by Rick Lawhorn - Director of Information Security & Compliance at PlanIT Technology Group - Tuesday, 19 August 2008.
So how we identify the threat and what can we do to protect ourselves? Internet terrorism is really about two separate uses of the Internet. First, a terrorist can utilize the Internet as a vehicle to cause outages and denial of services with an overarching message to instill fear and to threaten physical harm. From an information security point of view, we can readily understand this first point since we experience this noise today within on our networks. The attacks are targeting our assets to cause electronic pain and fear with our Internet presence. But as we know, attacks that are conducted against our organizations can originate from many diverse groups with for different reasons. Former employees, competitors, or fraudsters can have justifiable reasons in their mind to electronically cause you pain or reputation harm. It becomes apparent that the campaign against Internet terrorism using the Internet in this fashion may stem from known terrorist in the real world who has conducted violent or harmful crimes to invoke fear. The challenge is to know when these seemingly “innocent” attacks actually become terror. Does the act require a certain number of members, a certain political/ideological principle, or a certain funding to be considered terrorism? Can one person be considered a terrorist? These are great questions that need a clear definition to gain the appropriate buy-in and funding within an organization. Since the activity and characteristics are not well defined, the message today will be a hard sell for information security professionals and will get lost in the shuffle of shifting priorities. Likewise, when the terrorist begin to electronically target organizations and prevent services from working, companies today would see the threat as noise since there is nothing that distinguishes them from the rest of the pack. The challenge is determining how to distinguish the noise that is normally experienced from an actual terrorist activity.
The second use of the internet by terrorist is their utilization of technologies to build and coordinate their activities such as recruitment, fundraising and data mining. The internet is the perfect tool to use for this activity since much of it is not regulated and there is anonymity that protects against identification. This helps terrorist build memberships and raise funding to further their cause and distribute their message to a wider audience. But can this equate to electronic violence or transform into physical harm? Each one of us use the internet for the same purpose, minus the terrorist intent, so tracking and monitoring are quite difficult to nail down without spilling over into our civil liberties as a whole. The perceived harm that can be identified is the ability to organize a group for the intent of personal or physical violence. In order for an organization to keep on top of this issue, it would require vast amounts of resources and capital to infiltrate each terrorist group and monitor their progress. This goes way beyond what any commercial organization would do, especially since many still require basic security controls and services. This type of request would certainly invoke some strange looks.