Ebook: Responses to Cyber Terrorism

On 4–5 October 2007 the Centre of Excellence – Defence Against Terrorism (COE–DAT) organized an Advanced Research Workshop (ARW) on the topic “Responses to Cyber Terrorism”. The venue was the Merkez Ordu Evi (Central Officers' Club) in Ankara. This was one of numerous workshops that have been organized each year by COE–DAT, after the Centre was opened in Ankara in 2005. It is the only Centre of Excellence dedicated to supporting NATO on defence issues related to terrorism. Turkey is the framework nation, although at present six other nations also contribute with staff and funds. Through courses, workshops, and academic publications, the aim is to bring western academic rigour and Turkish experience and expertise in terrorism to NATO members, Partnership for Peace (PfP), Mediterranean Dialogue countries, Non-Triple Nations, and others.

One issue touched on repeatedly by the participants at the “Responses to Cyber Terrorism” ARW was the difficulty of arriving at a definition of this kind of terrorism. A NATO Office of Security document cautiously defines it as “a cyber attack using or exploiting computer or communication networks to cause sufficient destruction or disruption to generate fear or to intimidate a society into an ideological goal.”

Cited from Lt. Paul Everard's chapter on “NATO and Cyber Terrorism”.

But the cyber world is surely remote from what we recognize as terrorism: the bloody attacks and ethnic conflicts, or, more precisely, the politically-motivated “intention to cause death or serious bodily harm to civilians or non-combatants with the purpose of intimidating a population or compelling a government …” (UN report, Freedom from Fear, 2005).

It is hard to think of one instance when computer code has physically harmed anyone. Yet a number of our speakers, in particular Prof. Goodman and Lt. Paul Everard, showed that we should be preparing for just such events, potentially on a huge scale. Here we are talking about attacks on critical infrastructure, in particular on SCADA (Supervisory Control and Data Acquisition) systems which control physical processes in places like chemical factories, dams, and power stations.

Focus on Solutions

At the planning stage of the ARW it was agreed that the workshop would bring together people from a range of disciplines, from information technology researchers and lawyers, to terrorism and security experts. The title “Responses to Cyber Terrorism” was chosen in order to put the onus on the discussion of practical solutions, and in some respects the meetings of the Working Groups were as important for achieving the goals of the ARW as were the plenary sessions (see the last chapter on the “Account of the Working Group Discussions”). Accordingly, the speakers all gave time in their presentations to the issue of ‘responding’ to terrorism in cyberspace.

Overview of the Workshop Papers

In the introductory, first chapter of the ARW (see the chapter on “The History of the Internet”), Clare Cridland notes that the Internet was originally developed in the U.S. for military purposes. With ARPANET, the Defense Advanced Research Projects Agency (DARPA) created a network for sending packets of information with no central hub, so that communications could be more resilient during a devastating war. The idea of security was, therefore, part of the original idea of the internet.

However, an entirely different ethos took over after the US Department of Defense relinquished the project to the burgeoning computer and software companies in the 1990s. The architects of the worldwide network saw it, and wrote of it, in terms of the centuries-old struggle for freedom of thought and expression. Clare Cridland's description of the internet also evokes this theme: “New media in the early 21^st century is a participatory, user-driven information environment, far from the linear platform of the mass media that delivered information through a ‘gatekeeper’ to a passive mass audience. These outlets …were capital intensive and …somewhat privileged. In contrast, new media, driven by technological change in telecommunications, has undermined this sphere of knowledge ownership …However, we've been here before. ‘Counter-culture’ always used ‘grassroots media’ (folk songs, posters, leaflets, public meetings) rather than the more traditional mass media of radio and television to message audiences.”

