Fighting Fear and the Future of Technology-Enabled Terrorism

Author(s): Alexander von Rosenbach

Source: Atlantisch Perspectief , 2021, Vol. 45, No. 3, 2001-2021 (2021), pp. 31-35
Published by: Stichting Atlantische Commissie

Stable URL: https://www.jstor.org/stable/10.2307/48638243

REFERENCES
Linked references are available on JSTOR for this article:
https://www.jstor.org/stable/10.2307/48638243?seq=1&cid=pdf-
reference#references_tab_contents
You may need to log in to JSTOR to access the linked references.

JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide
range of content in a trusted digital archive. We use information technology and tools to increase productivity and
facilitate new forms of scholarship. For more information about JSTOR, please contact support@jstor.org.

Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at
https://about.jstor.org/terms

Stichting Atlantische Commissie is collaborating with JSTOR to digitize, preserve and extend access
to Atlantisch Perspectief

This content downloaded from

132.174.249.175 on Mon, 23 Oct 2023 12:43:20 +00:00
All use subject to https://about.jstor.org/terms
 ANALYSIS

Fighting Fear and the

Future of Technology-
Enabled Terrorism Alexander von Rosenbach

In May 2021, the largest fuel pipeline in the United States was forced offline for nearly a week following a devastating
cyberattack. The attackers, a criminal gang called DarkSide, collected a hefty $4.4 million ransom payout from the
pipeline owners before normal operations were gradually restored.1 But the hack had much wider consequences, trig-
gering gas shortages and economic disruption across the US Southeast while exposing the soft underbelly of critical
national infrastructure in digitally enabled societies.

Curiously, in the days following the attack, DarkSide re-
leased a statement that said: “We are apolitical, we do
not participate in geopolitics… Our goal is to make money,
and not creating problems for society.”2 While the idea of
a criminal gang with a moral compass is fascinating, the
statement is also a warning. What if the attackers had
been pursuing a geopolitical aim and not a financial one?
What more damage could have been inflicted had fear and
social disruption been the intent rather than a byproduct
of the attack? How would the world have responded had
the headlines read: “ISIS launches devastating cyberat-
tack on US pipeline”?
extremists are difficult tasks considering how technolo-
gy is stitched into the fabric of our societies. It powers
our smartphones, guides our cars and planes, manages
our production lines and governs our energy networks.
Smart speakers sitting innocently in our living room are
dependent on artificial intelligence (AI) and machine-learn-
ing (ML) technology. The robot vacuum cleaners patrolling
our dirty floors – and perhaps soon delivering pizzas and
other goods to our front doors – represent the cheap and
plentiful nature of modern drone technology. The meat-
free hamburgers we eat3 and the medications we take4 are
created using commercial synthetic biology technology.

As mentioned by other authors in this issue, extremists
are well present online and in the cyber domain where they
mobilize supporters who might even end up using violence
or engaging in acts of terrorism. This article is focused on
how terrorist actors might use new technologies (or not).
AN EVER-EXPANDING ATTACK SURFACE
For policymakers and practitioners working in the field of
counter-terrorism, these questions are more than just ab-
stract counterfactuals. No one wants to repeat the “failure
of imagination” that haunts the post-9/11 national secu-
rity landscape.
To constantly assess technology trends and anticipate
how new technologies might be exploited by terrorists and
This explosion of technology-enabled modern conveni-
ences means that our attack surface – the number of
potential vulnerabilities in our society – is expanding ex-
ponentially. In parallel, many of these technologies are
getting cheaper as they mature and move from servicing
niche markets into wider commercial application. In short,
the ubiquity of technology puts us more at risk.
PRIORITIZATION INFORMED BY PRAGMATISM
The question for counter-terrorism professionals is, there-
fore, one of probability: how likely is it that terrorists and
extremists will act on one of these technology risks and
cause real harm? Moreover, given the myriad of dangers
facing society, how should such threats be prioritized?

