Information resources management college national defense university l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 21

Information Resources Management College National Defense University PowerPoint PPT Presentation


  • 222 Views
  • Uploaded on
  • Presentation posted in: General

Information Resources Management College National Defense University. Cyber Terrorism: The Real Story Irving Lachow, Robert Miller & Courtney Richardson May 10, 2007. “A global learning community for government’s most promising information leaders.”. Outline. Introduction

Download Presentation

Information Resources Management College National Defense University

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Information resources management college national defense university l.jpg

Information Resources Management CollegeNational Defense University

Cyber Terrorism:

The Real Story

Irving Lachow, Robert Miller & Courtney Richardson

May 10, 2007

“A global learning community for government’s most promising information leaders.”


Outline l.jpg

Outline

  • Introduction

    • Why is this issue important?

  • What is Cyber Terrorism?

  • Terrorist Use of the Internet

  • US Response Options

  • Recommendations


U s is losing cyber war against terrorists l.jpg

U.S. is Losing Cyber War Against Terrorists

  • Terrorist use of Internet is leading to:

    • A global ideological movement based on a set of guiding principles and beliefs

    • Effective operational structures that support local action without centralized control

    • Effective perception management campaigns that influence target audiences while undermining U.S. interests

  • Secretary of Defense Rumsfeld:

    • “If I were rating, I would say we probably deserve a D or D+ as a country as how well we’re doing in the battle of ideas that’s taking place.”

  • Dr. Bruce Hoffman:

    • “…the U.S. is dangerously behind the curve in countering terrorist use of the Internet…”


Outline4 l.jpg

Outline

  • Introduction

  • What is Cyber Terrorism?

    • Definition

    • Cyber Terror vs. Other Cyber Activities

  • Terrorist Use of the Internet

  • US Response Options

  • Recommendations


What is cyber terrorism l.jpg

What is Cyber Terrorism?

  • Definitions of terrorism:

    • State Dept: “Premeditated, politically motivated violence perpetrated against noncombatant targets by subnational groups or clandestine agents, usually intended to influence an audience.”

    • FBI: “The unlawful use of force or violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives.”

  • Definition of cyber terrorism:

    • Denning: “A computer based attack or threat of attack intended to intimidate or coerce governments or societies in pursuit of goals that are political, religious, or ideological. The attack should be sufficiently destructive or disruptive to generate fear comparable to that from physical acts of terrorism. Attacks that lead to death or bodily injury, extended power outages, plane crashes, water contamination, or major economic losses would be examples... Attacks that disrupt nonessential services or that are mainly a costly nuisance would not.”


Cyber terrorism vs other computer attacks l.jpg

Cyber Terrorism vs. Other Computer Attacks


Outline7 l.jpg

Outline

  • Introduction

    • Why is this issue important?

  • What is Cyber Terrorism?

  • Terrorist Use of the Internet

    • Operational Effectiveness

    • Influence Operations

  • US Response Options

  • Recommendations


Why do terrorists use the internet l.jpg

Why Do Terrorists Use the Internet?

  • Rapid communications

  • Low cost

  • Ubiquity

  • Ease of use + sophistication of tools

  • Anonymity


How do terrorists use the internet l.jpg

Organizational effectiveness

Recruiting

Fundraising

Training

Command and control

Intelligence gathering

Influence Operations

Public affairs

Civil affairs

Psychology operations

Computer network operations

How do Terrorists Use the Internet?

Very few documented cases of cyber terrorism.

WHY?


Cyber terrorism vs other attack vectors l.jpg

Cyber Terror Challenges:

May not create sufficient horror, fear, and “terror”

Prospects for success and potential outcomes are highly uncertain

Requires different skill set and potential reliance on outside experts

May require extensive intelligence gathering, training, and funding

Use of explosives is a proven strategy

Highly effective at creating terror and getting attention.

Easy to do, requires little training, and is based upon extensive knowledge base

WMD is another option

Would create tremendous sense of terror and panic

Would dominate news for weeks or months

Would be huge source of pride

Cyber Terrorism vs. Other Attack Vectors


Outline11 l.jpg

Outline

  • Introduction

  • What is Cyber Terrorism?

