Security experts, media scholars discussion cyber terrorism at ASNE-APME.
By Jacob Nierenberg
At one of the final sessions at this year’s ASNE-APME conference, a panel of media scholars and security research fellows sought to address how terrorists utilize technology to broaden their reach as well as threaten computer systems.
“When we refer to terrorism now, I think we really are thinking of something that is quite different from what we were thinking of before 9/11, or even the last four or five years,” said Martha Crenshaw, senior fellow at the Center for International Security and Cooperation (CISAC) at Stanford University.
ISIS appears to be more media-savvy than other terrorist groups, owing largely to its use of jihad recruitment websites and transmission of videos on YouTube, Crenshaw said. Through this, ISIS has demonstrated that terrorist groups do not need mainstream media exposure.
“There was a very strongly held argument that there was a symbiotic relationship between terrorists and the news media,” Crenshaw said. “That era is over, it is gone, they don’t need you anymore….One reason for ISIS’ power and visibility is their command of the social media.”
Sarah Oates, senior scholar on media and the Internet at Philip Merrill College of Journalism, disagreed, saying that terrorist groups would have less effect without news websites and mainstream media, which can amplify the impact of terrorist messages on social media by reporting on those messages.
“If you’re not getting a voice in the mainstream media, you’re really on the information periphery,” Oates said. “I would argue that ISIS and other groups are very passionate about how they’re being portrayed, or even paid attention to, in the mass media.”
The panelists also discussed whether cyberspace is the next frontier for terrorism. In recent years, questions of cybersecurity issues, and the potential for cyber attacks in terrorism, have sprung up in discussions of national security.
Herbert Lin, senior research scholar for cyber policy and security at CISAC, defined cybersecurity on a handout shared with the his audience. He described it as “the protection of important computer systems against different threats.”
Lin divided what the press would call a “cyber attack” into two classes — an actual attack, which sabotages or damages infrastructure, or exploitation, which is the stealing of information, such as an identity theft.
“There’s no evidence at this point that terrorists could do anything in cyberspace more than a low-end hack,” Lin said. “The really serious cyber threats come from nation-states,” he added, citing the Stuxnet computer worm and the Office of Personnel Management hack. The Stuxnet worm, believed to be developed by American and Israeli intelligence, sabotaged Iran’s nuclear program by malfunctioning its centrifuges; that was an attack, Lin said. The OPM hack, however, in which Chinese hackers were suspected of breaching databases that held Social Security numbers and other personal information, was an exploitation of a vulnerability, he added.
The panelists wondered how United States national security would take cyberspace into account — and how Americans would be affected by the changes made.
“If the government is going to protect you, it’s got to look at information,” Lin said.
Crenshaw agreed.“They are so afraid that there will be another act of terrorism on their watch…and the reality of it is it could happen again,” she said. “You can’t prevent everything.”