New cyberterror threatens AF

The Air Force should slow its modernization plans and rethink its connections to the Internet if it wants to fight off a revolutionary, yet undeveloped, form of cyberterrorism, according to a recently released Rand Corp. report.

Terrorist groups are relying increasingly on advanced communications and network technologies to revolutionize the way they organize and carry out attacks, according to the report, "The New Terrorism." It concludes that terrorist groups will organize into globally dispersed groups connected by the Internet rather than into stand-alone organizations as they are organized now. Rand also concludes that these groups will use new tactics to carry out cyberattacks.

According to the report, which was the result of a year-long proj-ect sponsored by the Air Force's deputy chief of staff for air and space operations, these developments indicate the emergence of a new form of terrorism known as "netwar." According to the report, netwar is quickly changing the way terrorist groups operate and communicate, so it requires government agencies to develop new defensive strategies.

"The rise of networks is likely to reshape terrorism in the Information Age and lead to the adoption of netwar - a kind of Information Age conflict that will be waged principally by nonstate actors," according to the report. "There is a new generation of radicals and activists who are just beginning to create Information Age ideologies. New kinds of actors, such as anarchistic and nihilistic leagues of computer-hacking 'cyboteurs,' may also partake of netwar."

According to the report, one of the best ways to avoid the new cyberterror would be to slow down the pace of modernization. The report concludes that modernization and increased systems integration, particularly in the Air Force, might "undermine the security and safety" of the current information infrastructure.

Netwar relies less on hierarchical command and control organizations and more on dispersed Information Age network designs, according to the report. The report predicts that cyberterrorists will put more effort into building "arrays of transnationally internetted groups" than into developing stand-alone organizations. Terrorist groups "are likely to consist of dispersed groups who communicate, coordinate and conduct their campaigns in an internetted manner without a precise central command," the report concludes.

Middle Eastern terrorist groups, in particular, rely on IT to help carry out attacks and also to help coordinate and support their activities and perception-management campaigns, according to the report. For example, Arab Afghans and the Islamic militant group Hamas have adopted IT as a means to communicate without being detected by counterterrorist officials, according to the report. "Hamas has realized that information can be passed securely over the Internet because it is next to impossible for counterterrorism intelligence to monitor...the flow and content of Internet traffic," according to the report.

This Information Age focus, although not new, seems to be well-suited to small, nonstate terrorist groups, according to a study by Tim Bass, who will present a paper on intrusion detection this month at the IRIS National Symposium on Sensor and Data Fusion, sponsored by Johns Hopkins University's Applied Physics Laboratory. In his paper, Bass, president and chief executive officer of security consulting firm The Silk Road Group, writes, "Adversaries in asymmetrical conflicts are at an advantage in cyberspace because no one dominates, and those in power and authority have only primitive situational knowledge."

The Rand report also predicts that cyberterrorists will use new tactics, such as "swarming," to conduct cyberattacks. Swarming occurs when members of a terrorist group, spread over great distances, electronically converge on a target from multiple directions, coalescing rapidly and stealthily to carry out an attack. This cyberattack is different from the traditional form of attacking in waves, which seeks to deliver a knockout blow from a single direction on the Internet.

Speaking last week at the FedWeb 99 conference in Bethesda, Md., Alan Paller, director of research for the Sans Institute, called the hesitancy of agencies to share information on successful intrusions into government networks "the worst problem facing government agencies."

Agencies don't want to become a security failure example, Paller said, which leads to a lack of communication about what can be done to bolster security.