Atlantisch perspectief 31
This content downloaded from
132.174.249.175 on Mon, 23 Oct 2023 12:43:20 +00:00
All use subject to https://about.jstor.org/terms
ANALYSIS

The largest fuel pipeline in the US was forced offline due to a cyberattack. The hackers asked for a 4.4 million dollar ransom payout. Depicted is a gas station in the US that
was out of gas and therefore had to close down due to the Colonial Pipeline cyberattack (photo Sharkshock / Shutterstock.com)

There is no easy answer, but it is perhaps helpful to eval-
uate the threat of a terror attack against – or exploiting
– technology by first stepping back to recall the broader
aims of terrorism as a practice.
While no universally accepted definition of terrorism ex-
ists, there is an academic consensus that terrorism is a
goal-driven activity, a “practice of calculated, demonstra-
tive, direct violent action without legal or moral restraints,
targeting mainly civilians and non-combatants, performed
for its propagandistic and psychological effects on vari-
ous audiences and conflict parties.”5 As a result, terrorism
is often a pragmatic enterprise, with attackers willing to
adapt and evolve their modus operandi as necessary in
pursuit of ‘demonstrative’ results.
The evidence suggests that in recent decades, despite
the tech boom, terrorists are not rapidly enhancing the
technical sophistication of their weaponry or targets. On
the contrary, a recent analysis of terror attacks in the West
from 2004 to 2019 identifies a trend towards “democra-
tisation of violence” and “the rise of inspired, unlinked,
low-capacity attacks” that employ rudimentary weaponry
such as guns, knives and vehicles.6 This is a pragmat-
ic choice, as these everyday objects are readily available
and impossible to regulate, while still effective enough to
garner shock headlines. Others view this evolution as an
intentional effort to create an omnipresent environment
of fear, where terrorist violence is “seemingly able to take
place anywhere, anytime, and to be carried out by virtually
anyone” and others can be easily encouraged to ‘follow
the example’.7
Taken together, these arguments suggest that while a
high-tech terror attack is certainly possible, the trend in
terrorist acts is towards a less sophisticated (and less
technologically enabled) practice that does not lose much
in the way of effectiveness. Does this mean we can stand
down – or at least scale down – our defense against high-
tech terrorists?
GRADING THREATS ON A CURVE
The rise in low-tech terrorism does not mean that terror-
ists refuse to experiment with advanced technology. It is
therefore important for national security policymakers and
practitioners to assess whether such experimentation
should be viewed as the precursor to a new wave of tech-
nologically enabled threats, or historical outliers soon to
be forgotten.
Here, it may be helpful to apply the framework of a violent
non-state actor (VNSA) technology adoption curve, first put
forward in 2019 by Daveed Gartenstein-Ross, Matt Shear
and David Jones.8 They argue that “VNSAs’ process of

