Chapter 74: Cyberterrorism

Nuclear lab remains vulnerable to cyberstrikes.  A leading US nuclear arms site has taken significant steps in recent years to defend against strikes on its computer systems, but key weaknesses remain to be fixed, the Energy Department’s Inspector General, Gregory Friedman, said on February 15, 2013.

He also cited in a memorandum attached to a cybersecurity report that the Los Alamos National Laboratory (LANL) in New Mexico uses a host of information systems and networks to carry out its duties, which include research and production programs in support of maintaining the nation’s nuclear arsenal.

It has to be realized that in addition to the reactors themselves, nuclear power plants harbor enormous quantities of radioactive materials in spent fuel pools. On average these spent fuel pools contain five times as much radioactive material as the reactor core, and they are housed in simple corrugated steel buildings even more vulnerable to attack than the reactor containment buildings. The vulnerability of nuclear power plants is highlighted by reports that 47 percent of US nuclear power plants failed to repel mock terrorist attacks conducted by the Nuclear Regulatory Commission during the 1990s. The results of an attack on either a reactor or a spent fuel pool could equal or exceed the effects of the 1986 Chernobyl disaster, which led to 30 acute deaths from radiation sickness, at least 1,800 excess cases of childhood thyroid cancer, the evacuation of 100,000 people, and the radioactive contamination of vast tracts of land in several countries.

The reality is that dependence on the internet is rapidly increasing on a worldwide scale, creating a platform for international cyber terror plots to be formulated and executed as a direct threat to national security.  For terrorists, cyber-based attacks have distinct advantages over physical attacks. They can be conducted remotely, anonymously, and relatively cheaply, and they do not require significant investment in weapons, explosive and personnel. The effects can be widespread and profound. Incidents of Cyberterrorism are likely to increase. They will be conducted through denial-of-service attacks that overload those servers, worms, viruses, unauthorized intrusion, website defacements, attacks on network infrastructures and other methods that are difficult to envision today.

Perhaps the simplest way to define Cyberterrorism is – The use of computers, networks, cyberspace (Internet and Intranet) or smart phones with the deliberate intention to cause obliteration, extinction and harm to the people or organizations for personal radical objectives based on their political ideology or religion.

Here is a comprehensive definition of Cyberterrorism that was articulated by Dorothy Denning, a professor of computer science, which was included in numerous articles as well as in her testimony on the subject before the US House Armed Services Committee:

  • Cyberterrorism is the convergence of cyberspace and terrorism. It refers to unlawful attacks and threats of attacks against computers, networks and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives. Further, to qualify as Cyberterrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of Cyberterrorism, depending on their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not.

It is important to distinguish between Cyberterrorism and “Hacktivism,” a term coined by scholars to describe the marriage of hacking with political activism. “Hacking” is here understood to mean activities conducted online and covertly that seek to reveal, manipulate, or otherwise exploit vulnerabilities in computer operating systems and other software. Unlike hacktivists, hackers tend not to have political agendas.  Hacktivists have four main weapons at their disposal: virtual blockades; e-mail attacks; hacking and computer break-ins; and computer viruses and worms.

Hacktivism, although politically motivated, does not amount to Cyberterrorism. Hacktivists do want to protest and disrupt; they do not want to kill or maim or terrify. However, hacktivism does highlight the threat of Cyberterrorism, the potential that individuals with no moral restraint may use methods similar to those developed by hackers to wreak havoc.  Moreover, the line between Cyberterrorism and hacktivism may sometimes blur, especially if terrorist groups are able to recruit or hire computer-savvy hacktivists or if hacktivists decide to escalate their actions by attacking the systems that operate critical elements of the national infrastructure, such as electric power networks and emergency services.

The roots of the notion of Cyberterrorism can be traced back to the early 1990s, when the rapid growth in Internet use and the debate on the emerging “Information Society” sparked several studies on the potential risks faced by the highly networked, high-techdependent United States. As early as 1990, the National Academy of Sciences began a report on computer security with the words, “We are at risk. Increasingly, America depends on computers. . . . Tomorrow’s terrorist may be able to do more damage with a keyboard than with a bomb.” At the same time, the prototypical term “electronic Pearl Harbor” was coined, linking the threat of a computer attack to an American historical trauma.

