"Information warfare, in any future conflict will give weaker nations, who do not possess the conventional military strength to win a war, an opportunity to wage an asymmetric war. The day is not far when hired mercenary hackers will carry out remote attacks using viruses, worms or logic bombs on an adversary nation's computer systems. Probably tomorrow's terrorist would be able to do more harm with a mouse and a modem than with TNT and RDX."
Future wars are likely to be all encompassing, perpetually ongoing conflicts . The distinction between peace and war will be blurred as not all military operations in future may be violent and physically destructive . Since the aim will be to subdue the enemy without fighting , non violent operations to cripple a society and to deny it the ability to wage war , may be launched to wreck its information grids and systems , banking and telecom systems , transportation and traffic control systems, power grid and computer networks , even during seemingly peaceful interludes . At the core of new military doctrine for fighting third wave wars will be the concept that the control and manipulation of information and widespread knowledge of the enemies military , industrial, diplomatic , political, civic and cybernetic assets , will be essential prerequisites for success .
Information and Information Technology (IT) are the key drivers of the Information Age, also referred to as the post industrial society. The Information Age has ushered in, a knowledge-based industrial revolution. The businesses in this era are networked and use IT to survive in a highly competitive environment. Globalization is the order of the day. It refers to the increasingly close economic ties among countries. IT can in several ways be considered as the infrastructure of the ongoing globalization process. IT is crucial for fast-moving global environment, and does also provide important implications for cultural globalization, through facilitated communication and thereby shortened distances between individuals. IT can form an important part as an instrument for uniting people across borders, organizing protests and in the longer run bringing about political change. Further, IT enables citizens to form political and ideological constellations outside of the existing political structures.
Through out the history of mankind, major technological inventions have brought about fundamental changes in our thought and outlook and spawned different ages. The organization of the 21st century is expected to be a learning organization, networked with completely decentralized methods of working and empowered work force with totally new reengineered work process. The information age is characterized by the extensive use of global communication networks which involves convergence of computers and communication networks. Computer systems are an essential part of the critical infrastructures that drives our economy, including telecommunications, financial services, health care, banking, government offices, commerce, production, and armed forces.
The free flow of information which is enabled by the internet without any geographical and national barriers comes forth with a myriad security and privacy problems. This free flow of information offers to individuals the democratic freedom and liberties on the Internet which can certainly be misused in criminal and anti-democratic purposes. The near total dependence of developed societies on computers makes them vulnerable to disruption and spread of terror. When countries or groups of individuals initiate disruptive activity against a nation's information technology (IT) infrastructure, it is called cyber terrorism.Bottom of Form
One such example are the 2007 attacks on Estonia (also known as the Estonian Cyberwar) refers to a series of cyber attacks that began April 27, 2007 and swamped websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country's row with Russia about the relocation of the Bronze Soldier of Tallinn, an elaborate Soviet-era grave marker, as well as war graves in Tallinn.[ Most of the attacks that had any influence on the general public were distributed denial of service type attacks ranging from single individuals using various low-tech methods like ping floods to expensive rentals of botnets usually used for spam distribution. Spamming of bigger news portals commentaries and defacements including that of the Estonian Reform Party website also occurred. Some observers reckoned that the onslaught on Estonia was of a sophistication not seen before. The case is studied intensively by many countries and military planners as, at the time it occurred, it may have been the second-largest instance of state-sponsored cyber warfare, following Titan Rain.
The attacks triggered a number of military organisations around the world to reconsider the importance of network security to modern military doctrine. On June 14, 2007, defence ministers of NATO members held a meeting in Brussels, issuing a joint communiqu promising immediate action. First public results are estimated to arrive by autumn 2007.
