This book compiles revised versions of a selection of papers delivered at an Advanced Research Workshop on ‘Terrorists’ Use of the Internet' supported by the NATO Science for Peace and Security Programme and held at Dublin City University on 27–29 June 2016. The event was co-organised by Swansea University's Cyberterrorism Project and the EU FP7-funded VOX-Pol project. The workshop consisted of a total of 31 presentations, followed by a roundtable discussion. Sixty delegates from 13 countries attended the symposium, including researchers from Australian National University, Cardiff University, Leiden University, Old Dominion University, Tallinn University of Technology, University of Bristol, University of East Anglia, and Université Grenoble-Alpes and representatives from NATO HQ, NATO CCD-COE, UNICRI, the European Defence Agency, the Bavarian Police Academy, and the Italian Carabinieri.

Here in the Preface, we describe the aims and scope of the workshop and thus also of this book. We also supply a brief overview of each of the book's discrete sections and the chapters contained within these. Finally, we provide the ten recommendations arising from discussions that took place over the workshop's three days and explicitly formulated during the final roundtable discussion.

Scope and Aim of Book

Two of the global threats identified by the US Intelligence Community's 2016 World-wide Threat Assessment were cyber and technology, and terrorism. The aim of our workshop was to examine the convergence of these threats, in particular to:

• Assess the threat from terrorists launching cyberattacks and evaluate methods of improving protection of critical infrastructure;

• Deepen existing understanding of the different ways in which terrorists use the Internet and produce recommendations for the formulation of laws and policies to counter this threat;

• Evaluate these legislative and policy responses in terms of their impact on democracy, liberty, and the rule of law;

• Generate innovative, interdisciplinary, and robust methodologies and techniques for the study of terrorists' online activities; and,

• Gauge the opportunities provided by the Internet for intelligence and enforcement agencies, not only for surveillance and intelligence but also the construction and promotion of counter-narratives and other strategic communications.

A further aim of the workshop was to nurture dialogue between members of the academic, policy, and practitioner communities. The participants therefore included representatives from each of these communities. As well as bridging the gap between academia and practice, the workshop also sought to bridge disciplinary divides. The participants had a wide range of expertise (including engineering, computer science, law, criminology, political science, international relations, history, and linguistics). The chapters included herein reflect these diverse professional and disciplinary backgrounds.

Overview of Chapters

In their overview chapter, Kavanagh, Carr, Bosco, and Hadley examine a variety of terrorist uses of the internet, focusing particularly on propaganda and operations-related content, but also addressing the threat of attacks against critical infrastructure. The chapter also outlines counter-measures taken at the international and regional levels, as well as by industry, and identifies the principal challenges faced by such efforts. The chapter thus provides a useful outline of many of the issues that are addressed in further depth in the book's other chapters.

The book's remaining 25 chapters are clustered into five sections on cyberterrorism and critical infrastructure protection, cyber-enabled terrorist financing, jihadi online propaganda, online counterterrorism, and innovative approaches/responses. The chapters included in each of these sections are described below.

Cyberterrorism and Critical Infrastructure Protection

The four chapters in this section focus on cyberterrorism and critical infrastructure protection, with cyberterrorism conceived of narrowly therein, being limited to activity with first order effects like injury, death or large scale physical destruction, and omitting activity like online financing, online propaganda, and other online activity engaged in by terrorists and discussed in other sections of the book.

The section's opening chapter by the European Defence Agency's Röhrig and Llopis provides a practitioner's perspective on the type of considerations military commanders would be obliged to confront in the event of a cyberterrorist attack. The chapter explores different options for responding to such an eventuality and the conditions of uncertainty and risk that would surround such an unfolding crisis. As they note, operational planning remains a subjective, artful, process: one that draws upon existing imaginations, intuitions, and experiences. Thus, the chapter concludes by calling for further discussion and training exercises to increase understanding of the appropriate response to future acts of cyberterrorism.

Mobolarinwa Balogun, Hayretdin Bahşi and Bilge Karabacak are concerned in their chapter with the risks associated with the so-called ‘Internet of Things’ (IoT), the name given to combinations of various networking and computing technologies that heralds a new age of data aggregation and ubiquitous connectivity among physical objects. Their chapter provides a preliminary comparison of a typical IoT application in the area of health with an industrial control system (ICS) in order to show that IoT applications require careful consideration in terms of the risks they pose as terrorists may attack them with easy-to-implement cyberattacks for purposes of causing physical harm to individuals.

The importance of securely managing Industrial Control Systems (ICSs) is growing, as they are increasingly embedded in critical national infrastructure (e.g. city traffic lights controls) and thus a potentially attractive target for organised cyber-criminals and terrorists. In their chapter, Spyridopoulos, Maraslis, Tryfonas, and Oikonomou present a novel approach that combines Stafford Beer's Viable System Model (VSM) with Game Theory in order to develop a risk management process that addresses some of the most pressing concerns in this area. These include predictions of the likelihood of cyber-security incidents occurring generally relying upon estimations or guesses based on past experience and incomplete data, which can lead to errors in the evaluation of risks that can ultimately affect system protection. This issue is also transferred to methods used in ICSs themselves, as these are mainly adaptations of such traditional approaches. Additionally, conventional methods fail to adequately address the increasing threat environment and the highly interdependent critical nature of ICSs. The model developed in this chapter, on the other hand, provides a holistic, cost-efficient cybersecurity solution that takes into account interdependencies of critical infrastructure components as well as the potential impact of different attack strategies.

Finally for this section, Leonie Tanczer's chapter considers ‘The Terrorist – Hacker/Hacktivist Distinction,’ in which she introduces original research into the ways that hackers and hacktivists understand themselves and believe themselves to be understood by others. Drawing on 35 interviews with self-identified hackers and hacktivists, Tanczer finds considerable concern within this community around their linking with cyberterrorism. Hackers/hacktivists view this linking as illegitimate, and identify its purpose as legitimation of potentially troubling incursions into online activities and freedoms. As Tanczer's research powerfully illustrates, hackers and hacktivists view themselves as quite distinct from cyberterrorists and, in fact, providers of, rather than threats to, online security.

Cyber-Enabled Terrorist Financing

The book's second section focuses on the role of the Internet in terrorism financing.

Başaranel begins by outlining the importance of financial assets for the survival of terrorist groups, and the growing importance of the internet as an infrastructure for the generation, transfer, and distribution of funds. Başaranel then offers a typology of the range of ways in which terrorist groups generate income via the internet. These span the direct solicitation of donations via websites or social media platforms through to more obvious criminal activities such as online credit card fraud. To make sense of this range of activities, Başaranel distinguishes between active and passive examples of online terrorist financing, separating them by the level of donor consent in the acquisition or transfer of funds. The chapter finishes by turning attention to the online movement and storage of funds, including through virtual currencies, pre-paid cards, and internet-based payment systems.

In their chapter, Giovanni Bottazzia and Gianluigi Me follow-up by considering some of the ways in which terrorist organisations might exploit opportunities presented by current and future cyber-technologies. The authors draw widely on lessons learned from ‘ordinary’ cybercrime, arguing that the internet offers considerable advantages to would-be criminals with appropriate resources and know-how. The perpetual sidelining of security considerations for reasons of efficiency or ease within new internet based technologies is a particular concern here, along with the significant increase of internet-connected devices in everyday life and critical infrastructure alike. These dynamics, Bottazzi and Me argue, should lead to a ‘growing sense of vulnerability’ throughout society.

Jihadi Online Propaganda: Purposes and Effects

The third cluster of five chapters examines jihadi online propaganda, with a particular focus on jihadi online magazines, particularly, al-Qaeda in the Arabian Peninsula's (AQAP) Inspire and the so-called ‘Islamic State's’ (IS) Dabiq.

The section opens with Weimann's exploration of al-Qaeda's response to the Islamic State's declaration of its caliphate and the subsequent necessity to provide a credible argument about, in particular, the ways in which a true caliph can be chosen. Coming in the wake of the Arab revolutions, this credible counter-argument had to be carefully balanced with the wider population's desire for increased political participation – one of the key grievances driving the revolutions. By analysing the treatises, distributed online, of the three major al-Qaeda affiliates, Jabhat al-Nusra, al-Qaeda in the Islamic Maghreb (AQIM), and AQAP, and comparing these with classical and modern discourses around appointment of a caliph, Weimann suggests that al-Qaeda used the opportunity to position itself as a representative of Muslim communities and defender of their rights.