Psychological, political, and economic forces have combined to promote the fear of Cyberterrorism. From a psychological perspective, two of the greatest fears of modern time are combined in the term “Cyberterrorism”.  The fear of random, violent victimization blends well with the distrust and outright fear of computer technology. An unknown threat is perceived as more threatening than a known threat. Although Cyberterrorism does not entail a direct threat of violence, its psychological impact on anxious societies can be as powerful as the effect of terrorist bombs. Moreover, the most destructive forces working against an understanding of the actual threat of Cyberterrorism are a fear of the unknown and a lack of information or, worse, too much misinformation.

Combating Cyberterrorism has become not only a highly politicized issue but also an economically rewarding one. An entire industry has emerged to grapple with the threat of Cyberterrorism: think tanks have launched elaborate projects and issued alarming white papers on the subject, experts have testified to cyber terrorism’s dangers before Congress, and private companies have hastily deployed security consultants and software designed to protect public and private targets. Following the 9/11 attacks, the federal government requested $4.5 billion for infrastructure security, and the FBI now boasts more than one thousand “Cyber Investigators.”

The following three levels of cyberterror capability are defined by Monterey group:

  • Simple-Unstructured: The capability to conduct basic hacks against individual systems using tools created by someone else. The organization possesses little target analysis, command and control, or learning capability;
  • Advanced-Structured: The capability to conduct more sophisticated attacks against multiple systems or networks and possibly, to modify or create basic hacking tools. The organization possesses an elementary target analysis, command and control, and learning capability; and
  • Complex-Coordinated: The capability for coordinated attacks capable of causing mass-disruption against integrated, heterogeneous defenses (including cryptography).  Ability to create sophisticated hacking tools. Highly capable target analysis, command and control, and organization learning capability.

Cyberspace is constantly under assault. Cyber spies, thieves, saboteurs, and thrill seekers break into computer systems, steal personal data and trade secrets, vandalize websites, disrupt service, sabotage data and systems, launch computer viruses and worms, conduct fraudulent transactions, and harass individuals and companies. These attacks are facilitated with increasingly powerful and easy-to-use software tools, which are readily available for free from thousands of Web sites on the Internet.

A report by the International Commission on Nuclear Non-proliferation and Disarmament (ICNND) entitled “Hacking Nuclear Command and Control” found that terrorist organizations have the potential to use the Internet and private network infrastructures to stage a nuclear attack.

The fact of the matter is that all computers which are connected to the internet are susceptible to infiltration and remote control. Computers which operate on a closed network may also be compromised by various hacker methods, such as privilege escalation, roaming notebooks, wireless access points, embedded exploits in software and hardware, and maintenance entry points.  For example, e-mail spoofing targeted at individuals who have access to a closed network, could lead to the installation of a virus on an open network.  This virus could then be carelessly transported on removable data storage between the open and closed network.  Information found on the internet may also reveal how to access these closed networks directly.

Efforts by militaries to place increasing reliance on computer networks, including experimental technology such as autonomous systems, and their desire to have multiple launch options, such as nuclear triad capability, enables multiple entry points for terrorists.  For example, if a terrestrial command centre is impenetrable, perhaps isolating one nuclear armed submarine would prove an easier task. There is evidence to suggest multiple attempts have been made by hackers to compromise the extremely low radio frequency once used by the US Navy to send nuclear launch approval to submerged submarines.  Additionally, the alleged Soviet system known as Perimetr was designed to automatically launch nuclear weapons if it was unable to establish communications with Soviet leadership.  This was intended as a retaliatory response in the event that nuclear weapons had decapitated Soviet leadership; however it did not account for the possibility of cyber terrorists blocking communications through computer network operations in an attempt to engage the system.

