Until now, I have tried to give a rather broad outline of our vulnerability with regards t ocomputers, and I hope that I have have convinced you that we are sitting on a bomb. It is time, now, to determine if a terrorist organization could to use computer either as arms, or as targets, with an aim of continuing its fight, usually carried out by bombings or removals.
In January 1995, a conferecne was held in Montreal 14 on information warfare, that brought together Canadian, American and European soldiers, as well as representatives of the FBI and Canadian Service of Information and Security. One of the topics of discussion was the attack of New York's World Trade Center, in February 1993. This attack, which at first seems to have nothing to do with the conference's subject, can be regarded as one of the first acts of computer terrorism. There were less material damages than "virtual" ones. Thousands of firms were unable to connect their computers to the rest of the world for many days. According to studies, this situation generated losses evaluated at more than 700 million dollars, during the first week! [VOIR1] [SZAFR1]
Let's define, the concept of "computer terrorism". Since this subject is not treated as such in literature, I propose two definitions:
It is possible to carry out three types of actions against an information system, a physical, syntactic or semantic attack [GARIG1]
After having listed a large number of weaknesses in information processing systems, and to having shown how easily it is possible to introduce chaos even from remote location, it is interesting to wonder why have terrorist computer attack not yet occured ? 15
If we look at the last wave of terrorist attacks in France (1995), carried out by Islamistes Algerian of the GIA (Armed Islamic Group) an answer may be that these groups rejecting the westernization of their country, reject consequently associated technology, and are thus not able to effectuate computer terrorism. Moreover, and I believe that it is the principal reason, disproportion of the means to implement computer terrorism results in the fact that terrorist groups remain confined to traditional method.
According to the theory of the class 3 information warfare, this type of conflict requires much less human and financial resources than a conflict with "traditional" weapons. this is the case because the cost of modern conflicts are very expensive, but, if we look at the absolute value of the investment for terrorism, the result/cost ratio is strongly against computer terrorism, compared to "traditional" terrorism.
If we take the case of a tiny terrorist group, it is able,with a small account of financial and logistical support, to carry out some home-made bombs and to create panic accross a country 16. In the case of the attack to the administrative building of Oklahoma City, in April 1995, the home-made bomb made of fertilizers, causied the death of nearly 100 persons, was aparently the act of a single terrorist! In these two cases, with the same investment, it would have been impossible to them to produce the same psychological effect with computer attacks.
Computer terrorism must be seen as an act similar to an act of war.It needs to be effective to establish a long-term strategy and to have control of very large number of factors. Hacking of computer systems (many different) in a perfectly synchronized way, as well as the infiltration of agents in various companies with an aim of inserting Trojan horses or back doors, is a long-term job.
This kind of terrorism does not lend itself to reprisals following a precise event such as arrests or the assassination of a movement leader, except if the possibility had been envisaged a long time in advance.
The ideal framework for the use of such weapons is the prelude
to a war, a kind of "electronic Pearl Harbor" 17
. It is currently one of main fears of the people in charge of
American defense. As the United States has a strong interventionist
policy (cops of the world ), a country deciding to attack its
neighbor (ally of the USA) would have an interest to initially
conduct a computer attack against the USA, before dealing with
its genuine target 18.
As a plan of invasion is not hastily established, it is conceivable
to include a plan in order to first neutralize any response coming
from interventionists country such as the USA or France.
As we are now at the end of this document, it is time to answer the question that I asked at the beginning: "Computer Terrorism: What are the risks? ".
After having made this broad study, my opinion is that from the point of view of terrorist threats that Western countries have already encountered, there will not be a change to computer terrorism in the near future. On the other hand, movements such as the American militia, or the drug cartels who have embraced new technologies and who are thus completely immersed in the information society, are lmore ikely to carry out an offensive in Cyberspace.
From the military point of view, I am of the opinion that a scenario of the type of those used in simulation by the American army is very plausible. It would be suicidal for any dictator such as Saddam Hussein at the present time to conceive a major offensive without benefiting of the advantages from the principal Achilles' heel of the Western civilization: information systems.
At present, information warfare worries the Western governments
and they are taking measures in order to avoid being an easy target.
However, the task to be achieved is colossal. to just secure military
systems one will already need years and millions of dollars, without
even touching civilian infrastructures.
Previous page
Notes
Bibliography
Contents
Lexicon
Please, send your comments to
Patrick Galley (Patrick.Galley@theoffice.net)
Last updated: July 1, 1998