility.  Several developments, however, indicate that in a not-too-distant future the gap between possibility and reality may close.  While our societies are strengthening their protective measures against standard biological agents, as Dando indicates, “terrorists might consider using known biological weapons in unexpected ways, or move to the use of new types of biological weapons”.  During the next few decades, the biotechnology revolution is likely to have an enormous impact on our way of life.  Given the amount of government support and massive corporate investment that genomics enjoy, scientific and technological developments will spread rapidly around the world.  Therefore, also the context in which terrorists operate will also be completely different, making common what now seems startlingly new.

 

19.         Another area of concern in the near future is that of agroterrorism.  In 2001, the US Department of Agriculture (USDA) has allocated almost $ 40 million to prepare against chemical or biological terrorist attacks.  This has been generated by realisation that this kind of attacks against livestock and the food chain are is much easier and less risky to carry out than those aimed at humans.  Terrorists could create biological pathogens to destroy agricultural livestock with less difficulty than assembling weapons directed against humans.  Moreover, as the recent outbreak of foot-and-mouth disease demonstrated, livestock has become more disease- prone in recent years as a result of intensive antibiotic and steroid programmes and husbandry changes designed to elevate the volume, quality and quantity of meat production.  Terrorists could also use a great number of agents and vectors to carry out extremely rudimentary food-borne attacks, disseminating contaminants into plant, vegetable, dairy and fruit-based products.

 

20.         Some experts contend that this can not be properly defined as terrorism because of the absence of direct physical violence against humans.  It should be noted, however, that agricultural chemical and biological terrorism could have a devastating impact on our societies, in terms of psychological violence, social instability, and economic consequences.  Agroterrorism can also have a high payoff as a means of influencing government policies through basic extortion or blackmail.

 

21.         An additional area of concern might come to the fore in the next decade.  The event of a regional war between Western allies and a WMD-armed state of concern can lead to the possible use of chemical or biological weapons in terrorist-type attacks.  According to Brad Roberts, such asymmetric conflicts “may see a blurring of the distinction between war and terrorism”, and regional aggressors may utilise covert attacks against Western civilians to weaken public support for the war or influence the body politic. 

 

B.      MEASURES TO COUNTER WMD TERRORISM

 

22.         In recent years, NATO countries have dedicated their efforts to improving protection against WMD terrorist attacks.  At the military level, a set of defence measures and response capabilities to maintain the operational level of an armed force after a nuclear, biological or chemical attack has been developed by most NATO members.  Active and passive measures are the two main components of these defences.  An active defence consists, for instance, in of using missiles to prevent aircraft or missiles carrying WMD weapons from reaching their target,. wWhereas a passive defence consists in being able to assess the threat, detect, warn, protect, decontaminate and carry out medical countermeasures.

 

23.         At the 1999 Washington Summit, NATO launched a WMD Initiative to improve political and military efforts in this area.  This resulted, among other initiatives, in the creation of a specific WMD Centre at NATO Headquarters in Brussels to improve co-ordination of all WMD-related activities.  The WMD Centre should improve the quality and quantity of intelligence- and information-sharing; support the development of a public information strategy; enhance existing Allied military readiness to operate in a WMD environment and to counter WMD threats; and enhance the possibilities for Allies to assist one another in the protection of their civil populations.

 

24.         National strategies against WMD terrorism are generally putting the emphasis on prevention.  For instance, the US Presidential Decision Directive (PDD) 39, issued in 1995, addressed in particular nuclear, chemical, and biological (NBC) terrorism and provided guidelines for US counter- terrorism policy.  “There is no higher priority,” stressed the document, “than preventing the acquisition of this capability [i.e. WMD use] or removing this capability from terrorist groups potentially opposed to the US”.

 

25.         International efforts to reduce and safeguard former-Soviet Union WMD arsenals in the former Soviet Union and the related military and scientific complex are extremely important in the global strategy to combat WMD terrorism.  In particular, the US programmes to improve security at weapons sites in Russia and other Newly Independent States (NIS) and increase export and border controls have significantly reduced the risk of illegal trafficking of in nuclear material, chemical and biological agents.