Should a warhead be launched, damage could be further enhanced through additional computer network operations. By using proxies, multi-layered attacks could be engineered. Terrorists could remotely commandeer computers in China and use them to launch a US nuclear attack against Russia. Thus Russia would believe it was under attack from the US and the US would believe China was responsible. Further, emergency response communications could be disrupted, transportation could be shut down, and disinformation, such as misdirection, could be planted, thereby hindering the disaster relief effort and maximizing destruction. Disruptions in communication and the use of disinformation could also be used to provoke uninformed responses. For example, a nuclear strike between India and Pakistan could be coordinated with Distributed Denial of Service attacks against key networks, so they would have further difficulty in identifying what happened and be forced to respond quickly. Terrorists could also knock out communications between these states so they cannot discuss the situation.

Alternatively, amidst the confusion of a traditional large-scale terrorist attack, claims of responsibility and declarations of war could be falsified in an attempt to instigate a hasty military response. These false claims could be posted directly on Presidential, military, and government websites. Emails could also be sent to the media and foreign governments using the IP addresses and e-mail accounts of government officials. A sophisticated and all encompassing combination of traditional terrorism and cyber terrorism could be enough to launch nuclear weapons on its own, without the need for compromising command and control centres directly.

Terrorists have a history of using asymmetric warfare to compete against their more powerful enemies. Computer network operations fit within this modus operandi. As nuclear capable states become more and more dependent on interconnected information technology for the military and civilian infrastructure, they become an increasingly viable target. Cyberterrorism offers multiple asymmetric benefits. It is relatively low cost, only requiring an off the shelf computer and an internet connection. A wide range of pre-written, automated, hacking tools are readily available on the internet and require little to learn. Cyber terrorism allows greater anonymity than traditional terrorism, as tracking the source of attacks is hindered by proxies, spoofed IP addresses, botnets, and legal hindrances. In terms of stealth, Cyberterrorism allows for the silent retrieval of information from a computer, or the remote use of someone else’s computer to conduct activities. Cyberterrorists can strike an enormous number of targets around the globe without having to be physically present, thereby reducing the risk of death or injury to the attacker. This enhances the speed of operations and eliminates the logistical problems of crossing borders. Reducing the risk of death, and the physical or psychological demands, makes it easier to recruit new members for their cause. Cyberterrorism has the potential to cause damage beyond the scope of traditional tactics, and when used in combination with traditional tactics, it can create synergy.

The internet’s ability to identify specific groups based on ethnicity, belief, or affiliation has enhanced the ability to recruit and target. This can be used to identify individuals who may possess pertinent knowledge, such as nuclear scientists or military personnel, who can be targeted with spoofed e-mails containing malicious code. In terms of recruitment, many terrorist organizations operate their own websites, complete with propaganda, donation collection, and information on how to join their cause. Examples include Hamas, Hezbollah, and FARC. Sunni insurgents in Iraq have used the internet to post articles and video which undermine coalition forces by glorifying terrorism, demonizing the coalition, and promoting their interpretation of events (Carfano 2008). Due to the global nature of the internet, authorities have difficulty in shutting down these sites as the web host may be located in foreign states with varying laws, and alternative hosts can be setup relatively easily if one is shut down. This allows them to reach a worldwide audience.

Amid all the dire warnings and alarming statistics that the subject of Cyberterrorism generates, it is important to remember one simple statistic: so far, there has been no recorded instance of a terrorist cyberattack on US public facilities, transportation systems, nuclear power plants, power grids, or other key components of the national infrastructure. Cyberattacks are common, but they have not been conducted by terrorists and they have not sought to inflict the kind of damage that would qualify them as Cyberterrorism.

When US troops recovered al Qaeda laptops in Afghanistan, officials were surprised to find its members more technologically adept than previously believed. They discovered structural and engineering software, electronic models of a dam, and information on computerized water systems, nuclear power plants, and US and European stadiums.  But nothing suggested they were planning cyberattacks, only that they were using the Internet to communicate and coordinate physical attacks.