Contrast this triumph of the common people, then, with the altogether more pessimistic comments on the freedoms the internet offers by Prof. Seymour Goodman in the third paper of the ARW (see his chapter “Critical Information Infrastructure Protection”). Prof. Goodman is the chairperson of the Committee on Improving Cyber Security Research at the National Research Council, advising the U.S. Congress. Much of what the professor had to say, and this was reflected also in the Working Groups of the ARW, had to do with the vulnerabilities in the globalized net to abuse by terrorists, and the need for CIIP (Critical Information Infrastructure Protection).

It is clear that the “current technology asymmetrically favours the attacker, and provides them with great non-linear leverage. The attackers can put their innovations into practice more quickly and effectively than the defenders.” However, when much of the network is outsourced, or owned by companies in a variety of countries, defence is left to the end user. As Seymour Goodman writes, “most of the 200-plus connected countries have little or no national cyber security capabilities.” The users are often unaware of the seriousness of the risk. Frequently networks controlling important infrastructure are not ‘air-gapped’, or separated, carefully enough from the worldwide internet. If one employee's computer is not air-gapped, perhaps due to negligence, this is enough to create the route for a determined and skilled attacker to gain entry to the whole system.

Professor Goodman's chapter in this book also contains a wide range of recommendations for national and international action. He begins with general measures, which would be equally relevant to protection against accidents, disasters, crime, or different forms of conflict than terrorism. Emergency response systems, including ones with an international dimension, must be in place; SCADA systems must be made more secure, with security as “a factor to be considered over the entire life cycle of any system that is part of the CII”; and countries “must build cadres of capable defenders” including national-level CSIRTs (Computer Security Incident Response Teams).

On the issue of legal measures against cyber terrorism, Seymour Goodman mentions the need for international conventions, as well as effective national laws. The conventions would relate to three areas: crime and punishment, infrastructure protection, and arms control. In each case he gives examples already in place which could guide developments in combating cyber terrorism. Among these, the agreements on civil aviation are the best model for developing a similar legal and institutional framework for CIIP. However, it will be difficult to gain acceptance for a CIIP convention, especially as every country would have to sign up, otherwise measures protecting the network could simply be by-passed. Such a convention could be under the umbrella of the UN, and it would involve the creation of an organization to build and certify national capabilities.

Phillip Brunst's paper (see the chapter “Use of the Internet by Terrorists”) is a highly analytical overview of the subject. This kind of paper is highly valuable for those considering an appropriate legislative approach to combating terrorists' use of cyberspace. The overview covers both of the distinct aspects which emerged at the ARW: cyber terrorism proper, and the issue of terrorist use of the internet for communication, propaganda, researching targets, etc..

After discussing the advantages of cyber attacks for the terrorist (anonymity, low cost, etc.), types of cyber attack are analyzed. In general, attacks on IT systems may take the following three forms: (1) Hacking attacks on individual systems, (2) Denial of Service (DoS) attacks, usually by bombarding a computer with messages so that it cannot process anything else, and (3) ‘hybrid attacks’ which combine one or both of the above with a conventional terrorist attack like a bombing.

(1) Hacking can be further analyzed into three types. The hacker can shut down a computer, although here the administrator can usually recognize the problem and restore the system rapidly. There are also so-called ‘defacements’, which alter the information on the victim computer. Typically these are easily recognized, especially if a hacker places a notice saying “you have been hacked by …”. Potentially more disruptive are defacements which subtly change figures or other information. Thirdly, there is the possibility of introducing ‘Trojan horse’ programmes. These are silent operations, and aim to pass undetected by virus scanners. They gather data from the target computer (typically bank details in cyber crime) and relay it to the hacker.

(2) Distributed Denial of Service (DDoS) attacks are an effective way of putting computers out of action for a period of time. DoS attacks bombard a computer with vast numbers of messages, occupying all its processing capability. ‘Distributed’ attacks make use of worldwide networks of computers (so-called ‘bot-nets’, from their use of ‘robot’ software) infected with a virus which allows them to be ‘zombies’ controlled by a ‘bot-master’. These viruses have become very common. Terrorists would not have to control such systems. The services of a bot-net, typically used for mass mailings, can be hired for prices ranging between 150–400 US dollars per day.

