In May of 2021, U.S. citizens were left in disarray as gasoline supplies to the Eastern part of the country were cut by 45 percent, forcing cars to line up for blocks to fill their tanks. The direct cause was cited as a “cyberattack” on the Colonial Pipeline, which carried gas and other fuels from Texas to the East Coast, according to Maryville University. In June of the same year, meat suppliers faced their own unique cyberattack on factories owned by JBS, a company that supplies more than one-fifth of the beef consumed in the United States. These two instances did not only financially impact gasoline and meat suppliers, but extended their reach to affect millions of individuals. Yet, the frequency of these kinds of damaging attacks is only increasing. According to a Congressional Research Service report, researchers discovered that for victims across 24 countries, cybercrime incurs an annual cost of $388 billion.
By 2030, insurance firm Marsh McLennan predicts 30 billion technological devices will be in use. For cyber terrorists, this creates a wider range of vulnerable governmental and organizational assets susceptible to attack and exploitation. In order to protect individuals, governments must try to decipher a way to successfully tackle this billionaire-dollar enterprise. However, the unique nature of the digital sphere allows for covert operations and swift information warfare to be easily weaponized by terrorists, which creates unprecedented and difficult challenges for governments to understand, starkly setting cyberterrorism apart from traditional acts of terrorism.
Cyberterrorism is a relatively new frontier. Conversations surrounding the topic did not begin until the late-1990s. In the United States, the bombing of the World Trade Center in 1993 as well as the Oklahoma bombing in 1995 are typically cited as the first high-profile attacks that consequently propelled the U.S. Department of Defense to conduct its first warfare exercise to measure the cybersecurity of its systems. It was not until the 9/11 attacks, however, that serious legislative measures, such as the Patriot Act of 2001 and the Terrorism Risk Insurance Act of 2002, were introduced in attempts to tackle cyber terrorism. But as of today, the laws passed have yielded limited success.
The New York Times writes that the FBI considers “ransomware as grave a danger to U.S. interests as terrorism in the aftermath of the attacks of September 11, 2001.” In other words, proper solutions need to be enacted against this ever-evolving threat. Nevertheless, understanding what exactly “cyber terrorism” entails can be difficult. Dataconomy, a popular technology news site, describes cyber terrorism as “the use of computer networks or systems to intentionally cause damage, disrupt operations, and/or intimidate individuals,” a definition that commonly aligns with other sources. This includes disrupting the internet’s technological foundation, government computer networks, or critical civilian systems, such as financial networks or mass media. The actors, ranging from nonstate, state, and private, “may have a variety of goals,” Dataconomy shares, attempting to create chaos or intimidation for financial, political, or social gains. The Congressional Research Service, however, highlights that the digital realm is ever-expanding. The complexity of the cyber sphere and its nature means that there is no clear and concise definition when it comes to outlining cyber terrorism. Because distinctive boundaries are lacking, so is a proper, widely understood, and accepted definition. Thus, grappling with cyberattacks can be a complex phenomenon for both companies and governments.
The 2017 WannaCry and NotPetya incidents mark two of the most significant global cyber-terrorist attacks that exemplify the alarming rate at which the methods and consequences of cyberterrorism can escalate. The Guardian explains that these attacks in the UK shut down computers in over 80 National Health Service facilities, resulting in thousands of canceled appointments and overwhelmed hospital systems. The attack was born from two newer innovations: encryption and Bitcoin. Bitcoin has offered a new outlet for terrorists, suddenly allowing ransomware creators to take payment without the hassle of the conventional banking system. Encrypted files have resulted in the creation of ransomware, a software that holds people’s information hostage until they pay a requested sum.
WannaCry was the first ransomware attack that the world watched disrupt society on such a massive scale, with its impacts affecting organizations in over 150 countries and leading to losses of more than $300 million, Marsh McLennan reports. The attack had severe implications and life-threatening consequences, hindering the ability of the NHS to provide proper care for its patients in the UK. However, the head of the National Audit Office (NAO), Amyas Morse, said that WannaCry “was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice.” This raises a paramount concern regarding how exactly the attack managed to take out a significant portion of the NHS in just a matter of days. Fixes for the vulnerabilities that were exploited had already been released in March, the NAO report states. However, these fixes were not implemented, leading to a careless mistake that had disastrous ramifications. The outcome of the WannaCry incident exemplifies the necessity for enhanced and mandated digital awareness training within organizations.
Only a month later, another attack dubbed NotPetya occurred, which built on the lessons of WannaCry by using the same weaknesses to spread within the corporate network. The ransomware was distributed to victims via a hacked version of a major accounting program used in Ukraine. The program had extensive internal networks, enabling the threat to travel far outside of Ukraine’s borders and cause chaos. However, the attacks were not suspected to be monetarily motivated as WannaCry was. The Guardian explains that the ransomware was improperly coded, meaning that even if users did pay up, their data could never be retrieved. The evident lack of concern regarding the collection of money by the ransomware authors establishes that profit was not the goal of this attack. The NATO Cooperative Cyber Defense Centre of Excellence agrees that “malware analysis supports the theory that the main purpose of the malware was to be destructive because the key used for encrypting the hard disk was discarded.”