Many computer security experts do not believe that it is possible to use the Internet to inflict death on a large scale. Some pointed out that the resilience of computer systems to attack is the result of significant investments of time, money, and expertise. Nuclear weapons systems are protected by “air-gapping”: they are not connected to the Internet or to any open computer network and thus they cannot be accessed by intruders, terrorists, or hackers. Thus, for example, the Defense Department protects sensitive systems by isolating them from the Internet and even from the Pentagon’s own internal network. The CIA’s classified computers are also air-gapped, as is the FBI’s entire computer system.

Governments with nuclear power plants are aware of the cyber threat, and have been taking steps to increase personnel screening, inspections, inter-agency communication, emergency response, scrutiny of sensitive hi-tech foreign parts production, and overall computer network defence.  The following two major security systems are deployed in nuclear power plants around the qworld:

  • The Safety Parameter Display System (SPDS): The 1979 accident at the Three Mile Island nuclear power plant led to studies performed by the NRC that identified the need for extensive improvements in management response to accidents at nuclear power plants. One improvement included the requirement that all nuclear power plants install a SPDS.  The SPDS is typically a display subsystem of the Emergency Response Facility Data System (ERFDS).  The data acquisition subsystem (DAS) of the ERFDS acquires physical plant parameters used by the SPDS, such as temperature, pressure, level, valve position, radiation level and flow.

Color-coded graphic displays produced by the SPDS provide a concise display of critical plant variables to control room operators and emergency support personnel in the Technical Support Center (TSC) and Emergency Operations Facility (EOF). The primary function of the SPDS is to aid the operator in the rapid detection of abnormal operating conditions.  During emergency operation, the SPDS provides the operator with an overview of the plant safety status keyed to Emergency Operating Procedures.  The SPDS is a monitoring system only and has no plant control or protection capabilities; and

  • The Supervisory Control and Data Acquisition (SCADA) System: The system of SCADA is applied in Power plants such as Hydro, Gas Plants, Nuclear and Thermal for realizing control interlocks for equipment of electrical in the data acquisition and switch yard functions for switch yard systems of electrical auxiliary in the power plant. The system of SCADA is both Software and Hardware.

The system of electrical SCADA in a power plant is positioned in two control locations; Main Control Room and Switch yard Control Room. In Switch yard Control Room the system of SCADA is to control and monitoring of high voltage transmission lines (400kV/220kV), from switch yard control room via MMI (Man Machine Interface) of the system of electrical SCADA. The MMI is an Unit of Video Display which shows diagrams, tabular designs, bar charts, analog trends etc. to show parameters for example currents, voltages, etc. and annunciations.

The main transformers control in the power plant for instance generation transformer utilized for step up the voltage of generation from the generator and Station transformer utilized for deriving the power during plant start-up and control of circuit breaker in plant is performed via the MMI. Important auxiliaries like system Battery, systems UPS, Generators Diesel are also checked and window annunciations and important alarm annunciations are offered at the Main Control Room.

It seems only fair to say that the current threat posed by Cyberterrorism has been exaggerated.  No single instance of Cyberterrorism has yet been recorded.  It must be kept in mind that:

  • US defense and intelligence computer systems are air-gapped and thus isolated from the Internet;
  • The systems run by private companies are more vulnerable to attack but also more resilient than is often supposed; and
  • The vast majority of cyberattacks are launched by hackers with few, if any, political goals and no desire to cause the mayhem and carnage of which terrorists dream.

Resources:

  1. Energy.Gov – Office of Inspector General;
  2. About.com – Terrorism Issues;
  3. Wikipedia – Cyberterrorism;
  4. United States Institute of Peace Special Report;
  5. Cyberterrorism – Testimony before the Special Oversight Panel on Terrorism Committee on Armed Services US House of Representatives;
  6. Hacking Nuclear Command and Control by Jason Fritz and MIR (Bond);
  7. Instep – Safety Parameter Display System; and
  8. SCADA System for Nuclear Power Plants.

Leave a Reply

Your email address will not be published. Required fields are marked *