(3) Hybrid attacks combine one or both of the above with a conventional terrorist attack. For example, a terrorist group might combine a bombing with a DoS attack to hamper the work of the emergency services.

Terrorists might also target the physical hardware of IT communications, like the ‘bundles’ of cables, or the so-called ‘peering points’.

All the above types of attack would harm IT data and lead to economic losses. A more fatal kind of cyber attack is now discussed in security circles, namely attacks on the newly-developed SCADA systems, which usually run on well-known operating systems like Windows. Many companies now use SCADA systems to monitor and control production or supply processes. It is clear that, if such a system is hacked, there is a considerable danger of the kind of loss of life associated with ‘conventional’ forms of terrorism.

Phillip Brunst recommends measures to encourage companies to invest more in security. Secondly, referring to Article 35 of the CoE Convention on Cyber Crime, he sees a need for the establishment of designated communication paths within countries and between countries to fight digital attacks. On the issue of the terrorist presence on the internet, he sees efforts to block terrorist communications as bound to fail. These communications should be monitored for intelligence (compare the chapters by Prof. Gabriel Weimann and Yael Shahar).

Lt. Paul Everard attended the workshop to represent the NATO Computer Incident Response Capability at the alliance's European Headquarters in Belgium. His presentation (see the chapter “NATO and Cyber Terrorism”) is an introduction to cyber terrorism and the defensive measures NATO is taking.

Lt. Everard begins by giving numerous illustrations of cyber attacks to show what directions cyber terrorism might take. There was the dramatic hacking of a SCADA system controlling sewage in Queensland, Australia: “Symantec research highlighted an Australian case where a disgruntled ex-employee, Vitek Boden, hacked into a computerized waste management system in Maroochy Shire and caused millions of litres of raw sewage to spill into local parks, rivers, and even the grounds of a Hyatt Regency hotel in March 2000.”

If terrorists could replicate the destructive effects of the ‘Slammer Worm’ of January 2003, they would score a great success in their terms. This computer worm spread across the world in a matter of minutes, and the resultant disruption of banking, airline, infrastructure and emergency services had a high economic cost. Lt. Everard notes that “the safety monitoring system at a nuclear power plant was disabled for a combined period of eleven hours.”

Paul Everard then focuses on the attacks that have been directed at NATO, including attacks from Chinese hackers after NATO bombed the Chinese embassy in Belgrade (1999), and a distributed attack on the NATO mail server on 09–10 August 2006, when “the attack was stopped by re-configuring the mail server to respond correctly to the attempted e-mail relay traffic.” The organization has therefore long been aware of its vulnerability to cyber attacks. It generally uses ‘off the shelf’ software, the vulnerabilities of which are well known to potential hackers. Also, “although NATO's internal networks are supposedly separated from the internet, documents, messages and other data are being uploaded onto the internal network constantly.”

With the approval of the North Atlantic Council, the NATO Computer Incident Response Capability was added to InfoSec after 9/11. At present there is an Intrusion Detection Systems project which will be at full operating capacity in 2008. The Prague Summit of 21 November 2002 was attended by the leaders of NATO countries, who signed a commitment to “strengthen our capabilities to defend against cyber attacks”.

The paper concludes that providing security can be seen in terms of the following cycle: (1) Protect: this involves ‘system hardening measures’, and anti-malware support for NATO projects. (2) Prevent: this means assessing and notifying vulnerabilities, as well as conducting training and awareness-raising. (3) Detect: using intrusion detection systems twenty-four hours a day, and checking incoming mail. (4) Respond: the teams must be ready to respond to incidents at any time of the day or night. (5) Recover: a recovery support service must be present, or available on-line, to ensure minimal disruption.