The realization that NotPetya was most likely conducted for the purpose of destruction heeds further concerns surrounding the ransomware’s target of a Ukrainian accounting program. The Guardian emphasizes that “[t]he country has long been at the forefront of cyberwarfare, constantly trading digital blows with its neighbor Russia even while the two countries trade actual blows over Crimea.” Taking into account the nature of the NotPetya ransomware, it is very possible that the global outbreak was a demonstration of power, “probably launched by a state actor or non-state actor with support or approval from a state.” The National Cyber Security Centre of the United Kingdom asserts that “the Russian military was almost certainly responsible for the ‘NotPetya’ cyber attack.” Though not conclusively verified, it is a reasonable analysis, as it would not be the first time in which Russia engaged in state-backed cyber-attacks categorized as cyber terrorism. For example, in 1996, Russia led a two-year campaign classified as an advanced persistent threat (APT). Through the theft of massive amounts of classified information from numerous government agencies, U.S. national security and strategies were left vulnerable and exposed.
The Russia-Ukraine war offers greater insight and analysis into the way cyberspace is being utilized for state-backed cyberterrorism, as well as defense. According to the German Institute for International and Security Affairs (SWP), “In August 2022, the Computer Emergency Response Team of Ukraine reported over 1,123 cyberattacks in the first half of the war.” At the beginning of the war, more specifically, “Moscow launched what may have been the world’s largest ever salvo of destructive cyber-attacks against dozens of Ukrainian networks,” The Carnegie Endowment writes. Russia’s attack resulted in the disruption of the Viasat satellite communications network, occurring just before tanks crossed the border. With technology becoming ever more necessary for military communications, the result ultimately caused serious delays and the hindrance of Ukraine’s initial defense of Kyiv.
Despite this being true, there appears to be a general consensus that Russian cyber operations during the war have not been as impactful or eventful as originally expected. “Russia’s main cyber activity in Ukraine has probably been intelligence collection,” Nick Beecroft, Carnegie Endowment Scholar, shares. “Russian hackers have most likely sought to gather [high-value] data” that can later be leveraged effectively. Information collection can give rise to substantial threats, which could intensify the conflict considerably. For instance, acquiring real-time geolocation data has the potential to enable actions like the assassination of Ukrainian President Volodymyr Zelenskyy, or the precise and timely targeting of Ukrainian troops, Carnegie Endowment Scholar, Jon Bateman, emphasizes. The usage of Russian hackers as a part of the war effort is the result of Russia’s support of state-backed cyber terrorism. BAE Systems, an international aerospace security company, describes such hackers as being given a “license to hack.” In other words, they may have permission to conduct destructive digital attacks, without fear of legality, with both support and resources from the government.
These individuals or groups of hackers are employed with the intent to compromise and destabilize the enemy’s digital infrastructure under the aims of the government. This is done through various methods of digital terrorism, most commonly those including ransomware, DDoS attacks, or data breaches. Though such actions can also technically be classified as cyber warfare, both cyber terrorism and warfare are united through their common destructive goals. Moreover, cyber-terrorism tactics, such as hiring hackers, are employed as tools as a part of a state’s war efforts in the digital sphere, meaning that cyberterrorism can be seen as a key yet distinctive component of cyber warfare.
The heightened attention surrounding the Russia-Ukraine conflict has enabled Ukraine to protect itself against Russian cyber-attacks, thereby mitigating the impacts. Beecroft cites that Ukraine has been able to “deploy cyber defenses at a scale and depth never seen before.” The cause, he continues, is “an alliance of competing companies and governments with varying agendas collaborating and learning together to thwart Russian cyber attacks, driven by a shared sense of outrage at the invasion.” The war has demonstrated that cyber defenses can indeed, be successful, granted there is a united front. Researchers at Talking About Terrorism outlined policies needed to tackle cyberterrorism, labeling “the cooperation among states” as “critical.” The researchers further argued that there is an overall lack of consensus aimed at creating a proper, coordinated deterrence strategy. As a result, efforts to successfully tackle cyber-terrorism suffer without united accountability from both state and non-state actors.
Forbes defends this point, explaining there is a need for “all countries to utilize the internet for economic, political, and demographic benefit while refraining from activities that could cause unnecessary suffering and destruction,” a concept termed as geo-cyber stability. The unparalleled surge of cyber support from the world’s most capable companies and governments has unveiled the critical role of the private sector and other government entities in effectively defending digital networks at a national scale. The heightened protection of Ukraine’s networks emphasizes how cooperation is critical when defending society from cyber threats. Simply put, a united front of geo-stability employed by states and backed by other important non-state actors as successfully displayed in Ukraine is a must when considering future legislation to tackle cyber terrorism.
Cyber-terrorism only continues to pose itself as a dangerous threat as more sophisticated technologies continue to develop. Many countries’ national security will remain at risk unless governments around the world can work together to implement greater stability and protection against threats in the digital realm. The lack of an international, digital legal framework is holding the global community back. Without it, there can be no geo-cyber stability and not even a clear consensus as to what cyber terrorism may properly entail.
Image courtesy of Pedro Szekely, Flickr