Another example is during the 2008 South Ossetia war a series of cyber attacks swamped and disabled websites of numerous Georgian, Russian, South Ossetian and Azerbaijani organisations.On 5 August 2008, three days before Georgia launched its invasion of South Ossetia, the websites for OSInform News Agency and OSRadio were hacked. The OSinform website at osinform.ru kept its header and logo, but its content was replaced by a feed to the Alania TV website content. Alania TV, a Georgian government supported television station aimed at audiences in South Ossetia, denied any involvement in the hacking of the websites. Dmitry Medoyev, at the time the South Ossetian envoy to Moscow, claimed that Georgia was attempting to cover up information on events which occurred in the lead up to the war. 6. One such cyber attack caused the Parliament of Georgia and Georgian Ministry of Foreign Affairs websites to be replaced by images comparing Georgian president Mikheil Saakashvili to Adolf Hitler. Other attacks involved denials of service to numerous Georgian and Azerbaijani websites, such as when Russian hackers allegedly disabled the servers of the Azerbaijani Day.Az news agency. The governments of Estonia, Ukraine, and Poland offered technical assistance and mirrored web pages for Georgian websites to use during the attacks.While Day.Az claimed that Russian intelligence services conducted the denial-of-service attacks (DDoS) on Georgian informational and governmental websites through a proxy in this period, the Russian government denied the allegations, stating that it was possible that individuals in Russia or elsewhere had taken it upon themselves to start the attacks. Others] asserted that the St. Petersburg-based criminal gang known as the Russian Business Network (RBN) was behind many of these cyber attacks on Georgian and Azerbaijani sites, as it was for the attacks on Estonia in 2007.
Tony Skinner, Feature's Editor of Jane's Defence Weekly, commented on cyber security: " While most probes into government networks are more of an annoyance in nature, the possibility of a concerted cyber attack against critical physical infrastructure has become a key concern.In recent years the US Department of Defense has become increasingly focused on such vulnerabilities and the threat of denial of service attacks against critical government networks. This was experienced by Estonia in May 2007." Skinner continued: "Under the current administration, the White House has established a major cyber security initiative, which has proposed a series of projects worth more than $17 billion, according to a recent Senate Armed Services Committee report, to secure government networks. In addition, the US Air Force has established a new Cyber Command as part of the military's effort establish control and fight in the cyberspace domain. USAF officials have said the establishment of the Cyber Command was not only intended to be defensive in nature but would also explore the use of cyber warfare as an alternative or complement to kinetic weapons."Following the denial of service attacks on Estonian government websites last year, NATO established a cyber security centre of excellence in Tallin.
Cyber terrorism comes naturally with the advent of Information Age as it provides remote operation and is anonymous; it is a low cost option which can give massive media attention due to its wide access. It is difficult to confront due to the difficulty of determining sponsors of the perpetrators. The terrorists have often resorted to political violence when they lack the power to achieve political objectives through non-violent legal means. In a legal sense, cyber terrorism can be the intentional abuse of a digital information system, network, or component toward an end that supports or facilitates a terrorist campaign or action. Some of the recent use of this tool was displayed when in April 2000 in Australia, apparently a disgruntled former employee attacked on control centre for wastewater treatment then in Oct 2002 top level domain server DOS was attacked which disabled 8/13 root name servers by apparently a simple ICMP packet flood. The infrastructure networks are vulnerable to cyber-terrorism, the 2003 power blackout in NE Canada, US is a case in point. These threats can not only be to the networks but also the infrastructures itself which are vulnerable to physical attacks; the most daring one was the 9/11 attack on the world trade centre. Cyber terrorism thus, is the nexus between criminal information system fraud or abuse, and the physical violence of terrorism. The more we get interconnected, the more dependent we become on networks, the greater is the vulnerability to cyber assault and cyber terrorism. Worldwide governments have realized that information networks are vulnerable to terrorist attacks and hackers from other countries.
The question is will this threat of cyber terrorism have any effect on globalization and the global economy? There are varied views for example post 9/11 attacks to prevent future terrorist attacks, the United States and other countries will almost certainly impose tighter security measures on air travelers, imported goods, immigration, and information flows this would create long lines at airports, people might decide to travel less.. Similarly, if millions of containers of imported goods are examined carefully the cost of imported goods could rise. That could slow the pace of globalization. Moreover, insurance premiums will rise in the United States and abroad to cover the potential cost to businesses of future terrorism; the Morgan Stanley financial services firm estimates that commercial insurance premiums in the United States will rise by perhaps 50 percent. These higher insurance premiums will raise the cost of doing business. For both reasons, the added cost of security and the added cost of insurance, the price of airfares and other traded goods and services will rise, which in turn will reduce the living standards of ordinary consumers as well as the volume of trade and travel. In effect, economists say, terrorism imposes a tax on globalization. The question is how much of a tax? Some economists say it might actually not be that burdensome. Most traded goods travel by sea, and shipping costs have so far risen little. Moreover, insurance premiums account for a relatively small part of the prices of consumer goods. However terrorist use the cyber space to spread terror for either their personal gain or may use it as a tool in alliance with any nation to further their political objectives. Cyber terrorism has emerged as very potent weapon that can be used as a tool of information warfare to achieve a political or a military aim and the economic systems and infrastructures are strategic targets to achieve this aim.