Both this NATO presentation, but particularly that of Ms Reet Oorn of the Estonian Informatics Centre, Tallinn, referred to the massive DDoS attacks on the Estonian government and institutions in April – May 2007. Ms Oorn gives a fascinating eye-witness account of how the Estonian government fought back against the attacks, when they were able to considerably increase their band width of their computers (see the chapter, jointly written by Ms Reet Oorn and Ms Eneken Tikk, on “Legal and Policy Evaluation: International Coordination of Prosecution and Prevention of Cyber Terrorism”). The Estonians showed a united front, as government equipment was supplemented by that of private sector companies.

Ms Oorn illustrates with detailed graphs and discusses the results of the assessment conducted by her Informatics Centre. These showed that the attack was in two phases: an initial phase of attacks was on a small scale, and seemed to be designed to test the limits of the target computers. These attacks were associated with the 09 May WWII victory anniversary important to pro-Russian Estonians, who were already protesting violently about the prime minister's decision to remove a statue commemorating Russians heroes. The second phase was much more professionally organized, and hours of bombardments by bot-nets had clearly been purchased.

In terms of the success of the attacks, it is generally agreed that Estonia, which has some of the highest figures of internet use in the world, survived well. Two of the biggest banks in Estonia came under heavy DDoS attacks, and on-line services were unavailable for several hours. Attacks were also performed against critical routers at the Internet Service Providers level, and this disrupted the government's internet-based communication for a short time. Some government websites experienced temporary loss of service.

Two speakers at the ARW addressed the issue of whether legal controls can be imposed on the internet. However, Ms Eneken Tikk (Faculty of Law, Tartu University, Estonia), unlike Seymour Goodman, does not expect much of the UN: “One could argue that the method of developing legal instruments that the United Nations has used fails because it is too focused on building a consensus about …existing methods used by terrorists. It cannot lead the fight against new methods (such as cyber terror). Thus, we might consider using the United Nations experience as an argument to avoid an overly reactive (rather than proactive) approach …” (see the chapter, jointly written by Ms Reet Oorn and Ms Eneken Tikk on “Legal and Policy Evaluation: International Coordination of Prosecution and Prevention of Cyber Terrorism”).

The Estonians' paper contains incisive comments on the main legal instruments concerning cyber attacks, relating these especially to terrorism. These address the Cyber Crime Convention (ETS No. 185), which, with the Convention on the Prevention of Terrorism (CETS No. 196), is “the most important international instrument for fighting cyber terrorism and other terrorist use of the Internet.” However, not enough states are party to this agreement, weakening it considerably. Also, “serious threats to commit terrorist acts are not adequately covered either by this Convention … this Convention should be evaluated with regard to its ability to cover technological advances, particularly in the area of forensic investigative techniques (such as online searches or the use of key logger software). In the fast-paced technological environment of cyber crime, such evaluations, which frequently lead to revisions and updates, are an absolutely normal process, especially when dealing with high risks such as those posed by terrorism.”

In general, as with the other lawyers at the Workshop, Ms Tikk warned that attempts at legal control of the Internet might lead to infringements upon civil liberties. However, perhaps with the attacks on Estonia in mind, which led to almost no prosecutions, she adds: “Should a decision to amend the Convention be taken, the possibility of excluding the political exception clause for some of the Convention's offences might also be considered, especially in serious cases of data and system interference.”

The paper also gives details of amendments to the Estonian Penal Code, designed to strengthen the hand of prosecutors if similar attacks come. Estonian politicians have an initiative at the EU level to amend the Framework Decision on Attacks against Information Systems 2005/222/JHA.

One other discussion of international law is offered by Police Superintendent Dr. Süleyman Özeren. His paper (see the chapter “Cyberterrorism and International Cooperation: General Overview of the Available Mechanisms to Facilitate an Overwhelming Task”) discusses definitions and typologies of cyber terrorism. There is a consideration of which of the available international organizations might most effectively achieve “consensus-based, concrete, result-oriented co-operation”.

