Ways Of Regulating And Preventing Cyber Terrorism
Cyber terrorism is the process by which terrorists pre-mediate on how to use the internet to damage information, computer system, computer programs, and data to inflict digital and physical harm in an organization. According to Gross(2016), physical and digital harm is made of business loss, loss of resources and reputation damage. Cyber terrorism is mostly prevalent nowadays because the most organization has transformed into the digital era to full automation of every department; thus cyber terrorist manipulates a vulnerability to produce massive damage on the organization. Cyber terrorism is mostly motivated by religious, cultural, social, economic and political ideologies. This paper will discuss both forms of targeted and un-targeted cyber-attack and measures to prevent cyber-attacks in the organization.
Sensitive information theft and unauthorized access into the organization increases the vulnerability of the organization to cyber terrorism. Cyber terrorists impose various threats into the organization; for example, software alteration, and disruption of power generators and interruption of the internal control system. Cyber terrorism is of two types; the un-targeted cyber-attack which is unspecific and unspecific; it is a trial and error method of attack. On the other hand; targeted attack involves specific and accurate attack in which the cyber-terrorist is certain of accessing the organization’s information.
The un-targeted cyber-attacks comprise phishing which involves sending emails to the organization to obtain private information such as passwords to be able to exploit the organization’s systems. Water-hole is another un-targeted cyber-attack through which terrorists develop copies of websites to attract webpage visitors who key in details unknowingly that it is an imitation website. Targeted attacks involve supply chain which involves attacking the organization’s information while it is in transit. Zero-day is another targeted attack whereby the cyber-terrorist exploits the organization’s vulnerabilities which have neither been discovered nor regulated.
According to Gupta (2016), measures to prevent cyber-attacks in the organization include the use of passwords to prevent unauthorized access into the computer system. Passwords should be complex and should not be shared to unauthorized people including employees of the organization. Passwords can be used by terrorist to find information in the organization’s computer system and later steal revenue from the organization or even damage the corporate reputation to decrease the clientele of the organization. Therefore, passwords should not be repeated on different sites, should be changed regularly and also should be complex containing numbers and lower and upper alphabetical letters to prevent a cyber-terrorist from using trial and error method to access the computer system.
Besides, the firewall is used to prevent certain types of network traffic and thus control what should enter into the network and what should leave the network. Thus, the firewall prevents cyber terrorism by preventing employees from transmitting certain types of sensitive information outside the organization’s intranet. The firewall also prevents outside computers from accessing information contained in the organization’s computers. Thus, a firewall is used to prevent malicious programs; such as viruses, worms, and Trojan from gaining access to the computer system. The malicious programs have the ability to collect sensitive data from the organization’s computers; which can then be manipulated by terrorist to damage the organization.
Besides, encryption is also used to encode information in the computer system into non-readable form by people without the secret key. Data encryption protects the confidentiality of digital data as it is stored in the computer systems and even when it is under transmission. Data confidentiality is made of authentication, integrity, and non-repudiation. Authentication verifies the origin of the information message to prevent the acceptance of the messages with malicious programs sent by criminals. Integrity proves that a transmitted message is still original since it was sent to prevent acceptance of changed messages because they can bring confusion in the organization and even increase the vulnerability of the organization to cyber terrorism.
Moreover, according to Gross (2017) regulation of physical access into the organization’s computer systems and information system is also a potential way of preventing cyber terrorism. Biometric systems should be used to prevent unauthorized people from physically accessing computer systems and thus information cannot be stolen. CCTV cameras can also be used to monitor the movement of people in the organization; and in case of suspicious people, security personnel’s can be alerted to arrest and question the suspicious people. Besides, computers that store sensitive information of the organization should be stored in one room which has enclosed doors to prevent unauthorized people from accessing them. Sensitive information can also be stored in the cloud to prevent it from being accessed by cyber terrorists.
Besides, an intrusion detection system monitors the network traffic to discover suspicious activities and alert the system by informing the network administrator. Besides, the intrusion detection system has the ability to block traffic sent from a suspicious internet protocol. A network intrusion detection system detects an attack on the network and alerts the network administrator to put mitigating measures. An intrusion detection system also prevents suspicious activities by resetting the connection, dropping malicious packets between the origin and destination.
An intrusion detection system performs signature base detection to distinguish exploit-faced signatures from vulnerability-facing signatures. The system also conducts statistical anomaly detection on a pre-calculated baseline performance level to detect anomalies in the calculations.
Besides, Stenography can be used to hide sensitive messages either in the message, email or videos. Stenography minimizes attention on the sensitive message to prevent cyber-terrorists from exploiting the message. In electronic stenography; the digital data can be coded in an image file and can be accessed by authorized people. The hidden message can be hidden in a link or in postage stamps. Stenography allows the organization to gain access to the communication between terrorist cells and discover terrorists’ intentions. In addition, the dissemination of illegal material is also detected via Stenography and thus pre-caution measures can be employed to prevent possible attacks.
Besides, Hubman (2015) infers that cyber terrorism also requires incident management, attack mitigation and damage limitation first involves indications and warnings that an attack is taking place. The next step involves internal compartmentalization that limits penetration and damage, protect surviving assets, and also protect and gather information to help with recovery and response after an attack. The next step is automatic shutdown and reallocation by erecting internal barriers that prevent further penetration into the computer system. The next step should be to collect and preserve information during an attack; to discover how the cyber terrorists executed the attack and the possible vulnerabilities that they exploited.
The organization should also establish security policies and plans for preventing cyber-attacks. For example, staffs should be informed about whom to call in the incidence of an attack and potential vulnerabilities should also be mitigated. Another security strategy is to prioritize the shutdown of defective entities and also involve the government to destroy the territories of cyber terrorists. Cyber terrorism laws should also be established to serve as a warning to people who might be involved and thus, all cyber criminals should be punished in accordance with the preceding law.
According to Dawson (2015), organizations should also update software regularly; for example, the virus software should be updated regularly to be able to prevent viruses and worms from attacking the computer system. Organizations should also manage their social media platforms that include Facebook page, Instagram and Twitter. The organization should not put sensitive information on social media platforms. The organizations should also be cautious on how they respond to some questions posed over the social platforms since some of them seem to be tactical.
Cyber terrorism has devastating results to organizations and thus should be regulated through scanning the potential vulnerabilities, updating software regularly, establish security policies and stenography. Other methods include intrusion detection system, regulation of physical access, encryption, firewall, and passwords can also be used to control cyber terrorism which is rapidly growing in this digital era.
- Dawson, M. (Ed.). (2015). New Threats and Countermeasures in Digital Crime and Cyber Terrorism. IGI Global.
- Gross, M. L., Canetti, D., & Vashdi, D. R. (2016). The psychological effects of cyber terrorism. Bulletin of the Atomic Scientists, 72(5), 284-291.
- Gross, M. L., Canetti, D., & Vashdi, D. R. (2017). Cyberterrorism: its effects on psychological well-being, public confidence, and political attitudes. Journal of Cybersecurity, 3(1), 49-58.
- Gupta, B., Agrawal, D. P., & Yamaguchi, S. (Eds.). (2016). Handbook of research on modern cryptographic solutions for computer and cybersecurity. IGI Global.
- Hubman, J. M., Doyle, Z. B., Payne, R. L., Woodburn, T. F., McDaniel, B. G., & Giordano, J. V. (2015). Ethical Considerations in the Cyber Domain. In Evolution of Cyber Technologies and Operations to 2035 (pp. 163-174). Springer, Cham.