Professional Documents
Culture Documents
Sajber Terorizam Cinjenica Ili Fantazija
Sajber Terorizam Cinjenica Ili Fantazija
Mark M. Pollitt
FBI Laboratory
935 Pennsylvania Ave. NW
Washington, D. C. 20535
Abstract:
This paper discusses the definition of cyberterrorism, its potential, and suggests an
approach to the minimization of its dangers. The definition of cyberterrorism used in this
paper is combines the United States Department of States definition of terrorism as
politically motivated acts of violence against non-combatants with a definition of
cyberspace as the computers, networks, programs and data which make up the
information infrastructure. The conclusion is that by limiting the physical capabilities of
the information infrastructure, we can limit it potential for physical destruction.
Keywords:
Terrorism, cyberspace, cyberterrorism, information infrastructure, computer security.
Disclaimer:
This paper was submitted by the author in connection with academic studies at George
Washington University. It does not represent the policy, opinions, or conclusions of the
United States Government or of the Federal Bureau of Investigation. The opinions
expressed herein are wholly that of the author.
CYBERTERRORISM - Fact or Fancy?
by Mark M. Pollitt
Introduction
We are at risk. Increasingly, America depends on computers. They control power
delivery, communications, aviation, and financial services. They are used to store vital
information, from medical records to business plans to criminal records. Although we
trust them, they are vulnerable - to the effects of poor design and insufficient quality
control, to accident, and perhaps most alarmingly, to deliberate attack. The modern thief
can steal more with a computer than with a gun. Tomorrows terrorist may be able to do
more damage with a keyboard than with a bomb.(1)
Thus began the opening chapter of one of the foundation books in the computer security
field. This book, commissioned by the National Academy of sciences, was the product of
twenty-one experts in their field and was a proposed blueprint for future computer
security in the United States. In the six years since this was written, computers and
information technology has exploded. But most people, including those in the computer
field, believe the above statement to still be true.
The combination of two of the great fears of the late twentieth century are combined in
the term cyberterrorism. The fear of random, violent victimization segues well with the
distrust and outright fear of computer technology. Both capitalize on the fear of the
unknown. It is easy to distrust that which one is not able to control.
Terrorism, with its roots in the periphery of mainstream society, is feared. It is perceived
as being random, incomprehensible and uncontrollable. Groups with obscure names and
origins impact catastrophically on the innocent. It is, in fact, designed to be feared. That
is its real power.
Technology is feared from two perspectives. First, it is by definition arcane. It is
complex, abstract and indirect in its impact on individuals. Because computers do things
that used to be done by humans, there is a natural fear related to a loss of control. People
believe, that technology has the ability to become the master, and humanity the servant.
The popular press has further fueled the fires by hyping the concept of convergence.
According to the press, one is lead to believe that all of the functions controlled by
individual computers will all converge into a singular system. Further support for this
scenario is the increase in connectivity. Many people conclude that the entire world
will soon be controlled by a single computer system.
Ironically, these same people subjectively understand that since computers are products
of, and operated by, human beings, they are not reliable in either a mechanical or logical
sense. Certainly, there can be no doubt as to immense benefits from computer technology.
With any technology, be it telephones or automobiles, there are risks. Most risks can be
managed. It is the unmanageable risks that we fear. This paper will address what the
risks and possibilities are of combining terrorism and computers.
Definitions
Before we can discuss the possibilities of cyberterrorism, we must have some working
definitions. The word cyberterrorism refers to two elements: cyberspace and terrorism.
Another word for cyberspace is the virtual world. Barry Collin defines the virtual world
as symbolic - true, false, binary, metaphoric representations of information - that place
in which computer programs function and data moves.(2)
Terrorism is a much used term, with many definitions. For the purposes of this
presentation, we will use the United States Department of State definition:
litigious world. It is also likely that the taste of the altered product will be changed, and
not for the better. I submit that this may be possible, but the likelihood of success is
minimal.
Another commonly offered scenario involves the air traffic system. The worlds air traffic
control system is highly computerized. The terrorist either obtains control of the system
or alters the system in such a fashion that airplanes are flown into each other, resulting in
mass death.
This scenario requires that the entire human element and the structure of the rules
involving the control of aircraft are ignored(9). The computers used in the air traffic
control system do not control anything. They merely provide an aid to the human
controller. Even if he/she were deceived by the computer, there is other human beings in
the loop. A basic tenant in pilot training is situational awareness. From the first day of
training, pilots are taught to be aware of not only their location, direction and altitude, but
those of all other aircraft. Pilots routinely catch errors committed by air traffic controllers.
It is the spectacular human failures that result in aircraft collisions. Further, the rules of
the road for aircraft operations anticipate the complete failure of the air traffic control
system. In fact, the rules are designed to work where there is no air traffic control at all!
Thousands of flights are conducted each day in bad weather, around the world without
the benefit of an ATC system at all!
A similar scenario is proposed concerning the operation of a subway or train system.
Brief reflection will show that failures of the electronic and mechanical controls are
anticipated. That is why few of these systems are not manned. It should also be noted
that mechanical failures are much more common and catastrophic in nature and affect.
Conclusion
The current state of cyberspace is such that information is seriously at risk. The impact of
this risk to the physical health of mankind is, at present, indirect. Computers do not, at
present, control sufficient physical processes, without human intervention, to pose a
significant risk of terrorism in the classic sense. Therein rest two lessons.
The definition of terrorism needs to address the fundamental infrastructure upon which
civilization is increasingly dependent. A proactive approach to protecting information
infrastructure is necessary to prevent its becoming a more serious vulnerability.
As we build more and more technology into our civilization, we must ensure that there is
sufficient human oversight and intervention to safeguard those whom the technology
serves.
(1) National Research Council, Computers at Risk National Academy Press, 1991.
(2) Collin, Barry C., The Future of CyberTerrorism, Proceedings of 11th Annual
International Symposium on Criminal Justice Issues, The University of Illinois at
Chicago, 1996 http://www.acsp.uic.edu/OICJ/CONFS/terror02.htm
(3) United States Dept. of State, Patterns of Global Terrorism, Washington, DC, 1996
(4) Parker, Donn. Crime by Computer, Charles Scribners Sons, New York 1976
(5) Icove, David, et al. Computer Crime - a crimefighters handbook, OReilly &
Assoc., Sebastopole, California, 1995.
(6) Barrett, Neil, Digital Crime,Kogan Page Limited, London, 1997
(7) Power, Richard, Current and Future Danger, Computer Security Institute, San
Francisco, 1995
(8) Collin, Barry C., The Future of CyberTerrorism, Proceedings of 11th Annual
International Symposium on Criminal Justice Issues, The University of Illinois at
Chicago, 1996 http://www.acsp.uic.edu/OICJ/CONFS/terror02.htm
(9) Federal Aviation Administration, Instrument Flying Handbook, Government
Printing Office, 1980