 

26.         Despite prevention strategies, vulnerability is still acute in the case of a low‑technology chemical or biological attack targeting the civilian population.  As we have seen, terrorists are more likely to use industrial chemical poisons or biological agents than nuclear devices.  Some of these weapons are so easy to make that prevention is unlikely to be fully entirely successful.  Appropriate defences against these kinds of attack have to be based on improved civil emergency planning and public health surveillance and response.

 

 

III.     INFORMATION TECHNOLOGY AND TERRORISM

 

27.         Our societies have become totally dependent on information technology.  As a consequence, attacks upon computer systems, both public and private, have become the norm: cyber criminals conduct fraudulent transactions and, steal personal data and trade secrets; crackers (criminal hackers) break into computer systems, disrupt service, sabotage data, launch viruses and worms, and harass individuals and companies.  Many of these attacks are serious and produce severe economic loss and damage.  They are facilitated by increasingly powerful and user-friendly software tools, mostly available for free from thousands of websites on the Internet. 

 

28.         This Committee’s General Rapporteur, Vernon J. Ehlers, has already analysed attacks upon information systems in his 1999 report “Information Warfare and International Security” [AS 285 STC (99) 8].  In this section, we will therefore concentrate on the relationship between information technology and terrorism, or cyberterrorism.  We shall define cyberterrorism as any act of terrorism (already defined in par. 2) that uses information systems or computer technology either as a weapon or a target.  It is important to stress the distinction between cyberterrorism and cyber crime, which are similar in their use of information technology but different in their motives and goals.  This confusion is particularly evident in the media, where the catch-all definition “cyberterrorism” is often used to describe any kind of cyberattack.  Cyberterrorism is politically, socially, or religiously motivated, aimed at generating fear and, panic among civilians, or at disrupting military and civilian assets.  Further, two different components of cyberterrorism can be singled out: (1) terrorist use of computers as a facilitator of their activities; and (2) terrorism involving computer technology as a weapon or target.

 

A.      TERRORISTS USING INFORMATION TECHNOLOGY

 

29.         Terrorist groups currently use computer technology to facilitate traditional forms of subversive activity.  Quite simply, they are exploiting modern tools to perform common terrorist actions such as internal communication and co-ordination, propaganda and misinformation, recruitment and financing, information and intelligence gathering.  The use of the Internet for propaganda purposes is particularly popular.  Radical opposition groups such as Hezbollah and Zapatistas use it regularly to communicate their revolutionary programmes.  Various neo-nazi and white supremacist groups in the United States also use the World Wide Web to recruit supporters and collect finance.

 

30.         The activities of transnational terrorist groups are greatly enhanced by the use of the Internet, which eliminates physical distance and national borders.  Bin Laden’s Islamist terrorist group reliesy heavily on computers and other modern communication tools.  At the beginning of February 2001, Islamist terrorists were claimed to use sport chat rooms, pornographic sites and other Web venues to disguise maps and photographs of their targets, together with instructions for their activities.  According to the US officials that have discovered them, the messages were scrambled using free encryption programmes set up by Internet privacy groups.  Images were created through a series of dots, inside which were strings of letters and numbers that computers could read to recreate the images.

 

31.         Intelligence- and information- gathering can also be effectively conducted through computer networks.  Irish terrorists, for instance, had hired contract hackers to penetrate computers in order to acquire the home addresses of law enforcement and intelligence officers.  In March 2000, Japanese police forces discovered that a software system they had procured to monitor 150 police vehicles had been developed by firms subcontracted by members of the Aum Shinrikyo cult, the same that gassed the Tokyo subway in 1995.  When this was discovered, the cult had collected classified tracking information on 115 police cars.  Moreover, the cult had sold other software to no less than 80 Japanese companies and 10 government agencies, making it potentially easy for them to conduct cyberattacks at a later stage.

