An area of growing international concern in the world of cyber is the terrorist threat. It’s an interesting ecosystem for sure. Traditionally, terrorist organizations were considered to be low-tech with basic skills in cyber security and information technology in general. But, as these groups grow and assume a semi-military structure and discipline, they meet a growing need in their IT and cyber skills for multiple reasons:
- A need to streamline their internal operations with a more sophisticated infrastructure
- A desire to make better use of online resources for propaganda and recruitment
- The need to maintain their own operational security
This presents defense contractors with opportunities to develop and maintain cyber intelligence collection and lawful interception systems, particularly for gaining access to suspected devices and networks and also for the analysis of captured data. None of these developments on the part of terrorists has constituted a specific cyber threat, but this is about to change.
Expanding an arsenal of asymmetric weapons and tactics
As these organizations become more established they also look to expand their arsenal of asymmetric weapons and tactics that allow an organization to inflict significant damage on its adversaries that is potentially beyond what it can inflict in conventional military confrontation.
Using cyber attacks, terrorists will select targets that will enable them to inflict significant physical or moral damage---this will include critical infrastructure such as energy production or communications. The assumption is that terror organizations will be able to launch cyber operations in the very short term. The most significant resource that most terror organizations currently lack to carry out cyber operations is sufficiently skilled individuals, but – again – this is also changing.
Setting up a cyber operation initially entails a couple of individuals with computers; and if these individuals know what they're doing, then over a relatively short amount of time they can establish a high-impact cyber operation. So, this talent shortage is something we can expect to change in the near future. We are seeing a global trend of significant proliferation of talent and knowhow from nation state actors into the private sector.
There are also a growing number of operators in the fields of cyber crime and industrial espionage who are developing their Tools, Techniques and Procedures (TTPs) in operational security to a high level. There’s still a gap between a talented individual joining a cyber crime or industrial espionage group which, in most cases, is driven by personal gain; and joining a terrorist group which, in most cases, is driven, at least in part, by ideology. But these boundaries become more gray every day, especially working for, or being recruited by, some of the more well-established terror groups.
Recruiting skilled operators
There has also been a growing trend for radicalization to lead people into sympathizing with the goals of certain terror organizations. As nation states scale their cyber operations and train individuals to carry them out we can expect to see an accelerated proliferation of skilled operators. Recruiting such individuals gets a terrorist group a long way down the road to mounting a cyber attack. It often doesn’t take a lot to create a high-impact cyber operation. Even among asymmetric weapons, it’s something that doesn’t require a lot of resources. If you have the right individual with a computer they can create the next generation of an advanced persistent threat (APT) [a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period].
It doesn’t need to be the same individual who gains access to a network as the one who pushes the button – or clicks it – to launch the attack. In the face of this growing threat nation states should concentrate more on protecting critical infrastructure, the ‘soft underbelly’’ of any technologically developed society. This is a significant area where defense contractors can contribute. Nation states invest heavily in protecting their classified networks and weapon systems; but, as it relates to critical infrastructure, it’s often done by private organizations.
What we're seeing is that government regulation and guidance on it are partial and lacking in the majority of nation states while in other nation states they're almost non-existent. Recent events demonstrate a growing global cyber threat to which terrorism adds a new dimension – and it is one to which the whole defense industry must respond, providing an opportunity for defense contractors and for critical infrastructure organizations to improve.