110 likes | 258 Views
The cyber-terrorism threat: findings from a survey of researchers. Lee Jarvis, Stuart Macdonald and Lella Nouri (all Swansea University). Introduction. Report on findings from a recent survey on cyberterrorism 118 researchers, 24 countries Questions: definition, threat and response Aims:
E N D
The cyber-terrorism threat: findings from a survey of researchers Lee Jarvis, Stuart Macdonald and Lella Nouri (all Swansea University)
Introduction • Report on findings from a recent survey on cyberterrorism • 118 researchers, 24 countries • Questions: definition, threat and response • Aims: • ‘State of the discipline’ stock-taking exercise • Explore potential explanations for the diversity of responses received • Chart areas of (dis)continuity with debates on terrorism more widely
Academic literature • Cyberterrorism threat • Much contested • In part, a product of definitional differences • Debate between ‘the concerned’ and ‘the sceptics’ • Concerned: • Destructive capacity of cyber- now matches physical. • Prospect of anonymity, and lower financial costs • Vulnerability of Critical Information Infrastructures • Socio-politico-economic dependencies on the Internet • Sceptics: • Cyberterrorism as speculative fantasy • A substitute for now-outdated paradigms of threat and risk • Lack of theatricality and limited destructive capability • Other terrorist uses of the Internet more significant.
Our survey • Purposive sampling strategy: • Targeted literature review • Standing in the field/publication in core journals. • Snowballing • Mailing lists: BISA and TAPVA • Limitations: • Is no (bounded, fixed) (cyber)terrorism ‘research community’ • Academic time lags • Responses: • 118 from 24 countries (out of 600); but 71% from US, UK, Australia, Canada. • 86% permanent or temporary academic staff, or research student. • 50% Politics/IR. • Parallels with other surveys of the terrorism literature
In your view, does cyberterrorism constitute a significant threat? If so, against whom or what? • Yes (58%): • Governments/states (n=23); Critical Infrastructure/Computer networks (n=19); Civilians/individuals (n=10); Private sector corporations (n=10) • No (20%) • Lack of precedents/empirical evidence • Terrorist organisations lack capability to attack CII’s • Lack of motivation amongst terrorist groups. • Differences?: • Different explanations of threat evident in responses: from ‘paralysis’ to ‘disruption’ • Different logics: some hypothetical, others extrapolated from recent events • Competing conceptions of cyberterrorism (e.g. for some: obtaining classified information; ‘online harassment) • Different timescales
With reference to your previous responses, do you consider that a cyberterrorism attack has ever taken place? • 110 responses: 49% yes and 49% no • Examples (selected): • Attacks on Estonia: n=11; Stuxnet, Iran: 6; Attacks on Georgia: 3 • India-Pakistan: 2; Anonymous: 2; PKK collapsing the Govt network: 1 • Wikileaks: 1 • No: • Actor-specific definitions exclude state activities • Lack of violence: “…no person has ever been killed or injured as the result of an attack executed by using weaponised computer code” • Differentiation between cyberterrorism, hacktivism and cybercrime • No production of fear in a wider audience • Lack of political or ideological motive for many candidates • Primarily definitional > empirical
What are the most effective countermeasures against cyberterrorism? Are there significant differences to more traditional forms of anti- or counter-terrorism? • Twelve counter-measures identified (including): • Target-hardening (38%); Refusing to exaggerate the threat (9%); Greater international cooperation (8%); Preventing radicalisation (5%); Employing hackers (3%); Greater private sector involvement (3%)
Disciplinary differences • No countermeasures restricted to one disciplinary background, but some trends: • Engineering/Computer Science: 57% of those arguing for enhanced international cooperation • Psychology/Anthropology: 67% of those arguing for employing hackers. • Politics/International Relations – more sceptical? • 69% believed a cyberterrorist attack had not taken place • 67% of those warning against exaggerating the threat of cyberterrorism
Conclusion • Considerable disagreement: • Threat, occurrence to date, how to respond • Frequently a product of definitional issues • Also, disciplinary differences • Obvious parallels: • Academic literature, and broader debates on terrorism • However: • 50/50 split on whether it has occurred: surprising • The need for domain-specific responses posited by many
To find out more… • Web: http://www.cyberterrorism-project.org/ • Email: ctproject@swansea.ac.uk • Twitter: @CTP_Swansea • Facebook: facebook.com/CyberterrorismProject