 

32.         Some experts are reluctant to label as cyberterrorism the simple use of computer networks and the Internet by terrorist groups.  According to Dorothy E. Denning, a Computer Science professor at Georgetown University (United States), the fact that terrorists use computers is not in itself a proof “that they are pursuing cyberterrorism, either alone or in conjunction with acts of physical violence”.  But However, other analysts argue that computer technology has not only enhanced terrorist activities but created new and more dangerous form of terrorism.  In fact, according to a study from by Michael Stohl and Peter Flemming of Purdue University, Indiana (USA), terrorists that who utilise computers “are now able to operate beyond the purview of traditional counter- terrorist approaches”, because their ability “to develop undetected may become stronger”.

 

B.      INFORMATION TECHNOLOGY AS A WEAPONS OR TARGET

 

33.         Terrorist groups have used computer technology to threaten or attack national infrastructures, including national security onesinfrastructures, and commercial firms.  These attacks have reportedly generated actual damage only in the form of temporary disruption of services, public inconveniences, or financial loss.  So far, no attack has led to violence, either physical or psychological, against civilians, or to major disruption.  Probably the first politically motivated cyberattack was conducted by ethnic Tamil guerrillas, who in 1998 swamped Sri Lankan embassies with hundreds of e-mails over a two-week time.  The attacks upon NATO computer systems during the Kosovo campaign in 1999 (see Ehlers’ report) could also be defined as cyberterrorism, although they were presumably not conducted not by terrorists but by individual hackers protesting against the Alliance’s bombings. 

 

34.         In 1999, a report by the Center for the Study of Terrorism and Irregular Warfare (CSTIW) at the Naval Postgraduate School in Monterey, California, tried to assess the prospects of terrorist organisations pursuing cyberterrorism.  The study defined three levels of cyber terror capability:

·                Simple or unstructured: basic attacks against individual systems using tools created by someone else and conducted by an organisation that possesses little target analysis, command and control, or learning capabilities;

·                Advanced or structured:  more sophisticated attacks against multiple systems or networks using modified or created basic hacking tools, conducted by an organisation that possesses elementary target analysis, command and control, and learning capabilities;

·                Complex or co-ordinated:  attacks capable of causing mass -disruption against integrated, complex defences (including cryptography) using sophisticated and originally created hacking tools, conducted by an organisation that possesses high target analysis, command and control, and learning capabilities.

 

35.         The CSTIW report also estimated that it would take a group starting from scratch 2 two to 4 four years to reach the advanced level and 6 six to 10 ten years to reach the complex one, although some groups might make it in less time by either turning either to outsourcing or to sponsorship to expand their capabilities.

 

36.         The most sceptical analysts, such as Denning, are convinced that “there is little concrete evidence of terrorists preparing to use the Internet as a venue for inflicting grave harm”.  Most experts, however, admit that the threat, although likely to be a few years into the future, is indeed real and must be addressed.

 

37.         Yet another threat seems more imminent.  As Ehlers indicated in his report, computer systems and all electronic devices can be seriously damaged by weapons producing electro-magnetic pulses (EMP).  High Power Microwaves (HPM) or EMP bombs and High Energy Radio Frequency (HERF) guns can radiate intense pulses of electro-magnetic energy capable of severely damaging computers, radar and all electronic equipment.  They can even destroy circuits, microprocessors and other components.  These weapons are well-known in Russia, where extensive studies were conducted during the Cold War.  The US Air Force used EMP and HERF weapons successfully in 1991 against Iraqi radar installations, and in 1999, against Yugoslav electronic infrastructure. 

 

38.         The possibility of terrorists using EMP weapons has been raising alarm for at least a decade among defence analysts.  According to Winn Schwartau, an information warfare specialist, rudimentary EMP devices have been assembled by US Department of Defense consultants within two weeks at the cost of $ 500.  Such devices, capable of disrupting computers, medical equipment, and cars, could be placed into a van or even reduced to fit into a suitcase.  Criminal organisations in Russia have been accused of using EMP devices to bypass alarm systems.  According to the Russian Aarmed Fforces, Chechennyan rebels might have used similar technology to disrupt Russian electronic communication equipment. 

