The fog of (cyber) war

Cybermilitias, black hat hackers and other non-nation-state bad guys blur the lines on the virtual battlefield.

1 2 3 4 Page 2
Page 2 of 4

On the other hand, Kurtz notes, governments "would have more resources at their disposal in order to disguise or bury the true source of an attack." But, he says, "It would be a grave mistake to believe that a small, well-funded cell could not inflict very serious damage on the information infrastructure supporting the U.S. and the global economy."

Resources and motive

Chabinsky notes that deterring or responding to cyberwarfare threats from other countries is more in the comfort zone of national governments. "There's a lot more to worry about should the same computer network attack capabilities exist in the hands of irrational or otherwise unrestrained criminals or terrorists," he says.

Intelligence officials and analysts agree that so far, there's little direct threat of a cyberattack by organized terrorist groups. "Nonstate actors such as al-Qaeda probably do not possess the infrastructure or expertise to attempt a cyberattack that would rival the shock value of using bullets and explosives," Geers says.

But these officials and analysts recognize that terrorist groups have the resources and motive to fund such activity by others.

Although terrorists may not be capable of attacking our critical infrastructure themselves, "it's less clear whether they could find a hired gun to do so," Chabinsky says. "Obviously, terrorist groups have the intent to harm us, are aware of the potential impact of a successful cyberattack and would find the ability to attack us from a distance quite appealing."

According to Chabinsky, some potential "hired guns" are in an extraordinarily effective position to cause trouble. That position is within the walls of corporate America.

"I think the primary cyber-risk to our critical infrastructure is from disgruntled employees who have insider knowledge and access," Chabinsky says. "Insider threats can take advantage of the most serious vulnerabilities; in fact, they can create them. Could they sell their capabilities to a terrorist group? Certainly."

Criminal element

To make matters worse, it's not only terrorist groups that are equipped to pose this sort of threat. In fact, they may not even be the most ominous nongovernmental source of potential cyberdamage.

Mike Theis
Mike Theis

"I would say that currently, organized criminal activity provides a more pervasive and damaging threat than organized terrorists," says Mike Theis, who until recently served as chief of cyber counterintelligence at the National Reconnaissance Office (NRO), an agency of the U.S. Department of Defense.

That could change at any time, Theis says.

While the motives of organized terrorists and organized criminals differ, their profit-generating tactics are largely the same. Terrorists use cybercrime to fund their ideology-inspired activities, and criminals do it for the sake of profit itself (see sidebar, next page).

1 2 3 4 Page 2
Page 2 of 4
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon