Although not particular to cyberterrorism, for this discussion I have chosen hacking as a type, or means, of cyberterrorism. Hacking covers virus loading and denial of service attacks, also. In order to carry out a cyberterrorism attack, it must be based on some sort of hacking. First, however, we must agree on the definitions of hacking and cyberterrorism. US Legal, a website dedicated to providing legal reference, broadly defines hacking as “intentionally accesses a computer without authorization or exceeds authorized access” (Computer hacking law & legal definition, n.d., para 1). Cyberterrorism is, according to Denning (2006):
…[H]ighly damaging computer-based attacks or threats of attack by non-state actors against information systems when conducted to intimidate or coerce governments or societies in pursuit of goals that are political or social. It is the convergence of terrorism with cyberspace, where cyberspace becomes the means of conducting the terrorist act. Rather than committing acts of violence against persons or physical property, the cyberterrorist commits acts of destruction or disruption against digital property. (p. 124)
Arguably, in order to use a computer system to do any of the above, it involves hacking, but without hacking, there can be no cyber- component to cyberterrorism, which leaves mere terrorism. Fortunately, using these definitions, there has never been a cyberterrorism attack ever in history (Brunst, 2008; Conway, 2011). Brunst (2008) goes further using the term terrorism to include the planning (and, even pre-planning) phases of an event. I disagree with this tact in scholarship. Brunst fails to provide the distinction between cybercrime and cyberterrorism. Thinking simply, having a Facebook account in order for ease of communication does not amount to meeting for coffee. Messaging a friend on Facebook and organizing a meeting does not constitute meeting for coffee. The act of two or more persons meeting for coffee is a conventional one, however it was planned. This is the same with terrorism. I argue that, although much planning and radicalization can occur using computer networking (e.g. Facebook, MySpace, general information websites, et al.), any terroristic act that stems from such organization would still be considered conventional terrorism unless the act, itself, is described as being technological in nature (Conway, 2011).
There is potential for a cyber-attack to generate fear, economic impact, and the loss of life. This is why we concentrate on security measures to ensure difficulty in accessing systems without proper credentialing, rapid identification and response to active intrusions and threats, and recovery techniques to identify and repair data, networks, and nodes that were involved. For this reason, networks are designed with human redundancy. Human redundancy, as Clarke (2005) explains, integrates human decision points within a technological operational structure in order to detect, indicate, explain, and correct an error. Additionally, infrastructure, a commonly regarded target by the experts, tends to be resilient by its own nature making cyber-attacks inefficient and ineffectual (Conway, 2011; Lewis, 2002; Wilson, 2005)
Brunst, P. W. (2008). Use of the internet by terrorists: A threat analysis. Responses to Cyber Terrorism, 34(1), 34–60.
Clarke, D. M. (2005). Human redundancy in complex, hazardous systems: A theoretical framework. Safety Science, 43(9), 655-677. doi:10.1016/j.ssci.2005.05.003
Computer hacking law & legal definition. (n.d.). US Legal. Retrieved from http://definitions.uslegal.com/c/computer-hacking/
Conway, M. (2011). Against cyberterrorism: Why cyber-based terrorist attacks are unlikely to occur. Communications of the ACM, 54(2), 26-28. doi:10.1145/1897816.1897829
Denning, D. (2006). A view of cyberterrorism five years later. In K. E. Himma (Ed.), Internet security: hacking, counterhacking, and society (pp. 123-139). Sudbury, MA: Jones and Bartlett.
Lewis, J. A. (2002, December). Assessing the risks of cyber terrorism, cyber war and other cyber threats. Washington, DC: Center for Strategic and International Studies. Retrieved from http://www.steptoe.com/publications/231a.pdf
Wilson, C. (2005, April 1). Computer attack and cyberterrorism: Vulnerabilities and policy issues for Congress (CRS Congressional report No. RL32114). Retrieved from http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA444799&Location=U2&doc=GetTRDoc.pdf