HostedDB - Dedicated UNIX Servers

-->
Handbook of Information Security Management:Policy, Standards, and Organization

Previous Table of Contents Next


The Results of Terrorist Actions

Acts of terrorism tend to increase security efforts. It may cause the government to decrease the freedom of its citizens to protect them. This, in turn, may cause more citizens to turn against the government, thus supporting the terrorists. It also causes citizens to become aware of the terrorists and their demands.

The beginning of this trend can be seen in the U.S. Americans are willing to give up some of their freedom and privacy to have more security and personal protection. Examples include increased airport security searches and questioning of passengers.

Terrorists cause death, damage, and destruction as a means to an end. Sometimes, it may cause a government to listen, and it may also cause social and political changes. Current terrorist targets have included transportation systems, citizens, buildings, and government officials.

Terrorists’ Technology Threats

Today’s terrorists are using technology to communicate and to commit crimes to fund their activities. They are also beginning to look at the potential for using technology in the form of information warfare against their enemies. It is estimated that this use will increase in the future.

Because today’s technology-oriented countries rely on vulnerable computers and telecommunications systems to support their commercial and government operations, it is becoming a concern to businesses and government agencies throughout the world. The advantage to the terrorist of attacking these systems is that the techno-terrorist acts can be done with little expense by a few people and yet cause a great deal of damage to the economy of a country. They can conduct such activities with little risk to themselves, because these systems can be attacked and destroyed from a base in a country that is friendly to them. In addition, they can do so with no loss of life; thus not causing the extreme backlash against them as would occur had they destroyed buildings, causing much loss of life.

These are some actual and potential techno-terrorist actions:

  Terrorists, using a computer, penetrate a control tower computer system and send false signals to aircraft, causing them to crash in mid-air or fall to the ground.
  Terrorists use fraudulent credit cards to finance their operations.
  Terrorists penetrate a financial computer system and divert millions of dollars to finance their activities.
  Terrorists bleach $1 bills and, by using a color copier, reproduce them as $100 bills and flood the market with them to destabilize the dollar.
  Terrorists use cloned cellular phones and computers over the Internet to communicate, using encryption to protect their transmissions.
  Terrorists use virus and worm programs to shut down vital government computer systems.
  Terrorists change hospital records, causing patients to die because of an overdose of medicine or the wrong medicine. They may also change computerized tests and alter the results.
  Terrorists penetrate a government computer and causes it to issue checks to all its citizens.
  Terrorists destroy critical government computer systems processing tax returns.
  Terrorists penetrate computerized train routing systems, causing passenger trains to collide.
  Terrorists take over telecommunications links or shut them down.
  Terrorists take over satellite links to broadcast their messages over televisions and radios.

Some may wonder if techno-terrorist activities can actually be considered as information warfare. Most IW professionals believe that techno-terrorism is part of IW, assuming that the attacks are government sponsored and that the attacks are done in support of a foreign government’s objectives.

DEFENDING AGAINST INFORMATION WARFARE ATTACKS

To defend against information warfare attacks, the information systems security professional must be aggressive and proactive. Now, as in the past, the basic triad of information security processes are usually installed:

  Individual accountability.
  Access control.
  Audit trail systems.


Previous Table of Contents Next