National Academies Press: OpenBook
« Previous: Executive Summary
Suggested Citation:"1 Background and Introduction." National Research Council. 2003. Information Technology for Counterterrorism: Immediate Actions and Future Possibilities. Washington, DC: The National Academies Press. doi: 10.17226/10640.
×

1
Background and Introduction

1.1

WHAT IS TERRORISM?

Terrorism is usually defined in terms of non-state-sponsored attacks on civilians, perpetrated with the intent of spreading fear and intimidation. Terrorism can occur on many different scales and can cause a wide range of impacts. For many Americans, the events of September 11, 2001, changed dramatically their perceptions of what terrorism could entail. In the space of a few hours, thousands of American lives were lost, and property damage in the tens of billions of dollars occurred—an obviously high-impact event. However, as illustrated by the subsequent anthrax attacks, widespread disruption of key societal functions, loss of public confidence in the ability of governmental institutions to keep society safe, widespread loss of peace of mind, and/or pervasive injury to a society’s way of life also count as manifestations of “high impact.” It is on such high-impact, catastrophic dimensions of terrorism that the Committee on the Role of Information Technology in Responding to Terrorism decided to concentrate in order to keep the analytical focus of this report manageable.

The committee does not mean to suggest that only events of the magnitude of those on September 11 are worth considering. But the committee is primarily addressing events that would result in long-lasting and/or major financial or life-safety impacts and that would generally require a coordinated response among multiple agencies, or are in many other respects very complicated to manage. Damaging and destructive though individual attacks are, the digital equivalent of a single car bomb with

Suggested Citation:"1 Background and Introduction." National Research Council. 2003. Information Technology for Counterterrorism: Immediate Actions and Future Possibilities. Washington, DC: The National Academies Press. doi: 10.17226/10640.
×

conventional explosives (e.g., a single hacker breaking into a nominally unsecured system that does not tunnel into other critical systems) is not the primary focus of this report.

In the context considered here, the adversary must be conceptualized as a very patient, smart, and disciplined opponent with many resources (money, personnel, time) at its disposal. Thus, in an information technology context, the “lone hacker” threat—often described in terms of maladjusted teenage males with too much time on their hands—is not the appropriate model. Protection against “ankle biters” and “script kiddies” who have the technical skills and understanding as well as the time needed to discover and exploit vulnerabilities is of course worth some effort, but it is important as well to consider seriously the larger threat that potentially more destructive adversaries pose.

1.2

THE ROLE OF INFORMATION TECHNOLOGY IN NATIONAL LIFE AND IN COUNTERTERRORISM

Information technology (IT) is essential to virtually all of the nation’s critical infrastructures, which makes any of them vulnerable to a terrorist attack on the computer or telecommunications networks of those infrastructures. IT plays a critical role in managing and operating nuclear-power plants, dams, the electric-power grid, the air-traffic-control system, and financial institutions. Large and small companies rely on computers to manage payroll, track inventory and sales, and perform research and development. Every stage in the distribution of food and energy from producer to retail consumer relies on computers and networks. A more recent trend is the embedding of computing capability in all kinds of devices and environments, as well as the networking of embedded systems into larger systems.1 And, most obviously, IT is the technological underpinning of the nation’s communications systems, from the local loop of “plain old telephone service” to the high-speed backbone connections that support data traffic. These realities make the computer and communications systems of the nation a critical infrastructure in and of themselves, as well as major components of other kinds of critical infrastructure, such as energy or transportation systems.

In addition, while IT per se refers to computing and communications technologies, the hardware and software (i.e., the technological artifacts

1  

Computer Science and Telecommunications Board, National Research Council. 2001. Embedded, Everywhere: A Research Agenda for Networked Systems of Embedded Computers. National Academy Press, Washington, D.C. (Note that most Computer Science and Telecommunications Board reports contain many references to relevant literature and additional citations.)

Suggested Citation:"1 Background and Introduction." National Research Council. 2003. Information Technology for Counterterrorism: Immediate Actions and Future Possibilities. Washington, DC: The National Academies Press. doi: 10.17226/10640.
×

of computers, routers, operating systems, browsers, fiber-optic lines, and so on) are part of a larger construct that involves people and organizations. The display on a computer system presents information for a person who has his or her own psychological and emotional attributes and who is usually part of an organization with its own culture and standard operating procedures. Thus, to understand how IT might fail or how the use of IT might not achieve the objectives desired, it is always necessary to consider the larger entity in which the IT is embedded.

IT also has a major role in the prevention, detection, and mitigation of terrorist attacks.2 This report focuses on two critical applications. First, emergency response involves the agencies, often state and local, that are called upon to respond to terrorist incidents—firefighters, police, ambulance, and other emergency health care workers, and so on. These agencies are critically reliant on information technology to communicate, to coordinate, and to share information in a prompt, reliable, and intelligible fashion. Second, information awareness involves promoting a broad knowledge of critical information in the intelligence community to identify important patterns of behavior. Advances in information fusion, which is the aggregation of data from multiple sources for the purpose of discovering some insight, may be able to uncover terrorists or their plans in time to prevent attacks. In addition to prevention and detection, IT may also help rapidly and accurately identify the nature of an attack and aid in responding to it more effectively.

