Cyber Terrorism after STUXNET


From the Summary:

Terrorists are known to use the Internet for communications, planning, recruitment, propaganda, and reconnaissance. They have shown interest in carrying out cyberattacks on U.S. critical infrastructures, although no such serious attacks are known publicly to have occurred. The discovery of the Stuxnet malware in July 2010, and its analysis over the next several months, was widely believed to have been a landmark event in cybersecurity, because it showed that cyberattacks against industrial control systems, hypothesized for a long time, are actually possible. After Stuxnet, there were public concerns that terrorists might be encouraged to acquire capabilities for similar cyberattacks.

This monograph examines cyberterrorism before and after Stuxnet by addressing questions of:

1. Motive—Are terrorists interested in launching cyberattacks against U.S. critical infrastructures?

2. Means—Are terrorists building capabilities and skills for cyberattacks?

3. Opportunity—How vulnerable are U.S. critical infrastructures?

It is noted that no serious cyberterrorism attacks have occurred after Stuxnet. This can be explained from a cost-benefit perspective that has not changed since Stuxnet. It can be argued that U.S. policies can really address vulnerabilities only by strengthening defenses of critical infrastructures.

Read the full book here.

Toward Attaining Cyber Dominance


Achieving global cyber superiority or global cyber control by any organization is no longer technically possible. Instead, the proper overarching objective should be dominance of one or more of the elements of cyberspace of most importance to the organization at any given time.1 The successful nation is the one that achieves and maintains strategic and tactical dominance in its critical elements of cyberspace when required.2 Two important questions related to the strategic aspects of cyber conflict are: what should be the basic technological building block(s) for strategic cyber defense to assure dominance of one’s own critical elements of cyberspace, and what are the classes of strategic data target(s) strategic cyber defense must protect?

Read the full article here.