Cyber Terrorism: The American Response
Mutale Chisanga
School of Computer Science
03-60-305
Professor Kristina Verner
March 6, 2016

Cyber terrorism: The American Response
United States (U.S.) critical infrastructure faces a growing cyber terrorism threats due to advancements in the availability and sophistication of malicious software tools and the fact that new technologies raise new security issues that cannot always be addressed prior to adoption. The increasing automation of U.S. critical infrastructures provides more cyber access points for adversaries to exploit. Industrial control systems, which operate the physical processes of the U.S. pipelines, railroads, and other critical infrastructures, are at elevated risk of cyber exploitation.
The growth of malicious techniques that could degrade, disrupt, or destroy critical infrastructure is a huge concern for the U.S. government. It is also likely the cyber threats will surpass the terrorism threat to U.S. in the years to come (MLI, 2012). Even though only advanced threat actors are currently capable of employing these high level malicious techniques, these capabilities will eventually be within reach of all threat actors.
Discussion
The potential economic consequences of cyber terrorism attacks are severe. The severity of cyber terrorism are not felt equally across the board. A small company may not be able to survive even one significant cyber-attack. On the other hand, large companies may take a long time before they notice that they have been a victim of cyber terrorism. Often, businesses are unable to recoup their losses, and it may be impossible to estimate their damage. Many companies prefer not to disclose that their systems have been compromised, so they absorb the loss, making it impossible to accurately calculate damages. As a result of the inability to define and calculate losses, the best that the U.S government and private sector can offer are estimates. Over the past five years, estimates of the costs of cyber-crime to the U.S. economy have ranged from millions to hundreds of billions (Federal Bureau of Investigation, 2011). A 2010 study conducted by the Ponemon Institute estimated that the median annual cost of cyber-crime to an individual victim organization ranges from $1 million to $52 million (Federal Bureau of Investigation, 2015).
An example of an advanced threat actor happened on November 24, 2014, when a group of hackers released confidential data belonging to Sony Corporation. The data included information about unreleased movies, personal information about Sony employees such as salaries, Social Security numbers, home addresses, increasing the chances of identity fraud. This cyber terrorist attack was the catalyst for two important responses from the U.S. government. Firstly, on April 1st, 2015 President Obama announced The Cybersecurity Executive Order. It allows the U.S. government to hit back at hackers for the first time. The order will seek to identify and punish individuals behind attacks in the form of sanctions. Secondly, on April 22, 2015 the House of Representatives passed the Protecting Cyber Networks Act. The bill is designed to allow the private sector and government to share threat data in an effort to prevent cyberattacks. Participation will be voluntary, and those that do will be granted some form of immunity for sharing threat information. Data will be anonymized and housed in a portal most likely administered by the Department of Homeland Security. A similar bill the Cybersecurity Information Sharing Act is also making its way through the Senate. Critics of the legislation warn that the bills proposed are too broad, and could pave the way for government abuse. “When it comes to protecting our civil rights and civil liberties, we don’t usually give the government a blank check, and that’s what these bills have done in a lot of ways,” explains Matt Wood, Policy Director for Free Press. He continues to describe how the government’s excessive response doesn’t match the threat, and that these laws could be used simply for corporations to capitalize off the elimination of privacy at the risk of impeding Net Neutrality. “It could be a competitive threat, it doesn’t have to be something you and I define as a cyber security threat, just a threat to their current bottom line or business,” Wood states. Unfortunately, the U.S. government does show signs of trying to control the internet and its people’s rights to privacy in its responses to cyber terrorism threats. The U.S. government can scrutinize all Internet traffic that travels across certain major fiber optic backbones. While the U.S. government claimed to filter out data which stays within the U.S., this is clearly not true. Under “upstream” surveillance, any of your communications could be intercepted by the U.S. government if the data happened to pass through a foreign server, even if the recipient is in the U.S(feelthebern.org, 2016).
