Cyber terrorism, a term coined by the media rather than security agencies, is one of the apocalyptic scenarios portrayed by fiction writers and movie producers on a regular basis. The story of a teenager bringing an entire nation to its knees with a computer and internet connection not only inflicts terror and awe in general public, it also fuels a lot of misapprehension feeding on the natural fear of unknown technology. While it would not be advisable for any national security outlook to discount cyber terrorism completely, the threat must be kept in perspective.

As communications technology becomes more pervasive and integrated into the national economy and infrastructure, providing security to it and preventing its abuse obviously becomes a national security concern. There are several ways that a terror group can use the internet to inflict economic or morale damage to a nation and perpetrate cyber terrorism.

One such way is by attacking economic and government communication networks. Theoretically, a cyber terrorist aiming to attack communication networks like government websites and telecom networks can do so. Ranging from defacing a website to denial of service (DoS) attacks, such attacks can vary in damage from minor embarrassment to catastrophic financial losses. But in practice, mounting such attacks requires far more superior technical knowledge than what can be achieved from studying the matter on internet and common public resources. Further, many such attacks are not even possible with just a common PC. They may require much higher processing power and computer hardware. Therefore, while defacing a 'nic.in' website might be comparatively easy, stealing internal emails of government departments is more difficult and crashing the systems of the Reserve Bank of India (RBI) greatly more so.

The fact remains that though there have been instances of viruses and DoS attacks that have amounted to several billion dollars of losses, all of them were mounted by 'hacktivist' groups rather than terrorists and had no political motive behind them. Moreover, all these attacks resulted in loss of digital data, at worst, not any physical damage.

Another worst-case scenario often portrayed in the media is of cyber terrorists attacking critical infrastructure such as gaining control of air traffic control or a dam and causing catastrophic physical damage to property and lives. While conceding the fact that anything is possible in digital world, chances of such scenarios, it is argued by many experts, extremely small.

In the second week of August 2008, as the Russian military began entering Georgian territory, Russian hacker groups also mounted a comprehensive attack on the Georgian government network. Within two days, many Georgian government websites had crashed forcing the countrys Foreign Affairs office to host their website (mfa.gov.ge) on a Google blogging service. What must be noted here is that while Russian information warfare experts could bring down or deface many government sites, there was not a single case of them gaining control of Georgian infrastructure.

A better way to look at the problem would be to consider that in any large system, be it a public utility, aviation control or railway traffic administration, component failure is a regular phenomenon. Server crashes, communication lines jams, power failure and so on often happen, on their own. Therefore, all these systems have robustness features, back-ups, and alternate sub-systems to ensure that there are no choke points, which on failure can bring the whole system down. This factor, while not completely eliminating the possibility of a successful cyber attack, reduces it to minimum.

Using the internet for information dissemination, propaganda and recruitment is possibly the most dangerous aspect of cyber terrorism. Instead of thinking obtusely about how to inflict damage to the system through hacking, terrorists are using internet in its most obvious form as a tool of information dissemination. Today, the internet is full of videos and detailed manuals of how to build do-it-yourself (DIY) bombs, flame throwers, mechanical weapons and so on.
 

Moreover, the internet allows terrorists to hide from the public view while continuing their operations. One of the weakest links, that has always helped investigative agencies to track and capture terrorist rings, has been their inter- and intra-communications and recruitment of new members. Today, terrorists, shielded by easily available encryption methods and general anonymity provided by the internet, can overcome this weak point, making the job of investigative agencies much harder.

In conclusion, while the threat of cyber terrorism in terms of hacking, viruses and cyber attacks remains real, it is less serious than it is perceived to be. For a terrorist, a simple cost-benefit analysis would make clear that an IED, built with much less technical know-how, has a much larger impact than bringing down government networks. However, a much more pertinent and significant threat which is often ignored, is the help terrorists get from internet to make their operations easier, global and hence more effective. The internet is a tool that can be used to increase productivity and this could well refer to how much destruction can be caused in the world.