In the first of four chapters on jihadi online magazines, Stuart Macdonald analyses the contents of IS's Dabiq magazine using the framework of responsive regulation, described as “an attitude that enables the blossoming of a wide variety of regulatory approaches”. Macdonald argues that, whilst there are dissimilarities between the efforts of government or other private regulators and the producers of Dabiq, they nonetheless have a key feature in common: they seek to achieve compliance with a given set of norms by inducing behavioural and attitudinal change. The chapter seeks to show how this is achieved through the persuasive techniques employed in Dabiq, the interplay between these techniques, and the role played by assessments of (procedural as well as substantive) fairness.

Chapter 10, by Lorenzo-Dus, Walker and Kinzel, claims that excessive attention has been paid in Terrorism Studies to terrorists' messages (their discourse) as compared to their target audiences, which has contributed to stagnation in this field. The chapter begins by clarifying what a discourse analytic approach entails, differentiating it from the language-based content analytic approaches prevalent in Terrorism Studies to date. It then illustrates the potential value of the former approach by reporting the key results of a Corpus-Assisted Discourse Studies analysis of (de)legitimation in the jihadi online magazines Dabiq and Inspire. The results revealed some similarities, but also significant differences in the ways in which Inspire and Dabiq discursively ‘other’ the West by attacking different aspects of its ‘public image’. They also revealed notable differences regarding the discursive means via which they legitimate such othering with regard to individuals and groups that are pejoratively referred to in the magazines as ‘kuffar’ (disbelievers) and ‘murtaddin’ (apostates).

Haroro Ingram's chapter builds on a number of the arguments raised in Ch. 10. To do this, Ingram again compares Dabiq and AQAP's Inspire online magazine to examine how Dabiq's narratives are strategically designed to appeal to and radicalise its audiences. In particular, Ingram examines how the narratives employed provide its readers with a “competitive system of meaning” in order to shape their perceptions and polarise their support. The chapter concludes by outlining lessons for counterterrorism strategic communications drawn from the comparison.

In the final chapter in this cluster, Conway, Parker, and Looney examine the instructional guides found in three online magazines: Inspire, Inspire's forerunner Jihad Recollections, and Somali Al-Shabab's Gaidi M'taani. They explain that the three magazines contain instructions on a range of activities, from bomb-making and firearms to exercise and information technology. Their findings show that it is Al-Qaeda's Inspire magazine that not only contains the greatest number of instructional guides, but also has a particular focus on bomb-making. Inspire's producers claim that these guides have had real world impacts in terms of both motivating individuals to perpetrate attacks and providing them with the necessary skills and know-how to do so; a view that has been echoed by some (but not all) other commentators.

Online Counterterrorism

This section is the text's largest with eleven chapters and is thus divided into three subsections as follows: public actors, private actors, and cooperative approaches; online CVE strategies; and surveillance. The chapters included in each of these sub-sections are described below.

Public Actors, Private Actors, and Cooperative Approaches

The chapters clustered here explore the roles of public actors, including law enforcement and legislators, private actors, including Internet companies, and cooperative approaches, including so-called ‘public-private partnerships,’ in responding to terrorist use of the Internet, with a particular focus on responding to IS's social media activity.

The section opens with Keiran Hardy's chapter on ‘hard’ and ‘soft’ responses to online violent extremism. ‘Hard’ criminal offences and ‘soft’ policy programs are both required to counter the threat of online extremism, but the lines between these two can blur significantly in practice, he argues. This chapter focuses on the UK's counterterrorism laws and its Prevent strategy to argue that overlap between these hard and soft power approaches creates substantial confusion over the lines between lawful and unlawful online conduct thus generating, amongst other things, damaging perceptions about the motives behind governments' soft power responses to terrorism.

Legrand discusses the approach to counter-terrorism taken by the countries of the “Anglosphere”: Australia, Canada, New Zealand, the United States of America, and the United Kingdom. In the face of the complexities associated with transnational security and counter-terrorism challenges, these five states have followed a path of increased collaboration and shared policy approaches in this area. This, Legrand argues, has led to a reassertion of state ascendancy in response to the growing importance of non-state actors in the area of national security. This is particularly highlighted by the states' increasing powers of surveillance and the broadening of legal powers available to them in the name of countering violent extremism, especially in cyberspace. This collaboration, and the effects thereof, offers important insights into state approaches to CVE and the way in which the issue is framed, and the influence this framing has on understandings of violent extremism.