World today is concerned as global economies are becoming more and more vulnerable to cyber attacks and active measures are being contemplated by governments and private corporations to safeguard their infrastructures. Hence in this research work, it has been endeavored to study the threat of cyber terrorism in the context of Global Economy and to suggest a mitigation strategy to minimize vulnerability to attacks which could lead to total paralyses of an economy.
"Danger - and the threat of danger - can be an incredibly powerful catalyst for a process of innovation and adaptability to gain and maintain a competitive edge."
To anlayse the threat of cyber terrorism to global economy.Hypothesis
It is hypothesized that there is threat to Global Economy and there is some mitigation strategy existing to counter it. Justification of the Study
Due to the vast and open nature of cyberspace, we would find it extremely difficult to defend ourselves from cyber terrorism attacks. Thus it is imperative for us to look deeper into the issues in cyber terrorism and understand them well in order for us to protect our nation's, businesses' as well as our personal interests from cyber attacks.Cyber terrorism is gaining tremendous attention nowadays especially those from the public and private sectors as it is realised how disastrous the impact of cyber terrorism could be and thus it is very important to increase awareness on the subject in order to mitigate the threats posed by cyber terrorism more efficiently. In order to defend ourselves from cyber terrorists, we will need to identify who they are in the first place. The threats of cyber terrorism can be inflicted by anyone with hostile intents that has access and knowledge of utilizing cyber capabilities such as amateur and professional hackers, disgruntled employees, cyber criminals, cyber terrorist groups and others.
Realising the threat, the United States has taken various measures to protect its national infrastructure such as US Commercial Encryption Policy, 1996, Presidential Decision Directive 63, 1998. These measures were taken out of fear of large scale failure of computer system associated with Y2k,but after the September 11 attacks a deeper thought needs to be given to this threat; hence the importance of this study.Scope of the Study
This study is concentrated on identifying the dependency of global economy on IT and vulnerability of Private Corporations to cyber terrorism and mitigation strategy to counter the same. It proposes to suggest some measures to be taken as safeguards by private corporations and government financial institutes.
Methods of Data Collection
The major source of information for this study has been from the Internet. A few books that were available in the DSSC library have also been consulted. Reports and updates online by the 'Economic Times' and 'Daily Information Week' were subscribed for. Besides, extracts of lectures by renowned speakers on the subject such as Maj Gen Yeshwant Deva have been referred to. Also an interview with Commander (IN) V Srivastava, Specialist in Cyber Security, HQ IDS, New Delhi proved to be very helpful (Refer Appendix A).
This study was undertaken in a systematic approach which was supported by the experience of the technical officers from Corps of Signals and EME whose guidance was valuable in the research on the subject. The flowchart of the stages in the research of this dissertation is as given at Appendix B attached.
Organisation of the Dissertation
- Col GS Lamba, "Cyber Terrorism", An article written in Army War College Journal, March 2003.
- Col Gurmeet Kanwal, "Cyber Warfare: War in Megamedia Age" An article written in Indian Def Review Journal, Oct-Dec 98.
- Kamlesh K Bajaj &Debjani Nag ,E-Commerce: The Cutting Edge of Business Published by Tata McGraw-Hill Publishing Company Ltd, New Delhi, Fourth Reprint 2000.p.7
- From Wikipedia the free encyclopedia http://www.wikipedia.com
- From Wikipedia the free encyclopedia http://www.wikipedia.com 2008 South Ossetia war
- Comment from Tony Skinner, Jane's Defence Weekly Features Editor on Cyber Security - http://www.janes.com
- Dr Charles P Pfleeger, OWASP Foundation, More Than Meets the Eye, OWASP ,AppSec, Europe, April 2005, http://www.owasp.org.
- Council of Foreign Relations, Terrorism Questions &Answers.
- Kamlesh & Debjani. op.cit., pp. 424
- Kamlesh & Debjani. op.cit., pp. 435