IN EARLY 2000, ALONG THE SUNSHINE COAST OF QUEENSLAND, Australia, 49-year-old Vitek Boden broke into a local waste management computer system and altered the pump station operations, unleashing more than 264,000 gallons of raw sewage into public parks and creeks. The spill killed marine life, contaminated the water and left an unbearable stench. It marked the most serious reported attack against a critical infrastructure, said Dorothy Denning, a cyber security expert at the Naval Postgraduate School.
U.S. officials in recent years have warned about the threat of a terrorist attack against civilian and government computer systems. They say one of the most plausible scenarios is an assault on critical infrastructures, such as water systems or financial networks.
Boden's scheme was a surprising and unexpected attack that had disastrous results. But can it be defined as cyberterrorism?
Denning doesn't think so. She believes such an attack must be "sufficiently destructive or disruptive to generate fear comparable to that from physical acts of terrorism and it must be conducted for political and social reasons."
Boden's motives were neither political nor social. He was a former employee of the company that had installed the system and was angry about being rejected for a council job, Denning said.
Cyberterrorism has become a buzzword of sorts because the severity--and existence--of the threat is debated. Experts have difficulty agreeing on what it means, largely because no agency, group or institution has been seriously debilitated by an electronic attack. The "terrorism" in cyberterrorism infers that it will be lethal or at least catastrophically damaging. Despite varying opinions on the subject, cyberterrorism does not yet pose an imminent danger, either in the government or private sector, some analysts contend.
"Although cyberspace is constantly under attack from non-state actors, the attacks so far are generally not considered to be acts of terrorism," said Denning. "There is some desire to conduct more damaging attacks, but there are no plans or capability to conduct devastating attacks against critical infrastructure or digital control systems," she said.
Military and government officials say terrorists could wreak havoc on computer systems, compromising critical intelligence and commerce, the result of which would be a catastrophic scenario. "Airplanes will literally fall out of the sky," warned Lani Kass, former director of the Air Force cyberspace task force, during a conference last year.
The Defense Department considers cyberspace the "fifth operating domain for war fighting," said Lt. Gen. Robert Elder, commander of the 8th Air Force, which is responsible for cyber warfare. "The Air Force does not currently differentiate terrorism by the domain in which the effects occur," he wrote in an e-mail to National Defense.
Cyberspace threats, he added, range from a "simple disruption of communications systems to loss of combat capability."
Clay Wilson, a technology and national security specialist at the Congressional Research Service, said that tighter physical security measures in the United States may encourage terrorist groups in the future to explore cyber attacks.
Extremists also could turn to cyber warfare as a way to engage in a cause without resorting to physical violence, Denning said. "But they haven't pursued this kind of attack because it's not bloody," Denning explained. "Terrorism is built around physical attacks with bombs."
Another reason why large-scale cyberterrorism has not materialized is because extremists may be lacking in advanced technical expertise.
In one case, a computer science student at Bradley University, named All S. Marri, was allegedly assigned by al-Qaida to find ways of hacking into U.S. computer systems. He had met and trained with Osama bin Laden in Afghanistan and was named an enemy combatant by President Bush in 2003, Denning said. …