London, UK - 10 November 2004, 14:45 GMT - In the aftermath of the 9/11 attacks in USA three years ago, the global media has been awash with hysteria and speculation over the threat of cyber terrorism, which the mi2g Intelligence Unit defines as an adverse incident caused by digital attack that leads to significant loss of life. Although some research reports and experts have raised fears of cyber assault to the point where radical hackers have been suggested to have the capability to bring entire countries to their knees overnight, there is a high level of scepticism within executive decision makers in business and government in regard to the validity of such claims.

The mi2g Intelligence Unit has investigated the arguments behind the cyber terrorism point of view over two years by tracking over 8,600 hacker groups across the world and liaising with appropriate government agencies, insurance and reinsurance groups as well as major banks to garner some insight into how real is this threat. The mi2g investigation follows reports from reputable media organisations, which have claimed that the risk from a cyber attack could amount to an electronic Pearl Harbour capable of causing mass destruction and tragic loss of life on the 9/11 scale.

Putting hackers in general in the same category as groups that kill people using powerful explosives is resented by the hacker community and deemed unjustified by them at this stage.

To imagine that national utilities such as water, electricity and gas and other critical infrastructure could be brought down by cyber terrorists is not probable, without using some physical assistance and insider help. So, remote cyber terrorism is not a high probability threat at present given the lack of end-to-end internet enabled infrastructure and very tight checks on entering utility control rooms. Although by 2007, the level of internet enabling in some OECD countries may be much deeper within critical infrastructure sectors.

It is possible to hack into the systems that control the water supply, for example, but it is difficult to make any serious changes that affect the constitution of the water without being noticed by the control room. Hacking into utilities' networks is harder than putting a bomb somewhere. Terrorists are evil but they have demonstrated efficiency in terms of resource allocation. It is not as though there is a secret button hidden somewhere on the electricity, gas or water utility website's administrative interface with the words 'universal shut down'.

The biggest threat in the view of most hacker groups would be a combined physical and digital attack. Digital attacks that cripple emergency response, utilities transport or telecommunications with some insider help could be very effectively employed by terrorists in conjunction with physical attacks to magnify the effects of their intended disruption and carnage.

Based on mi2g's analysis, hacking events tend to mirror events in the "real" world. Between 2002 and 2004, as tensions have grown over political issues such as the US/UK policy in Iraq, the Israel-Palestine conflict and the India-Pakistan standoff over Kashmir, corresponding retaliation from both sides has been seen in cyberspace.

The mi2g intelligence Unit believes that we will continue to hear various 'what if' scenarios from experts and non-experts alike, and decision makers will wonder what to worry about next and how to prioritise those threats. The worst that can happen by way of very high probability is what we have already faced - eMail borne and network spreading malware, identity theft scams, DDoS attacks and malicious data modification through covert and overt attacks. We know that these type of crimes can be mounted easily, and yet there is no conclusive evidence to suggest there has ever been an intended cyber attack carried out by enemy forces which took out a large section of the power grid.

All these types of attack are theoretically possible but woefully inadequate in fulfilling the terrorist agenda without insider help. In the end, the terrorists would like to use tried and tested methods whilst committing minimum resources.

As the damage done by radical, criminal and intellectually motivated hackers continues to rise, the mi2g Intelligence Unit predicts there will be a growing requirement for governments to intervene and to mobilise counter-attack-forces that protect economic targets and critical national infrastructure constituents on a 24/7 basis. About $15 billion of economic value was destroyed worldwide by overt and covert digital attacks, DDoS and extortion, including malware - trojans viruses and worms - in October 2004 alone.

For example, both homes and Small to Medium size Enterprises (SMEs) are incapable of sheltering themselves or having the budget and expertise to be able to ward off sustained digital mass attacks, which have now become a daily occurrence with widely available, automated and easy-to-use sophisticated digital attack tools. The mounting collective losses to businesses might impact on governments' revenue streams through reduced tax collection, so in the future, it will be prudent to look after the SME growth engines and not just large businesses, who on the whole have the budgets and manpower resources to look after themselves.

Historically, politicians in civilised Western democracies have challenged their defence forces to provide adequate defence capability within limited resources. The focus has been on the four physical dimensions - land, sea, air and outer space - and not on the new dimension of cyberspace. There is no real digital defence capability deployed so far - other than occasional simulations and exercises which are to uncover gaps in the national critical infrastructure's digital defences. The redressal lies primarily in developing counter-attack-forces, which would begin to arrest the imbalance of power between ill-motivated hackers on the one hand and little-prepared businesses on the other. Countries like Russia, China, Korea(s) and Pakistan are already involved in this kind of state sponsored activity.

