The Silent War of Cyber-Terrorism

Charlotte Mellgard

Sony Pictures, capitalized at $34.2 billion, is ranked 79th on the “World’s Most Valuable Brands” list in Forbes Magazine. The company generates billions of dollars in sales annually. Yet, on Monday, November 24th, 2014 this incredibly powerful company faced one of the biggest breaches of privacy a global corporation has ever experienced—a cyber invasion conducted by the “Guardians of Peace,” a hacking group linked to North Korea. The malware invented by the hackers erased loads of the company’s computers and hundreds of its servers. Now, maybe you remember this event because you were bummed that you could not see James Franco and Seth Rogan take on Kim Jong Un in theaters. You should, however, remember this event because it cost Sony Pictures $100 million. You should remember this event because a group supported by the North Korean government had access to a slew of personal information of Sony employees. You should remember this event because it exposed a new threat on the horizon—cyber terrorism.

As President Obama stated in a speech he gave at Stanford University earlier this year, “The first computer viruses hit personal computer in the early 1980s, and essentially, we’ve been in a cyber arms race ever since.” Since the 1980s the majority of cyber invasions have been conducted to access or destroy data contained in corporate and or personal computers. This in itself is a threat, as evidenced by the Sony hack in 2014. As the Sony hack demonstrated, information that falls into the wrong hands can be used against our government and its people. Access to confidential, personal information is, undeniably, power. However, what is even more terrifying is the prospect of cyber invasions being used to conduct detrimental physical damage. In 2009 researchers conducted an experiment known as Aurora, in which they were able to cause an electrical generator to self destruct. Recently, researches have expressed that hackers could access WIFI on planes to disrupt plane flights. As stated by cyber security experts, “Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors.” If cyber terrorists were able to produce malware capable of accessing such generators or planes, the result could be fatal.

Thus far our government has used a strategy of “deterrence” to prevent cyber invasions and attacks. This strategy is characterized by discussion with other nations to try and impede any potential hacks. In a September 25th, 2015 talk with President Xi Jinping of China, President Obama stressed, “the importance of protecting intellectual property as well as trade secrets, especially against cyber-threats.” Both nations pledged to try and thwart future hacks. President Obama has had similar conversations with Vladimir Putin, all in an attempt to deter such nations from cyber invasions.

While the strategy of “deterrence” may work in some cases, what the United States government’s strategy with other nation states fails to prevent is a hacker’s ability to sell malware. Recently, this past May, a Swedish national produced an incredibly destructive malware known as “Blackshades.” As Executive Assistant Director of the FBI Robert Anderson disclosed, “This software was sold and distributed to thousands of people in more than 100 countries and has been used to infect more than half a million computers worldwide”. Regardless of the discussions that President Obama partakes in, there is little that President Putin, President Xi Jinping, or other leaders such as President Stefan Löfven can do to prevent individual, non-government hackers from selling malware to make a profit.

The real danger lies in terrorist organizations such as the Islamic State of Iraq and the Levant (ISIL) buying malware from hackers. Though ISIL has yet to conduct a cyber attack, the likelihood that ISIL pursues cyber terrorism is high. As Navy Adm. Michael S. Rogers, director of the National Security Agency, stated, ISIL has already pointed out the United State’s inability to prevent cyber invasions. As he elaborated, “we know [ISIL] [has] achieved a level of insight as to what we do, how we do it, and the capabilities we have that… they didn’t have in the past.”

It is inevitable that cyber invasions will be led by citizens in nations such as Russia and China to try to obtain military and corporate secrets of the United States. However, it is unlikely that these nations will use malware to inflict physical or fatal damage upon the United States. These nations are naturally deterred from such actions as the United States also has the potential to inflict damage that is equally detrimental upon each of these nations. Simply put, Russia and China do not wish to damage our infrastructure because they know we can do the same to them. However, terrorist organizations such as ISIL are not as easily deterred. As Rogers stated,

“The nation’s networks, communications and data are increasingly at risk from diverse and persistent threats. These include rogue states, organized criminal enterprises and terrorists who are showing a willingness and an aptitude to employ sophisticated capabilities against us, our allies and indeed anyone who they perceive as a threat or lucrative target.”

ISIL does not fear the reaction of the United States if its terrorists conduct a cyber attack. Unlike nations such as China and Russia, they do not seek to have a civil relationship with our country. If ISIL obtained malware that could destroy generators in the United States or cause a plane to crash, there is little doubt that they would pursue such cyber attacks. ISIL does not fear the United States’ retaliation if they destroy our infrastructure, as the terrorist organization has little infrastructure it wishes to protect. ISIL is not traditionally deterred from using malware as a weapon against the United States.

As ISIL is one of the nation’s greatest enemies, the United States must address the potential that this terrorist organization may use cyber terrorism as a weapon against us. In contrast to nations such as China and Russia, the United States cannot engage in dialogue with ISIL to deter cyber attacks. Instead, the United States must allocate more funds to researching cyber terrorism as well as building up our own cyber “arsenal.” Recently, the United States has begun to do so by allotting more authority and resources to the United States military in fighting cyber terrorism. This transfer of power from solely the civilian Executive Branch addressing cyber terrorism to the military is strong evidence that our government fears cyber invasions could be used as an act of war.

The United States Navy is at the forefront of combating cyber attacks. As outlined in May 2015 the United States Navy, in particular the U.S. Fleet Cyber Command/ U.S. 10th Fleet, will seek to achieve five goals to combat cyber terrorism: “to operate the network as a war fighting platform, conduct tailored signals intelligence, deliver war fighting effects through cyberspace, create shared cyber situational awareness, and establish and mature the Navy’s Cyber Mission Force.” These five goals serve as a basis for the fight against cyber invasions and cyber terrorism.

Recently, Kevin Cooley, executive director and command information for Fleet Cyber Command/10th Fleet outlined more specific steps the United States Navy will be taking to fight cyber invasions. These included the possibility of the creation of 40 cyber force teams whose task will be to “go out and do the missions in this warfare domain.” The men and women of this operation will act as “cyber warriors” to help eradicate cyber terrorism ready to be called into action whenever needed to go on the offensive against cyber invasions. As Cooley stated, “you don’t win a knife fight without swinging a knife.”

With recent efforts to build up our cyber terrorism capabilities within the United States Navy we are pursuing this goal in a much stronger way, no longer relying solely on discussion to prevent cyber invasions. However, it is not solely the White House or our military that must be active in fighting this cyber war. Ninety percent of Internet infrastructure lies within the private sector; meaning that, without unlawful regulation, there is little our government or military can do to ensure the protection of these companies from cyber attacks. Companies must work with the White House and the military to ensure that their networks and computers are safe from invasion.

We live in the Age of Information—during which we spend much of our time using electronics to share facts and personal information about ourselves to certain recipients. We also live in a nation that values, above many things, the right to privacy ensured by our Constitution. It is incredible how easily this privacy can be compromised by cyber invasions. In his State of the Union Address in January 2015, President Obama stated, “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism.” The White House, the United States military, and the people of the United States must work together to ensure that cyber invasions do not escalate to a dangerous, even fatal level.

[Image Credit:]