Summary: Cybersecurity expert Emilio Iasiello contrasts the warnings that flood the news about cyberthreats with their mundane reality. {First of two posts today.}
Everything’s “Big” When It Comes To Cyberterrorism. It Shouldn’t Be.
By Emilio Iasiello from DarkMatters, 2 December 2015
Posted with his gracious permission.
In the aftermath of the Paris terrorist attacks, there has been increased scrutiny as to how these individuals successfully pulled off coordinated attacks without intelligence and security services picking up some indications of an impending operation. One U.S. lawmaker maintains that there are strong indicators that the suspected terrorists used encryption in order to circumvent monitoring. The implication is clear: authorities need the ability to be able to access encrypted communications in order to be able to gain advanced warning to prevent these types of attacks.
Encryption debate
While the terrorist attacks have encouraged some intelligence and security officials to start up the encryption debate once again, there is some indication that the ISIS actors were communicating in the open, and even the data on their smartphones was not encrypted. According to one French news source, police were able to track the phone’s movements and retrieve such information as SMS messaging and a detailed map of the concert hall attack site via a phone belonging to one of the terrorists.
Additionally, features of a thwarted ISIS plot in Belgium revealed that while the suspected mastermind of the Paris attacks, Abdelhamid Abaaoud, typically sidestepped surveillance, he did not leverage encryption technology. Shortly after the attack, a leading U.S. newspaper retracted an article in which it had originally cited that the terrorists had used encryption technology, after it could not be confirmed.
ISIS attacks
The discrepancies in the narrative of the ISIS attacks have led several to conclude that intelligence and security officials are taking advantage of what happened in Paris to advocate their position of requiring companies to install backdoors that they could access with a warrant. And while there is legitimate concern that even if encryption wasn’t used to support the Paris attacks, that terrorists could leverage encryption technologies in future operations.
Stories about potential use of other advanced technologies such as PlayStation 4, the Darkweb, and alternative types of privacy and security applications and services, have since surfaced indicating that the adoption of such practices may become more common.
The “Number one threat”
While terrorist activities remain a very significant concern, there is a tendency to assign hyperbolic language to all facets of terrorist activities in cyberspace. In this instance, the U.S. House of Representatives Homeland Security chairman identified terrorist use of encrypted communications as “the biggest threat” today. The content of such communications can certainly contain critical information about potential terrorist operational planning, however, the use of encryption in and of itself, does not constitute a threat.
Moreover, this new determination overshadows remarks from the national counterintelligence executive that identified a cyberattack against critical infrastructure by terrorist groups, foreign intelligence, and criminals as the number one threat.
Cyberterrorism
This is not to take away from the validity of each; only to point out that any activities ascribed to cyberterrorism is immediately raised to the apex of security concerns, regardless, if they are warranted or not. Over sensationalizing terrorist activity in cyberspace potentially creates a “sky is falling” paranoia that ultimately risks public desensitization when these extraordinary acts of cyber malfeasance do not materialize. Not understanding the threat, chances mischaracterizing it—thereby impacting strategic mitigation planning.
Much of what is known about terrorist use of the Internet has been to support their organizations—not so much to carry out actual cyberattacks that inflict real world damage. What’s more, propaganda and recruitment have, in and of themselves, proven potent factors in influencing a global audience of lone wolves to carry out some of the more violent and catastrophic events. The continued success of real world operations may keep ISIS and groups like them focused in the physical world.
Questions about scenarios
While envisioning cyber “worst case” scenarios can aid in risk management, they are better used as measurement milestones to capture significant changes in an actor’s cyber capabilities, which can update contingency planning.
Can groups like ISIS carry out a successful attack against an important critical information infrastructure? Do they have the capability? And if so, why isn’t that happening? And if they don’t have the necessary skills, how long will it take for them to obtain these skills? And once obtained, when will they be operationalized, and what are the types of precursor events likely to influence their use? Trying to answer these types of questions will better inform decision makers who must develop strategies to properly allocate budget, personnel, and material resources to counter these activities.
The views and opinions reflected in this article are my own and do not represent Norse’s positions or strategies.
————————————————–
About the Author
Emilio Iasiello has more than 12 years’ experience as a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as a private sector companies. He has delivered cyber threat presentations to domestic and international audiences and has published extensively in peer-reviewed journals.
See his other articles on the Dark Matters website. He now posts at Dead Drop (of LookingGlass Cyber Threat Intelligence Group).
For More Information
One of an almost endless series of warnings about cyberthreats: “A former CIA chief says other governments could launch crippling computer attacks on the US“, Business Insider, 19 May 2015.
If you liked this post, like us on Facebook and follow us on Twitter. See all posts about Cyber-espionage and Cyber-war! — especially this series about Parsing Cyberwar by Marcus Ranum…
- The Battlefield.
- The Logistical Train.
- Synergies and Interference.
- The Best Defense is a Good Defense.
