Finding proof that terrorists plan to launch cyberattacks against the U.S. is difficult, but the accessibility and vulnerability of the Internet to attack makes it a growing threat.
Finding proof that terrorists plan to launch cyberattacks against the United States is difficult, but the accessibility and vulnerability of the Internet to attack makes it a growing threat.
'The time may be approaching when a cyberattack may offer advantages that cause terrorists to act, even if the probability of success or level of effectiveness is unknown,' according to the Congressional Research Service.
This and other conclusions are included in a recent CRS report, titled Terrorist Capabilities for Cyberattack: Overview and Policy Issues, released by the Federation of American Scientists.
Terrorists are using the Internet today to recruit new members, the report states. While it is highly likely that terrorist organizations are using cybercrime to finance their activities, the threat is expanding beyond credit card fraud and identity theft.
'An emerging area of concern is the involvement of terrorist groups in counterfeiting of intellectual property, which can be even more lucrative than drug trafficking,' the report warns. 'In other areas, where criminals and terrorists work together to move money internationally, members of terrorist groups may be given special training in computer software, or in engineering, to facilitate communications through the Internet.'
The CRS report outlines the fragmented nature of the federal response to potential cyberattacks, pointing to responsibilities dispersed among the Homeland Security and Defense departments, the FBI and the intelligence community.
The report raises questions for Congress to consider with regard to private-industry responsibilities for protecting the computer infrastructure. Among them:
- Should vendors of computer products be required to quickly report all serious, newly discovered product vulnerabilities to DHS?
- Should computer service providers or businesses be required to report to DHS any major security vulnerabilities that have been newly exploited by cybercriminals?
- Should there be penalties if an organization has a poor security policy that contributes to a major loss of sensitive information?