 

39.         In his book Cybershock, Schwartau considers some possible effects of a well-orchestrated EMP attack upon Western infrastructure:

·                Wall Street or other banking systems can be attacked, causing repetitive failures resulting in financial losses.  Also past records can be wiped out by onslaughts of electromagnetic pulses;

·                aeroplanes’ aircraft avionics and guidance systems can be overloaded by targeted HERF, causing potentially deadly conditions;

·                medical equipment can fail under the attack of intense energy spikes, putting human lives in danger;

·                communication nodes can be burned out by intense microwave radiation;

·                municipal emergency services can be made inoperable by debilitating wide-band microwave jamming;

·                power lines and transformers may serve as efficient conductors to transmit huge current to victim businesses and sub-stations, causing regional black-outs.

 

40.         The ability to build EMP weapons is apparently quite diffusewidespread, yet there are no international controls over the import and export of the related technologies.  Defensive techniques, although in some cases expensive, have been partially deployed in the public sector (especially to protect military assets), but remain extremely rare in the private sector.

 

C.        WHO ARE THE TERRORISTS?

 

41.         As it was the case for WMD, it is important to understand which groups are more likely to turn to cyberterrorism.  The CSTIW report examined five terrorist group types: right-wing extremists, left-wing revolutionaries, ethno-nationalists, millenarian cults, and religious extremists.  The conclusions indicated that only the religious groups are likely to seek the most damaging capability level, which is consistent with their indiscriminate application of violence.  Some millenarian cults might try to inflict damage with sophisticated computer attacks.  Ethno-nationalists and left-wing groups are likely to adopt simple hacking or cracking techniques.  Right-wing extremists seem the least interested to cyber terror, which does not offer the cathartic effects that are central to their psychology.

 

42.         These findings are extremely interesting when confronted with the indications about terrorists likely to use WMD (see p. 3).  It is probably not a coincidence that religious groups (such as bin Laden’s) and millenarian cults (such as Aum Shinrikyo) demonstrated interest in - or have indeed used - both strategies, although in different circumstances.  Moreover, as highlighted by a report of the US National Commission on Terrorism, “a conventional terrorist attack along with a coordinated cyberattack could exponentially compound the damage”.

 

D.      COUNTERING CYBERTERRORISM

 

43.         The threat posed by cyberattacks has been generally recognised by governments and international organisations.  Several NATO nations have adopted protective measures for their critical infrastructures relying on information technology and adopted specific laws of varying effectiveness dealing with computer-related crimes and cyberattacks. 

 

44.         With its high reliance on technology networks and systems, the United States has become the most vulnerable target for cyberattacks.  The cornerstone of the US strategy is PDD 63, issued in May 1998 by the then President Bill Clinton, and aimed at protecting infrastructures from intentional acts that would diminish the ability of the Federal and local governments to perform essential national security missions, to deliver minimum essential services and to ensure the general public health and safety.  One of the main goals of this strategy is to build an information‑ sharing forum among agencies in collaboration with the private sector.  The National Infrastructure Protection Center (NIPC) at the FBI, which includes representatives from the Departments of Defensce, Energy, Transportation, the Intelligence Community and the private sector, provides such a forum.

 

45.         The Clinton Administration has also proposed several initiatives, not all  implemented because of financing problems or opposition in Congress, to defend the nation’s computer systems, such as:

·                increasing federal R&D investments in computer security;

·                designing a Federal Intrusion Detection Network (FIDNET) to protect vital systems in federal civilian agencies;

·                establishing an Institute for Information Infrastructure Protection that will combine federal and private efforts to fill the gaps in critical research;

·                establishing a Federal Cyber Service Training and Education initiative, which will fund scholarships to students who develop new programmes in computer security and agree to work in this field for the government for at least two years.

 

46.         A number of governments are following the US example and formulating Critical Infrastructure Protection (CIP) policies.  In late 1999, the United Kingdom established the National Infrastructure Security Co-ordination Centre and supported the creation of the Information Assurance Advisory Council, a private-public co-operation forum.  Other NATO members, such as France and Germany, are setting up CIP strategies.