The papers mentioned so far examine cyber terrorism in the proper sense of the term, and how to respond in terms of technology, awareness, and legal/political measures. However, there is also the related question of responding to the terrorist presence on the internet (so-called ‘terrorist contents’). Here the internet is not a weapon, but an important tool for terrorists' communications (co-ordination, training, recruiting), and information gathering on the targets of planned attacks. The COE–DAT Workshop included four fascinating papers on terrorist contents.

An undoubted expert on terrorist websites is Prof. of Communication Gabriel Weimann, who from an early stage has been archiving literally thousands of terrorist websites, from al-Qaida to FARC, and Hizbullah to the PKK (see the chapter “WWW.AL-QAEDA: The Reliance of al-Qaeda on the Internet”). This project, based at Haifa University, brings many different analytical approaches to bear on this material, including link analysis, participant observation, language analysis, and case studies.

Prof. Weimann's paper reports on his project, with colourful illustrations from the world of terrorist websites. The professor shows how, since 9/11, al Qaeda operatives sharpened their internet skills and increased their web presence. When the Americans drove al-Qaida from its camps in Afghanistan, the organization was dispersed and forced to retreat into cyberspace. As Gabriel Weimann shows, they now make extensive use of the internet, to the extent that they even rely upon it.

Also giving the ARW an account of a terrorist organization's use of the internet, Capt. Erdoğan Çelebi has built up a wealth of knowledge, and uses a high-tech approach, in his research on the terrorist Kurdistan Workers' Party (PKK) (see the chapter “A Case Study: the PKK and Cyberspace”). This is an exemplary study, showing the amount of information that can be gathered from the Internet concerning a single organization. It shows that the PKK has created, or is closely linked to, thirty-eight websites. In addition to data and analysis, the paper gives some indication of the style of the websites, and the way the PKK seeks to present itself to its various audiences.

Of particular interest is that fact that Erdoğan Çelebi uses Ucinet software to conduct various kinds of link analysis of the PKK-related sites. This technology provides a method for demonstrating which sites were used by PKK leaders in the field, and which are the main sites which propagate their message. This may have practical applications: “Taking out these hubs will make the rest of the network individual islands that have no connection to the others. The question in terms of counter terrorism agencies is how many of these hubs have to be taken down to crash the whole network.”

Other papers based on the phenomenon of ‘terrorist contents’ sought to give, in my view, very contrasting practical responses.

Yael Shahar, of the Institute for Counter Terrorism in Herzliya, Israel, spoke on “The Internet as a Tool for Intelligence and Counter-Terrorism”. Yael Shahar notes that “The jihadi online presence is literally the physical brain of the global jihad movement. The very openness and accessibility of this medium provides the intelligence community with a wealth of material for foundation intelligence and analysis.” Arguing that we should ‘tune in’ to, not try to shut down, these communications, she pointed out that much can be learned from analysis of websites and chat-rooms about the enemy's situation, plans, and also weaknesses.

Shahar is also interested in exploiting these weaknesses for counter-terrorism purposes, using the legally-shady method of ‘hacking back’, exploiting the same anonymity and access from which the terrorists benefit. She reveals an armoury of sowing dissent, countering propaganda, and secretly altering instructions on websites.

By contrast, Dr. Katharina von Knop proposes an open source response. Instead of concentrating on breaking down the structures created by the enemy, here is a proposal to build a new counter-structure. Her discussion paper (see the chapter on the “Institutionalization of a Web-focused, Multinational Counter-terrorism Campaign – Building a Collective Open Source Intelligent System”) focuses on the organizational and management issues surrounding such a system. As she writes: “There is an intense need to work on new solutions to develop effective and efficient counterterrorism measures that follow the democratic process, values and freedoms. Knowledge discovery, data mining techniques and data fusion play a central role in improving the counter-terrorism capabilities of intelligence, security and law enforcement agencies. …Having all the challenges in mind, this article will focus on the most important and highly sensitive one, international cooperation. This contribution …highlights the most important factors towards the development and institutionalization of an international interagency collective open source intelligent system regarding the threat of Islamist terrorism.”