32 Atlantisch perspectief
This content downloaded from
132.174.249.175 on Mon, 23 Oct 2023 12:43:20 +00:00
All use subject to https://about.jstor.org/terms
technological adoption typically follows an identifiable pat-
tern,” marked by early adoption (experimentation), itera-
tion leading to breakthrough, and ultimately competition
as countermeasures are developed (see Figure 1).
Figure 1: the VNSA technology adaption curve.
This approach to organizational learning and technologi-
cal innovation does not assume that every technological
experiment will lead to a breakthrough act of terror. But it
does give security professionals a tool to assist with early
recognition of emerging risks, as well as a better under-
standing of the urgency and seriousness of a particular
technology threat.
This framework can be used, for example, to contextualize
the October 2019 terror attack in Halle, Germany in which
the perpetrator sought to prove the viability of “improvised
guns” by using weapons with components produced using
commercial 3D printing technology. The attack killed two
people, but was generally considered a failure because the
attackers’ homemade weapons repeatedly jammed and
prevented further loss of life. Nonetheless, the novelty of
the use of 3D printing sparked widespread concern and
media speculation that the attack was “likely to spawn
a cottage industry of homemade weaponry disseminated
online. The technology will give terrorists easier access to
a spectrum of increasingly dangerous weaponry—and new
ways to evade government countermeasures.”9
The VNSA technology adoption curve does not eliminate
this as a possible outcome, but serves as a reminder that
while the underlying commercial technology is still maturing,
we should actually expect would-be attackers to experience
similar high-profile failures more than we should anticipate
high-profile successes. If the risk of failure acts as a prag-
matic deterrent to an attacker looking to commit a ‘demon-
strative’ act of violence, so too should it act as a caution
against public overreaction or overinvestment in counter-
measures targeting the use of 3D printing by terrorists.
Beyond 3D printing, other technologies have recently been
This content downloaded from
132.174.249.175 on Mon, 23 Oct 2023 12:43:20 +00:00
All use subject to https://about.jstor.org/terms
thrust into the spotlight as possible terrorist threat vec-
tors. Notably, amidst a spiralling cycle of damaging cyber-
attacks, the fear of cyber-terrorism is escalating. Addition-
ally, the COVID-19 pandemic has brought to life fears of
synthetic bioterrorism. How should these threats be as-
sessed?
CYBER-TERRORISM
The Colonial Pipeline ransomware attack mentioned ear-
lier demonstrates that sophisticated cyber threats can
cause real-world social and supply chain disruption. Sim-
ilarly, the SolarWinds cyberattack in 2020 – which affect-
ed a wide range of US government departments including
the Pentagon, National Security Agency and Department
of Homeland Security10 – shows that even highly sensitive
and well-defended digital networks can be compromised
by determined attackers.
However, both of these major attacks also serve as a re-
minder that cyberattacks to date have not had a spectac-
ular psychological impact. Frontpage stories about wide-
spread economic disruption or major leaks of sensitive
intelligence appear unable to generate the same ‘scare
factor’ as even a small-scale terror attack.
Several factors might explain this. Cyberattacks are often
highly technical affairs and the details are not easily un-
derstood by the general population, making them seem
more like “nerdy problems” than actual threats. Similarly,
as the (first order) effects of cyberattacks are generally
non-kinetic – meaning no one is hurt, no buildings are de-
stroyed, etc – they are perceived as more abstract threats
when compared to the very real and graphic acts of vio-
lence committed by terrorists. Finally, as the cyber defens-
es mounted by government and industry are invisible, indi-
viduals going about their day-to-day business do not feel a
security presence that reminds them to feel unsafe. We all
mindlessly complete two-factor authentication to access
our digital lives, yet when we walk through metal detec-
tors at the airport or our favorite concert venue, we are
confronted with a physical reminder that terrorists seek to
harm us in the places where we live, work and play.
Whatever the reason, detailed analysis of the history of
cyberattacks by terrorist organizations like Al Qaeda and
ISIS shows that while such groups might have aspirations
or even intent to launch destructive cyberattacks, they
have not acquired such capabilities despite decades of
opportunity and an increasingly target-rich digital society.11
SYNTHETIC BIOTERRORISM
While state-sponsored biological warfare has always been
of concern to the national security community, the rise of
(relatively) cheap and accessible gene-editing techniques
Atlantisch perspectief 33
ANALYSIS

Despite the tech boom, terrorists are not quick to enhance their weapons. Improvised explosive devices (IEDs) have been used as weapons in terrorist attacks for many years.
Depicted is a vehicle-borne improvised explosive device (VBIED), a weapon commonly used in terrorist attacks (photo: Flickr / Think Defence/ CC BY-NC 2.0)