Most complex attacks take place through insider knowledge and assistance. Just one motivated individual cannot usually perpetrate complex cross-boundary physical or digital terrorism. Disgruntled employees in sensitive places are suborned, coerced or indeed volunteer their services to support a cause. This is seen in financial services when complex fraud or deeply damaging hack attacks take place. It is also seen in large multi-nationals, in the breach of government services security and even in the planning of the 9/11 co-ordinated attacks. More attention needs to be given to the value of human intelligence collected by local agencies, where the information is collected in situ at the grass roots level.

In the future, when seeking to protect the critical infrastructure constituents and business digital systems at a national level, the economically prudent way forward would be to combine knowledge management, analysis and counter-attack tools with on-the-ground human intelligence sources. Surveillance and reconnaissance dashboards of digital systems need to be managed by experienced counter-attack-forces on a 24/7 basis.

Counter-measures

mi2g believes that the threat of cyber terrorism can be curbed decisively and effectively. As in the deployment of all counter-measures, our collective defences must excel the aggressor's capability. We therefore need to understand that:

1. Defence has always been about securing trade routes and markets. Given that several trillion Dollars of trade is routed digitally, counter-attack-forces with digital tools that can disable attacking systems from various parts of the world will ultimately need to be deployed with Governments' backing. Counter-attack-forces can save businesses a lot of lost time and money in dealing with rogue, politically motivated, electronic attacks from espionage, radical and criminal groups scattered across the world and within the nation.

2. Laws are being passed throughout the civilised world that declare cyber attacks that spark fear and cause damage to life and assets as equivalent to physical-world terrorism at an international level. The US and UK have already taken such steps. The perpetrators of such attacks are to be dealt with as terrorists.

a. This process began with the US Senate and House of Representatives passing the "Uniting and Strengthening America Act by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001'' and the "Cyber Security Enhancement Act (CSEA) of 2001". The CSEA seeks life imprisonment for anyone putting lives at risk by electronic means. In the UK, under the Terrorism Act 2000, enacted into law in February 2001, people who endanger lives through the manipulation of public computer systems are to be considered under the anti-terrorism law as would any other terrorist.

b. All business operations should also be required, by law, to possess a sufficiently layered and tranched security architecture so that even if one layer or tranche of defence is breached the entire sub-set of valuable databases or command and control capabilities would be scrutinised for compromises.

3. Mobilisation of resources including new investment is now necessary on interoperable distributed knowledge management and analysis systems, which allow data to be shared easily from and between different sources and agencies collecting intelligence. Also, investment in more local human intelligence across the globe is essential. What is going on in cyber cafes in radical breeding grounds across the globe needs to be permanently watched. The expertise of the very few available people who are proficient in the technologies of counter-cyber warfare needs to be utilised to train the counter-attack-forces through the establishment of a national centre of excellence for digital defence. Nothing significant can be achieved without this cohesive sharing capability being made available to the future counter-attack-forces, who would be able to ensure reliability, availability, maintainability and scalability of SME systems in the event of complex hacker and malware attacks.

Conclusion

"mi2g believes that we have entered an era of sustained digital attacks from radicals, criminals and zealots, who will be difficult to contain and to deal with at the consumer and small to medium size enterprise level in the 21st Century. The roll out of 'always on' full broadband and wireless connectivity tilts the balance further against the innocent citizens and corporations. In the years to come, government intervention to deal with cyber warfare is imperative. It is no longer a question of if but when," said DK Matai, Executive Chairman, mi2g.

"It is unlikely that governments are going to remain oblivious to the challenge of daily digital attacks on their citizens and their livelihoods given the billions of Dollars of damage being caused to digital commerce, productivity, intellectual property and employed capital. Organised crime syndicates embarking on identity theft, elaborate scams and financial fraud have now become rampant. As knowledge management based authentication systems proliferate both at airports and digital commerce sites, digital identity theft levers are going to be exercised by future criminals."

The sophistication of would be cyber terrorism groups has been rising significantly since 2002 as they have embarked on detailed digital surveillance and reconnaissance of economic targets within financial services, manufacturing, transport and utilities. However, the present threat level of a terrorist digital attack that causes severe loss of life is still low to medium but likely to rise in profile to medium and then to high, in the coming three to five year horizon.

[ENDS]

mi2g is at the leading edge of building secure on-line banking, broking and trading architectures. The principal applications of our technology are:

1. D2-Banking;
2. Digital Risk Management; and
3. Bespoke Security Architecture.

mi2g pioneers enterprise-wide security practices and technology to save time and cut cost. We enhance comparative advantage within financial services and government agencies. Our real time intelligence is deployed worldwide for contingency capability, executive decision making and strategic threat assessment.

mi2g Research Methodology: The Frequently Asked Questions (FAQ) List is available from here in pdf. Please note terms and conditions of use listed on www.mi2g.net

Full details of the October 2004 report are available as of 1st November 2004 and can be ordered from here. (To view contents sample please click here).