Abstract
Computers have always caused psychological uneasiness in the human brain. That a computer is the closet thing to a thinking machine can be discomforting. That average users have little understanding of the complexity and intricacies of how computers and software operate only add to the distress. Networked computers further increased the puzzlement of human beings. The media (suffering from the same poverty of information as the public) have picked up catchwords like cyberwar, netwars, cyberterrorism, and cybercrime. Speaking of Electronic Pearl Harbors and comparing modems to bombs have only contributed to increasing the level of media hysteria and confusion in public opinion. Schwartau (1994) is a classic example. Imagine that poorly informed journalists start telling the general public that ruthless hackers (hired by terrorists) could take over the power grid and shut it down, or cause patients’ death after their medical records have been compromised. The mere suspicion that terrorists could perform such acts would be enough to fueling the fear factor, which regularly happens as a result of this crying wolf. Under these circumstances, cyberterrorism seems like a nightmare come true. As Embar-Seddon (2002) noted, the word terrorism brings together two significant modern fears: the fear of technology and the fear of terrorism. Both technology and terrorism are significant unknowns and unknown threats are generally perceived as more threatening than known threats. To some extent, cyberterrorism does not need to be manifested itself in any significant way because many already believe it to be real. This article will try to dispel some of the myths of cyberterrorism, such as the contention that terrorists could remotely take control of critical infrastructure and thus bring a country to its knees. In fact, today, cybercrime and economic damage caused by hackers are far more real and serious threats than terrorists. Misdeeds are more likely to be committed by disgruntled insiders than skilled outsiders (Randazzo et al., 2004). There is no commonly accepted definition of terrorism, hence cyberterrorism has been variously interpreted. For example, Sofaer et al. (2000) defines it as “intentional use or threat of use, without legally recognized authority, of violence, disruption or interference against cyber systems” (p. 26), resulting in death or injury of people, damage to physical property, civil disorder, or economic harm. The probability, however, that cyberattacks may actually cause victims is extremely low. Furthermore, Sofaer et al. tends to exclude states from committing terrorist acts, which is also debatable. Hughes (2004) observes cyberterrorism as a diverse set of technologies whose purpose is to scare people, but scaring people without getting anything in return is simply useless. Paraphrasing a working definition of terrorism, I would identify cyberterrorism as the use of digital means to threat or undertake acts of organized violence against civilians to achieve political advantages. Perpetrators then could be nonstate groups or sovereign states. Terrorists spreading scary stories to terrify the populace via the Internet would also qualify. Finally, because of cost efficiency, information and communication technologies have blurred the distinction that long existed between the noncombatant and the combatant spheres. The technology on which the military now rely is exactly the same commercial off-the-shelf hardware and software products that civilians have in their homes and offices (Department of the Army, 2003). Military and civilians alike use largely the same computer networks, which were designed for ease of use and not for hardened communications. During the Cold War, dual use technology (civilian hardware and software) was considered “dangerous” because it could help the Soviets close the gap with the West. Paradoxically, dual-use technologies are now “good.” One of the many downsides of such a situation is that if terrorists hit computer networks, in theory, they could hit multiple targets: the economy, law enforcement agencies, emergency services, and (albeit to a lesser extent) even the military. For terrorists this scenario would be a dream come true. Reality, however, is substantially different.