 

47.         Nonetheless, some analysts have criticised the US government’s efforts because of their focus on “infrastructure protection”.  John Arquilla, ion The New Republic, argues that such an attention on infrastructure protection “misunderstands the cyber war threat”.  As a result, the government has constructed “a kind of Maginot line”, based on the assumption that it is possible to wall off safe areas.  Instead, he proposes countermeasures such as electronic camouflage for files or strong encryption.  Further, according to experienced hackers, US policy does not address the weakest link in the computer security chain: human failures, which make most computer intrusions possible.  Major investments in human resources would probably be more productive. 

 

48.         Other critics observe that the continuous development of new software makes passive defences, such as CIP, easier to defeat.  Moreover, as previously isolated elements of large networks are linked together, new avenues of attack emerge.  Reliance over on passive defences is therefore limited.  A better approach would be to combine passive with active defence measures, such as actions to discourage attacks, or disable or destroy the equipment used to attack.  However, such strategies require effective technical methods to track attackers, organisational structures to support them, and internationally agreed standards of legal attribution.

 

49.         More generally, two major problems have emerged in the various national strategies against cyberattacks.  First, the confusion between cyberterrorism and cyber crime.  Such confusion is partly caused by the lack of clear definitions of the two phenomena.  A UN manual on computer‑related crime recognises that, even after several years of debate among experts on just what constitutes cyber crime and what cyberterrorism, “there is no internationally recognised definition of those terms”.  This confusion has produced a lack of specific focus on cyberterrorism in national legislation.  The second major problem derives from the fact that cyberattacks against a nation’s infrastructures can be conducted from anywhere in the world.  This creates jurisdictional problems for prosecutors and law enforcement.

 

50.         Indeed, most domestic laws define terrorism as requiring violence or the threat to or the taking of human life for political or ideological ends.  As we have seen, most information attacks that can be defined as cyberterrorism would mainly result in large-scale financial losses, massive disruption of essential public services, eventually generating panic and chaos, or destruction of information databases.

 

51.         In a partial effort to address this problem, the British Parliament passed a bill in February 2001, the Terrorism Act 2000, which broadens the definition of terrorist organisations.  Such a definition now includes now everyone who plans violent acts in the United Kingdom, even if they are staged abroad.  The goal is to prevent dissident political groups from using the UK as a base for terrorism.  But the Act’s definition of terrorism also includes actions that “seriously interfere with or seriously disrupt an electronic system”.  This appears as to be a step in the right direction, although concerns have been raised about the vagueness of the law concerning activism conducted on the Internet (or “hacktivism”).  It will be up to police investigators to decide whether an action is to be considered regarded as terrorism.

 

52.         With regard to the second problem, governments have asked for more effective international co‑operation on the issue of transnational cyberattacks. Currently, few international efforts have been undertaken with the specific goal of controlling information terrorism.  In December 1998, the United Nations General Assembly, at on the initiative of the Russian Federation, adopted Resolution 53/70 Developments in the Field of Information and Telecommunications in the Context of International Security.  The document invited member states to inform the UN Secretary-General of their views and assessments on (1) the issues of cyber crime and terrorism; (2) definition of basic notions related to information security; and (3) advisability of developing international principles that would enhance the global information and telecommunication systems and help combat information terrorism and crime.

 

53.         The Council of Europe has implemented a draft convention that is so far the only existing project for multilateral agreement on cybercrime.  This document accomplishes makes some progress by providing for the criminalisation of conduct against the confidentiality, integrity and availability of computer systems; by empowering domestic law enforcement with procedural authorities; and by developing mechanisms for international legal assistance in investigation and prosecution.  The document, drafted with the active contribution of observers from the United States and Japan, also tries also to ensure a proper balance between the interests of law enforcement and respect for fundamental human rights.

 

54.         The European Commission is also trying to develop a harmonised policy to combat computer crime without affecting citizens’ fundamental rights to privacy.  At the end of January 2001 it presented its proposals to combat computer-related crime, which include legislative as well as non‑legislative proposals.  The former include harmonising member states’ laws, including strengthening criminal laws in areas such as hacking and denial of service attacks.  The latter include the establishment of a EU Forum that will bring together several actors parties involved in the matter.