has raised the possibility that we may be entering a new
age of bioterrorism. In this scenario, “smart terrorists”
could use commercially available tools and services to
weaponize existing viruses or even design new biological
agents with the goal of unleashing them into the general
population.12 The speed and scale of the COVID-19 global
pandemic has only heightened concern about this threat,
making it appear less and less like science fiction.
Research does affirm that biological weapons are becom-
ing “cheaper, easier to produce, more widely available,
within the capabilities of an increasingly large number of
people with access to minimal technical skills and equip-
ment, and more concealable dual-use technologies.”13 For
example, the CRISPR gene-editing system has become so
accessible that do-it-yourself kits can be purchased online
by amateur scientists.
Despite these advances, applying the VNSA technology
adoption curve framework to this technology makes clear
that an important ingredient is still missing: terrorist ex-
perimentation and adaptation. To be sure, bioterrorism is
a real threat – the Japanese cult Aum Shinrikyo tried (un-
successfully) to weaponize botulinum toxin and anthrax
in the 1990s, and in 2001 a bioterrorism attack using
anthrax killed five people in the US. However, there are no
indications in open sources that terrorist groups or radi-
calized individuals have been readily experimenting with
synthetic biology technology.
In fact, the idea of the “smart terrorist” oversimplifies the
level of technical sophistication and resources – think lab
facilities, ingredients, storage facilities, etc – that are still
needed to produce a deadly pathogen, scale up produc-
tion, and then marry it to a separate technology for mass
dissemination.14 These present pragmatic and practical
restrictions on the threat of synthetic bioterrorism. More-
over, as COVID-19 has demonstrated, biological threats to
humanity do not stay neatly within national, ideological or
ethnic boundaries. As such, an act of synthetic bioterror-
ism is perhaps less appealing for those whose goal is to
cause fear and disruption in specific populations.
PROPORTIONALITY IS KEY
The unifying lesson from the two case studies above is
that it is difficult for the counter-terrorism community to
keep up with the imaginations of would-be terrorists, par-
ticularly as innovative technologies continue to migrate
from niche uses to mainstream.
Frameworks like the VSNA technology adoption curve can
help assess the trajectory and probable threat posed by
modern technology in the hands of terrorists. However, just
as terrorists tend towards pragmatism, we also need to

34 Atlantisch perspectief
This content downloaded from
132.174.249.175 on Mon, 23 Oct 2023 12:43:20 +00:00
All use subject to https://about.jstor.org/terms
be pragmatic in acknowledging the
old adage that the defender needs
to be lucky always while the attack-
er needs to be lucky only once. If
we accept that experimentation is
a natural part of the evolving terror
threat, we must also accept that
no amount of prevention, prepared-
ness or countermeasures will elim-
inate the risk of cyberterrorism or
other technology-enabled attacks.

If terrorists do catch us off guard

by employing new or emerging
technologies, our challenge as a
society will be to avoid overreac-
tion. In such scenarios, it is easy
to foresee fiery debates about the
use of force against cyberterror- The framework of a VNSA technology adoption curve can be applied to the 2019 terror attack in Halle, Germany, where
ists operating with impunity from the attacker used 3D printing technology to fabricate his weapons. Depicted is the cemetery wall of the synagogue in
third countries, or the introduc- Halle, Germany, after the terrorist attack (photo: ArTono / Shutterstock.com)
tion of new legislation to regulate
commercial innovation in the biotechnology sector. Terror Thus, even when facing the technologically enabled terror-
attacks leveraging drones, funded by crypto-currencies, ists of the future, we have a responsibility to ensure our
or powered by some form of artificial intelligence – oth- legal, military and social responses are not only forceful
er emerging technologies not discussed in this article – but also proportionate to threat we face.
would spark similar confusion about how to respond.

Alexander von Rosenbach is the Interim Director of the International Centre

This will remain a difficult line to walk. But, over the last
for Counter-Terrorism – The Hague (ICCT)
20 years, we have learned the hard way that dispropor-
tionate reactions to terrorism do not make us safer over Would you like to react?
the longer term, as is also argued by Martijn Kitzen in his Mail the editor: redactie@atlcom.nl.
piece in this special issue on extremism and terrorism.