Angela Gendron's chapter examines the use of the criminal sanction as a preventative tool of counter-terrorism. The chapter highlights the tension between, on the one hand, arresting and prosecuting suspects at an early, preparatory stage in order to disrupt terrorist activity (as opposed to relying on after-the-fact prosecution) and, on the other hand, the importance of avoiding legislative overreach and inappropriate restrictions on such rights as the freedom of expression, religion, and association, including online. The chapter draws on a range of recent Canadian cases in order to illustrate this tension and pose questions about the proper use and scope of the criminal law.

In his chapter, Çelik sets out to examine IS's cyberspace activities, with a particular focus on the 2015 Paris attacks and subsequent Western responses. The chapter's aim is twofold: firstly, to provide insight into terrorist use of cyberspace, supplying specific examples of the ways that IS militants and their supporters exploit a wide array of methods and tools for purposes of sustaining the group's legitimacy and operational security; secondly, to analyse Western responses to IS's cyberspace activities, with an emphasis on the role of technology companies in disrupting terrorists' cyberoperations. The discussion concludes with a consideration of the partnership possibilities between states and technology companies, which – in the aftermath of the Snowden leaks – come at a time when trust between the two entities has been shaken.

The final chapter in this sub-section, by Nitsch and Irani, explores both the roles of social media in radicalisation processes and the possibilities of using social media for disengagement from extremism and terrorism, along with more general antiradicalisation purposes. The focus throughout the chapter is on the use of social media for radicalisation and de-radicalisation of German jihadis, including treatment of two prominent cases: the radicalisation of the former rap musician Denis Cuspert (a.k.a. Deso Dogg) and of 18-year old David G, who was killed in Syria.

Online CVE Strategies

Online Countering Violent Extremism (CVE) strategies, particularly those targeting IS, are currently receiving a lot of attention from policymakers and others. The three chapters in this sub-section grapple with doing CVE via the internet effectively.

Alastair Reed's chapter explores the lessons that can be learned from past communication experiences to aid contemporary Counter-Terrorism Strategic Communications (CTSC) campaigns targeting current online propaganda threats. The chapter argues against reinventing the wheel in the fight against IS and instead highlights four key lessons from the past: i) the need for multiple mediums of communication, particularly the realisation that online social media are not the only mediums of communication that we should be focusing on, ii) closing the say-do-gap (i.e. the gap between Western governments' rhetoric as compared to their actions on the ground), iii) engaging in offensive messaging as well as defensive or ‘counter’ messaging, and, finally, iv) basing counter-terrorism communications on market research and thereby achieving directed targeting.

In their chapter, Barnes and Lucas argue that returned foreign fighters have an important role to play in the creation and deployment of counter-terrorism communications. Their credibility, experience, access to radicalised networks, and understanding of the motivations that drive foreign fighters leave them uniquely placed to challenge terrorist narratives. The authors acknowledge that such online counter-narratives can only be successful if issues in the “offline” world around foreign policy actions, human rights and the underlying causes of radicalisation (i.e. Reed's say-do-gap (Ch. 17)) are addressed. They nonetheless suggest that rethinking the role of returned foreign fighters, engaging with them, and utilising their knowledge could be beneficial, particularly for the development of effective counter-narratives to counter violent extremist propaganda.

Daniel Grinnell explores the potential benefits that advanced large scale open source data analysis could have in understanding public discourse and reactions in the wake of terrorist events. Using the killing of Fusilier Lee Rigby and subsequent online discussions around the attack as a case study, Grinnell suggests that analysis of this type of open source data can play a role in identifying those social media accounts and users that most influence post-event discussion and that the potential therefore exists to intervene and change the course of this discourse, potentially preventing further violence and offering greater understanding of the actions that may follow such an event. This suggested approach is not, Grinnell notes, without challenges, both in terms of capabilities within the intelligence community and the ethical considerations that accompany such an approach, but, he argues, is nevertheless worth exploring.

Surveillance

Surveillance refers to the act of carefully watching someone or something especially in order to prevent or detect a crime. In their chapters, Wells (Ch. 21) and Boeke (Ch. 22) take rather benign views of online surveillance for counterterrorism purposes; Christakis (Ch. 23), in contrast, takes a more critical view.