 

 

IV.     CONCLUSIONS

 

55.         It seems clear from the above analysis that the terrorist threat, because of its changing nature and means, is increasingly dangerous and difficult to oppose.  Countering this threat requires deterring and preventing as much as preparing public and private capabilities to respond to actual attacks.  Both WMD and cyberterrorism are giving rise to the most pressing needs for new strategic thinking on preparedness and response.  In this conclusion, we would like to offer a few indications as how to shape international and national strategies against these new kinds of terrorism.

 

56.         A few basic recommendations can be useful to in shapinge a general counter- terrorism strategy:

·                Strengthen intelligence to prevent terrorist attacks.  Recruiting informants with access to terrorists’ plans should be encouraged.  The selective and authorised use of electronic surveillance and physical searches should be facilitated.  Counter- terrorism agencies must also be able to extract more information from computer networks and other modern communication resources.

·                Bring terrorists to justice for their crimes, without making any concessions or striking deals.

·                Isolate, and apply diplomatic pressure on to,  states sponsoring terrorism to force them diplomatically to change their behaviour.  Efforts should also be devoted asmade well to stop or disrupt non-state sources of support for international terrorism.

 

57.         In the area of WMD terrorism, as terrorists are more likely to use chemical or biological agents than nuclear devices, strategies for minimising loss of life are more likely to be effective:

·                Train and equip “first responders” (fire-fighters, police, public- health and other emergency personnel) for managing the consequences of terrorist attacks.  These services also need to work together and co-ordinate their efforts.  Designating an office of national co-ordination for all policies related to countering WMD terrorism may be useful.

·                Prepare hospitals to respond.  Public health authorities may not realise immediately there has been a biological agent attack.  For this reason, they must be trained to respond to their earliest suspicions once victims begin showing symptoms.

·                Increase government surveillance of diseases of public health importance in humans, animals and plants.

·                Prepare public service announcements to inform the public about the nature of the attack, how to minimise exposure, and where to seek treatment and counselling.  This may also prevent the public from panicking and attempting to flee, thus exposing others to contagion.

·                Increase funding for R&D to detect, disable, and mitigate the effects of WMD.  If new technologies have made terrorism more lethal, they can also make it easier to combat.  To counter chemical and biological attacks, requirements include the development of better detection devices and pharmaceuticals.

·                Improve international sharing of intelligence.  To help intelligence and law enforcement agencies, we suggest the creation of a continuously updated database of terrorist groups and incidents (especially involving WMD),.  and eEnhancing the capabilities of the World Health Organisation (WHO) to monitor global infectious disease trends and unusual outbreaks.

 

58.         WMD terrorism should be fought also by updating and strengthening international and national laws and arms control strategies:

·                Strengthen the Biological Weapons Convention (BWC) by the adoption of a legally binding protocol setting mechanisms for inspections.  Such a protocol should also provide a system for investigating unusual outbreaks of disease in humans, animals and plants.  Exports of dual-use chemical and biological equipment should be controlled and export laws harmonised.  Also increase diplomatic efforts to convince all countries to sign and ratify the BWC and the Chemical Weapons Convention.

·                Sustain and enlarge non-proliferation programmes aimed at the former Soviet Union’s WMD complex, particularly with regard to combating illegal traffic of in nuclear weapons technology and chemical/biological agents.

·                Make it illegal to possess chemical and biological agents and diffuse information on how to build and use such weapons (taking into account that the Internet is increasingly used to this purpose).  National laws of some countries (such as the United States) should be strengthened.

 

59.         Some indications about how better to counter information terrorism have already been given in the section devoted to it.  We summarise the main points:

·                Adopt national infrastructure protection policies.  The US strategy provides a good example, but improvements are possible, especially by increasing the use of strong encryption and electronic camouflage techniques.  Passive defences should be combined with active defences, such as technologies to track attackers, discourage them or disable their equipment.