Dr. von Knop points out that, if such a co-operative campaign is to succeed, it will need to be arranged in an innovative and flexible way: instead of a hierarchical organization, there would be a network, and knowledge would be pooled. There would be committee management, and a credit point system. Governments would be allowed to use the resource only to the extent that they contribute good quality information and analysis.

The Collective Open Source idea is a well thought-out response to the challenge of organizing international cooperation regarding terrorist contents on the Internet. It is a cause for optimism that the speakers, coming from a variety of backgrounds, presented so many practical ways in which to respond to the problem of cyber terrorism. A vital next step is for the experts, with the support of governments and international organizations, to agree on priorities and methods and to implement a common strategy. Participants at the conference gained, perhaps, an impression of the form the discussions between experts might take from the Working Groups that met at the end of each day's presentations. The answers that emerged from the Groups are compiled in the last chapter of this book (see the “Summary of Working Group Discussions”).

Osman Aytaç, Col., ARW Director

The development of the internet is much more than a story of technological achievement: it is about social change. It is not only a history of the accessibility of interconnected computers and user-friendly software, but also of a technological revolution. The internet has enabled the democratisation of information sources away from the elites of the mass media and institutionalised politics into the hands of active, assessing audiences. This paper will address both the technological and social change that the internet has brought about. It will describe a brief history of technological development of what is now readily known as the internet, including some of the more popular software applications associated with it. I will then briefly look at the main issues of social interaction on internet platforms and how information sources have changed. Finally, I shall make some observations on what the future of the internet may be.

When we turn our attention to the fast-growing Internet activities of various radial and terrorist entities, there is an intense need to work on new solutions to develop effective and efficient counterterrorism measures that follow the democratic process, values and freedoms. Knowledge discovery, data mining techniques and data fusion play a central role in improving the counterterrorism capabilities of intelligence, security and law enforcement agencies. The broad diversity of potential sources of web-based and web-focused attacks, our reliance on information systems that are inherently insecure, and the international dimension of both cyber attacks and governmental responses raise a host of complicated policy questions and cultural challenges for governmental security institutions. These include how best to improve the state of cyber security: what can be done to improve international interagency cooperation on stemming cyber crime and preventing and responding to cyber terrorism; and cyber warfare. Having all the challenges in mind, this article will focus on the most important and highly sensitive one, international cooperation. This contribution, written in the style of a discussion paper, highlights the most important factors towards the development and institutionalization of an international interagency collective open source intelligent system regarding the threat of Islamist terrorism.

The benefits of the cyberspace are accompanied by the danger of cyber attacks. These vary in sophistication, and range in scale from attacks against individuals to attacks against countries, for example those on Estonia in April–May 2007. This paper will focus on the threat to what may be called primary Critical Information Infrastructure of Concern, and how to protect it. This topic will be set in the contexts of how cyberspace has spread globally, and Internet security. Secondly, we will consider the various threats to which cyberspace is exposed. It is the vehicle of, and the potential victim of, globalization. We will summarize the uses which terrorists have made of cyberspace. A range of measures are seen as essential for protecting critical infrastructure. Effective communication of R&D agendas will allow preventative steps to be taken, or attacks to be repelled as quickly as possible. Governments and the private sector should work to build cyber security capabilities, for example by forming CSIRTs. A legal framework for this new technology must be developed in terms of national legislation and, in view of the worldwide character of the networks, international conventions

The separation between a physical, “real” world and a digital, “virtual” world is vanishing. Computer systems control physical infrastructure and, contrariwise, the often adjured cyber world relies on physical cables, switches, and other hardware. This level of interdependency accounts for a great vulnerability to terrorists who want to generate fear, destroy property and human lives, or harm the economy. However, apart from attacks that are committed via the Internet, it is also used to disseminate terrorist content. Ultimately, conventional uses, e.g. worldwide individual communication or access to formerly unavailable or hard-to-obtain information are an advantage for terrorists. This chapter analyzes these possible forms of use of the Internet by terrorists and gives examples of cases and threats that have either already occurred in the past or are likely to occur in the future.