The U.S. government also created a Cyber Division to combat cyber terrorism, increased its cyber threat priority and also allocated enough resources so as to recruit more of the best people for the job. Great progress has been made since the Cyber Division was first created. It was considered a success when a cyber terrorism attack on the U.S. government networks was recognized (Federal Bureau of Investigation, 2013). This ability was soon enhanced to determine and track the threat actor or perpetrators. Since a lot the perpetrators of cyber terrorism are often overseas, the U.S. government partners with law enforcement in several key countries to extradite subjects from their countries to stand trial in the United States. In 2010, the U.S. government arrested a record 202 individuals for criminal intrusions, up from 159 in 2009(Federal Bureau of Investigation, 2014). Perpetrators such as the developers of a particularly insidious computer malware known as Blackshades have also been arrested. This software was sold and distributed to thousands of people in more than 100 countries and has been used to infect more than half-a-million computers worldwide. The U.S. government also help disrupt the GameOver Zeus botnet, one of the most sophisticated botnet that the U.S. government and its allies had ever attempted to disrupt. GameOver Zeus is believed to be responsible for the theft of millions of dollars from businesses and consumers in the U.S. and around the world. This effort to disrupt it involved notable cooperation with the private sector and international law enforcement. The Blackshades and GameOver Zeus arrests are part of an initiative launched by the Cyber Division to disrupt and dismantle the most significant botnets threatening the economy and national security of the United States. This includes law enforcement action against those responsible for the creation and use of the illegal botnets, mitigation of the botnet itself, assistance to victims, public service announcements, and long-term efforts to improve awareness of the botnet threat through community outreach. Botnets are said to cause more than $100 billion in losses globally, with approximately more than a hundred million computers infected each year (Federal Bureau of Investigation, 2014).
The U.S government also works with the Canadian government to combat cyber terrorism. Both the American and Canadian governments have developed strategies to limit, if not prevent, the damage cyberattacks by nation-states and non-state actors can inflict on the economic vitality, trade position, critical infrastructure, and security of the two North American neighbours. The Canadian and American strategies generally focus on three categories of threats: other states attempting to steal Canadian and American secrets; organized crime using cyberspace to make illegal profits; and terrorists using the Internet to recruit members and raise funds (Fraser Institute, 2015). Canada benefits from cooperation with the United States in combatting cyber terrorism because the nature of the evolving threat and the nature and cost of countering this capacity is increasingly more difficult for a state to address on its own. The problem is when government intervention increases, there is a promise of greater security, but that security comes with economic costs and potential limits on liberty and privacy. Unlike the U.S. government, the Canadian government has been criticised for its comparatively modest spending on cyber defence(Fraser Institute, 2015). The Canadian government needs to change its approach in how it deals with its critical infrastructure. More resources have to be allocated to protection strategies and the right tools to assess and prevent potential threats of cyber terrorism attacks.
Conclusion
The U.S. government has been showing great concern towards the rise in cyber terrorist attacks in the last several years. Some recent cyber terrorist attacks have been a catalyst for some important responses from the U.S. government including the Cybersecurity Executive Order and the Protecting Cyber Networks Act which of course did receive some criticism because of signs that they could infringe on civil rights and civil liberties the people. Both the American and Canadian governments have developed strategies to limit, if not prevent, the damage cyberattacks. The U.S. government allocates a lot of resources to combat cyber terrorism so Canada also benefits from cooperation because the nature of the evolving threat and the nature and cost of countering this capacity is increasingly more difficult for a state to address on its own. Unfortunately, the Canadian government does not spend enough on cyber defence so their technology is not as sophisticated as other allied developed countries.

References
Federal Bureau of Investigation. (2011). Cyber Security: Responding to the Threat of Cyber Crime and Terrorism. Retrieved from https://www.fbi.gov/news/testimony/cybersecurity-responding-to-the-threat-of-cyber-crime-and-terrorism
Federal Bureau of Investigation. (2013). Cyber Security: Preparing for and Responding to the Enduring Threat. Retrieved from https://www.fbi.gov/news/testimony/cyber-security-preparing-for-and-responding-to-the-enduring-threat
Federal Bureau of Investigation. (2014). Cyber Security: Terrorism, and Beyond: Addressing Evolving Threats to the Homeland. Retrieved from https://www.fbi.gov/news/testimony/cyber-security-terrorism-and-beyond-addressing-evolving-threats-to-the-homeland
MLI. (2012). MLI PAPER: CANADA LACKS NATIONAL STRATEGY TO RESPOND TO TERRORISTS, NATURAL DISASTERS AND CYBER-ATTACKS. Retrieved from http://www.macdonaldlaurier.ca/mli-paper-canada-lacks-national-strategy-to-respond-to-terrorists-natural-disasters-and-cyber-attacks/
Fraser Institute. (2015). Cybersecurity challenges for Canada and the U.S. Retrieved from https://www.fraserinstitute.org/sites/default/files/cybersecurity-challenges-for-canada-and-the-united-states.pdf feelthebern.org. (2016). Bernie Sanders on Cybersecurity. Retrieved from http://feelthebern.org/bernie-sanders-on-cybersecurity/