War on cyber terror must not wait
Fears of cyber attack on government and business are not unfounded and plans must be laid, according to counter-terror experts
Cyber terrorism is not happening yet but it is coming; public and private sector organisations should start to prepare, according to speakers at the Counter-Terror Expo in London this week.
Government and private-sector military and security experts underlined that while terrorist networks are evolving and that many use the internet, including social media, for diverse purposes, there is as yet no evidence to suggest that cyber tactics per se have been used to execute actual acts of terrorism.
Stewart Bertram, cyber capability manager at organisational risk analyst and consultancy firm Control Risks, told delegates in the second-day cyber terror break-out sessions that the threat is real in the sense that it is actually going to happen at some point.
"There's a danger of misunderstanding the threat. We see a disconnect between the actual threat and the perceived threat," he said.
"Yes, you can go online and see huge amounts of terrorists on social media – my own research looked at categorising terrorist use of social media in sub-Saharan Africa and there are hundreds of websites. What they're doing is radicalisation and [disseminating] inaccurate information."
None as yet appeared to have actually managed to carry out a terrorist attack directly using cyber, in part because the resources required currently mean it remains big-league, nation-state level things such as what happened with Stuxnet, but it is only a matter of time, Bertram said.
Meanwhile, what's more, there is certainly lots of cybercrime – the proceeds of which can and is being used to finance 'traditional' machete, gun and bomb-based terrorism.
As such, organisations need to think about improving their cyber security in future – which suggests a possible angle for security specialists in the channel to pursue.
Bertram's view was echoed by several other independent experts at the conference.
Ines von Behr, analyst at policy adviser and research firm RAND Europe, confirmed that the internet and social media have become prime loci for terrorist activities in general -- especially when it comes to PR, recruitment, community building and similar.
Her analysis is based on research into the use of the internet in 15 cases of terrorism and extremism, including in-depth interviews with individual terrorists and extremists who were actually involved.
"There wasn't a single case of classic 'self-radicalisation' leading to the development of a 'lone wolf' attack," she said. "Where it plays a part [in radicalisation] it is only one part of the process."
The internet can accelerate the radicalisation process by "enhancing the opportunity to become radicalised", Behr noted. In this sense, intervention by governments and others is required, she concluded.