1. Wall Street Journal, ‘Colonial Pipeline CEO Tells Why He Paid
Hackers a $4.4 Million Ransom’, (19 May, 2021). https://www.
wsj.com/articles/colonial-pipeline-ceo-tells-why-he-paid-hackers-a-4-
4-million-ransom-11621435636
2. CNBC, ‘Here’s the hacking group responsible for the Colonial
Pipeline shutdown’, (10 May, 2021). https://www.cnbc.
com/2021/05/10/hacking-group-darkside-reportedly-responsible-
for-colonial-pipeline-shutdown.html
3. Forbes, ‘Animal-Free Beef Was Just A Start. Synthetic Biology Is Set
To Bring Us Dairy, Egg Products And More’, (22 July 2019). https://
www.forbes.com/sites/johncumbers/2019/07/22/impossible-ice-
cream-anyone/?sh=19dad5647b02
4. Trosset JY and Carbonell P, ‘Synthetic biology for pharmaceutical
drug discovery’, Drug Des Devel Ther 9 (2015), 6285–6302.
5. Schmid A, ‘The Revised Academic Consensus Definition of
Terrorism’, Perspectives on Terrorism, vol 6, no. 2 (2012). https://
www.universiteitleiden.nl/binaries/content/assets/customsites/
perspectives-on-terrorism/2012/issue-2/the-revised-academic-
consensus-definition-of-terrorism--alex-p.-schimid.pdf
6. Bergema R & Kearney O, ‘An Analysis of the Democratization of the
Terrorist Threat in the West’, ICCT Journal (2020). https://icct.nl/
app/uploads/2020/05/An-Analysis-of-the-Democratisation-of-the-
Terrorist-Threat-in-the-West.pdf
7. Renard T, ‘Fear Not: A Critical Perspective on the Terrorist Threat
in Europe’, Egmont Institute (2016). http://aei.pitt.edu/86893/1/
SPB77.pdf
8. Gartenstein-Ross D, Shear M & Jones D.A., ‘Virtual Plotters.
Drones. Weaponized AI?: Violent Non-State Actors as Deadly Early
Adopters’, Valens Global (2019). https://valensglobal.com/virtual-
plotters-drones-weaponized-ai-violent-non-state-actors-as-deadly-
early-adopters/
9. Wall Street Journal, ‘3-D Printing the Future of Terrorism?’ (25 Oct,
2019). https://www.wsj.com/articles/is-3-d-printing-the-future-of-
terrorism-11572019769
10. New York Times, ‘As Understanding of Russian Hacking
Grows, So Does Alarm’, (03 Jan, 2021). https://www.nytimes.
com/2021/01/02/us/politics/russian-hacking-government.html
11. Jayakumar, S ‘Cyber Attacks by Terrorists and other Malevolent
Actors: Prevention and Preparedness’, Handbook of Terrorism
Prevention and Preparedness (2021). https://icct.nl/app/
uploads/2021/05/Handbook-ch-29-Jayakumar-Cyber-Attacks-by-
Terrorists-and-other-Malevolent-Actors.pdf
12. Nature, ‘How machine learning could keep dangerous DNA out
of terrorists’ hands’, (31 Jan, 2019). https://www.nature.com/
articles/d41586-019-00277-9
13. Kosal M, ‘Emerging Life Sciences and Possible Threats to
International Security’, Orbis, vol. 64 no. 4 (2020), 599–614.
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7515815/
14. Jefferson C, Lentzos F & Marris C, ‘Synthetic biology and
biosecurity: challenging the “myths”’ Frontiers in Public Health
(21 Aug 2014). https://www.frontiersin.org/articles/10.3389/
fpubh.2014.00115/

Atlantisch perspectief 35
This content downloaded from
132.174.249.175 on Mon, 23 Oct 2023 12:43:20 +00:00
All use subject to https://about.jstor.org/terms