  • Terrorist Use of the Internet

  • US Response Options

    • Infrastructure

    • Content

    • Cognition

  • Recommendations


Us io options physical infrastructure l.jpg

US IO Options: Physical Infrastructure

  • Target physical infrastructure to deny or disrupt access to Internet (and possibly other ICT)

  • Vast majority of infrastructure used by extremists is commercially-owned and/or operated

    • Most extremist web sites hosted in US or Western Europe

    • There is heavy use of companies like Yahoo! and Microsoft for email and chat

    • While ISPs are often local, communications backbone likely owned by either the state or a major corporation

  • Options:

    • Direct attack (kinetic or other)

    • Ask or force service providers to identify extremists and/or terminate services to known extremists


Physical infrastructure pro s and con s l.jpg

Advantages

Potential to significantly disrupt extremist use of Internet or other ICT

May be limited options for extremists to counter this tactic

Disadvantages

Political risks

Legal impediments

Technical challenges

Collateral damage

Identifying extremist users is difficult

May harm intel activities

Results may be hard to predict

Physical Infrastructure: Pro’s and Con’s


Us io options information content l.jpg

US IO Options: Information Content

  • Focus on data or information

  • Target confidentiality, integrity and availability (CIA) in order to:

    • Deny ability of extremists to keep information secret

    • Plant false or misleading information (either openly or surreptitiously)

    • Prevent extremists for having timely access to information

  • Options

    • Intelligence gathering

    • Spoofing (data) or Posing (people)

    • Denial of service

    • Other types of CNO


Information content pro s and con s l.jpg

Advantages

Fewer political, legal and technical impediments

Easier to do in clandestine manner

May be able to guide actions of extremists

Can learn about extremist goals, methods, personnel, etc.

Disadvantages

Extremists can be hard to find and/or identify

Numerous countermeasures readily available

Technology and demographic trends favor extremists

May be hard to assess success

Information Content: Pro’s and Con’s


Us io options cognition l.jpg

US IO Options: Cognition

  • Influence how people perceive information and/or make decisions

  • Focus on human aspect of perception (sense making) rather than data/information per se

  • Goal is to change extremists’ beliefs, decisions, and actions

  • Options:

    • “War of Ideas”

    • PSYOPS

    • Public and civil affairs

    • Soft power (economics, media, companies, etc.)

    • Others…


Cognition pro s and con s l.jpg

Advantages

Reduce legitimacy of and attractiveness of extremist movements

Create schisms among extremist groups

Gain support among allies and non-aligned parties

Few political, legal or technical barriers

Disadvantages

Requires coordinated inter-agency leadership, planning and execution

Currently lack needed personnel, expertise and resources

Long-term approach (possibly decades)

May be hard to assess success

Cognition: Pro’s and Con’s


Outline18 l.jpg

Outline

  • Introduction

  • What is Cyber Terrorism?

  • Terrorist Use of the Internet

  • US Response Options

  • Recommendations

    • Suggested Actions

    • Final Observations

    • Discussion of Metrics


Recommendations l.jpg

Recommendations

  • Develop high-level, coordinated strategy for countering terrorist use of the Internet

    • Current efforts are disjointed and occur mostly at operational and tactical levels

  • Strategy must maximize benefits and minimize risks/costs of each layer of info environment

    • Where appropriate disrupt infrastructure if only to create FUD about its reliability

    • Attack CIA of extremist information to further increase FUD, gain intel and disrupt operations

    • Focus significant time and energy on cognitive domain to impact terrorist decision-making, reduce terrorist influence on stakeholders, and promote US ideas

  • Create mix of short-, medium-, and long-term goals, plans, actions, and metrics


A few final observations l.jpg

A Few Final Observations

  • US alone cannot counter extremist Muslim ideology

    • Must build up and/or support networks of moderate Muslims and help spread their message

    • Use former terrorists to undermine extremist recruiting

  • Current “approval ratings” of US across the world are dismal

    • Improve publicity of “positive” actions

    • Reset terms of the ideological struggle

  • US is not well organized to fight a long-term, broad-based “war of ideas”

    • Elevate importance of information component of power

    • Develop structures, processes, incentives to better coordinate IO-type activities

    • Strengthen capabilities of diplomatic corps and the “diplomatic” abilities of soldiers


Discussion l.jpg

Discussion

  • How can we measure the effectiveness of terrorist use of the Internet?

    • # of users? # of websites? Interviews? Anecdotes? Polling data? Membership in Islamic denominations?

  • How can we assess the benefits, costs, and risks of US response options?

    • Benefits: Impacts on factors identified above? # of terrorist attacks? # of stories in the media?

    • Costs: Monetary? Level of effort? Opportunity costs?

    • Risks: Public opinion? Media coverage? Legal actions? Changes in terrorist use of Internet counter to US goals?

  • Key challenges include data availability, data accuracy, correlation vs. causality, and understanding of fundamental dynamics


  • Login