1.3 THE INFORMATION TECHNOLOGY INFRASTRUCTURE AND ASSOCIATED RISKS

The IT infrastructure can be conceptualized as having four major elements: the Internet, the conventional telecommunications infrastructure, embedded/real-time computing (e.g., avionics systems for aircraft control, supervisory control and data acquisition [SCADA] systems con

2  

Computer Science and Telecommunications Board, National Research Council, 1996, Computing and Communications in the Extreme: Research for Crisis Management and Other Applications, National Academy Press, Washington, D.C.; Computer Science and Telecommunications Board, National Research Council, 1999, Information Technology Research for Crisis Management, National Academy Press, Washington, D.C. For purposes of the present report, prevention is relevant to the period of time significantly prior to an attack; during that period, a pending attack can be identified and the terrorist planning process for that attack disrupted or preempted. Detection is relevant in the period of time immediately before or during an attack (since an attack must first be detected before a response occurs). Mitigation is relevant during the time immediately after an attack, and it generally involves actions related to damage and loss minimization, recovery, and reconstitution.

Suggested Citation:"1 Background and Introduction." National Research Council. 2003. Information Technology for Counterterrorism: Immediate Actions and Future Possibilities. Washington, DC: The National Academies Press. doi: 10.17226/10640.
×

trolling electrical energy distribution), and dedicated computing devices (e.g., desktop computers).

Each of these elements plays a different role in national life, and each has different specific vulnerabilities. Nevertheless, the ways in which IT can be damaged fall into three categories.3 A system or network can become:

  • Unavailable. That is, using the system or network at all becomes very difficult or impossible. The e-mail does not go through, or the computer simply freezes, or response time becomes intolerably long.

  • Corrupted. That is, the system or network continues to operate, but under some circumstances of operation, it does not provide accurate results or information when one would normally expect. Alteration of data, for example, could have this effect.

  • Compromised. That is, someone with bad intentions gains access to some or all of the capabilities of the system or network or the information available through it. The threat is that such a person could use privileged information or system control to further his or her malign purposes.

These types of damage are not independent—for example, an attacker could compromise a system in order to render it unavailable.

Different attackers might have different intentions with respect to IT. In some cases, an element of the IT infrastructure itself might be a target to be destroyed (e.g., the means for people to communicate or to engage in financial transactions). Alternatively, the target of the terrorist might be another kind of critical infrastructure (e.g., the electric-power grid), and the terrorist could either launch or exacerbate the attack by exploiting the IT infrastructure, or use it to interfere with attempts to achieve a timely and effective response.

In short, IT is both a target and a weapon that can be deployed against other targets. Counterterrorist activities thus seek to reduce the likelihood that IT functionality will be diminished as a result of an attack or as a result of the damage that might come from the use of IT as a weapon against valued targets.

A terrorist attack that involves the IT infrastructure can operate in one of several modes. First, an attack can come in “through the wires” as a hostile program (e.g., a virus or a Trojan horse program) or as a denial-

3  

Computer Science and Telecommunications Board, National Research Council. 2002. Cybersecurity Today and Tomorrow: Pay Now or Pay Later. National Academy Press, Washington, D.C.

Suggested Citation:"1 Background and Introduction." National Research Council. 2003. Information Technology for Counterterrorism: Immediate Actions and Future Possibilities. Washington, DC: The National Academies Press. doi: 10.17226/10640.
×

of-service attack.4 Second, some IT element may be physically destroyed (e.g., a critical data center or communications link blown up) or compromised (e.g., IT hardware surreptitiously modified in the distribution chain). Third, a trusted insider may be compromised (such a person, for instance, may provide passwords that permit outsiders to gain entry);5 such insiders may also be conduits for hostile software or hardware modifications. All of these modes are possible and, because of the highly public and accessible nature of our IT infrastructure and of our society in general, it is impossible to fully secure this infrastructure against them. Nor are they mutually exclusive, and in practice they can be combined to produce even more destructive effects.

4  

A “through-the-wires” attack is conducted entirely at a distance and requires no physical proximity to the target.

5  

Computer Science and Telecommunications Board, National Research Council. 1999. Trust in Cyberspace. National Academy Press, Washington, D.C.

Suggested Citation:"1 Background and Introduction." National Research Council. 2003. Information Technology for Counterterrorism: Immediate Actions and Future Possibilities. Washington, DC: The National Academies Press. doi: 10.17226/10640.
×
Page 10
Suggested Citation:"1 Background and Introduction." National Research Council. 2003. Information Technology for Counterterrorism: Immediate Actions and Future Possibilities. Washington, DC: The National Academies Press. doi: 10.17226/10640.
×
Page 11
Suggested Citation:"1 Background and Introduction." National Research Council. 2003. Information Technology for Counterterrorism: Immediate Actions and Future Possibilities. Washington, DC: The National Academies Press. doi: 10.17226/10640.
×
Page 12
Suggested Citation:"1 Background and Introduction." National Research Council. 2003. Information Technology for Counterterrorism: Immediate Actions and Future Possibilities. Washington, DC: The National Academies Press. doi: 10.17226/10640.
×
Page 13
Suggested Citation:"1 Background and Introduction." National Research Council. 2003. Information Technology for Counterterrorism: Immediate Actions and Future Possibilities. Washington, DC: The National Academies Press. doi: 10.17226/10640.
×
Page 14
Next: 2 Types of Threats Associated with Information Technology Infrastructure »
Information Technology for Counterterrorism: Immediate Actions and Future Possibilities Get This Book
×
Buy Paperback | $44.00 Buy Ebook | $35.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Information technology (IT) is essential to virtually all of the nation’s critical infrastructures making them vulnerable by a terrorist attack on their IT system. An attack could be on the system itself or use the IT system to launch or exacerbate another type of attack. IT can also be used as a counterterrorism tool. The report concludes that the most devastating consequences of a terrorist attack would occur if it were on or used IT as part of a broader attack. The report presents two recommendations on what can be done in the short term to protect the nation’s communications and information systems and several recommendations about what can be done over the longer term. The report also notes the importance of considering how an IT system will be deployed to maximize protection against and usefulness in responding to attacks.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!