As this report illustrates, al Qaeda represents the worst that globalization and advanced community technologies have to offer. It is a virtual “network of networks”, a Jihadist franchise marketing its messages of death, as well as coordinating and recruiting on the Internet. Since 9/11, al Qaeda operatives have only sharpened their Internet skills and increased their web presence. The findings reported here come from a more general research project hosted and funded by United States Institute of Peace that summarized nine years of monitoring terrorist presence on the Net in the period between January 1998 and September 2007.

Terrorism has emerged as one of the most complex and perplexing phenomena the world has faced. In addition to the tactics and ideological complexities, the dynamic nature of terrorism proves itself in the way terrorists adapt new technologies, like computers and other IT tools. Establishing consensus-based, concrete, result-oriented international cooperation in responding to terrorism seems very difficult in practice. However, available mechanisms to facilitate formal or informal cooperation in the area of cybercrime and cyberterrorism may be encouraging. The purpose of this article is to review the current situation with regards to international cooperation in responding to cyberterrorism by assessing the available mechanisms. The article also provides a list of recommendations to facilitate more concrete ways of realizing result-oriented international cooperation. The first section of the article considers the definition of cybterterrorism, along with a typology. The second part of the article analyzes international cooperation, including different forms of international cooperation, public and private cooperation, and international organizations which have facilitated cooperation among different countries. Finally the article provides policy implications as well as a list of recommendations.

This article first touches upon the notion of cyber terrorism in the context of the relevant international framework and the recent cyber attacks against Estonia by addressing issues of the dependence of a society on ICT. The purpose of such an introduction is better to explain the international debate on prosecution and prevention of cyber terrorism. In the author's opinion, effective prevention of cyber terrorism needs to be performed on a national level. Therefore the third main subject of this article is the (inter)national legal framework of preventing cyber terrorist acts and the prospect of the legal and practical problems that countries may face when addressing this mostly cross-border problem area.

The internet is crucial to the daily operations of the radical groups making up the global jihad. The internet supplies the jihad movement with its recruiting and propaganda interface, as well as the means for ideological growth and the exchange of ideas. The jihadi online presence is literally the physical brain of the global jihad movement. The very openness and accessibility of this medium provides the intelligence community with a wealth of material for foundation intelligence and analysis. This resource has been neglected in recent years due to lack of qualified researchers and linguists. The key to countering these problems may lie in harnessing the power of the private and academic sectors as unofficial research arms of the counter-terrorism community.

NATO is very aware of the need to secure its systems, and we have been the subject of numerous politically-motivated cyber attacks. We will look at the beginning of the brief at the issue of when these can be said to amount to cyber terrorism, and compare the NATO definition with those of other organizations. We will move on to cyber attacks, and give some examples of this activity. This raises the question of what the response to cyber attack should be. We will look at the decisions taken by NATO on this subject, and at what NATO is doing to prevent such activity on its networks. I will conclude the presentation with some recommendations for our defensive stance against cyber terrorism.

The PKK/KONGRA-GEL terrorist group makes extensive use of the internet, notably for propaganda. The prominent PKK websites are listed in a dataset which shows the way these sites relate to each other with links. An overview of their content is given, then various software and analysis tools, notably Unicet, are used to reveal different aspects of this network of Websites; Centrality Analyses to show prominence and hierarchical structure, Density and Geodesic Distances Analyses, and Connectivity Analyses.

The following is a compilation of the answers which emerged from the Working Groups. Participants were asked to consider the aims and targets of cyber terrorists, and measures to disrupt terrorist use of the Internet, to respond to cyber attacks, and to defend against cyber terrorism.