Sergei Boeke's chapter explores online intelligence gathering activities by different arms of the state, situating these activities within ongoing political and normative debates around surveillance, privacy, anonymity, and national security. Boeke begins by setting out the differences between the surveillance activities of intelligence and law enforcement communities, before identifying four variables through which such activities might be categorised and thereby differentiated: i) scope, ii) level of interception, iii) focus, and iv) data acquisition. Using this framework, Boeke then explores two prominent and contemporary US case studies: the Prism and 215 programmes. He argues that the former did not constitute the mass surveillance programme its critics frequently believed it to, and that the latter was significantly adjusted to include new safeguards following its exposure.

David Wells' chapter analyses the value and limitations of a big data approach to intelligence gathering for counter-terrorism purposes. He argues that the growing availability of data, and the increasingly transnational and technology-dependent nature of many contemporary terrorist groups, provides significant opportunities for counterterrorism agencies. Although there are challenges – including the need for transnational cooperation, and the rise of encryption – big data approaches might address the limitations of alternative forms of intelligence in contemporary theatres of conflict such as that dominated by IS, he argues. Big data approaches are particularly helpful, Wells notes, in filling information gaps and identifying specific individuals of interest. Although Wells is less concerned by resource availability than some critics of big data approaches, he concludes by highlighting the need for development of the right sorts of analytical capabilities to make sense of this data.

The third and final chapter in this sub-section, by Theodore Christakis, examines the compatibility of national surveillance laws with international law, focussing in particular on the relationship of the new powers introduced in France in response to the 2015 Paris attacks with the right to respect for private and family life enshrined in Article 8 of the European Convention on Human Rights. He explains that, whilst erosions of this right may be justified in pursuit of certain specified objectives, including national security, the European Court of Human Rights has also warned of the dangers that surveillance activities pose to democratic societies and urged the need for careful scrutiny. Christakis identifies a number of aspects of the new French law that could be subject to legal challenge, including the use of “black boxes” and ISMI-catchers, and discusses whether the associated oversight and control mechanisms are sufficiently stringent.

Innovative Approaches/Responses

The final cluster of three chapters bring new and innovative thinking and/or approaches to the study of terrorism and the Internet, including in the domains of online selfradicalisation, cyberterrorism, and hacking.

“Cyber-fronts” can be divided into two categories, according to Murat Gunestas and Kamil Yilmaz: (i) those that are bound to a specific conventional terrorist organisation; and (ii) those that are not tied to any specific organisation, but provide services for many of them. After outlining the ways in which cyber-fronts use the Internet to support terrorist organisations, Gunestas and Yilmaz argue that Internet forensics is a significant and powerful tool that can be used in conjunction with traditional investigation methods to support the fight against these online groups. The chapter focuses in particular on the PKK-associated Cyber-Median Guerrillas (CMG-Team) and the more freewheeling Redhack cyber-fronts.

The penultimate chapter in the collection, by Lee Jarvis, explores how the UK news media represents – or constructs – the threat of cyberterrorism. Drawing on original empirical research, it argues that the news media relies upon a relatively coherent discursive framework in which a vulnerable, passive and weak ‘self’ is juxtaposed with a proactive, resourceful, and determined cyber-terrorist ‘other’. The chapter then argues that this construction is reflective of the gendered character of this discourse in which the news media's treatment of cyberterrorism is overwhelmingly written by male and gender-less authors; reliant upon male and gender-less experts; focused on the actions of male characters; and far more frequently illustrated by images of men than by those of women.

The final chapter, by Bradbury, Bossomaier, and Kernot, outlines a novel pilot project, undertaken by the authors, which used a complex systems approach to create data-driven, real-time, empirical analysis of the online self-radicalisation phenomenon and in particular the issue of identity in text. The authors conclude that their pilot shows that individuals reveal their ‘identity’ through their texts; that there exists a tipping-point phenomena where ‘identity’ may shift rapidly from one metastable state to another; and an individual's ‘identity’ will show critical slowing down – the characteristic dynamics that predict the approach of a tipping point. The project's purpose is to generate actionable predictions about the likelihood that particular individuals of interest will become self-radicalised.

