Internet Terrorist: Does Such A Thing Really Exist?
by Rick Lawhorn - Director of Information Security & Compliance at PlanIT Technology Group - Tuesday, 19 August 2008.
Recently, I have experienced an increase in organizations questioning how real is the threat of Internet terrorism and what they can do to protect themselves. As a former CISO, this was one of the last concerns that crossed my mind, especially since it was a daily up-hill battle getting buy-in for the most basic security controls and services. The notion of worrying about the potential risk of terrorism against my organization seemed to be the lowest priority given the choices at hand. Ironically, terrorism today seems to be an emerging concern in the commercial world and many are actively pursuing methods and technology to help combat the problem. As a result, I began to research this trend to determine its drivers and potential implications to information security as we know it today.

I have been able to identify two main factors to date that play a part in the increased concern for businesses. Governments all around the globe are spending vast amounts of money trying to track and contain internet terrorism. As former government security professionals are landing executive roles as CSO and CISO in organizations, the awareness and education about terrorism is increasing and the company is driven to investigate the threat further. Also, the news media is making Internet terrorism and the targeted attacks front-page news, which impacts a much larger audience. The combination of these factors propels companies and their leadership to ask the important questions in order to determine the risk it presents, especially in the critical industries like utilities and supply chains.

To better understand this threat and its impact on organizations today requires some background on how terrorism is defined. Once we have a definition laid out, we need to add the term “internet” to terrorism to gain an understanding of how this changes the overall meaning and its impact. Each of us has a pre-conceived notion of what terrorism means. I am confident that your definition differs from mine since this is shaped by our personal environment and experiences. I am also confident in saying that even though our definition of terrorism may differ, there are fundamental characteristics that we share in common. Today, there is no universally accepted definition of terrorism and countries define the term according to their own beliefs and to support their own national interests. In fact, it might be impossible to define because it is intangible and fluctuates according to historical and geographical contexts. Some forms of it are indistinguishable from crime, revolution, and war. Even the US government is struggling with a consistent definition by evidence of the following chart:

State Department definition, Title 22 of the U.S. Code, Chapter 38, Section 2656f(d): premeditated, politically motivated violence perpetrated against noncombatant targets by subnational groups or clandestine agents, usually intended to influence an audience.

FBI definition: the unlawful use of force or violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives.

Defense Department definition: the calculated use, or threatened use, of force or violence against individuals or property to coerce or intimidate governments or societies, often to achieve political, religious, or ideological objectives.

United Nations definition: any act intended to cause death or serious bodily injury to a civilian, or to any other person not taking an active part in the hostilities in a situation of armed conflict, when the purpose of such act, by its nature or context, is to intimidate a population, or to compel a government or an international organization to do or to abstain from doing any act. Article 2(b) of International Convention for the Suppression of the Financing of Terrorism, May 5, 2004)


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th