Cyberterrorism: The Next Threat From Islamic State

Earlier this year the attacks in London and Manchester catapulted terrorism back into the mainstream for many UK citizens.

History demonstrates that terrorism, like any other entity, is constantly evolving, with earlier groups such as the IRA and Basque separatists ETA notorious for their breadth of tactics.

Scholars agree that prior to its recent territorial setbacks, including ejection from Mosul, one of the reasons Islamic State (IS)  had managed to successfully preside over such a vast swathe of land was because of its unique blend of a combination of guerrilla, infantry and organised crime tactics.

As IS loose territory in the Middle East we have seen an upsurge in IS attacks focusing on softer and less protected targets in the West, such bars and bridges.

The flexibility the organisation has demonstrated in the past suggest it is unlikely to ignore cyber for long and several prominent terrorism authorities argue “It is no longer a matter of if cyberterror will emerge, but when”.  States have demonstrated that they can bring down power stations (Stuxnet in Iran or BlackEnergy in Ukraine), so non-state actors have a template to follow.

Given both the significant funds still available to IS even now, and the ease by which hacking tools are available to purchase on the dark web, a combination of cybercrime and jihadism is a likely future threat.

If, for example, the motivations behind the WannaCry NHS ransomware attack had been clearly ideological rather than financial, then the consequences could have been a lot worse.

Hypothetically, if an IS supporter modified off-the-shelf hacking tools in an attempt to take down the national grid or gain access to computers at Heathrow airport, the consequences could be dire.

That's before we entertain the possibility that the wealth the group enjoys could easily be channelled into a state sponsored hacking collective similar to that purported to be orchestrated by the Chinese and Russian governments.

While there has only been one confirmed cyber-terrorism case, another case involving a Trojan infecting computers at a Madrid airport in 2008 outlines the potential impact – the resulting crash saw a hundred and fifty-four injuries –  although there was no evidence of terrorist involvement.

While this should not be overstated, it is not inconceivable that the two major threats of our time could come together.

The combination of increased reliance on technology, allied with the increase in cyber-criminals' capabilities, will give terrorists the motivation and capacity to carry out a new vector of attack capable of producing mass casualties without requiring the perpetrator to leave their home.

With a world almost totally reliant on computers the potential damage caused by hackers is limitless, combine this with the ideological fanaticism showed by groups such as IS and you have an issue that cannot be ignored.

Given that the government is struggling to get to grips with surges in both terrorist attacks and cyber-crime, it is undeniable there is some serious thinking to be done at governmental level to ensure that, should IS exploit the available technology, the UK isn't left paralysed by tech savvy jihadis.

Solving one of these mammoth issues would be difficult enough, but getting to grips with both may prove the challenge of our time. With no end in sight for either, the Government must get to work.

SC Magazine:

You Might Also Read:

Cyber Caliphate's Scorecard:

Flight Ban On Laptops 'sparked by IS threat':

 

« Why We Need a Transatlantic Charter for Data Security and Mobility
Microsoft Cloud Earnings Beat Expectations »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Securosis

Securosis

Securosis is an information security research and advisory firm dedicated to improving the practice of information security.

Wall Street Technology Association (WSTA)

Wall Street Technology Association (WSTA)

The Wall Street Technology Association (WSTA) provides financial industry technology professionals with forums to learn from and connect with each other.

The Hacker News (THN)

The Hacker News (THN)

THN is a leading source for Information Security, Hacking News, Cyber Security, Network Security with in-depth technical coverage of issues and events

Softtek

Softtek

Softtek provides comprehensive software Quality Assurance and Testing that identifies the correctness, completeness, and quality level of software products.

EuroISPA

EuroISPA

EuroISPA is a pan European association of European Internet Services Providers Associations and the world’s largest association of ISPs.

OIC-CERT

OIC-CERT

OIC-CERT is the Computer Emergency Response Team for Organisation of Islamic Cooperation (OIC) member countries.

Cyber Resilient Energy Delivery Consortium (CREDC)

Cyber Resilient Energy Delivery Consortium (CREDC)

CREDC performs multidisciplinary R&D in support of the Energy Sector Control Systems Working Group’s Roadmap of resilient Energy Delivery Systems (EDS).

National Cyber Summit (NCS)

National Cyber Summit (NCS)

The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation's infrastructure from the ever-evolving cyber threat.

Abusix

Abusix

Abusix specializes in Internet security, network abuse handling, antispam and fraud prevention.

eCosCentric

eCosCentric

eCosCentric provides software development solutions for the IoT, M2M & embedded systems market.

CYBER.ORG

CYBER.ORG

CYBER.ORG's goal is to empower educators as they prepare the next generation to succeed in the cyber workforce of tomorrow.

Cubro Network Visibility

Cubro Network Visibility

Cubro network visibility solutions remove network monitoring ‘blind spots’ to provide enhanced visibility and control of all data transiting a company’s network.

Cranfield University

Cranfield University

Cranfield Defence and Security are at the forefront of their fields, offering capabilities ranging from cyber security and digital warfare to robotics, forensic sciences and simulation and analytics.

Fenix24

Fenix24

Fenix24 is an industry leader in the incident-response space. We ensure the fastest response, leading to the full restoration of critical infrastructure, data, and systems.

LevelBlue

LevelBlue

LevelBlue simplify cybersecurity through award-winning managed security services, experienced strategic consulting, threat intelligence and renowned research.

Vonahi Security

Vonahi Security

Vonahi Security is a cybersecurity SaaS company that pioneered automated network penetration testing.