·                Encourage NATO to include defence against IT threats in its activities and envisage some form of co-ordination among members in this area.

·                Invest in human resources.  Training and education in the field of cyber security should be compulsory in the public sector (and some key private utilities) of all NATO countries.

·                Increase international legal co-operation on transnational cyberattacks.  The UN should organise an international convention to discuss an agreement or treaty on threats to computer systems.  Mechanisms for international investigation and prosecution of these crimes should also be developed. 

·                Monitor the Internet and share intelligence.  To discourage terrorists’ use of the Internet, intelligence agencies should regularly monitor the Web and exchange information.  When necessary, active measures, such as counter-attacks to disable or destroy equipment and software should be adopted. 

60.         Protection against EMP and HERF attacks should also be increased in the context of the above strategy to counter information terrorism.  Traditional shielding techniques using iron, copper mesh and other non-magnetic metals have been already adopted to protect sensitive military technology.  However, these techniques are extremely expensive, especially for use in the private sector.  More research is needed in this area, but alternative technologies may soon be available:

·                Radiation-resistant microprocessors.  The US Department of Energy’s Sandia National Laboratory has already commissioned these chips for use in satellites, and military reconnaissance and communication equipment.  Similar ‑ and less expensive ‑ technologies should be created for civilian use.

·                High-speed plasma limiters for sensitive circuits.  In this devices, synthesiszed gases would sense threshold electric fields and, if thresholds are exceeded, would block the offending signals.

 


 

REFERENCES

 

Sections I. and II. relied mainly on: Jessica Stern, The Ultimate Terrorists, Harvard University Press, Cambridge, Mass., 1999; Jonathan B. Tucker (ed.), Toxic Terror, Assessing Terrorist Use of Chemical and Biological Weapons, MIT Press, Cambridge, Mass., 2000; and Brad Roberts (ed.), Hype or Reality? The “New Terrorism” and Mass Casualty Attacks, The Chemical and Biological Arms Control Institute, Alexandria, VA, 2000.

 

Information in Section II. part A. comes from Malcolm R. Dando, Benefits and threats of developments in biotechnology and genetic engineering, Appendix 13A, Sipri Yearbook 1999, Oxford University Press; and Peter Chalk, “The US agricultural sector: a new target for terrorism?”, Jane’s Intelligence Review, February 2001.

 

Section III. is based mainly on Peter Flemming and Michael Stohl, Myths and Realities of Cyberterrorism, at http://www.ippu.purdue.edu/info/gsp/cyberterror_intro.html; Dorothy E. Denning, “Cyberterrorism”, Testimony before the Special Oversight Panel on Terrorism, Committee on Armed Services, US House of Representatives, 23 May 2000;  Dorothy E. Denning, “Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy”, at http://www.nautilus.org/info-policy/workshop/papers/denning.html ; Gregory D. Grove, Seymour E. Goodman and Stephen J. Lukasik, “Cyber-attacks and International Law”, Survival, Autumn 2000;  Andrew Rathmell, “Information operations – coming of age?”, Jane’s Intelligence Review, May 2000;  John Arquilla, “Screen saver”, The New Republic, 1 May 2000;  Richard W. Aldrich, Cyberterrorism and Computer Crimes: Issues Surrounding The Establishment of an International Regime, Institute for National Security Studies, US Air Force Academy, Colorado Springs, Occasional Paper 32, April 2000; and Part 4, Chapter 3 of Winn Schwartau, CyberShock, Thunder’s Mouth Press, New York, 2000.

 

For the Conclusions, indications were drawn from all of the above plus Frank J. Ciluffo, Sharon L. Cardash, Gordon N. Lederman, Combating Chemical, Biological, Radiological and Nuclear Terrorism: A Comprehensive Strategy, Center for Strategic and International Studies, Washington DC, December 2000; and Countering the Changing Threat of International Terrorism, Report of the National Commission on Terrorism (Pursuant to Public Law 277, 105th Congress), at http://www.fas.org/threat/commission.html 

 

 

 

_____________



 

[*]         The Rapporteur would like to thank Dario Armina for his assistance in preparing this Report.