Dorothy Denning defines cyberterrorism as “unlawful attacks and threats of attack against computers, networks, and the information stored therein…to intimidate or coerce a government or its people in furtherance of political or social objectives…[resulting] in violence against persons or property, or at least …enough harm to generate fear.”
--http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html

Cyberterrorism has three components, then. First, it is via computers or the internet. Second, it is politically motivated, and third, it is violent.

Dorothy Denning offers some examples of what would constitute cyberterrorism:
“Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of cyberterrorism, depending on their impact.”
--http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html

What is the threat?
Popular “cyberfears” include everything from the possibility of terrorists hacking into air traffic control systems and causing planes to crash to terrorists remotely launching nuclear weapons.
However, cyberfears have been greatly exaggerated. No instance of cyberterrorism, as defined above, has ever occurred. The closest thing to cyberterrorism that has ever happened was in 1998, when an offshoot of the terrorist organization Liberation Tigers of Tamil Eelam swamped Sri Lankan embassies with 800 emails a day for two weeks (Denning 269). The attack generated fear in the embassies and brought much publicity to the group, however, no one was actually hurt. Cyberfears are also often based on the assumption that sensitive military equipment and systems are vulnerable to cyberattack. Sensitive military systems, including nuclear weapons, the CIA’s classified computers, and the entire FBI network are protected by the most basic internet security: they are air-gapped. Terrorists could not remotely launch a nuclear weapon because nuclear weapons are not connected to the internet; in fact, they are even isolated from the Pentagon’s internal network. Additionally, nuclear weapons require “permissive action links”— a set of codes carried by the president. Fears about remotely hijacked airplanes are also exaggerated. The FAA strictly isolates the air traffic control system from the administrative system, and it could not be hacked.
-- http://www.washingtonmonthly.com/features/2001/0211.green.html

Today, cyberterrorism is hypothetical. Fears of imminent and highly sophisticated attacks by terrorists carried out through the internet are unfounded. However, it is important to monitor terrorist activity on the internet, in order to be aware of new threats and new vulnerabilities, and be able to respond if and when terrorists begin exploiting those vulnerabilities.

Sources:
Dorothy Denning. “Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy.” Networks and Netwars: The Future of Terror, Crime and Militancy. Ed. John Arquilla and David Ronfeldt. Santa Monica: RAND, 2001. 239-288.
http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html
http://www.washingtonmonthly.com/features/2001/0211.green.html
http://www.usip.org/pubs/specialreports/sr119.html

Return to Top