The next terrorist threat

Megan Hayes explains why the internet could be at the forefront of future terrorism

We have certainly not heard the last from terrorist networks such as al Queda. So, while airports and governments have greatly increased transport security in the hope of limiting the possibility of another 9/11-style attack, we may become subject to a new and emerging form of terrorism – cyber terrorism.

The gravity of this potential threat was highlighted last year when the US Congress broadened its security efforts by allocating $900 million to cyber security research and development.

Similarly, the European Commission has recently publicised its European Network and Information Security Agency whose main objective will be to act as an advisory co-ordinator of computer emergency response teams across Europe. More importantly though, it will operate as Europe's first cyber-security agency.

Given that there has, as yet, been little sustained activity in the form of cyber terrorism, many believe these preventative measures are unwarranted. So far, cyber attacks have only occurred in the form of web site defacements, viruses and assaults on communications, and have been engineered not by major terrorist groups, but by individual hackers.

Recent actions against the war in Iraq, for example, have resulted in the eruption of hacktivism, a term used to describe such web-based acts of terrorism. Email viruses such as Code Red and the Nimba worm, which spread via email and seek to delete program files, have re-emerged in recent weeks in the form of the Ganda worm, which attaches itself to war-related emails. However, the damage is mainly limited to the unassuming e-mailer and therefore remains minimal. For now, at least, most hacktivists are in no way as dangerous as their political protest counterparts. They are "thrill seekers" in search of notoriety and do not pose a severe threat to any country or its interests.

But, in light of these relatively harmless pursuits, has the threat of a real cyber attack been given less serious consideration than it deserves?

Many people in the Internet industry think so, and have recently vocalised their concern that the US and the UK are leaving themselves vulnerable to an attack from cyber space. Reported increases in seemingly harmless hacker activity have prompted warnings of what some refer to as an "Electronic Pearl Harbour" – a computer-based attack that would result in massive destruction to computers, the structures they control and invariably, human life. Computer analysts have suggested that this type of attack could destroy critical infrastructures such as telecommunications, electrical power systems, banking transportation and emergency services that would leave an entire country completely debilitated.

There is no precedent for coping with and co-ordinating a response to such a cyber-facilitated attack. But, as government officials continue to think about security exclusively in physical terms, this gap in the cyber field may be exactly the weakness terrorist groups seek to exploit in their next co-ordinated effort.

To date, few terrorist groups have used cyber attacks as a weapon, but that is no reason why such a possibility should be ignored. Given the tendency for members of terrorist groups to lie in wait and attack without warning, organisations such as al Queda could be training cyber terrorists as we speak. Must we wait until we are victims of such an attack before we consider cyber terrorism to be a viable threat?