Policy Recommendations

The ten policy recommendations emanating from formal and informal discussion over the course of the workshop's three days, formulated during the final roundtable discussion, and agreed upon by participants were as follows:

1. The workshop highlighted the importance of learning from history, from other cultures, from other disciplines, and from other research contexts. The value of academic collaboration with non-academic practitioners and policymakers was also emphasised, including the co-creation of research projects and new forms of partnership working. To fully realise the potential benefits of such partnerships, more innovative and more integrated opportunities should be developed to engage academia (including postgraduate research students) at the international level, to feed into policy development, law making, and guidance. This should include an active commitment to academic freedom, and efforts to ensure that academics are able to access, collect, analyse and store data in a secure and ethical manner.

2. Successful multi-agency partnership requires effective communication and inter-partner trust. A variety of confidence-building measures, that will help to define frameworks of collaboration, intervention and response, should therefore be deployed. These might include: regional (ASEAN Regional Forum (ARF), EU, AU, OAS, etc.) or track 1.5 table-top exercises integrating stakeholders from the private sector, academia, civil society, NGOs, legal departments, communications departments, etc., to run through ‘live’ case studies on how to respond to online content; developing and making publicly available ‘cyber games’ and databases of scenarios that can be used to understand the impacts of interventions and inform policy development; providing a space or collaborative forum where these initiatives, guidelines, scenarios, recommendations, etc., can be accessed by the actors, to stimulate dialogue and engagement; and, providing the public and private sectors with access to, and information on, emerging guidance on how to balance human rights, security and commercial interests in situations involving terrorist use of ICT and the internet, and to engage civil society in the process. Collaboration with the on-going projects on these issues might be a first step in this direction.

3. It is dangerous to conflate the activities of hackers/hacktivists and those of (cyber)terrorists. The former are distinct from the latter, in terms of both their motivations and the impact of their actions. The expertise of this particular community should not simply be ignored; it would be prudent to ensure that flaws which are discovered by hackers/hacktivists are resolved. To this end, a safe space should be provided for hackers/hacktivists to be able to responsibly report flaws they have discovered in the course of potentially criminal activity perpetrated without malicious intent.

4. The definitions of terrorism precursor offences must strike an appropriate balance between, on the one hand, the importance of preventing planned acts of terrorism and, on the other hand, ensuring that these offences respect fundamental values and do not over-reach. Accordingly, the definitions of terrorism precursor offences should be carefully circumscribed, in particular, by requiring proof that the alleged offender had formed an intention to assist, encourage or facilitate terrorism-related activity.

5. NATO operations have second order effects which may contribute to an environment in which the risk of radicalisation is exacerbated. Pre-deployment training delivered by NATO member states and partners should be developed in accordance with standards and objectives that nurture cultural awareness in order to mitigate this risk.

6. An over-emphasis on the suppression of online terrorist propaganda should be avoided, since attempts to suppress such content are beset with practical difficulties and challenges. It is therefore important that credible and authentic alternative narratives are developed and delivered, and that these narratives are evidence-based and matched by practical action in order not to widen the saydo gap.

7. Once credible, authentic alternative narratives have been developed, it is vital that these are easily discoverable. The norms that tech or social media companies and Internet Service Providers develop to govern online content should promote the visibility of alternative narratives. Recent initiatives aimed at ensuring that those searching for extremist materials online also find alternative narratives are to be welcomed.

8. In terms of terrorist finance, pre-paid cards are an important existing vulnerability. At present an individual can have up to US$2500 with minimal validation of their identity, which is enough to plan, coordinate and perpetrate a terrorist attack. A higher level of identity authentication should be required to purchase a prepaid card.

9. More generally, it is important to recognise that financial donations have significant intelligence value. Financial Intelligence Units (FIUs) should track such transactions in order to disrupt plots and identify individuals involved in terrorist financing. Doing so will require a willingness to cooperate across borders and share information.

10. The workshop recognised the value of some surveillance activities in protecting national security, but also the harmful effect that misinformation and inappropriate responses have on public perceptions. The workshop therefore stressed that state surveillance activities undertaken to counter terrorist threats should be accompanied by adequate legal standards and effective guarantees against arbitrariness and the risks of abuse in order to fully respect human rights and individual freedoms. They must respect the principles of necessity and proportionality and be combined with adequate and independent oversight mechanisms.